One can say: maybe he realized that his 2008 scaling solution was going to "centralize" is system, so he simply put in something that would push people to invent an off-chain way of using it. In other words, he put in this limit because he understood that block chain tech doesn't scale, contrary to his 2008 explanation, and considered that people should invent something that solves it in another way. In other words, he did this to push people to invent the LN.
But that doesn't hold water either. Given that he didn't know whether something like the LN could even be invented, and given that he didn't know when it would be invented, and what would have been its needs, crippling the only solution you have, of which you've explained how it would scale, would have been extremely dangerous. If the LN would only have been invented in 2025, bitcoin would have been dead already by the time it could have been invented. That's akin to jumping out of an air plane, and hoping you'll invent a parachute while falling.
Hal Finney predicted "more or less" LN back in the day:
Actually there is a very good reason for Bitcoin-backed banks to exist, issuing their own digital cash currency, redeemable for bitcoins. Bitcoin itself cannot scale to have every single financial transaction in the world be broadcast to everyone and included in the block chain. There needs to be a secondary level of payment systems which is lighter weight and more efficient. Likewise, the time needed for Bitcoin transactions to finalize will be impractical for medium to large value purchases.
Bitcoin backed banks will solve these problems. They can work like banks did before nationalization of currency. Different banks can have different policies, some more aggressive, some more conservative. Some would be fractional reserve while others may be 100% Bitcoin backed. Interest rates may vary. Cash from some banks may trade at a discount to that from others.
George Selgin has worked out the theory of competitive free banking in detail, and he argues that such a system would be stable, inflation resistant and self-regulating.
I believe this will be the ultimate fate of Bitcoin, to be the "high-powered money" that serves as a reserve currency for banks that issue their own digital cash. Most Bitcoin transactions will occur between banks, to settle net transfers. Bitcoin transactions by private individuals will be as rare as... well, as Bitcoin based purchases are today.
But LN is much better than what he envisioned.
Ah, that's interesting. When you contrast that with Satoshi's November 2008 e-mail, where he clearly explained how 100 MB blocks were no problem, and how users would use SPV clients ; and when you see that Hal Finey was the one pushing for the 1 MB limit according to some, we now see that Hal Finey finally took power over Satoshi. Hal Finey is writing here exactly the same objection that Satoshi already replied to in November 2008: "of course we don't send all transactions to all users".
Satoshi never had any doubts about the scaling non-problem from the beginning. Most users simply didn't need the block chain, and
that's exactly why he introduced the SPV possibility with the Merkle tree - otherwise there's no need for a Merkle tree structure in Bitcoin !
The very single only reason Satoshi invented the ordering of the blocks in a Merkle tree, is that this allows SPV. If blocks are to be used as a whole, you can simply calculate a single hash of the entire block. Nowhere else do you need any Merkle tree. The Merkle tree is a way to have a minimal number of steps of verification of presence of a piece of data in a block, and really becomes useful only when blocks are very large.
Otherwise you could even resort to a sub-list, that is, a block is a linear list of transactions, and to each transaction corresponds a hash, that can itself be included in a hashed linked list of "hash blocks" all the way to the block header, containing the hash of the last "hash header". The problem is that this list goes as N, when N is the number of transactions in a block. A Merkle tree does the same, but the depth goes as log2(N). This becomes a significant thing when N becomes very large, that is, when blocks become very big. For 1MB blocks, with some 2000 transactions in it, this is not yet very significant. If, in order to check that a given transaction T is in a given block, you need to get that famous "linked list" with 2000 entries, to see that your transaction T was indeed, in the K-th entry of those 2000 entries, that's still very feasible. However, for a block of 100 MB, looking in the list of 200 000 entries, or looking in a path of the Merkle tree, only 18 steps deep, is a hell of a difference.
So from the very start, Satoshi designed bitcoin as a very big block system, of which only mining nodes need to have the full data burden, and of which all other users use SPV and connect to one of these nodes.
Piling every proof-of-work quorum system in the world into one dataset doesn't scale.
Bitcoin and BitDNS can be used separately. Users shouldn't have to download all of both to use one or the other. BitDNS users may not want to download everything the next several unrelated networks decide to pile in either.
The networks need to have separate fates. BitDNS users might be completely liberal about adding any large data features since relatively few domain registrars are needed, while Bitcoin users might get increasingly tyrannical about limiting the size of the chain so it's easy for lots of users and small devices.
That's very funny, because Satoshi takes here
the entirely opposite stance than when he laconically wavered Jeff Garzik's opposition to him introducing this limit in the first place, away, for exactly the same reasons.I don't believe in conspiracy theories, everyone was trying to do what was seen as best at the time. Satoshi didn't predict big centralization in mining, so we can't have huge blocksizes, it will need to scale off-chain.
If mining is centralized, bitcoin is of course centralized, and everything you build on it just as well.
