The Bitcoin whitepaper is clear about the main feature of Bitcoin: it is permissionless. Anyone in the world can pay anyone to join a peer-to-peer network and stream transactions. Proof of Work consensus empowers anyone to become a block producer, and means that the only way to reverse the payment is to beat everyone else by using hashpower.
But Proof of Work only describes how to choose a winner among competing chains; it doesn’t help the node to find it. A 51% attack – or a 100% attack – is much easier if the attacker can prevent nodes from hearing about competing chains. The discovery task belongs to the peer-to-peer module, which includes several conflicting tasks: Find reliable peers in a network where nodes are always joining and moving, but without authentication or reputation. Always keep an eye on blocks and transactions, but don’t be surprised if most of the data is junk. Be strong enough to survive extreme conditions, but not heavy enough to run on a Raspberry Pi.
The details of the implementation of the permissionless peer-to-peer network are left out of the white paper, but they include a lot of complexity in Bitcoin node software today.
Spam Filters
The whitepaper acknowledges the transfer of public money as the basis of Bitcoin’s audit resistance, but says only a few words about how it should work: “New transactions are distributed to all nodes. Each node collects new transactions in the block. Each node works on obtaining hard proof of the work of its block.”1
Many found it funny that Satoshi suggested that the whole place could be mine. Due to the centralized pressure of mining diversity, most of the nodes in today’s network are ineffective in obtaining proof of work. Perhaps that is a welcome or successful outcome of economic incentives; we traded part of the decentralization for more power and security. However, the opposition to Bitcoin censorship will decrease if we stop the transmission of extended exchanges.
Our desire for a broad set of transactional relay nodes must withstand the performance of everyday computers that expose themselves to unauthorized networks and process data from anonymous peers. This threat model is unique and requires highly protective systems.
In blockchain management, proof-of-work works well as both a Denial of Service (DoS) prevention and a clear way to audit data usage. In contrast, unverified transaction data is almost always free and may be spam. For example, we won’t know if a function meets its spending conditions until we load the UTXO, which may need to be downloaded from disk. It doesn’t cost attackers anything to run this relatively high-latency operation: they can perform massive operations using input they don’t own or don’t have at all.
Authentication measures such as signature verification and mempool dependency management can be computationally expensive. Notably, transactions with a large number of legacy signatures (pre-segwit) can take minutes to verify on some hardware.2so many nodes filter large transactions. Resource usage is not just localized either: received transactions are often relayed to other peers, using bandwidth proportional to the number of nodes in the network.
Nodes protect themselves by limiting the memory used for unconfirmed transactions and the confirmation queue, processing transactions on a per-peer basis, and enforcing policy rules over consensus. However these restrictions can also create censorship vectors if not carefully designed. The simple idea of not downloading transactions that have already been rejected, limiting the transaction queue size to a single peer, or dropping requests after failed download attempts can result in nodes blinding transactions. These bugs become research vectors for error if exploited by the right attacker.
In this case, although it makes perfect sense not to keep unconfirmed transactions that are double costs of each other (only one version can work), the rejection of double spending means that the former stream prevents the latter from being mined. Using double currency can be a deliberate attempt to cheat a payment or, when UTXO is owned by multiple parties, a pinning attack that uses the mempool policy to delay or prevent the second layer payment transactions from being mined. How should you choose nodes?
This question brings us to the second part of job delegation: motivational relevance3. Although fees are not relevant to consensus beyond limiting what a miner can claim as a block reward, they play a major role in node policy as a usage metric. Assuming that miners are driven by economic incentives, nodes can estimate which transactions are most attractive to mine and discard the least attractive. When transactions use the same UTXO, a node can end up with more profit. Although nodes do not collect fees, they can consider zero-cost transactions as spam: they may use network resources but are never mined, but they cost nothing to create.
These two design goals – DoS resistance and incentive compatibility – are in constant tension. Although it is tempting to switch transactions with a higher feerate-version, allowing repeated switching with small bumps may waste network bandwidth. Accounting for dependencies between unconfirmed transactions can create more efficient blocks (and enable CPFP), but can be expensive in complex topologies.
