Author

Topic: Is it possible to force miners to include a transaction in a block? (Read 462 times)

legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I'm also don't know how you could actually verify that a node had indeed previously seen a transaction it was not broadcasting. Each node would have to store and share a list of every transaction it was broadcasting to every node, but even then, there would be no way to verify that a node actually received what was being broadcast to it.
Of course a node could not verify which transactions the other node saw. What each node could verify, in contrast, are the transactions which were signed. That whole mechanism only makes sense combined with the "challenging blocks" mechanism I described earlier.

I'll probably wrap my head a bit around that mechanism. I suspect there could be a way, based on such a mechanism and maybe a slight PoS component, to force miners to include only the transactions with most fees, or at least provide very strong incentives to do so. You're right that this would be much more intensive computationally, but maybe it is worth it thinking about it anyway.

I also don't think it's particularly necessary. One or two nodes participating in censorship is irrelevant - transactions will spread around them without issue. Even if we pick some ridiculous number like 50% of nodes which start censoring transactions, [...]
The mechanism I was referring to is directed more to miners than to normal nodes. Miners unfortunately could start to censor massively, like it seems to have occurred in Ethereum. Thus the idea to punish them for misbehaving (censoring, in this case).

Anyway, this discussion is mainly a theoretic one. I believe that in general Bitcoin's incentive mechanisms work well. But it's not wrong, I think, to try to imagine possible bigger improvements for the long term.
copper member
Activity: 1330
Merit: 899
🖤😏
I was wondering, isn't counter productive even if all miners and nodes decide to comply to all the regulations imposed even by every single country?
Meaning, whatever that is against the principles of bitcoin, if applied to bitcoin, then it is no longer bitcoin and the reason for such current adoption is because it hasn't gone against said principles yet.

As an example, if the whole world says that we can't use end to end messaging apps, then such apps will cease to exist given if all host providers follow the rules of the entire world, but what will really happen? Well, those in need of such apps will use dark versions and such apps simply transit to the underground section, though people will keep using "end-to-end" apps no matter what governments demand.

That's the bitcoin principle, no central authority, whether it be one country or the whole world.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Leaving out the tinfoil hat wearing paranoia that some people have about the government censoring transactions, just due to the locations that pools operate in. There is no way to do this. Do you really think if North Korea, Russia or any of those governments want to move what the US would think should be a censored transaction that the mining pools in Kazakhstan care.

Or if the CIA got the private key for one of the addresses that North Korea has moved their ransomware funds to that Foundry Digital would not happily mine it for them?

With nodes, as o_e_l_e_o said, there are so many out there that it's not a real worry.

-Dave
legendary
Activity: 2268
Merit: 18748
Before a node submits transactions to another node, you could require it to send you a list of transactions which were signed by a "node key". If there is a transaction this node did not include but had been seen before when communicating with another node,* and is also not in your own transaction list, then you don't transmit your transactions.
This all sounds very computational expensive, for every node not just to be verifying and broadcasting transactions, but also verifying each transaction was signed by each node's key. I'm also don't know how you could actually verify that a node had indeed previously seen a transaction it was not broadcasting. Each node would have to store and share a list of every transaction it was broadcasting to every node, but even then, there would be no way to verify that a node actually received what was being broadcast to it.

I also don't think it's particularly necessary. One or two nodes participating in censorship is irrelevant - transactions will spread around them without issue. Even if we pick some ridiculous number like 50% of nodes which start censoring transactions, then given that by default each node connects to 8 others, there is only a 0.4% chance that all 8 of the nodes you connect to would be censoring.

Given how easy it is to run a node, I don't think this will ever be a problem. There are plenty of people who run nodes who would never implement censorship, and there are plenty of people like me who would quite happily spin up 10 nodes to counteract such censorship.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
For some reason (probably related to the Christmas holidays) I missed these two last thread answers. Now I've a little remark for one of them (better late than never Smiley ):
But if there was a potential coinjoin with (say) 50 different participants, and I was holding the whole thing up because I didn't want my UTXOs to be coinjoined along side some other specific UTXOs, then the rational action for everyone else is not to ask me to share a list of the UTXOs I don't like and then double check all the other participants against my list, but rather to simply exclude me since I'm the troublemaker here.
In general I think you're right here. At a first glance, I thought being blocked in the "pre-CoinJoin negotiations" wouldn't matter because you can always change your address and IP, but then you would have to move your coins, and this would mean investing money in fees. There may be possibilities to game this for people with large pockets but I think in general the incentives should work here.

