Economic Security

Reorgs and orphan blocks are not an issue with Bitcoin. To say that they are is to compound two separate issues. Firstly, can you double-spend a transaction and get away with it? Secondly, does a periodic orphan block alter the scenario?

They are separate issues. More importantly, what is being suggested is that a rogue miner with most of the hash power will be willing to risk a billion-dollar investment to make money defrauding people on small payments. Such is the issue that is being debated. There is no such thing as 100% safe.

Core coin Dev team discussions captured on film.

One of the attacks on Bitcoin that is constantly made by the Sophists in seeking to create something utterly unrelated to Bitcoin and use their straw-man argument as a means of attacking Bitcoin is the one around cryptographic security. Bitcoin was never cryptographically secure in the way that they’re arguing. It’s not designed to be. It’s based on economic security.

In exploring the matter, I will look at some of the fundamental aspects of Bitcoin where they misled people. Firstly, orphan blocks are a signalling method in Bitcoin. When competing miners fork as a result of discovering blocks at about the same time, the blockchain forks into two possible chains that compete.

Orphan blocks do not imply blocks without transactions.

Bitcoin’s protocol loads both blocks, the orphan chain and the one that you’re working on as a miner, and will recursively process any orphan blocks that depend on the others. In doing so, it will seek out any orphan transactions and include them going forward. Consequently, a transaction that is in one block will end up in the alternative fork, too. If a merchant receives money from a transaction and sends it to the blockchain, the same transaction will get into both chains. Miners are supposed to maintain the orphan chain in memory. Where an orphan chain or an otherwise forked chain occurs, miners are supposed to keep both chains for a period of time. They will take transactions that are valid in either.

Consequently, if two miners, A and B, discover a block at about the same time and start to propagate it in a manner that has around 50% of the network following either chain, then a temporary fork will occur.

Such is how the protocol works. When such a temporary fork occurs, the transactions accepted by A & B will mirror each other closely, though some differences in timing may apply. Here lies the false argument made against 0-conf transactions within Bitcoin.

False Equivalence

Description: An argument or claim in which two completely opposing arguments appear to be logically equivalent when in fact they are not. The confusion is often due to one shared characteristic between two or more items of comparison in the argument that is way off in the order of magnitude or oversimplified or where simply important additional factors have been ignored.

  • Thing 1 and thing 2 both share characteristic A.
  • Therefore, things 1 and 2 are equal.

Reorgs versus Double Spends

In reality, such is what is being argued.

Reorgs and orphan blocks remain a nonissue with Bitcoin. Saying they were an issue implies a false equivalence; those making the argument for it are seeking to compound two separate issues.

· Issue one: can you make a double spend and get away with it?

· Issue two: are transactions lost or altered because of transactional forks?

In confounding the two issues, people seek to take the debate away from Bitcoin and into alternate systems. Reorgs impact Omni-based systems such as Tether and Wormhole with a disproportionate effect. A small reorg drastically alters the parasitic layer of the Tether system, messing up the security of Tether in more ways than I care to list here. Basically, we are back to the Wormhole argument. When a fork and orphan blocks occur, miners track transactions under the protocol from both forks. If you don’t get it, read the original alpha code.

More importantly, what is being suggested is that a rogue miner with most of the hash power will be willing to risk a billion-dollar investment to make money defrauding people on small payments. Such is the issue that is being debated. There is no such thing as 100% safe. There is only safe enough, and it’s all Bitcoin was designed to be. Of course, safe enough is hundreds of times better than the existing system. The true argument here is around acting outside the law. Which is where people like those involved in Tether are funding people in order to create something that is radically different to Bitcoin.

Such groups keep wanting to change Bitcoin because they want a system that is cryptographic and not economic in nature. They believe it will allow them to act in a way that can’t be stopped by government. That’s what the matter is always about.

When I made the following statement in 2010, we were talking about accepting transactions and spending them without any confirmations:

If you’re requiring more than 0 confirmations, it’s nice if you show the current balance (0 confirmations) and the available balance (1 or more confirmations), so they can immediately see that their payment is acknowledged. Not all sites need to wait for confirmations, so the dual current & available should be optional. Most sites selling digital goods are fine to accept 0 confirmations.

