In early August, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) decided to add Tornado Cash to the sanctions list put the issue of censorship resistance in the spotlight. To avoid criminal liability, RPC service providers Alchemy and Infura restricted access to Tornado Cash smart contract data, and Circle (USDC issuer) blacklisted wallet addresses on the sanctions list. Blacklisted addresses are also banned by Defi protocols such as Aave, but users can still interact with some smart contracts, but require many extra steps and some technical expertise.
This brings us to a more general question: Will blockchain be censored at the protocol level? Concerns about protocol-level scrutiny have emerged in the Ethereum community, with 66% of beacon chain validators expressing sensitivity to OFAC regulations after the merger. If more than 1/3 of validators (by stake weight) are reviewed in any form, the Ethereum chain will not function properly.
In this article, we will compare the performance of BTC (POW) and ETH (POS) in terms of censorship resistance through three key questions, and finally give our reflections.
Definition of “censorship”
In a recent Bankless podcast, Justin Drake defined two different types of censorship: weak censorship and strong censorship
1. Weak censorship: Weak censorship occurs when some censored block producers do not include personal transactions in the block, resulting in a reduced user experience. For example, a compliant block producer rejects a transaction from a blacklisted address, but the transaction is still ultimately accepted by the non-censored block producer.
2. Strong censorship: Strong censorship occurs when an individual’s transaction will never be included on the chain. Given that the individual has lost the ability to trade, this situation can be considered that the asset has actually been lost. This can happen when the network is taken over by a majority, also known as a 51% attack, and if it does, it could threaten the continued existence of the attacked blockchain.
In the following discussion, we will compare Bitcoin and Ethereum as representative networks of POW and POS systems, respectively. We’ll first identify what the censorship elements are, and then go into detail how Bitcoin and Ethereum are censorship resistant.
Issue 1: When miners/block validators are concentrated, there may be weak regulation through jurisdiction
Both Bitcoin and Ethereum face the problem of centralization of mining pools and validator nodes, respectively. This could give rise to an attack in which mining pools or validator nodes could be forced to comply with regulations and review any transactions deemed illegal in their jurisdiction.
Since the merger, the top two staking servicers have held a combined 43.03% share, and the top three have held 51.63% of the share. The risk here is that if Lido and Coinbase join forces, they can bring the network to a halt; If Kraken joins, the three will be able to take over the Ethereum network.
Source: Related Network
Before examining how Ethereum responds to the threat of centralization, let’s cover why validators end up becoming centralized. Under Ethereum’s POS mechanism, block producers can choose which transactions to include in the next block and how to sequence them later. This allows validators to participate in the process of MEV extraction, which Amber well defined in their recent article on ETH merging.
“Maximum extractable value, also known as MEV, broadly refers to the residual value that a miner or validator obtains in a series of blocks given the available operations. These operations can include reordering transactions, reviewing blocks, or even attempting to restructure the blockchain. Some common forms of MEV include sandwich attacks, arbitrage, and liquidation.”
As the graph shows, once MEV is considered, the validator reward increases significantly. Due to the economic incentives provided by MEVs, larger participants are running more validators, eliminating individual and non-professional validators. Therefore, ordinary holders are more inclined to join the validator node pool through the staking service to obtain higher and more stable income, thereby increasing the centralization of validator nodes.
Another element to consider regarding the centralization of stake nodes is cryptocurrency trading platforms. The trading platform is still the best place for users to acquire Ethereum tokens at the moment. Considering the huge number of users they have, many tokens will naturally gather on these trading platforms, and the convenient earnings provided by trading platforms through their Staking platform will attract the aggregation of tokens. We should educate users about the risks of using centralized platforms for staking, such as the possible impact if centralized platforms may choose to act in bad faith due to judicial pressure.
Although validating node pools are not the most ideal solution, they can allow more ETH holders to participate, so staking pools are still good for Ethereum’s decentralization.
So, how did Ethereum respond to censorship about centralization?