This brings me to the idea to adapt the same principle to the relation between miners and other nodes, to prevent censorship of certain transactions:

Before a node submits transactions to another node, you could require it to send you a list of transactions which were signed by a "node key". If there is a transaction this node did not include but had been seen before when communicating with another node,* and is also not in your own transaction list, then you don't transmit your transactions.

To really prevent censorship his would of course have to be combined with the "challenger" role I outlined above -- the possibility to "overrule" a block if censorship has been detected. In this case, censorship would have been detected if a node can prove that in a block a transaction was excluded which 1) had been signed by the miner's "node key" (the public key would have to be included in the block header) in the node-to-node communication to build up the mempool, and 2) had higher fees than the lowest-fee transaction that had been included in the block.

If miners add lots of fake transactions, that would cost them (potentially a high amount of) fees.

The main problem here stays however the same, I think: The miners wanting to censor txes could simply use another "node key" for signing transactions in the node-to-node communication than the one they use later to mine blocks. If there was a way to enforce these keys to be the same, then the problem would have been solved without requiring privacy techniques. But I still have no idea how this could work and it may be impossible in a P2P context. (I "could" imagine a solution in a combined PoW/PoS protocol however, miners could be then be required to gather some support from "economic nodes" for their blocks or they will never see their reward.)

So in the end, if this problem is not solved, the "CoinJoin/Monero way" would be the only one to really prevent censorship.

*You could fine tune that so latency losses aren't taken into account. For example, only "punish" nodes that have excluded transactions which you already saw more than 20 seconds ago or so.
legendary
Activity: 2268
Merit: 18748
According to what I've heard, it uses a completely different cryptographic scheme than monero and is resistant to censorship.
It uses proof of stake, meaning it becomes more centralized over time. That's the last thing you want in any good cryptocurrency, but particularly one which is supposed to be focused on privacy and censorship resistance. Proof of stake cryptocurrencies can never be censorship resistant, as the recent hilarity with Ethereum shows, with somewhere around 80% of Ethereum blocks current censoring transactions to comply with OFAC regulations: https://www.mevwatch.info/

So sure, that particular shitcoin might allow you to avoid having to download the entire blockchain, but it is neither private nor censorship resistant. If avoiding downloading the blockchain is your main goal, then using bitcoin with a light wallet such as Electrum will be far superior.
legendary
Activity: 2268
Merit: 18748
But it leads me to another technical question: Can CoinJoin participants censor other potential participants of their CoinJoin? I.e. could there be CoinJoin transactions where a "tainted" input would be rejected by all other participants, so the often unfortunate owner of the tainted UTXO can't find a CoinJoin to integrate their transaction?
It's possible, sure. But if there was a potential coinjoin with (say) 50 different participants, and I was holding the whole thing up because I didn't want my UTXOs to be coinjoined along side some other specific UTXOs, then the rational action for everyone else is not to ask me to share a list of the UTXOs I don't like and then double check all the other participants against my list, but rather to simply exclude me since I'm the troublemaker here. This becomes even more evident if there were two or three people like me who all had different lists of UTXOs they didn't want to be associated with.