Nothing has changed since then.

satoshi on July 14, 2010, 09:10:52 PM

I anticipate there will never be more than 100K nodes, probably less. It will reach an equilibrium where it’s not worth it for more nodes to join in. The rest will be lightweight clients, which could be millions.

At equilibrium size, many nodes will be server farms with one or two network nodes that feed the rest of the farm over a LAN.

What has happened is that people have been misled to believe that something needed for an external parasitic system like Omni means that Bitcoin itself is not secure. The fact of the matter is a badly designed system that is designed with the sole purpose of enabling criminal money laundering, and Tether is being used with other equally poorly designed systems as an argument as to why Bitcoin needed to change. It doesn’t need change. There was a reason I said Bitcoin was set in stone, and in part it was to stop such corrupting systems from becoming a part of Bitcoin.

Despite what some people will tell you as they seek to create a system that is friendly to crime and money laundering, Bitcoin was always designed to end in data centres. It was always economically incentivised. The equilibrium is a balance between commercial entities seeking to maximise their transactional throughput and the cost of going to a provider. SPV wallets will create the majority of systems within Bitcoin. It’s always designed to be so. Importantly, the thing people have to understand is that SPV is actually secure and very simple. There is no need to validate the entire blockchain, which is just the call of those with tinfoil hats saying that the whole world is out to get you. Reality is far simpler.

A Double Spend Is not Based on a Reorg

The following is important to note: You cannot base a double spend of a transaction on a block reorg. A block reorg is a probabilistic matter. Block reorgs are basically the same as quantum events in nuclear science. You can predict that they will happen, but you cannot predict when they will happen. Consequently, you cannot predict when transactions will be ‘reorg’d,’ and thus you cannot use the same argument to say transactions will be double-spent.

It is the part they fail to mention. A reorg and a double spend are different things. If you could tell exactly when reorgs were going to occur and you had masses of spare hash power to force blocks onto the network, a reorg would be an issue. But it’s not how Bitcoin works. Remember, nobody knows when a block is going to come.

The other part of the matter is that the mining subsidy slowly disappears. Next year, the mining subsidy halves in both Bitcoin and Core coin (BTC). Four years later, it halves again. Without use, the Ponzi that is Tether will not support Bitcoin. Most likely, the Ponzi that is Tether will end in a massive messy takedown with multiple life sentences being issued to the criminals running it. There is no other way to put it: Tether is a massive global money-laundering scheme.

Even 0-conf is safe when done correctly in Bitcoin. The problem is that very few people understand the system well enough to implement it correctly. It’s about using SPV and the network as originally designed. When it’s used and used in such a way, it is incredibly secure. When people seek to alter the controls and incentives within Bitcoin so that they can make a system that is more friendly to money laundering and crime (as with Core coin, BTC), the incentives lead to a less secure system.

What I Really Said…

The argument is nothing new. Before Bitcoin launched in 2008, I had to argue with James A Donald about the security. The argument hasn’t really changed.

In the emails with James Donald, we discuss what happens if a double spend is sent to the network. I’m not going to talk about e-gold or Liberty Reserve USD or any of the other systems like the one Szabo was trying to create, but about Bitcoin. None of the mentioned people ever wanted Bitcoin, because Bitcoin is not crime-friendly. If you read the email thread, you will see that I was arguing that we detect double spends. If you read the alpha version of the code, you will note that orphan transactions are recorded and monitored. The code didn’t do it terribly well, but that doesn’t mean you abandon it as people seem to want. We need to check the network for double spends. You don’t fix double spends, you detect them.

0-conf is safe if you detect double spends.

You do so quite simply. You pole a random selection of nodes. The method works very well as long as you accept that nodes are commercial entities. When you stop trying to make nodes Raspberry Pis, the system can actually work.

As it says in my early writings, as transaction fees are used to pay miners, nodes have an incentive to include all the paid transactions they receive. They can accept or reject free transactions as they will.

