Bitcoin is not ruled by miners

From Bitcoin Wiki
Revision as of 11:46, 8 August 2017 by Belcher (talk | contribs) (Why Bitcoin is not ruled by miners: added quote from introduction about using pow as a proof of the history of transactions)
Jump to: navigation, search

A common misunderstanding is that Bitcoin is ruled by miners; ie. that miners act as some sort of parliamentary body for Bitcoin. This misunderstanding probably arises from over-simplified explanations of Bitcoin in introductory material, and from certain quotes from the original whitepaper which are easy to take out of context.

Why Bitcoin is not ruled by miners

The paper

The original whitepaper said:

Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.

When taken out of context like that, it makes it sound like Bitcoin is a democracy among a constituency of miners. You have to read the entire paper to realize that this section is only talking about the block-chain timestamping mechanism. In other words, when it contemplates the majority of CPU power not being owned by honest nodes, the risk is that transactions could be reordered and therefore double-spending could be introduced; not that invalid transactions or blocks could be created.

This is made clear in several sections of the paper:

Nodes accept the block only if all transactions in it are valid and not already spent.
We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.
[Concerning simplified payment verification] As such, the verification is reliable as long as honest nodes [miners] control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes [full nodes] can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to confirm the inconsistency. Businesses that receive frequent payments will probably still want to run their own [full] nodes for more independent security and quicker verification.
In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.

Current centralization

If Bitcoin was ruled by miners, then this would currently be quite terrible security-wise. As of 2017, less than 10 individuals command a majority of hashrate. This is probably far more centralized that even most fiat currencies, and completely defeats the main point of Bitcoin, which is to be decentralized money.


If you are OK with 10 or so individuals controlling the currency, then you can design a much better system than Bitcoin. For example, you can design a system using chaumean e-cash with the following properties:

  • 20 independent entities are designated as signers.
  • As long as a majority of signers are honest, the system remains secure.
  • The system has perfect anonymity. The signers cannot know anything about the flow of money.
  • Transactions are instant, requiring only communication with the signers and a small amount of computation.

If you want to preserve the mining mechanism, you can create a simple proof-of-work block chain which simply determines the current signers and creates coins. Users of the system would look at the most recent blocks only to determine the public keys and IP addresses of the current signers, and then use the system as previously described.

This system would be better than Bitcoin in several ways. But the point of Bitcoin is to be decentralized, so Satoshi rejected this idea (which has been well-known for over 20 years) and created Bitcoin instead.


Some believe that miners will be incentivized to follow the rules, and so it is not necessary for anyone but miners to actually verify the rules. While it is probably true that miners would not want to destroy Bitcoin, they have no particular incentive to maintain rules which look very much like the current rules. For example, if they can figure out any plausible excuse to do so (price crashes, etc.), they would love to stop the process which halves the number of bitcoins created per block every 4 years. Trusting miners to behave optimally for users is like trusting tobacco companies to act with their customers' health as their #1 priority. Additionally, miners may not have a choice in some matters: since mining is so centralized, a small number of governments could just confiscate the mining operations or order miners to do certain things.

How Bitcoin actually works

In reality, how it works is that all versions of Bitcoin since Satoshi's very first software release have hard-rejected blocks and transactions which break certain rules called the consensus rules. An example of a consensus rule is that transactions must have valid signatures. A hard-rejected block or transaction will never be accepted under any circumstances, even if every other person in the world accepts it.

As a result of this hard-rejection, if miners produce blocks which break the consensus rules, then to everyone running a full node, it will be as if these blocks never existed; these blocks create no bitcoins and confirm no transactions. Since most of the economy is in some way relying on a full node to verify transactions, this prevents the miners who are creating invalid blocks from actually breaking any rules with any sort of real-world effectiveness, even if 100% of miners are doing so.

If, rather than mining invalid blocks which are just ignored, a majority of miners attack the network (eg. by double-spending transactions or refusing to confirm any transactions), then the Bitcoin economy must execute a hardfork to change the proof-of-work (PoW) function, getting rid of these bad miners in favor of new ones. If it was impossible for the Bitcoin economy to change the PoW in opposition to miners, then Bitcoin would be ruled by miners (and therefore insecure for the reasons explained earlier), since there would be no recourse against attack. But in reality, miners can't do anything about a hardfork, so it doesn't matter how much hashrate they have. Once a PoW change (or any other hardfork) is being done, it becomes an economic issue rather than a technical issue, and the amount of hashrate or number of nodes or any other technical parameter are almost completely meaningless.

If not much of the economy is running independent full nodes, then Bitcoin is ruled by someone. If most of the economy is using SPV-style lightweight nodes (but without the "alert" system intended by Satoshi), then Bitcoin is ruled by miners and therefore insecure. If the vast majority of the economy is using a small set of centralized banks or verification services, then Bitcoin is ruled by the most popular such services -- miners might be irrelevant in this case. As of 2017, the economy is far from ideal in this area, but probably not very near real danger.