People who don't want to be linked to other specific UTXOs simply wouldn't use this specific coinjoin protocol. Everyone else who does not buy in to the provable nonsense of taint could use the protocol freely. This essentially already happens in coinjoin protocols which do not cooperate with blockchain analysis and spy on their users (i.e. JoinMarket and Whirlpool, but not Wasabi). It would just be a case of scaling the transactions up to be much larger to make the fee for such transactions incredibly attractive to miners.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I didn't have too much time the last few days, I only could read a couple of basic articles, but my intention is to investigate the Monero protocol further and look if there could be some elements which could theoretically be integrated into Bitcoin. Until now my understanding is that the censorship resistance in Monero comes from basically two elements:

1) the fact that all possible inputs which could be included in a transaction/block come from CoinJoin-style transactions with ring signatures and lots of inputs and outputs, so if the miner wants to censor transactions, he would have to do extensive blockchain analysis to see which of the inputs could belong to a tainted "chain of transactions".
2) a transaction can go to a stealth address, which obfuscates the real address of the receiver. I'm in doubt however if this is really an advantage to Bitcoin if you create always fresh addresses for your transactions (Monero seems to have an "account" model, which of course is not really privacy-friendly if it doesn't have a mechanism to obfuscate the real address).

Edit, to clarify point 2: If stealth addresses made it impossible for miners to see in which ring-signature transaction, or even in which block you received the payment you spend in a certain output, then the Monero way would have an advantage versus Bitcoin, and it maybe could be even thinkable to be adapted in BTC.



Another possibility to prevent this kind of miner censorship is to expand upon coinjoins.

[...]Let say instead that your transaction is part of a much larger coinjoin transaction, with 50 inputs and 100 outputs, and a combined fee of 100,000 sats.
Yep, this is an interesting alternative scenario which could be enacted without any protocol change, simply making it easier to use (i.e. integrate it into standard consumer-focused wallets) would already be an advancement.

But it leads me to another technical question: Can CoinJoin participants censor other potential participants of their CoinJoin? I.e. could there be CoinJoin transactions where a "tainted" input would be rejected by all other participants, so the often unfortunate owner of the tainted UTXO can't find a CoinJoin to integrate their transaction?

Of course it's possible that there may be altruistic participants who strive to integrate tainted and non-tainted inputs in CoinJoins, but the extend of that practice in the future remains speculation, a technical solution would be better.



I'd be grateful if we can focus the discussion to the technical side, and not derail too much into theories about possible government actions and also let out the PoW/PoS debate which is irrelevant for this question imo.

I think for now the Bitcoin incentive mechanism works well (so I partly agree with @pooya87 and others), but we don't know what could happen in the future, so at least discussing a bit about possible technical strategies and "Plan B's" isn't in vain, imo. At least that was the intention of the OP. Thanks Smiley
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
All governments are the same they just appear different because some are better at covering up their tracks and others are better at public relations.

This is widely incorrect. In some countries the 3 areas/powers - executive, legislative, and judicial - are correctly separated giving less chance to "the government" do anything he wants in the way he wants (of course, there are exceptions too sometimes, unfortunately).

The US government have the attitude of just doing what they want and no one challenges them because of that confidence.

If they would just do anything they want the supreme court would kick their asses pretty bad. So no.
If they have their backs insured properly, then yes, they can do certain things. Still, there are much worse cases around the world; and there the government really does whatever it wants. Do you need examples?

Any business that is located in a jurisdiction will listen to the government because they risk getting raided other wise. This is why companies or pools that do not store information by default are preferred over those that do. The trouble is verifying that they do not store personal identifiable information.

Some store information and tell you, some store information and lie to you and very few don't store information. Of course, governments don't like the 3rd category. Still, this doesn't make them the same.
legendary
Activity: 1232
Merit: 1080
The problem is when people say "the government" it really comes down to which / what government.

Worrying about a transaction being blocked is not any type of a concern since there are large mining pools across the world operating under different rules and government regulations and some of those government don't like each other.

A pool operating in the US will probably listen to the US government and possibly others. Do you really think that one operating in Kazakhstan or Russia give a crap about what the US government says? Malaysian pools may care or may not. And so on.

Not something worth worrying about.

-Dave
All governments are the same they just appear different because some are better at covering up their tracks and others are better at public relations. The US government have the attitude of just doing what they want and no one challenges them because of that confidence. When they are challenged they put out curfews and spread rubber bullets around the sidewalks.