Solution 1: Separate the proposer and builder of the block
One solution that is currently being widely talked about is Proposer Builder Separation (PBS). PBS reduces the centralization problem by separating the roles of block proposer and block builder so that validators can be rewarded with MEV without having to be complex operators.
Blockchain operates with three key players that can check and balance each other to mitigate and ultimately eliminate potential censorship.
Builders, which are purpose-built blocks, extract the largest MEV and transaction fees by ordering transactions. After that, they will pay Proposers the proposal fee and place their block on the chain. Therefore, without Proposer’s help, those builders with censorship purposes will not be able to post transactions on-chain.
Proposers, also known as validators, either choose the hottest block or they won’t contain a block at all. If they believe that block builders are reviewing transactions, they have the ability to come up with a crList, which the builder must include as long as the blocks are not full, or their blocks are not proposed. Since EIP-1559 has been implemented, more than 80% of blocks contain spare gas, which means that users should be able to include their transactions in blocks as long as they pay a priority fee above the base fee. In summary, Proposers can achieve maximum benefit by choosing the block that pays the maximum amount, but still have the ability to use crList to force through censorship.
The prover will monitor the block building process and prove it only if the proposer’s block contains the highest paying block. This will prevent malicious proposers from reviewing the transaction.
Although the above method greatly improves the decentralization of validators, it still does not solve the problem of centralization of builders. How to decentralize builders is beyond the scope of this discussion, but you can read more here.
Solution 2: Encrypt the memory pool
Another solution under research is the use of encrypted memory pools to deal with centralized censorship. Transactions are encrypted before being broadcast to the mempool by the user and are decrypted only after they are included in a block on the chain. This will prevent any potential censor from obtaining the contents of the transaction during the block building process. In addition, it helps prevent MEV abuse, such as front-running. Another benefit of encrypting the mempool is that it can actually solve the problem of centralization for builders in the future. In this case, the proposer can build its own block by picking the highest-fee transaction from the cryptographic mempool without picking the block from a sophisticated builder.
Bitcoin has long been known as “digital gold”, not only in its use as a digital store of value, but also in its resistance to censorship. While the Bitcoin network is not as programmable as Ethereum, and weaker programmability minimizes MEV, it still faces the problem of increasing concentration of miners geographically. In addition, operating mining machines requires professional technology, hardware and energy are also capital-intensive, and the Bitcoin mining industry has developed in the direction of resource sharing, and miners pay service fees to mining farms according to unit computing power, thereby reducing the cash flow pressure caused by their own investment.
Source: Cambridge Bitcoin Electricity Consumption Index
As shown in the chart above, before China banned crypto mining in 2021, China accounted for more than 45% of the world’s computing power. But computing power has now shifted to the United States, which accounted for 38% of the world’s computing power as of January this year. Mining companies may be forced to reject certain deals by local regulations, posing a threat of censorship.
So, how does Bitcoin deal with the censorship aspects of pooling centralization?
Solution 1: Switch mining pools
Once a pool operator is subject to censorship regulations that run counter to the interests of miners, miners can easily switch to other pools (e.g., move away from the pool being reviewed). Due to the on-demand purchase of computing power, miners only need to change the mining pool address in the mining software to switch to the new mining pool. During 2021, when miners were banned by the Chinese government, miners were able to quickly migrate abroad and switch addresses to offshore mining pools, and hash power has now recovered and is higher than before the ban was announced.
While Ethereum can get validators to revoke or re-stake if they wish, there is still a time lag due to cooldown periods and queuing systems.
Solution 2: Give miners more control over the block building process
Most Bitcoin miners direct their hash power to mining pools, where they communicate with them using a messaging protocol called Stratum v1, which organizes the creation and submission of hashes by miners. If mining pools collude to review transactions, the community has no recourse. But with Stratum v2, miners will be able to choose their own set of transactions, giving them more control over the block building process, which can counter the censorship intentions of malicious mining pool operators.
If you are interested in learning about Stratum v2 and its feature upgrades to improve miner security and revenue, read here.