Historically, nodes relied on heuristics and dependency restrictions, which caused user conflicts and opened up new pinning vectors. Mempools that track clusters can evaluate incentive compatibility more accurately but still must limit mempool dependencies. These types of restrictions create pina vectors for multi-party mistrust operations: an attacker can prevent a partner from using CPFP by controlling the restriction.
It’s easy to oversimplify these problems: pinning attacks are a type of audit that only works on shared transactions and usually only lead to temporary transaction delays. Is it worth the effort to help non-mining areas to squeeze a few satoshis out of the fee?
Deal with Mevil
Shared transactions are at the core of UTXO-mixing privacy solutions and second-layer protocols. Much of Bitcoin’s development has focused on creating scalable, private, feature-rich applications at the second layer that go back to on-chain processing. A common pattern is to delay withdrawal or payment temporarily, allowing parties to respond to misconduct within a window of time. But many projects – including those used to promote compliance changes – gloss over fee-bumping in these situations.
The window of time to prevent misconduct is also a window of opportunity for attackers. These two conditions – shared transactions and validation deadlines to prevent bad behavior – create a perfect storm that escalates the severity of pinning attacks from temporary transaction delays (meh) to potential theft (oh no!).
Pinning has been the subject of years of research and development effort leading to the Topologically Restricted Until Confirmation (TRUC) transaction format.4Pay to Anchor (P2A) type of output5Ephemeral Dust Policy6Cluster Mempool7limited transfer of packages8and various improvements in the reliability of money transfers. These features are designed to provide strong guarantees for streamlining high-cost replacements for distributed operations.
However, proper financial management involves overhead in the form of large transactions, complex wallet logic, and impossible case management. A simple shortcut is to make a deal with a miner: in exchange for money, the miner guarantees that his jobs will be mined quickly. This solution may prove more reliable than using a peer-to-peer network, which may have high latency and poor propagation due to different mempool policies.
Acceptance of miner direct mail can grow rapidly if there is commercial interest. Exchanges represent a large portion of transaction volume and probably prefer a more predictable time frame than upgrade payments. Popular apps may be vulnerable to pinning or want to use unusual things that are prohibited by node policies. Companies and guardians concerned about short-range quantum attacks may create a secret channel with a miner.
Like the Miner Extractable Value (MEVil) secret9 In order to stay competitive, the network can freeze toward a centralized consumer model. These services can be the anchors of attackers and government orders and undermine the premise that being a miner is illegal.
If a relayed transaction network becomes irrelevant to the operation of a node, then participating in it may also feel unnecessary. In this hypothetical future, will we laugh at the idea of every node in the network transmitting unconfirmed transactions, the way we think it’s funny that Satoshi envisioned every node to be a miner?
Ironically, the centralization of mining does not begin with an obvious merger or legal capture. It starts with a few logical shortcuts: more efficient agreements, custom transmission methods, or operational optimization that benefits its stakeholders. No one can stop these deals from happening. But we can try to reduce the competitive edge that private services have over the public network: iron out mempool pinning vectors before considering proposals for consensus changes that increase the power of Mevil; make the public relay transaction network an efficient marketplace for bidding (and reviewing bids) on the blockchain.
The peer-to-peer network is where most Bitcoin ideas live. It is also an engineering challenge with painful trade-offs between node efficiency, audit resistance, motivational alignment, and protocol complexity. It will become more difficult as Bitcoin grows. How it should choose to reconcile these competing design goals is left to the reader.
Don’t miss your chance to become an owner The Main Problem – featuring articles written by many Core Developers describing the projects they are working on themselves!
This piece is a Letter from the Editor featured in Bitcoin Magazine’s latest Print issue, The Core Issue. We share it here as an early look at the ideas explored throughout the entire issue.
[1] [2] [3] [4] [5] [6] [7] [8] [9]