Any business that is located in a jurisdiction will listen to the government because they risk getting raided other wise. This is why companies or pools that do not store information by default are preferred over those that do. The trouble is verifying that they do not store personal identifiable information.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The problem is when people say "the government" it really comes down to which / what government.

Worrying about a transaction being blocked is not any type of a concern since there are large mining pools across the world operating under different rules and government regulations and some of those government don't like each other.

A pool operating in the US will probably listen to the US government and possibly others. Do you really think that one operating in Kazakhstan or Russia give a crap about what the US government says? Malaysian pools may care or may not. And so on.

Not something worth worrying about.

-Dave
member
Activity: 280
Merit: 30
Your initial claim is "they could become insanely rich in a single day", so point 2-4 matters a lot to them (the one who perform double spend). And about point 4, exchange definitely have some data of account used to short BTC.

The doublespend is only to destroy trust and cause a collapse in anything connected to btc, ($100 or $1000 doublespend) effect on trust will be the same
the money can be made in shorting options listed below , not from the double spend itself.

7 Ways to Short Bitcoin
1. Margin Trading
2. Futures Market
3. Binary Options Trading
4. Prediction Markets
5. Short-Selling Bitcoin Assets
6. Using Bitcoin CFDs
7. Using Inverse Exchange-Traded Products
legendary
Activity: 2268
Merit: 18748
I doubt we'll see such push since enabling such feature doesn't have direct impact on miner's profit.
Not at the moment certainly, but maybe in the future in the hypothetical scenario we are discuss here where some miners might want to include high fee paying transactions which other miners want to exclude. Especially once fees start being worth more than subsidy.

And still, if not via Stratum then it is still a good concept which we could see developed and rolled out in other software. Improving decentralization by allowing every individual miner to craft candidate blocks if they want, rather than just settling for centralized control via the pool operator, can only be a good thing.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
IIRC it require pool owner to enable such feature manually, so IMO it's not really useful.
Yes it requires the pool operator to enable it, but I don't think that means it should be discarded as not useful. Rather, a push to make every major pool operator run it (and specifically to enable the job negotiation protocol) would help to protect against censorship of individual transactions.

I doubt we'll see such push since enabling such feature doesn't have direct impact on miner's profit.

It might also have some legal benefits for mining pools. If it were to become the default, and some government demands that a mining pool censors some specific UTXOs, then the mining pool can point to the fact that they do not have the power to do this and the miners themselves can choose to include those UTXOs if they choose.

It's interesting speculation, but half-competent government worker could say pool should disable such feature or even switch to different protocol.

There are also a number of other upgrades that might entice pools to start using this software: https://braiins.com/stratum-v2

But looking at this thread (Stratum v2: After 10 Years, The Most Used Bitcoin Mining Software Gets Facelift), the reaction towards Stratum v2 is rather mixed.
legendary
Activity: 2268
Merit: 18748
IIRC it require pool owner to enable such feature manually, so IMO it's not really useful.
Yes it requires the pool operator to enable it, but I don't think that means it should be discarded as not useful. Rather, a push to make every major pool operator run it (and specifically to enable the job negotiation protocol) would help to protect against censorship of individual transactions. It might also have some legal benefits for mining pools. If it were to become the default, and some government demands that a mining pool censors some specific UTXOs, then the mining pool can point to the fact that they do not have the power to do this and the miners themselves can choose to include those UTXOs if they choose.

There are also a number of other upgrades that might entice pools to start using this software: https://braiins.com/stratum-v2
newbie
Activity: 10
Merit: 1
There are no known proposals to change the current mechanism for including transactions in blocks to introduce more explicit censorship resistance measures, such as the ones you described. While it is theoretically possible to introduce new protocol rules to achieve this, it is unlikely that such changes would be accepted by the wider Bitcoin community and would likely require a hard fork of the network.

In general, the best way to ensure censorship resistance is to maintain a decentralized and competitive mining landscape, where miners have incentives to act in their own self-interest and include as many high-fee transactions as possible in order to maximize their profits. This helps to ensure that the network can continue to process and validate transactions without interference or manipulation by any individual or group of participants.
member
Activity: 280
Merit: 30
And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,

Code:
NotATether : Who has not had 24x7 power for Years.