Solution 3: Free market competition
Bitcoin proponents argue that the economic incentives for mining Proof-of-Work are the best form of resistance to any transaction censorship. As the block reward for each halving cycle drops, transaction fees will tend to 100% of miners’ income. Therefore, even if any pool or miner that meets the regulatory requirements reviews a paid transaction, other miners/mining pools in different jurisdictions will be more than happy to take advantage of this to steal the transaction. Eventually, these compliant mining pools or miners will be defeated in the free market, resulting in a decline in their market share and profitability.
Conclusion 1: Bitcoin can handle censorship issues caused by centralization in the block creation process better than Ethereum.
Bitcoin today is better equipped to handle centralized scrutiny in the block building process. If there are pools that censor certain transactions, miners can now switch pools without delay, and miners’ autonomy is greatly enhanced.
While Ethereum has viable solutions to the censorship problem, it is mostly in the research phase and has not yet been implemented, as there is competition with other programmable blockchains, so other aspects of functionality need to be prioritized.
Issue 2: Strong censorship risks can occur if the network has a small security budget
The impact of a small security budget is likely to result in 51% of attacks. When this happens, the attacker will be able to take control of the blockchain. They are able to block incoming transactions and are able to reorder new ones. More serious is to rewrite the history of the blockchain and reverse their own transactions, resulting in double spending.
Ethereum’s security budget
Once a 51% attack is launched on Ethereum, all new deposits or withdrawals can be vetted by the attacker, at which point the network will be difficult to recover. Therefore, the distribution of tokens within the network is as decentralized as possible to prevent the required tokens from being obtained by coercion and attacked. At the time of writing, 13.6 million ETH are staked on the beacon chain. Ethereum’s economic security can be achieved by multiplying 13.6 million ETH by the price by 51% to get the minimum amount required for transaction review. At the current price of $1,700 per ETH, economic security today is about $11.5 billion. In fact, given that the price increases with the demand for ETH rather than linearly, the cost will be much higher.
Since coming up with these funds is not a problem for some organizations or countries, we still need to consider preventive solutions.
Solution 1: Encourage more users to stake
Compared to other POS networks, only 11% of ETH is currently staked (e.g. 77% for Solana, 66% for Cosmos, and 65% for Avalanche), which means there is a lot of potential. As the amount of stake increases, it will become very difficult for an attacker to obtain 51% of the total stake.
However, one obstacle to more people staking is the opportunity cost of DeFi revenue to users. If users are able to earn better in DeFi, then users may prioritize financial incentives, and the incentive effect generated by ETH staking proceeds will be reduced. One solution to breaking down barriers is the liquid staking protocol, but it could also bring us back to the centralization problem we see in Lido. While we can see that Lido is distributing stake to about 30 validators on its whitelist, the list of whitelists is still approved by Lido, which is still controlled and approved by Lido. Therefore, the selection criteria and capabilities for adding and removing validators are crucial, which means that strong governance capabilities are needed within DAOs.
Encouragingly, Lido has been exploring governance options using dual governance proposals, with voting on key governance issues being shared by stETH and LDO holders, which will maintain consistency between both token holders. There is also a key issue associated with censorship resistance, which has the potential to change the way equity is distributed among node operators in a potentially harmful or unexpected way. In the case of governance in specific situations, once the LDO holders have passed the initial proposal, stETH holders will also be involved, and they can also withdraw from the protocol if all available negotiations fail. Read here for a more detailed explanation of the voting mechanism and subsequent results.
