Imagine If Full Nodes Actually Controlled Bitcoin
Suspend your disbelief for a moment, and postulate that miners don’t actually control the blockchain regardless of what non-mining fully validating nodes say they would like the protocol rule set to be by broadcasting their node version. Imagine instead that full nodes are able to successfully constrain miners. These apparently provide miners information about the consensus of what rules are supported by the “economic majority”.
The problem is you can’t actually tell which full nodes represent which coins unless each node broadcasts a signed message from their private keys holding their coins. Furthermore, one of the reasons for running a full node is to protect your privacy, which signing a message with your addresses and broadcasting through your full node would destroy. As anybody who has studied public choice theory when it comes to voting knows, voting is nearly worthless except as a psychological benefit and social conformity signal, both of which are most likely trumped by financial privacy.
So full nodes won’t actually represent “economic majority” and all you’re left with is raw node count in order to influence and signal what rule set the network will enforce. This is where we come to Sybil attacks, where an attacker creates a bunch of fake full nodes in an attempt to influence the rules of the network. It’s been suggested that Bitcoin is sybil resistant against up to 50,000 sybil non-pruned nodes.
Lets take the absolute worst case scenario for an attacker. We can make a full node using a Raspberry Pi, a 200 GB hard drive, and a GoTenna. Then they have to connect it to the network in many different locations to not seem like a centralized attack. Let’s ballpark the costs involved.
Raspberry Pi = $35
320GB HDD = $19
GoTenna (mesh network internet)= $79
(35+19+79)*50,000 = $6,650,000
Let’s just say it costs $4 Million to assemble, distribute, and hook these up to power (say have some agents set these up at cell towers and power stations around the world)
Grand Total: $10.65 Million
So at worst it costs less than $11 Million to Sybil the network. That’s a couple orders of magnitude less than what the U.S. Government misplaces on defense in a year. You think the Federal Reserve couldn’t afford that? They could swing 50,000,000 Sybils without even changing the interest rate. This is all assuming that an attacker doesn’t have the ability to use a botnet as relays to a single node, which cuts costs for hardware to just one 200 GB HD computer with the processing power and bandwidth to serve those relays.
So… What do these nodes do? Well they’ve managed to convince the miners to do one of two things. Ignore full nodes, or follow the sybil nodes.
Let’s take the first case. Your full node now does nothing for consensus, and miners have no reason to do anything other than listen to hash power when trying to determine what set of rules would be most profitable. Even if we were to go to conferences and wear hats, that would still mean your full node does nothing for consensus. Proof of Hat isn’t going to work for much longer when non-enthusiasts are using SPV nodes. Good. We’re back to a sane blockchain world. Prove your work, or shut up. Sybil attack defeated.
But let’s suppose the miners followed full nodes. Well now the non-Sybil full nodes split off and reject blocks of the Sybil chain. Unfortunately for the non-Sybil chain, they’ve lost their hash power and are likely to have to wait 2016 blocks until the next difficulty adjustment, which slows down block production and reduces economic activity happening on this chain. Simultaneously, for quite some time, without replay protection, all transactions in the mempool can be included in the Sybil chain, so you can’t even tell which chain is actually user backed… So you’re gonna have to go back to Proof of Hat. Good luck with scaling that.
If your chain isn’t hard forked or abandoned before the difficulty adjustment, the difficulty adjustment brings its own problem. Rewriting the chain now becomes much easier. The 51% chain attack that Bitcoin Gold recently experienced will become possible on the non-Sybil chain. This is why people like Luke Dash have suggested implementing an emergency proof of work algorithm switch. This is also a Hard Fork… Congrats, you’re now an alt-coin. There goes the “never hard fork” dreams of the economically illiterate Dunning Kruger faction of Bitcoin.
Now you might even suspect that miners are themselves behind the Sybil attack… And maybe so, but that actually doesn’t change anything. Miners still abandon your “consensus”, 51% attack your chain, watch as your full nodes are purged from their system while all the SPVs come along for the ride, and you fork off to form your own alt-coin. You know, until the next ASICs for you new hash algorithm comes around, or you have fork again because somebody quickly found a vulnerability in your new algorithm. A vulnerability for which there hasn’t been an exponentially growing bounty for the past 10 years.
Sorry, but this is the system you signed up for when you bought Bitcoin. Miners are in control, there’s nothing anybody’s full node can do about it. If you try to make miners follow anything other than their own profit incentive and hash power, you simply introduce the ability to Sybil attack the network. Fortunately, you don’t have power, and this isn’t a democracy.
It’s a hash power meritocracy. Deal with it.