Topic: Is it possible to force miners to include a transaction in a block? - page 2. (Read 460 times)

And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,
and if they are on an exchange or markets that lets them short BTC or short companies that own BTC,
they could become insanely rich in a single day, and no longer need to run a mining pool.
Pretending it can't happen seems to be the normal response on btctalk.
But there are literally no technical barriers stopping them from achieving a 51% attack against BTC weak proof of waste security model.
PoW Miners can only switch after the damage is done, not before.
For all we know the 3 mining pool operators are colluding and have already scheduled a D-Day for BTC for maximum profits.
D-Day = DoubleSpend Day
Satoshi always expected Miner Greed to secure BTC, what happens when the miners figure out a way to make more money faster by killing bitcoin.  
Part of the reason that using one of the 7 deadly sins as a security model was a bad idea.

FYI:  https://modernconsensus.com/cryptocurrencies/bitcoin/report-mining-pool-consolidation-threatens-bitcoin-security/

But let's all close our eyes and pretend it can't happen.  

I don't know the technical details of Monero either, but as far as I know, miners can't know transaction details either.

And the moment those pools start doing things that aren't in the interest of miners, those miners will move to a different pool and those 3 will no longer control 51%.

Miners require massive amounts of power, any miners not being part of a mining pool in regulatory-compliance.
Can have their power cut and be charged as a money launder after a few new laws are added.

https://bitcoinmagazine.com/business/new-north-american-mining-pool-bets-on-region-and-regulatory-compliance

https://bitaml.com/2022/03/21/crypto-mining-aml-compliance/

https://www.coindesk.com/policy/2022/09/14/us-treasury-blacklists-several-more-bitcoin-addresses-tied-to-ransomware-attacks/

https://www.washingtonpost.com/dc-md-va/2022/05/16/first-us-criminal-cryptocurrency-sanctions/

Over 51% of btc hashrate is controlled by only 3 mining pool operators,
they can be arrested for money laundering and have any ip addresses they use blocked by the ISPs that conform to government regulation.

Not to worry, as I expect proof of work networks to be banned worldwide by 2025 before global KYC/AML controls the BTC mining pools.
 

There is no need to change the protocol or add any more complication. It is easily solved by making bitcoin more decentralized.
In fact any time you are thinking about any of the basic principles of bitcoin (in this case censorship resistance) the same question arises: how decentralized is bitcoin? Because decentralization is the solution to all your concerns regarding these principles.

If one government in one jurisdiction demands censorship in their own country, the rest of the world are not going to follow and as long as all or majority of bitcoin mining power is not in that jurisdiction, their decision won't matter one bit.
Case in point US government having a blacklist of bitcoin addresses they have "sanctioned". They simply can not enforce that on miners/mining-pools because bitcoin is decentralized and the amount of hashrate in US jurisdiction is small.

The bitcoin community also doesn't look kindly to such actions.
Case in point MARA pool. News came out they were censoring transactions, so they were attacked by eveeryone and even their stock price dumped. The small number of miners connecting to their pool (the majority of hashrate is owned by the company itself) left the pool too.
It is going to be the same with any other mining pool that tries going down that road.

The first one accepted by the full nodes (just like normally a block is "the first" to be found and accepted). I'm however aware that this isn't easy to define, and would need a specific mechanism if there is ambiguity about who is the first in the network, and it's possible that this mechanism can be influenced by miners.

I had definitely thought about Monero as well. But I thought that there could be still a censorship problem, as I supposed miners still see all the origins (i.e. the UTXOs where all inputs of the block originate) of the transactions, only that they apply a mandatory CoinJoin to it.

Maybe I'm wrong and they can't see that (due to a kind of stealth address, perhaps?), I unfortunately don't know the Monero protocol that well. If I'm wrong and miners can't censor anybody in the Monero protocol, then at least we can say that the problem is theoretically solvable and that would be awesome

Then of course the question would be: could such a mechanism also be added to Bitcoin eventually in a way censorship is prevented? Or perhaps other mechanisms, coming e.g. from Zcash, Grin/Mimblewimble etc.?

What about Taproot and P2SH?

Edit: Just searched the Web a bit and found an interesting article leading me to this research. The essence seems to be that tracking/censorship would be still possible in Monero but only with a complicated "elimination" process, and that a recent upgrade made these attacks even harder. Need to look into it further however.

In that case: which one of the 12000 challenging nodes gets the block reward?

If we're going to have large protocol changes anyway, wouldn't it make more sense to make transactions private by default (like Monero)? You can't censor what you can't see.