Solution 2: Diversify validators to prevent coercion for governance
If ETH is not available in the marketplace, another way to gain control of the network is to force 51% of validators. Therefore, the effect of censorship resistance is achieved by increasing the diversity of validators in the following forms:
Promote jurisdiction/geographic diversity to ensure that no single jurisdiction/country can take validators offline
Increasing the diversity of operators/equity holders to ensure that mandatory scrutiny is extremely difficult where interests are widely distributed
Increase client diversity to ensure that no single error in the authenticator client can take the authenticator offline
Reduce the hardware requirements for participation to ensure that everyone can launch the authenticator as needed
Increase the number of validators with full copies of transactions
Solution 3: Social intervention
If preventive measures fail, Ethereum will intervene at the social level. This is done by automating the fork process when censorship is detected, while allowing enough time for consensus to reach a fork. In an ideal world, full online nodes would identify and identify which blockchains have censorship purposes by examining mempools, fork and punish chains with censorship purposes if found, all without social interference.
However, forks are rarely straightforward and quick to complete, as reviews can sometimes be accidental, such as due to errors in the authenticator client. In this case, it is important to be able to intervene and discern what is real and what is unexpected. In addition, there are considerations such as how to choose a new blockchain, which checkpoint should be taken to start a new blockchain, how to punish attackers on the new blockchain, etc., which will affect the economic value of the chain. The above is to let new users know that if they wish to participate in the new uncensored blockchain, they must first be able to withdraw on-chain funds. While there are currently no rules and guidance for users to understand how to respond to various policy interventions, it is important that the governance and decision-making process of the chain be as decentralized as possible.
Bitcoin’s secure budget
If Bitcoin is subject to strong scrutiny, miners will be able to mine out all the rewards and restructure the chain as they see fit. Given the current hash rate of 230m TH/s, assuming that existing miners are not involved in the attack, an attacker can only control the network if they have more than 230m TH/s. Let’s do the math and use the most efficient ASIC chip on the market today, the Antminer S19 PRO (110 TH/s), which requires a total of 2.09 million ASIC chips (230,000,000 TH/s divided by 110 TH/s) to carry out the attack. At today’s price of $4,400, the total cost of obtaining hardware to attack the network without accounting for energy costs is $9 billion.
Solution 1: The Bitcoin network is more censorship-resistant due to the difficult access to ASIC chips
While the cost is not out of reach for some highly aggressive attackers, there is significant resistance to acquiring ASIC chips because only a few companies can produce them. And because the supply of annual rollouts is insufficient, attackers can’t launch quick attacks.
Solution 2: The conversion of miners is very low, resulting in the decentralization of the Bitcoin network
It is very difficult to obtain the machines needed to control the network, so the attack is likely to be carried out by coercing or controlling an existing mining pool. We can rely on mining pools that have emerged in different parts of the world to solve this problem, because their emergence greatly reduces the switching cost of miners, so that they can quickly switch in the face of censorship, so as to achieve censorship resistance.
Conclusion 2: Bitcoin is more resilient than Ethereum when it comes to preventing 51% strong censorship attacks. Ethereum’s solution with the social layer as a last line of defense gives more power to the few, but there are still many questions about social consensus.
On the face of it, Ethereum has a higher security budget than Bitcoin. However, the acquisition of hardware when taking over the Bitcoin network poses more resistance than the cost of acquiring a majority of Ethereum’s tokens.
If an attacker resorts to an alternative route to strongly censoring a centralized mining pool to gain control of the network, Bitcoin’s solution is much simpler because honest miners can help rebalance the hash rate by switching to a non-offensive mining pool.
In the case of Ethereum under strong scrutiny, while the social layer can intervene, there are still many questions about how to transition to a user-activated soft fork. First, how can social consensus be reached among non-attacking actors? Can the majority of the new minority make a decision? Or is it up to the core team to decide? The decision-making process can be likened to an “Ethereum DAO” voting to reach a majority decision. So should it be decided by a majority of voters or a majority of the stake? A common criticism of DAO voting is that an overwhelming majority of holders could vote for the outcome, but were ultimately vetoed by a single holder holding more shares. This is not meant to reflect the actual process of deciding on the fork rules, but rather to highlight the problematic aspects of social governance that the Ethereum community has not yet implemented. Eventually, it may be that, as Nic Carter suggests, the social consensus layer inevitably leaves room for politicization, and Ethereum may suffer the same fate as expropriating national governments.
