Can the community suspend Nakamoto consensus?
Whether or not the community could or would suspend Nakamoto consensus remains an extremely important open question today. Historically, there is a precedent on the Ethereum blockchain: The famous DAO hack of 2016 left the community with almost no other options but to break the protocol and manual set things right. Ethereum was nascent at the time and was clearly not a leaderless organization. Nonetheless it was a controversial move.
Bitcoin had software trouble: in 2010 there was an incident in which a miner was able to create 184 Billion bitcoins. Clearly, this was not an issue with the underlying protocol, it was a problem with how the software detected improper money creation by miners. The blockchain was manually fixed and the bug was patched. But Nakamoto Consensus was not suspended; you can argue that the longest valid chain is and always was the correct one.
Whether Nakamoto Consensus could be interrupted remains an open question. In the 2016–2017 Blocksize wars, (user activated soft fork) was threatened, but not enacted. Nodes on the network have the ability to use a command “invalidateblock” that marks a given block as invalid. This command be invoked manually, or according to some script that identifies malicious blocks. This has the potential to throw the network into disarray.
The underlying Schelling point is that all blocks can be checked solely on their proof of work and their adherence to the protocol rules. Once this Schelling point is abandoned, if the discountenanced block is part of the longest chain, the network will remain fragmented until either an alternative chain grows to supplant the invalidated chain, or the remainder of the miners all agree to invalidate the block. Many Bitcoin purists are very hesitant to do this.
In fact, before 2017, this was widely considered out-of-bounds. The prevailing opinion seems to have been that if there was some majority exploit (say a double-spend) the best option was just to leave it as is: Merchants and exchanges should develop their own risk mitigation strategies when dealing with large transactions. Reading the opinions of early Bitcoiners, the dogma seems to have been that in the case of a hostile majority attack, the best (only) option is simply to abandon Bitcoin: Bitcoin, according to the whitepaper, was designed to work with an honest majority of hashrate — attempting to operate Bitcoin with a hostile majority is fool’s errand, like spooning water upstream.
However, while it’s difficult to accurately poll the average Bitcoin user to gauge their opinions, since 2017 a narrative has emerged that nodes or users could actually reject a malicious attack on the network. This new security layer embraces the idea that Bitcoin has evolved from something more than a small-scale experiment to something that can and should be protected using other aspects of social consensus.
The mechanism is imprecise, however, some simple thought experiments suggest this is true: If a scientist is able to program a quantum computer, at great expense, to start from the genesis block and mine thousands of blocks per second at today’s difficulty levels, the chain they produce would quickly become the valid chain according to rules of Nakamoto Consensus. Certainly those with any interest in preserving Bitcoin would simply invalidate this chain, and Bitcoin would continue to work.
One can propose less damaging (and hence more controversial) scenarios: What if a one-off double spend reorg attack of 15 blocks took place? One can only speculate, however, the important thing for the network is that a decision would likely become clear in a short amount of time and the network would continue on, with that decision. If there is no will to overturn the reorg, Bitcoin will continue as is. This may embolden other attackers to attempt similar exploits. If there appears to be a will to manually overturn the reorg, nodes can try to quickly communicate with other nodes that they are invalidating the malicious blocks. If more than half of the mining nodes participate in reorging the reorg, they will eventually prevail, the malicious chain will cease to be the longest and Nakamoto Consensus will once again be the rule. Certainly, miners who feel they will be on the wrong side of the outcome are wise to side with whichever side they think is more likely to win.
For many miners this means a calculation about the value of future paths of Bitcoin. Which precedent is worse: the precedent of 15 block reorgs going unpunished, or a precedent for nodes manually overriding the protocol due to a collective opinion that the current state ledger was accomplish by untoward maneuvering? There is hazard for both. By allowing the exploit to remain on the chain, the exploiter keeps their proceeds. This encourages more exploits: There is now reason to believe that brazen exploits will be honored. On the other hand, once the community demonstrates a willingness to suspend Nakamoto consensus, this suggests a potentially slippery slope: Could the network be maliciously split by a slightly more controversial exploit? There’s also the question of moral hazard: will participants be willing to undertake more risky applications of the network if they believe any major attacks can be overturned (as happened with Ethereum’s DAO hack.)
