9

The bitcoin protocol allows miners to choose which transactions to include when they create a block. They can't include any inauthentic transactions, but to allow for an open market of transaction fees, they are allowed to choose which subset of authentic transactions they want to include. The assumption seems to be that miners are interested in maximizing their reward, and therefore would just include the subset of transactions that offer them the highest total transaction fees.

However, a miner with ulterior motivations might want to punish certain addresses. For example, a US government operated node might want to restrict transactions coming from an address that got its bitcoin through ransomware payments. As far as my understanding of the bitcoin protocol goes, it would be perfectly valid for them to never process any transactions from that address - no matter the price offered. With cooperation, they could greatly slow the speed of any transactions that had anything to do with that address. Of course, if there was even one node which didn't want to restrict the addresses activity, the transactions would eventually get through, but these neutral nodes might notice that that address has a harder time making transactions, so those neutral nodes might realize that they can demand a higher price for transactions from that address.

So the question is, would any of this be considered malicious activity?

Does the protocol consider a node doing this to be a "dishonest" node, from which blocks should be ignored (i.e. there is an explicit mechanism to prevent this kind of activity)? Or instead, are market forces (or some other implicit mechanism I'm not aware of) supposed to be enough to prevent this? Or as a last option, is this kind of behavior considered to be acceptable?

Edit: https://bitcoin.stackexchange.com/a/9412/124187 helped me understand this as well. The answer appears to be that this sort of censorship/discrimination is considered okay, and the capability to hashocratically discriminate means that the network can protect itself from things like market manipulation.

Vojtěch Strnad
  • 8,292
  • 2
  • 12
  • 40
Darby Haller
  • 93
  • 6
  • Your concern is valid. Market transaction fees are often believed to address censorship issue ("just pay a bigger fee to incentivize miner to include your tx"). I am not sure about that because the entity being censored can instead join any cooperative protocol to push costs onto other participants. – CypherpunkDev Jul 08 '21 at 10:22

3 Answers3

9

The solution to this problem is: anyone can become a miner, in theory.

Proof of work replaces a central party that can censor with a consensus protocol, where miners jointly decide what transactions get processed, and in what order.

But that's just part of the picture - if we fully trusted miners (or a majority of them) to never behave maliciously, we could just e.g. ask each for N public keys, where N equals their current percentage hashpower, and then require that every block be signed with 51 distinct keys, forever. This would let us do away with proof-of-work.

The reason to use proof-of-work is that it lets anyone become a miner, even anonymously.

Pieter Wuille
  • 105,497
  • 9
  • 194
  • 308
  • 1
    Do we have any contingency plan in sight for when majority of hash power is regulated and censors transactions? Including not building on top of the "non compliant" blocks, thus forcing unregulated minority to censor as well? – CypherpunkDev Jul 08 '21 at 10:14
  • 1
    @CypherpunkDev no, a 51% attack cannot be migitated by proof-of-work blockchains – Hobbamok Jul 08 '21 at 11:15
  • @Hobbamok you are incorrect. Firstly, other relevant cryptocurrency (which I will not name on this SE) did successfully cope with hashrate majority. The last resort "atomic" option is always on the table. Secondly, we are talking about very specific attack that is only possible because of Bitcoin's plain text blockchain. So another hypothetical mitigation would be on-chain privacy. Facing choice between losing entire value proposition (successful censorship attack) OR introducing on-chain privacy (with all its cons and tradeoffs) - I hope the choice is obvious. – CypherpunkDev Jul 08 '21 at 14:16
  • @CypherpunkDev so basically delete bitcoin, fork monero, seed it with the last known good bitcoin block? – user253751 Jul 09 '21 at 10:51
  • The fact that a cryptocurrency survived a hashrate majority attack does not mean it always will. The assumption that the majority will not see it economically fit to launch an attack is a fundamental assumption in PoW; if it breaks down, it means you need something else. 2) Privacy techniques are not necessarily a solution (but they generally improve the situation for sure) - miners may demand (or be forced to demand) proof of identity out of band before processing a transaction.
    • – Pieter Wuille Jul 09 '21 at 15:44
  • Thanks @PieterWuille, this is really insightful! PS The last resort solution is called 'atomic' for a reason :) I am not giving up on Bitcoin even if we get into uncharted whack-a-mole territory. If we face existential threat, there is nothing to lose. – CypherpunkDev Jul 09 '21 at 21:12
  • @user253751 no, that wouldn't be my first choice. I would lean towards "stealing" PoW algo from another ASIC-established cryptocurrency (which I will not name). That's assuming we still believed ASIC-friendly PoW > ASIC-unfriendly PoW. Should we conclude otherwise then we "steal" the ASIC-unfriendly one. – CypherpunkDev Jul 09 '21 at 21:26