Therefore, we believe that Bitcoin is more resilient. It’s also worth noting that this may not be the case in the future. One potential scenario is that as block rewards tend to zero, if Bitcoin’s trading activity fails to pick up, the lack of transactions will result in miners lacking income and they may struggle to maintain solvency. This will cause miners to shut down the miner and cause the hash rate to drop, thus weakening Bitcoin’s security budget. Therefore, the Bitcoin network needs to continue to attract new users if it is to operate as a healthy network.
Issue 3: External dependencies can create censorship risks for the underlying network
The denomination of each cryptocurrency is anchored using stablecoins, and Bitcoin and Ethereum are no exception. A quick look at the market capitalization of stablecoins reveals that the top 3 are all backed by fiat collateral held by centralized custodians. This puts them in the realm of regulation, which begs the question: what if custodians make it impossible for users to convert stablecoins to legal tender just because of government censorship or banning? While these are unlikely to happen, the ripple effects that occur once they do are terrible. Recently, USDC issuer Circle froze more than $75,000 worth of funds related to Tornado Cash addresses in accordance with the OFAC sanctions list.
Potential solution 1: Overcollateralize stablecoins
One can mint a token pegged to fiat currency in exchange for cryptocurrency collateral. MakerDAO’s DAI is currently the largest decentralized stablecoin in the crypto space, and when asset prices start to fall, they maintain the peg of 1 DAI = $1 by liquidating the staked crypto collateral. Since 2017, they have experienced price fluctuations in Bitcoin and Ethereum and have proven to be robust. However, even they have more than 30% USDC exposure as part of their collateral. Following the recent USDC and Tornado cash incidents, they are currently in governance discussions about the need to implement negative interest rates to make DAI more freely circulating to achieve their vision of becoming a public, neutral financial utility infrastructure.
Another option favored by Vitalik is Reflexer’s RAI. In this protocol, users can deposit ETH and mint RAI up to the value of the deposited ETH. The main difference here is that RAI does not stick to a fixed peg like the US dollar, which means that the peg of RAI changes depending on the volatility of the market. They also allow for negative interest rates, which helps provide a balance in which excessive growth can be contained, making stablecoins less volatile. Read here for a more detailed explanation of how RAI works.
However, a fundamental problem with overcollateralized stablecoins is that they continuously extract liquidity from the market (which is not ideal if we expect financial activity to occur on cryptocurrencies). We also need to consider what kind of collateral can be collateralized as the base currency.
Bitcoin’s viability: Bitcoin is pretty much the best collateral out there. But even if there are ready-made solutions on the market at the moment, due to overcollateralization that will extract liquidity from the market, it is not an ideal solution if we expect financial activity to occur on-chain.
Ethereum’s viability: Stablecoins using ETH as collateral may not be the way forward. If ETH faces scrutiny, these stablecoins will face redemption issues as users may want to exit their ETH positions. While using Bitcoin as collateral mitigates this associated risk, it still faces the problem of liquidity withdrawal.
Potential solution 2: algorithmic stablecoins
Although algorithmic stablecoins are a bit notorious due to the Luna crash, algorithmic stablecoins are another option, with the goal of creating an anchored stablecoin that does not require collateral but is anchored using some form of governance token. It is then pegged by arbitrage opportunities between governance tokens and algorithmic stablecoins. But this system design is very fragile because it requires rational participants and strong confidence in governing the value of tokens.
Once confidence is broken, a death spiral may emerge: when the price of governance tokens falls, market participants, instead of maintaining the stability of token prices, further sell their governance tokens, exacerbating the price decline.
In theory, algorithmic stablecoins could perform the same role as parts of our existing banking system without withdrawing liquidity. But there doesn’t seem to be a suitable candidate to perfect the system design of algorithmic stablecoins and expose them to less risk.
Bitcoin viability: Not applicable, there are no viable candidate projects on the market.
Ethereum viability: N/A, there are no viable candidates on the market.