Prior to any precedent being set, the mere possibility, or threat of a community reorg serves as an important disincentive for many exploits and attacks. Even if a miner has rejected the market fragility hypothesis with high confidence, it’s difficult to reject the soft-forkability hypothesis with the same confidence; this fact alone may be enough to dissuade certain exploits.
Of course we are speculating, but if exploits or attacks that require intervention are relatively rare, they could be governed by a sort of “common law” that exists outside of the protocol. Clearly this is insufficient in the case of persistent attacks, but if infrequently tested could form a second protective reinforcement edifice which operates outside the protocol. A malicious attacker aspiring to disrupt consensus about the ledger may have to try many times to successfully execute an edge case attack.
There are dangers that were obvious to Satoshi: Any choice about when or how to reorg is necessarily a political one. Bitcoin is largely motivated by the desire to get away from political wrangling. Any discussion about whether or not a problem warrants a community reorg is likely to take place on social media, and many participants will likely form opinions based on the opinions of more prominent members of the community. These could be CEOs of major corporations, major influencers, whales, or even elected or unelected officials. It doesn’t take an imaginative leap to see how a pattern of reorgs could lead to the types of politicking we see outside of Bitcoin.
This becomes worse if proposed solutions have the potential to benefit some players. Indeed, Bitcoin’s genesis block, created by Satoshi, has a message: “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.” Bailouts are the ultimate anathema to the Bitcoin ethos. Many would consider a Bitcoin amenable to bailouts a consummate apostasy.
Bitcoin is not one fixed thing, however. What Satoshi wanted Bitcoin to be, what the early adopters wanted it to be; these may be different than what it will become. What it will become is determined by its trajectory and the desires of the “economic majority” of participants in the future. The fact that soft-forks may deeply offend even Satoshi itself does not preclude Bitcoin from following its own path.
The moral hazard does not take incredible imagination. The latest upgrade to Bitcoin’s core software, called Taproot, allows for slightly more functionality, making it easier to create smart contracts Clever financial engineers can develop complicated tools like those being used in other parts of decentralized finance. Corporations following the path towards maximal short term profit can build layers upon layers of intricate DeFi, assuming that certain black swan events (for example a 6 block reorg) would never happen. If caution is thrown to the wind, as history has shown often happens when there’s good money to be made, one can imagine Bitcoin profiteers developing financial instruments much more delicate and dangerous than collateralized debt obligations or other derivatives that played a role in the 2008 global financial crisis.
Logistically, community reorgs may be difficult. If a 6 block reorg is considered disruptive, it would stand to reason that the community would want to have the problem resolved within an hour. Clearly the miners cannot wait and have this discussed at great length, lest the ledger be subject to even more violent deep reorgs. This requires either vigilance by a majority of miners and node operators around the world, or it requires some additional deference to leadership.
In it’s purest form, Nakamoto Consensus declares the chain with the most chainwork to be the valid chain by default, and leaves miners free to operate within this specification. There is nothing forbidding extra-protocolar coordination by miners or nodes to correct misbehavior. Such a prohibition is ultimately impossible to enforce and therefore hopeless. Nakamoto Consensus is not based on the absence of secrets or coalitions, rather the visibility of proofs of work. Miners who are interested in creating a judicial layer to dissuade attacks and exploits do not have to ask permission to do so.
Noting that the community may be forced to make decisions in short time during an attack, it’s worth discussing the possibility of a the formation of an organization who would aim to be beneficial for security. Certainly some Bitcoin advocates find this notion unpalatable, but if Bitcoin is to expand and gain more broad acceptance by financial institutions, an additional layer might be necessary to give added assurance that low probability attacks are unlikely to materialize. If a significant portion (again the “economic majority”) prefers the clarity provided by additional layer of governance, it may become integrated into to the general ecosystem. The participants in the Bitcoin network who are opposed to this can stay or they can leave; telling corporations to simply get their own coin is fruitless. Bitcoin should remain, in principle, for anybody, even those who choose to trust others or defer to leaders.