Bitcoin was never about non-repudiation. I’ve said so many times, too. It’s about fast secure payment and an economically incentivised information ledger. As I said, transactions can be sufficiently irreversible in an hour or so. That is, any transaction.

So, if you monitor and validate the network, the matter is not an issue. The counterargument that a big bad miner will work to incorporate hidden blocks and transactions is ridiculous. It is the argument that a miner will create specialised mining software that actively seeks to create fraudulent double spends and hide them from other miners on the network. It would need to monitor all other systems, maintain and broadcast the correct transaction and not the double-spent one, and then send out the double-spent transaction. If the criminal miner was hiding a double-spent transaction in the hope that they would create a block that contained it, they do so probabilistically while simultaneously leaving a huge evidence trail. An evidence trail that would allow both legal action for recovery and criminal action. The anti-government tinfoil-hat brigade needs to start thinking and stop considering an anarchist world because it’s not what Bitcoin was designed to be.

Yes, many of the early people I was in communication with are anarchist in nature and are likely stockpiling weapons as they put their tinfoil hats on, preparing for the government raid that they will blame on aliens, but the reality here is that such a world was never the argument for Bitcoin. Those such as James Donald sought a system that was radically different to Bitcoin. The same people are now involved with creating a broken system such as Corecoin (BTC).

I didn’t make it clear enough when I was talking in 2008, but it’s very simple: If you detect a double spend, you wait before considering the payment valid. Here is the very very simple path to follow in determining a transaction:

  1. The merchant sends a transaction to the network. If Alice and Bob are contracting and Alice is paying Bob for services, then Bob sends Alice a template and she signs it. Bob then propagates it to the network, not Alice.
  2. The merchant waits a second or two, and polls the network. Bob sent the transaction, and knows where and when it was released. He can check for any transactions from Alice’s address before he propagates, and after the transaction has been propagated, he will check again. By doing so, he is likely to verify any double-spend attempt very quickly. The only way that Alice can double-spend against Bob is to criminally collude with a miner where the same miner knows that Bob has evidence that would apply in a criminal case.
  3. The merchant considers the transaction secure if no double spend is detected. Where Bob has checked the network and found that no double-spent transactions have been propagated, he can safely conclude that his transaction is safe.
  4. The merchant detects a double spend. Here, Bob has detected a double-spent transaction from Alice. The process occurs in seconds. Bob can choose to wait and see if his transaction is confirmed or if the transaction from Alice which double-spends his goes through. In both cases, he has evidence of criminal fraud and can take legal action against Alice. Importantly, he has still lost no money and even has a potential gain — in case Alice seeks to flee.

Here is the point: As I said in 2008, the only attack is double-spending on the network, and then…

Even if a bad guy does overpower the network, it’s not like he’s instantly rich. All he can accomplish is to take back money he himself spent, like bouncing a check. To exploit it, he would have to buy something from a merchant, wait till it ships, then overpower the network and try to take his money back. I don’t think he could make as much money trying to pull a carding.

You cannot do a protocol change even with 51% of the network. Even SPV nodes will reject your chain, and all you are doing is creating an airdrop copy of Bitcoin. Bitcoin is not designed to split. If you copy it and release a fork with different protocol rules, it is not Bitcoin.

An attacker has only one attack, which is to attempt a payment fraud in trying to recover the money that they paid. The other attacks that are claimed all the time do not apply to Bitcoin. They apply to systems like Core coin (BTC).


didn’t have SPV working when I first launched Bitcoin, and I’m glad that I didn’t.

I’m glad because SPV is utterly critical to making Bitcoin work and scale. And the thing is, nobody got it. As simple as it was, as many hints as I tried to give people, in a decade nobody came close. So consequently, one of the most critical parts of Bitcoin is covered by a patent. Like it or not, there is no way to make Bitcoin scale and work without SPV. And it will only ever come to Bitcoin, never be on Core coin.

When once a banker has entered the Board — whatever may have been the occasion — his grip proves tenacious and his influence usually supreme; for he controls the supply of new money.”
― Louis D. Brandeis, Other People’s Money And How the Bankers Use It

Never miss a story from Craig Wright (Bitcoin SV is the original Bitcoin)