Potential solution 3: Bitcoin or Ethereum as a decentralized stablecoin
Think: What if Bitcoin became a censored, decentralized “stablecoin”? This seems to solve the problems faced by Bitcoin and Ethereum.
Bitcoin viability: It seems that Bitcoin holders can all join because 1 BTC = 1 BTC. This may solve the case of a decline in security budgets due to lack of transaction activity (recap: block reward tends to zero = all miners’ income depends on transaction fees = sufficient transaction activity is needed to remain solvent and maintain a high hash rate). If BTC is widely used on Ethereum (and any other programmable blockchain), transaction activity will come from it serving as a base layer currency for DeFi and many other applications, which can then maintain economic incentives for miners, further strengthening censorship resistance to any attackers.
Ethereum’s viability: Imagine if USDC or USDT were censored and the chain forked, and there was no fiat-pegged stablecoin on the chain, how many users would choose that “bubble and low trading volume” stablecoin? If Ethereum is used as a decentralized stablecoin, it will eliminate the reliance on fiat-pegged stablecoins, making chain forks a more realistic option in the face of powerful censorship attacks. Users will not have to worry about the destruction of economic value, as Ethereum is strongly censorship-resistant as a base layer currency.
RPC (Remote Procedure Call) networks are essential to blockchain. It provides access to server nodes and allows users to communicate and interact with the blockchain while interacting with a certain independent program. Given the specific hardware required to run these RPC nodes, most developers turn to centralized RPC networks such as Infura and Alchemy for their dApp API needs. The downside is that these centralized RPC networks can restrict access to blockchain data when you need to comply with any governing laws, and can also serve as a central point of failure that is vulnerable to hacking. The end result is that users may face service interruptions, greatly reducing the user experience.
Solution 1: Light client
Ethereum has been hoping for more users to run their own light clients. Instead of storing the full state history of the chain, the light client relies on the synchronization committee to synchronize to the chain. They can also make arbitrary queries on the network status by asking other full nodes instead of through centralized Infura or Alchemy.
Bitcoin has also always encouraged users to run their own light clients. Light clients on Bitcoin can interact with the network but not store the blockchain, and can query other nodes for blocks and transaction data of interest.
Solution 2: Decentralized RPC network
Decentralized RPC network providers provide economic incentives to distributed RPC nodes to provide applications and users with access to blockchain data. By using a decentralized set of RPC nodes, the underlying protocol layer can enhance its security and censorship resistance because there is no single point of failure. Existing solutions include Pocket Network, Ankr and Solana’s GenesysGo. Both Ethereum and Bitcoin will benefit from a decentralized RPC layer, which will increase Ethereum’s censorship resistance given the large number of applications using the RPC network.
Core developers and project teams
The arrest of Tornado Cash founder Alexey Pertsev has raised a discussion about whether developers or project teams can take responsibility for their open source code. So should they be anonymous? Easily identifiable identities place individuals in jurisdictions, which can mean they are vulnerable to regulatory control. While there is no explicit requirement that founders or developers are responsible for their code, it may be wise to ensure that teams are geographically distributed to handle any potential scrutiny from a particular jurisdiction.
Conclusion 3: External dependencies have a significant impact on the censorship resistance of the base layer protocol.
We believe that the first issue to be addressed is the choice of a base layer currency, and the economic value of Bitcoin and Ethereum is pegged to USDC and USDT, which are vulnerable to US regulations. For other possible sources of review risk including RPC layers and protocol developers, we believe existing solutions can mitigate and eventually eliminate these issues.
Although we have made extensive comparisons of Bitcoin and Ethereum, and they also have their own features and solutions in terms of censorship resistance, such as Bitcoin’s characteristics that make it suitable for base layer currencies, we still need the programmability of a blockchain like Ethereum to have on-chain applications. Ultimately, decentralization, censorship resistance, and sovereign independence are what Bitcoin, Ethereum, and many other blockchains are striving to achieve.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/bitcoin-and-ethereum-censorship-resistance/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.