Quote
they could become insanely rich in a single day, and no longer need to run a mining pool.
And yet, it hasn't happened for 13 years. Your anti Proof of Work propaganda is flawed.

So if something has yet to happen, in your mind that means it can never happen.
Now that is flawed.
Please tell me you have been drinking, I hate to think this was you fully coherent, sprouting such nonsense.


Just because you have not broke your arm in a fall, does not mean you have any guarantees you won't next week.
or
Just because your house has never burned down yet, does not mean it will never burn down.


As the rewards fall and transaction fees don't make up the difference, dark thoughts increase for the miners.
Don't forget, Satoshi original design of onchain transactions fee capacity increasing to offset lost rewards has been sidetracked by blockstream LN/Liquid debacle.
So there is your growing difference.

https://www.cs.princeton.edu/~arvindn/publications/mining_CCS.pdf
And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,
and if they are on an exchange or markets that lets them short BTC or short companies that own BTC,
they could become insanely rich in a single day, and no longer need to run a mining pool.

1. 0.5 hours would be difficult since some exchange require 6 confirmation.
2. Huge withdraw usually is reviewed manually or checked more thoroughly by the system.
Does not Matter, all that matters is a doublespend happens, and trust is lost. Amount is irrelevant. Fiat Price crashes.
3. Unless they swap BTC for decentralized altcoin, they face risk their fiat or altcoin frozen or reversed.
Does not Matter, all that matters is a doublespend happens, and trust is lost. Amount is irrelevant. Fiat Price crashes.
4. They'll be arrested unless they could secure cooperation with various corrupt government worker. 
Doubtful you know who they are, or they claim they were hacked.

Some exchanges only require 1 and many only require 3, which is why less than ½ hour was listed.
Plus the money can be made shorting bitcoin in different ways.

FYI:
https://www.investopedia.com/news/short-bitcoin/
Quote
7 Ways to Short Bitcoin
1. Margin Trading
2. Futures Market
3. Binary Options Trading
4. Prediction Markets
5. Short-Selling Bitcoin Assets
6. Using Bitcoin CFDs
7. Using Inverse Exchange-Traded Products

So while some on btctalk have been crying hodl since $64K, alot of btc insiders have been raking in the money since the fall.

[moderator's note: consecutive posts merged]
legendary
Activity: 2268
Merit: 18748
Rather than proposing complex mechanism, isn't it more practical to revive P2Pool (decentralized pool) and encourage miner to use decentralized pool?
There are also protocols such as Stratum V2 which should be encouraged which allow miners in big pools to decide for themselves which transactions to include in their candidate block.



Another possibility to prevent this kind of miner censorship is to expand upon coinjoins.

At the moment, if a miner wants to censor your transaction, then they simply don't include it will lose the fee of your transaction only, which is like to be a few hundred to a few thousand sats and therefore of no real consequence to them. Let say instead that your transaction is part of a much larger coinjoin transaction, with 50 inputs and 100 outputs, and a combined fee of 100,000 sats. To censor your transaction they would need to exclude the entire coinjoin transaction, and lose out on a much larger fee. What if that coinjoin transaction included 200 inputs, or 500, or 1000? At some point it becomes worth enough that a miner is going to want to include it to cash in on the very large fee, especially over time as we move more and more towards the scenario of fees (rather than block subsidy) being the primary source of miner income.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Rather than proposing complex mechanism, isn't it more practical to revive P2Pool (decentralized pool) and encourage miner to use decentralized pool?

Quote
the case censorship could be a problem eventually
If we're going to have large protocol changes anyway, wouldn't it make more sense to make transactions private by default (like Monero)? You can't censor what you can't see.

Monero transaction have bigger size and take more time to be confirmed, so i doubt it'll happen.

And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,
and if they are on an exchange or markets that lets them short BTC or short companies that own BTC,
they could become insanely rich in a single day, and no longer need to run a mining pool.