The problem is that people see decentralization as a goal, while it was a tool. Decentralization was a tool to make bitcoin work correctly. After all, the ONLY thing you want from bitcoin, is that you can do transactions, and verify transactions. Exactly how that comes about, doesn't really matter (unless it becomes a kind of sales argument in itself of course). Whether it is the impossibility to leave a Nash equilibrium because of "massive collusion needed too difficult and too impractical to be plausible", which is the decentralization method, or by market forces ("if I do stupid things as a miner, my entire investment in hardware will become an expensive doorstep"), it doesn't matter. What one simply wants, is that one can do transactions, that's all bitcoin is good at. Even if bitcoin were entirely centralized in one big data centre, but because of its investment and market forces, it kept on running bitcoin as it should, that's just as good.
LN is the best technology out there to scale a coin worldwide. If it fails, we can always go back to layer 0 and still have decentralized enough network and use it as a store of value only (yes, Bitcoin IS decentralized, when was the last time you saw a miner selecting a transaction he didn't like and blocking it? because that is what decentralization is, being able to donate to Wikileaks freely, and same goes for the protocol, no one can change it in a centralized fashion;
Well, as I just said, decentralization is a tool to obtain a result ; but other tools can work just as well. So it is not because you see that the system works well, that you can conclude that decentralization is at work. In fact, if you think about it, you see that it isn't the case, because it is very easy, TECHNICALLY, for this to fail.
You know very well that there are 3 or at best 4 mining pools that make a good majority of the blocks.
If these 3 or 4 entities sit together and decide NOT to include a given transaction, and NOT to mine on a block that includes this transaction, then, I hope you agree with me, that technically this transaction will not be included. Simply because with the hash rate they command, the longest chain rule will never include this transaction. Other mining pools including this transaction will make orphaned blocks ; or they can be informed that they shouldn't even try. You know just as well as I do, that *purely technically*, according to bitcoin's rules, that is perfectly possible, and nobody violated any rule in doing so.
A decentralized system would not permit such thing to happen, because 2000 people would have to agree to do so, and the hypothesis of decentralization is exactly that such a collusion is not going to happen because too massive, too difficult, and internally too inconsistent.
That's the core idea of decentralization: a super-Nash equilibrium that can only be broken by such massive collusion, that that collusion in itself, is not realistic.Well, in bitcoin's mining landscape today, this kind of collusion is theoretically extremely possible. I use to joke that bitcoin is more centralized than the Euro. In order to decide something for the Euro, 15 finance ministers have to agree ; in bitcoin, 3 or 4 mining pool owners have to agree.
But, I agree with you, this is not happening (yet).
Why is this not happening ? Because of the market. Because these mining pools and their miner subcontractors have a lot of investment in bitcoin mining, and if ever this would get known, their mining equipment might become an expensive doorstep. But if that argument holds, then a totally centralized miner will be just as sensitive to this, and will just as well let through all transactions.
So, bitcoin can work, even though its functioning is not any more guaranteed by a decentralized game theoretical argument ; now it is a market sensitivity argument. Miners are in the business for money, they don't want to risk their investment. Whether they are 1, 2, 3 or 200.
But let us now think of something else.
Let us now think of bitcoin being legally accepted everywhere, and is legally framed, and recognized as a form of legal tender. Let us also suppose that you get legal permits to be a bitcoin miner. Given the huge amounts of energy that go into bitcoin mining, it is not a "do it in your basement" kind of activity, and you cannot do that underground. We're talking about industrial installations, and these can very well be legally framed. You might even get preferential electricity prices on the condition that you are registered. Nothing tells you that this legal frame may include a clause that puts you in a legal difficulty if ever your mining contributes to forbidden transactions. As such, as a miner, you better connect to a mining pool that respects those engagements. You can set up a contract, and the mining pool engages in only using your hash rate if it doesn't approve transactions given by an international committee (say, linked to Interpol or the likes).
Your mining pool is now legally bond to not include such transactions, and not mine on top of blocks that do include such a transaction. But if you respect that, you're not only legally OK, you even have advantages like cheap power. You pay taxes on your benefits, and you can enjoy your rich life of a miner in all legality.
If there is enough international collaboration over this,
a majority of hash rate can fall in the hands of such legalized mining pools. If they reject a transaction, they have a good legal reason to do so. If the 4 or 5 most important mining pools are legalized that way, they will also be very attractive for industrial miners (they have contractually to do so).
Where's your decentralization now ? You know that technically, the 4 or 5 majority mining pools can do so. Now, they have a legal incentive.
Do you think your LN will save you from this ? What idiot is going to lock in his coins with an entity that might get all further transactions blocked ?This Gedanken Experiment shows you that
if the bitcoin layer is centralized and potentially censored, the LN on top cannot be less censored. You cannot "win in decentralization" on top of a centralized system. That's the equivalent of thinking you can run safely some code on a compromised computer.