Bitcoin Network: Decentralized == Defenseless?

Part of the Bitcoin “community” is very interested in scaling problems, and has decided to conduct some “tests”/”experiments”/”demonstrations” to see how the Bitcoin network weathers heavy stress. This test may be happening right now or soon (or never)—who knows?

This event is part of a fascinating bit of sociotechnical theater, acting out an dramatic, operaetic scene, as the various segments of “the” community roar and gesticulate their own lines. Last month saw a catastrophic schism, when key “developers” forked the code to create a second, competing implementation of Bitcoin, while other factions offer competing plans, and everyone is arguing about what should be the One True Way.  (In many cases, the arguments include references to “scripture”, quoting from the Nakamoto Document for support.)

The Coinwallet “demonstration” has, of course, an underlying point: the current design of the Bitcoin software has a limited capacity, so limited that it is easy to forsee disastrous overloads in the near future.

The demonstration is a classic “white box” software test, which uses intimate knowledge of the system to carefully design cases to force the system into overloads, which will then ripple throughout all related software and users. One estimate suggested that such an event could create backlogs for 30 days (!). That is, if Coinwallet’s test works out as predicted, you will have to wait until October to receive your payment from today.

While this is a pretty standard bit of test engineering, we normally don’t conduct destructive stress tests on live, production systems. In this case there is little alternative because there is only one Bitcoin network, there is no backup, no large testnet, and it isn’t segregated into subnets. All or nothing are your choices for testing.

Amazingly enough, people using this network are less than completely pleased with this “attack”, however it may be dressed up as “testing”.  This is certainly not a very neighborly way to make your point about scalability. And there is a real danger of copycat “attacks”, which could completely flood the network.  Is this any way to run a “community”?

What is nominally a software “stress test” is also a stress test for the Bitcoin community itself, for many reasons.

To start with, the test itself is nothing more than a carefully designed set of transactions, which are entered into the network through the universal, public protocols. Furthermore, they are designed to operate within the spirit of Bitcoin, using transaction fees to “incentivize” miners to process the test transaction. This is all well within the rules, so who can object?

On the other hand, this flood of traffic has, quite reasonably, been characterized as “spam”: they are blasting immense amounts of meaningless autogenerated junk into the system, crowding out “real” transactions.

Describing this as “spam” is quite apt for another reason: the only countermeasure seems to be filtering out the troubling transactions. But choosing to ignore some transactions is something that the Bitcoin community considers “censorship”, an anathema, and one of the things the decentralized network was created to defeat.

If the miners can decide on their own that they just won’t do these transactions, then why can’t they select to block others? For example, there is a perennial desire to ignore the zillions of transactions from gambling payments which clog up the network and represent no “real” business activity.

But, if such “censorship” is OK, then is the Bitcoin network is morally any better than the despised “centralized” systems it is supposed to replace?

Ouch! Damned if you do, damned if you don’t!

Surely the thousands of innocent users shouldn’t suffer at the hands of a few misguided people. What is to stop others from running similar “attacks” for their own reasons? If a few people can blockade the whole network any time they want to, it would be pretty fatal to any hope for widespread use of Bitcoin.  This could be an existential threat to the entire network.

But what can be done?

It is certainly the case that any decentralized system and organization such a Bitcoin will be vulnerable to various kinds of abuse and attacks, albeit they will be different than the attacks that succeed against other architectures.  All systems are vulnerable to some threats.

Unfortunately, the nature of decentralization eliminates many of the commonly used defenses that are used to defend network systems. These might include things like  access control, contractual terms of use, and imposing personal liability for abuses. All of these mechanisms are eschewed by the Bitcoin network, as part of its philosophy and design.  The very design of this supposedly indestructible network makes it vulnerable.

In a deeply ironic development, some have argued for employing  the ultimately “centralized” defense. Perhaps the Coinwallet “test” should be considered a violation of national laws against computer abuse (i.e., anti spam and DDOS laws), and should be prosecuted by the hated state.

Would the Bitcoin community really resort applying to the very laws that Bitcoin is designed to subvert, collaborating with the very authorities they boast are powerless to control them? And if this application of the law is pursued, where will it stop?


It looks to me like the wheels are coming off of Bitcoin. Everything is falling apart, especially “the community”. Can Bitcoin even survive the year?



Cryptocurrency Thursday

3 thoughts on “Bitcoin Network: Decentralized == Defenseless?”

    1. Kind of a loaded question–what would ‘success’ or ‘failure’ mean?

      But I do think that if Bitcoin suffers from significant denial of service problems and/or splits into multiple rival networks, then Bitcoin per se will become increasingly marginal and ignored.

      It might then be surpassed by other blockchain like systems, including ones backed and run by private and state banks.

      Would that be a ‘fail’? I dunno.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.