1. 0.5 hours would be difficult since some exchange require 6 confirmation.
2. Huge withdraw usually is reviewed manually or checked more thoroughly by the system.
3. Unless they swap BTC for decentralized altcoin, they face risk their fiat or altcoin frozen or reversed.
4. They'll be arrested unless they could secure cooperation with various corrupt government worker.
5. etc.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,
I'll apply the feedback NotATether gave you to this:
Code:
Take this guy's posts about Proof of Work with a grain of salt.

Quote
they could become insanely rich in a single day, and no longer need to run a mining pool.
And yet, it hasn't happened for 13 years. Your anti Proof of Work propaganda is flawed.
member
Activity: 280
Merit: 30
Over 51% of btc hashrate is controlled by only 3 mining pool operators
And the moment those pools start doing things that aren't in the interest of miners, those miners will move to a different pool and those 3 will no longer control 51%.

And how long do those 3 mining pool operators need to doublespend to destroy trust in BTC.
Less than ½ hour,
and if they are on an exchange or markets that lets them short BTC or short companies that own BTC,
they could become insanely rich in a single day, and no longer need to run a mining pool.
Pretending it can't happen seems to be the normal response on btctalk.
But there are literally no technical barriers stopping them from achieving a 51% attack against BTC weak proof of waste security model.
PoW Miners can only switch after the damage is done, not before.
For all we know the 3 mining pool operators are colluding and have already scheduled a D-Day for BTC for maximum profits.
D-Day = DoubleSpend Day
Satoshi always expected Miner Greed to secure BTC, what happens when the miners figure out a way to make more money faster by killing bitcoin.  Tongue
Part of the reason that using one of the 7 deadly sins as a security model was a bad idea.


FYI:  https://modernconsensus.com/cryptocurrencies/bitcoin/report-mining-pool-consolidation-threatens-bitcoin-security/

[It is difficult to predict specific scenarios that could cause the price of bitcoin to drop to zero, as it would require a significant and unforeseen shift in market conditions or technology.
However, there are a few hypothetical scenarios that could potentially lead to the collapse of the bitcoin market and a drop in the price of bitcoin to zero:

Loss of trust: If the bitcoin network were to suffer a major security breach or if there were a widespread loss of trust in the integrity of the network, the price of bitcoin could potentially drop to zero.
* Only 3 mining Pool operators control over 51% of btc hashrate, and could doublespend at any moment ,
immediately causing Loss of Trust.*


But let's all close our eyes and pretend it can't happen.  Wink
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Maybe I'm wrong and they can't see that (due to a kind of stealth address, perhaps?), I unfortunately don't know the Monero protocol that well. If I'm wrong and miners can't censor anybody in the Monero protocol, then at least we can say that the problem is theoretically solvable and that would be awesome Smiley
I don't know the technical details of Monero either, but as far as I know, miners can't know transaction details either.

Over 51% of btc hashrate is controlled by only 3 mining pool operators
And the moment those pools start doing things that aren't in the interest of miners, those miners will move to a different pool and those 3 will no longer control 51%.
member
Activity: 280
Merit: 30
The recent discussion about some politicians wanting to introduce KYC/AML requirements for miners (which I of course do hope will never come, in no country of the world) brought me to think about the censorship problem, i.e. the dangers of miners blacklisting certain UTXOs or addresses.

Miners require massive amounts of power, any miners not being part of a mining pool in regulatory-compliance.
Can have their power cut and be charged as a money launder after a few new laws are added.

https://bitcoinmagazine.com/business/new-north-american-mining-pool-bets-on-region-and-regulatory-compliance

https://bitaml.com/2022/03/21/crypto-mining-aml-compliance/

https://www.coindesk.com/policy/2022/09/14/us-treasury-blacklists-several-more-bitcoin-addresses-tied-to-ransomware-attacks/

https://www.washingtonpost.com/dc-md-va/2022/05/16/first-us-criminal-cryptocurrency-sanctions/

Over 51% of btc hashrate is controlled by only 3 mining pool operators,
they can be arrested for money laundering and have any ip addresses they use blocked by the ISPs that conform to government regulation.