You're right, that would be actually enough. Thus I think the problem is not only a theoretical danger.

If any node can challenge (not only miners), then there would be a low risk of such a collusion. Or am I understanding wrong?

For now, I was interested mainly in the theoretical possibility, for the case censorship could be a problem eventually. The example I gave was only a possibility I could imagine where, from a layman's perspective, a solution may lie, not at all really a "proposal". I've clarified this now in the OP.

Maybe Lightning could also be an instrument to mitigate the threat, although of course the channels with coins with problematic history which could be blacklisted would have to be opened before the 51% censorship attack begins (and the problem is that those could then also not be closed during the censorship attack).

@NeuroticFish: Exactly that is the problem if we don't collect the signatures on-chain in some way; thus the idea to "collect" signatures of partial transaction data in earlier blocks, but of course if these include the UTXO data, then these could be censored too (as the miner mining this block would see they contain a blacklisted UTXO and simply not process the signature); basically the problem would only be transferred to another miner (who in the case of an 51% attack will also be part of the censorship cartel).

Since every node (hence each pool) has its own mempool, you cannot ensure a node has received or not a transaction.
This being said, the government nodes wanting to censor a transaction can simply not tell / sign that they've received it.
Nobody stops them from doing that and eluding your system, yet still working in the same way they do now.

So I see your system only something that gives more to do to honest (ie playing by the common rules) polls while the dishonest (in this case censoring) ones are favored.
Am I missing something?

What if it's only 51% of the miners, and they also ignore any blocks that include "forbidden" transactions?

That's easy to get around if the challenger colludes with the accused miner.

---

---

The current mining system has worked just fine since it was created. At the moment, I see no reason to change it any time soon.

The recent discussion about some politicians wanting to introduce KYC/AML requirements for miners (which I of course do hope will never come, in no country of the world) brought me to think about the censorship problem, i.e. the dangers of miners blacklisting certain UTXOs or addresses.

Currently, Bitcoin's censorship resistance is based purely on incentives. A miner can include or censor the transactions he wants to, but if he doesn't chose those with most fees included, he will make less profit. And if a transaction gets rejected but pays significantly more fees than the current lower bound to be included, it is likely that another miner will include it in one of the next blocks.

Now: What if e.g. 99% of miners blacklist an address or UTXO, would the current system be enough? Would there be a way to improve that, introducing new protocol rules?

I have basic understanding of computing and blockchain tech but not advanced enough to know if an improvement is principally impossible or if there only hasn't been enough research on this.

If there was research, even the goal it was deemed impossible, I would be grateful for links, possible BIPs, mailinglist discussions etc.

---

As a layman one could imagine, for example, a mechanism where signatures of transaction data by potential miners are collected before the "real" inclusion of the block. (Edit: I clarify here that this is not a serious proposal but only an example where an idea for an approach could be starting.)

The example I had in mind: Miners could publicly first sign all transactions to acknowledge they have received them. Three new rules are introduced for tx inclusions in blocks:

1) They can only include transactions which they have publicly signed before.
2) They cannot include any transaction which has a lower fee than another transaction they didn't include but have previously signed.
3) Any node ("challenger") can challenge a recent block proving that the miner hasn't followed rule 1 or 2, and if he can prove it, then the "challenger" node gets the block reward and fees (this would need major protocol changes, but should be possible as similar mechanisms exist in "slashing" PoS protocols).

This is in the end also a "financial incentive" to not censor, but it should be much stronger than the current mechanism as an entire block reward + fee would be in danger for the censoring miner.

The problem is, obviously, "where and how do the miners exactly publicly sign the transactions"? There would have to be a "global state" of all these signatures.

If they have to sign the complete transaction data on-chain (i.e. as an "attachment" to an earlier block, which later could be pruned), then they could censor transactions in this step based on blacklisted UTXOs, like they would when they decide which transaction they include in a block. Probably nothing would have been won, although I could imagine situations where a "cartel" censoring transactions could have to be bigger with such an approach if two different miners have to intervene in a "approval" of a transaction.

Where my doubt is if there is a way to make them sign only the TXID or incomplete transaction data without the identification of UTXOs, without possible "challengers" being able to game the system, never transmitting the complete data to the miners. Is this perhaps possible with zero-knowledge approaches? Or could there be a second step, i.e. once the challenger has proven a miner has violated the rules, the miner gets some kind of second chance (as then the transaction data would be publicly known due to the challenger)?