To offer a simple example, suppose there exists a loose coalition of mining and financial corporations who all have a common interest in keeping the network running smoothly. They realize the possible chaos that would ensue if a reorg is performed, and understand how difficult it would be to override a malicious reorg if the network is does not act in a timely and unified way to correct this. So they form a 24-hour rolling panel of 9 members who are close to their nodes and able to make judgements within minutes as to whether a manual reorg should be performed or not. If 5 of them agree, the group signals a reorg is necessary, and all miners and nodes in the coalition defer automatically be default. Members of the coalition would install a simple patch that watches for this signal.
This would not be forced consensus or take away freedom of the mining operations to decide which chain to build on; it’s not a contract or anything binding. Rather it acknowledges the fact that it may be difficult for all operators to assess and come to agreement on a whether a particular reorg is damaging enough to warrant intervention, at any hour of the day or night. If they can defer this decision to a trusted party, consensus will happen much more smoothly.
This panel would be formed with the idea that it would be rarely used. If a majority of the mining defers to this panel, a malicious attacker would be discouraged on several fronts. The attacker would be unable to perform an edge case attack — because a decision would be made quickly about whether a reorg belongs or not, the edge case attack is unlikely to disrupt the network. Nor would the attack be able to perform egregious exploits: Obvious double-spends would be rejected by the panel with high probability. Similarly, a pointless but deep reorg with the only purpose of destroying the network or activating a purge attack would be likely to fail. The sacrifice is that the community must place a small amount of trust in the panel, trust that only rarely will be leaned on.
Some will immediately complain that gives the panel too much control. However, the panel can just as easily be overridden. In fact, overriding the panel if the panel rules in a bizarre way or appears compromised would require the same effort that it would take the network to override a malicious reorg without the panel. Further, the same “skin-in-the-game” argument that is often applied to miners in general holds: The panel is chosen by parties who are interested in the smooth operation. If the panel fails its duties, the default is to revert back to to the absence of the panel. It’s likely the political differences may emerge: some members of the panel may have a very light-handed policy, others may not, but importantly, if a healthy fraction of miners defers to the majority decision, the network should have a decision and continue without disruption. At the end of the day, the goal of consensus is consensus, not prosecuting morality.
One major problem that such a panel would pose would be the anonymity and physical security of the members. A well-motivated attacker can perform a denial of service attack on the panel members, or do much worse. If the panel is the only safeguard against a malicious and lucrative attack, the attackers may go to great length to render the panel incapable. This is a real problem that would need to be addressed; however, this is not insurmountable. Security concerns can be overcome with a bit of prudence: It’s easy to position oneself in a highly populated or secure area, at least for short periods of time. Nonetheless this remains a concern. It’s a matter of opinion and speculation how serious this concern should be.
The primary function of such a panel would be to diminish the reward that at attacker can expect to easily garner via an obvious reorg, thus discouraging low probability attacks. Nakamoto Consensus does not prohibit such a panel, and miners do not have to signal their deference, so it would be unclear until tested how much sway the panel actually holds. But by drastically decrease the rewards available to an attacker, it could increase security by a significant factor.
The natural question to ask is, if we can trust a panel to correct reorgs, why do we spend billions of dollars on proof of work anyways? Won’t this just devolve into proof of stake? This is a valid question. A quantitative answer is to suggest that Bitcoin miners produce 144 blocks a day, 52,560 blocks per year, and these are secured on the tougher, more expensive security level. Very few, if any, attacks would make it past this security, to the “soft” layer. If the soft layer were put outside, and were to face attacks and politically fraught decisions 144 times per day, cracks would form and it would be quickly become untenable. Any decision made by such a panel would be closely scrutinized, and would be more likely to be “right,” or at least, not so obviously corruptible.
There is no doubt that such a panel would be controversial. But if it formed, what would you do?