Not to worry, as I expect proof of work networks to be banned worldwide by 2025 before global KYC/AML controls the BTC mining pools.
 Smiley
legendary
Activity: 3472
Merit: 10611
There is no need to change the protocol or add any more complication. It is easily solved by making bitcoin more decentralized.
In fact any time you are thinking about any of the basic principles of bitcoin (in this case censorship resistance) the same question arises: how decentralized is bitcoin? Because decentralization is the solution to all your concerns regarding these principles.

If one government in one jurisdiction demands censorship in their own country, the rest of the world are not going to follow and as long as all or majority of bitcoin mining power is not in that jurisdiction, their decision won't matter one bit.
Case in point US government having a blacklist of bitcoin addresses they have "sanctioned". They simply can not enforce that on miners/mining-pools because bitcoin is decentralized and the amount of hashrate in US jurisdiction is small.

The bitcoin community also doesn't look kindly to such actions.
Case in point MARA pool. News came out they were censoring transactions, so they were attacked by eveeryone and even their stock price dumped. The small number of miners connecting to their pool (the majority of hashrate is owned by the company itself) left the pool too.
It is going to be the same with any other mining pool that tries going down that road.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
In that case: which one of the 12000 challenging nodes gets the block reward?
The first one accepted by the full nodes (just like normally a block is "the first" to be found and accepted). I'm however aware that this isn't easy to define, and would need a specific mechanism if there is ambiguity about who is the first in the network, and it's possible that this mechanism can be influenced by miners.

If we're going to have large protocol changes anyway, wouldn't it make more sense to make transactions private by defualt (like Monero)? You can't censor what you can't see.
I had definitely thought about Monero as well. But I thought that there could be still a censorship problem, as I supposed miners still see all the origins (i.e. the UTXOs where all inputs of the block originate) of the transactions, only that they apply a mandatory CoinJoin to it.

Maybe I'm wrong and they can't see that (due to a kind of stealth address, perhaps?), I unfortunately don't know the Monero protocol that well. If I'm wrong and miners can't censor anybody in the Monero protocol, then at least we can say that the problem is theoretically solvable and that would be awesome Smiley

Then of course the question would be: could such a mechanism also be added to Bitcoin eventually in a way censorship is prevented? Or perhaps other mechanisms, coming e.g. from Zcash, Grin/Mimblewimble etc.?

What about Taproot and P2SH?

Edit: Just searched the Web a bit and found an interesting article leading me to this research. The essence seems to be that tracking/censorship would be still possible in Monero but only with a complicated "elimination" process, and that a recent upgrade made these attacks even harder. Need to look into it further however.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If any node can challenge (not only miners), then there would be a low risk of such a collusion. Or am I understanding wrong?
In that case: which one of the 12000 challenging nodes gets the block reward?

Quote
the case censorship could be a problem eventually
If we're going to have large protocol changes anyway, wouldn't it make more sense to make transactions private by default (like Monero)? You can't censor what you can't see.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
What if it's only 51% of the miners, and they also ignore any blocks that include "forbidden" transactions?
You're right, that would be actually enough. Thus I think the problem is not only a theoretical danger.

That's easy to get around if the challenger colludes with the accused miner.
If any node can challenge (not only miners), then there would be a low risk of such a collusion. Or am I understanding wrong?

The current mining system has worked just fine since it was created. At the moment, I see no reason to change it any time soon.
For now, I was interested mainly in the theoretical possibility, for the case censorship could be a problem eventually. The example I gave was only a possibility I could imagine where, from a layman's perspective, a solution may lie, not at all really a "proposal". I've clarified this now in the OP.

Maybe Lightning could also be an instrument to mitigate the threat, although of course the channels with coins with problematic history which could be blacklisted would have to be opened before the 51% censorship attack begins (and the problem is that those could then also not be closed during the censorship attack).

