Back to basics: how Satoshi designed Bitcoin for censor resistance

Some questions arising from the following article, posted on twitter by the author bitcoinpasada:

The author is arguing that there are fundamental benefits, summed up as censorship resistance that arise out of the design (specifically PoW and small block size) that while they limit transaction speed, maximise number of nodes and therefore make it effectively impossible to censor / shut down.

Part of this is keeping the minimum bandwidth and computational requirements of nodes sufficiently low that a large number of nodes will always be able to participate, and and to "verify for themselves the information that was being transmitted across the network. This includes, importantly, verification of the total supply of coins, and that no doublespends are taking place."

So my first question is whether or how well Safe Network can match those goals: can any Safe Network node verify the total supply and that no double spends are taking place?

I suspect it isn’t a simple yes or no, but since the author argues this point is fundamental to the success of bitcoin as is, and therefore necessitates a limited transaction speed, alternatives that speed things up using for example PoS, will not be capable of censorship resistance or verifiable to the same degree.

The next point made relates to ‘sharding’ which is perhaps the most comparable approach to scaling as employed in Safe Network. A possible difference with blockchain sharding is that Safe Network does not require an overall history of all transactions (i.e. no distributed ledger, sharded or not sharded). This may nullifies the author’s criticism of blockchain sharding designs, but brings me back to the first question. Perhaps this is where we have a trade-off, in which case in what ways does that matter?

Another question relates to the contention that Sybil resistance in blockchain is dependent on PoW because that limits the amount of data needing to be passed around and processed by individual nodes, and that attempts to get around this approach fail in the goal of Sybil protection. The author gives David Chaum’s ecash as an example, in which relying on a smaller number of trusted identities reduces Sybil protection significantly:

The reason such a solution is trusted is because it requires identities, which must be incorporated internal to the network. This could take the form of a hard-coded list of public keys, for example. These identities signing the blocks exist inside the network, in a sense — and given their limited physical number, it is not hard to see that censorship is a real risk. A censor could take over the network identity of a signer, and users would be none the wiser.

Following on, is the contention that Sybil protection requires a node selection process based on some scarce resource. PoW, or PoS in contemporary blockchain designs, and PoR (Proof of Resource) for Safe Network:

The key to understanding Sybil protection mechanisms is that in order to limit who is able to write to the ledger, they require the “ledger writer selection process” to be tied to some scarce resource. In Proof of Stake, this scarce resource is identity. In Proof of Work, it is energy. Without a link to a scarce resource, there is simply no way to achieve Sybil protection.

Using PoW is seen as a clever way of removing identity from the ‘equation’ in favour of scare resource which exists ‘outside the network’ (energy and computation), meaning that any ‘black box’ node that can meet the minimum requirements of these resources can participate and verify.

I want to add storage space (for the ledger/blockchain), not mentioned by the author, as it seems to have a similar bearing to PoW.

The criticism made of PoS is that it also employs identity, distributing over the staking token holders and that this leads one way or another to centralisation and “ultimately to oligopolistic or monopolistic control of all the stake and rewards.”

It isn’t clear to me the degree to which Safe Network’s approach might also suffer an inevitable centralisation of identity (and therefore censorship resistance) so this may be an interesting direction for critique. For example, another question would be whether or not Safe’s design is vulnerable to actors earning from the network being sufficiently advantaged over new actors, to be able use their earnings to finance an increasing proportion of nodes in the network, to the point where they can control a section, sections or the network itself?

I think this an area which MaidSafe are conscious of and have designed for, but we may need to wait for some of the maths to be formalised to answer all these questions properly.

The article is very helpful in understanding several key issues around both the scaling approaches being attempted for blockchain/dlt, and to provide a way to compare and contrast with Safe Network (something which @mav looked at in the distant past but might well be useful to re-visit: The safe network explained using bitcoin terminology).

8 Likes

Roughly in agreement with the article, I’d assert what is essential to an effective decentralisation in terms of resistance to:

  • transaction censorship by validators and
  • undue concentrations of political power in the governance of the protocol & network
    …is maintaining low barriers to entry for any participant role in the scheme.

A PoS validator who achieves >50% of the stake can maintain their grip without further expense - an infinite barrier to entry can be obtained. In PoW of course there is always more energy and compute power to be had to neutralise the attacker and resume normal operation without any external coordination required.

I’m hazy on Safe design these days, so please correct me if I’m wrong but as I recall it the following things are true:

  • nodes which provide service to the network have to build a reputation of good behaviour over time to gain increasing share of data, revenue and influence over others joining†.
  • node count within a section is hard capped (some limit like 32)
  • section count is soft capped by demand for storage

On one hand, time is available to everyone for the same price, on the other hand due to the capping of count of service providers and an inability for a newer node to gain more track record than an existing one (and no rewards for them while building track record), it seems liable to control by incumbents - a barrier to entry increasing by time. For censorship I believe nodes are kicked out automatically by the PoR routines, but for concentration of political power could this be a problem?

† I have a feeling I’m wrong about who has say in new members joining a section.

There’s no reason to think your concern about choosing joiners is valid. Section elders would have to collaborate to favour any colluding new joiners, which means first you must control a section.

The other points sound about right.

The question I posed at the end was whether the rewards themselves earned by well-behaving attackers (sleepers) could would be enough to spin up increasing numbers of sleeper node, at a rate that outpaces good nodes. Would this allow an attacker to increase its influence over time to the point where a section is vulnerable and ultimately multiple sections and the network?

I think that scenario will be dependent on rewards v cost of running nodes. That is, how many new bad nodes can be financed from sleepers, compared to the number of good nodes also vying to join.

That’s a hard equation to reason about because higher rewards would increase both the number of good nodes wanting to join, and the number of new bad nodes that could be spun up by sleepers (bad nodes waiting until they can take over a section).

My gut is that this is not a major concern, but I’m interested to explore that and any other issues raised by the article.

Thanks for the clarification though collusion still seems like a risk given its ability to keep out the competition.

I dont have detailed enough knowledge of Safe to have a useful opinion on your other point. If the competition is easy to enter then one would expect farming to work like mining such that overheads and revenues converge. In that state there isn’t much of a multiplier effect to worry about.

1 Like