@NeuroticFish: Exactly that is the problem if we don't collect the signatures on-chain in some way; thus the idea to "collect" signatures of partial transaction data in earlier blocks, but of course if these include the UTXO data, then these could be censored too (as the miner mining this block would see they contain a blacklisted UTXO and simply not process the signature); basically the problem would only be transferred to another miner (who in the case of an 51% attack will also be part of the censorship cartel).
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!

Since every node (hence each pool) has its own mempool, you cannot ensure a node has received or not a transaction.
This being said, the government nodes wanting to censor a transaction can simply not tell / sign that they've received it.
Nobody stops them from doing that and eluding your system, yet still working in the same way they do now.

So I see your system only something that gives more to do to honest (ie playing by the common rules) polls while the dishonest (in this case censoring) ones are favored.
Am I missing something?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Now: What if e.g. 99% of miners blacklist an address or UTXO, would the current system be enough? Would there be a way to improve that, introducing new protocol rules?
What if it's only 51% of the miners, and they also ignore any blocks that include "forbidden" transactions?

Quote
3) Any node ("challenger") can challenge a recent block proving that the miner hasn't followed rule 1 or 2, and if he can prove it, then the "challenger" node gets the block reward and fees (this would need major protocol changes, but should be possible as similar mechanisms exist in "slashing" PoS protocols).
That's easy to get around if the challenger colludes with the accused miner.



The current mining system has worked just fine since it was created. At the moment, I see no reason to change it any time soon.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
The recent discussion about some politicians wanting to introduce KYC/AML requirements for miners (which I of course do hope will never come, in no country of the world) brought me to think about the censorship problem, i.e. the dangers of miners blacklisting certain UTXOs or addresses.

Currently, Bitcoin's censorship resistance is based purely on incentives. A miner can include or censor the transactions he wants to, but if he doesn't chose those with most fees included, he will make less profit. And if a transaction gets rejected but pays significantly more fees than the current lower bound to be included, it is likely that another miner will include it in one of the next blocks.

Now: What if e.g. 99% of miners blacklist an address or UTXO, would the current system be enough? Would there be a way to improve that, introducing new protocol rules?

I have basic understanding of computing and blockchain tech but not advanced enough to know if an improvement is principally impossible or if there only hasn't been enough research on this.

If there was research, even the goal it was deemed impossible, I would be grateful for links, possible BIPs, mailinglist discussions etc.



As a layman one could imagine, for example, a mechanism where signatures of transaction data by potential miners are collected before the "real" inclusion of the block. (Edit: I clarify here that this is not a serious proposal but only an example where an idea for an approach could be starting.)

The example I had in mind: Miners could publicly first sign all transactions to acknowledge they have received them. Three new rules are introduced for tx inclusions in blocks:

1) They can only include transactions which they have publicly signed before.
2) They cannot include any transaction which has a lower fee than another transaction they didn't include but have previously signed.
3) Any node ("challenger") can challenge a recent block proving that the miner hasn't followed rule 1 or 2, and if he can prove it, then the "challenger" node gets the block reward and fees (this would need major protocol changes, but should be possible as similar mechanisms exist in "slashing" PoS protocols).

This is in the end also a "financial incentive" to not censor, but it should be much stronger than the current mechanism as an entire block reward + fee would be in danger for the censoring miner.

The problem is, obviously, "where and how do the miners exactly publicly sign the transactions"? There would have to be a "global state" of all these signatures.

If they have to sign the complete transaction data on-chain (i.e. as an "attachment" to an earlier block, which later could be pruned), then they could censor transactions in this step based on blacklisted UTXOs, like they would when they decide which transaction they include in a block. Probably nothing would have been won, although I could imagine situations where a "cartel" censoring transactions could have to be bigger with such an approach if two different miners have to intervene in a "approval" of a transaction.

Where my doubt is if there is a way to make them sign only the TXID or incomplete transaction data without the identification of UTXOs, without possible "challengers" being able to game the system, never transmitting the complete data to the miners. Is this perhaps possible with zero-knowledge approaches? Or could there be a second step, i.e. once the challenger has proven a miner has violated the rules, the miner gets some kind of second chance (as then the transaction data would be publicly known due to the challenger)?
Jump to: