Title: "Censorship resistance in Bitcoin and Ethereum"

Original authors: Allen Zhao, Mustafa Yilham, Henry Ang & Jermaine Wong, Bixin Ventures

Original translators: Evan Gu, Wayne Zhang, Bixin Ventures

In early August, the news that the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury decided to add Tornado Cash to the sanctions list put the issue of censorship resistance in the spotlight. In order to avoid criminal liability, RPC service providers Alchemy and Infura restricted access to the Tornado Cash smart contract data, and Circle (the issuer of USDC) also blacklisted wallet addresses on the sanctions list. Addresses on the blacklist were also prohibited by DeFi protocols such as Aave, but users can still interact with some smart contracts, albeit requiring additional steps and some technical expertise.

This leads us to consider a more general issue: will blockchain be subject to censorship at the protocol level? The Ethereum community has already expressed concerns about protocol-level censorship, with 66% of beacon chain validators being very sensitive to OFAC regulations post-merge. If more than 1/3 of validators (by stake weight) are subject to any form of censorship, the Ethereum chain will not be able to function properly.

In this article, we will compare the performance of BTC (POW) and ETH (POS) in terms of censorship resistance through three key issues, and then provide our thoughts.

Definition of "censorship"

In a recent Bankless podcast, Justin Drake defined two different types of censorship: weak censorship and strong censorship.

• Weak censorship: Weak censorship occurs when certain censored block producers do not include individual transactions in blocks, resulting in a degraded user experience. For example, a compliant block producer rejects transactions from blacklisted addresses, but the transactions are ultimately received by non-censoring block producers.

• Strong censorship: Strong censorship occurs when individual transactions are never included on the chain. Given that individuals have lost the ability to transact, this situation can be considered as the assets being effectively lost. This situation may occur when the network is taken over by a majority, also known as a 51% attack, which could threaten the continued existence of the attacked blockchain.

In the following discussion, we will compare Bitcoin and Ethereum as representative networks of POW and POS systems, respectively. We will first identify the elements of censorship and then detail how Bitcoin and Ethereum achieve censorship resistance.

Issue 1: Weak censorship through jurisdictional regulation may occur when miners/validators are relatively centralized

Both Bitcoin and Ethereum face the issue of centralization of mining pools and validator nodes. This could lead to an attack vector where mining pools or validator nodes may be compelled to comply with regulations and censor any transactions deemed illegal within their jurisdiction.

Ethereum

Since the merge, the top two staking service providers collectively hold 43.03% of the stake, and the top three hold 51.63%. The risk here is that if Lido and Coinbase join forces, they could halt the network; if Kraken also joins, the three could take over the Ethereum network.

Source: Related Network

Before we delve into how Ethereum addresses the threat of centralization, let's first discuss why validators eventually become centralized. Under Ethereum's POS mechanism, block producers can choose which transactions to include in the next block and how to order them. This allows validators to participate in the process of MEV extraction. Amber provided a good definition of this in their recent article on the ETH merge.

"Maximal Extractable Value (MEV), broadly speaking, refers to the residual value that miners or validators can extract from a given set of operations across a series of blocks. These operations can include reordering transactions, censoring blocks, or even attempting to reorganize the blockchain. Some common forms of MEV include sandwich attacks, arbitrage, and liquidations."

Source: Flashbots

As shown in the image, validator rewards significantly increase when considering MEV. Due to the economic incentives brought by MEV, larger participants run more validator nodes, displacing individual and non-professional validator nodes. Therefore, regular holders are more inclined to join validator pools through staking services to gain higher and more stable income, increasing the centralization of validator nodes.

Another consideration for the centralization of stake nodes is cryptocurrency exchanges. Exchanges remain the best places for users to obtain Ethereum tokens. Given their large user base, many tokens naturally accumulate on these exchanges, and the convenience of earning rewards through their Staking platforms further attracts token accumulation. We should educate users about the risks of staking on centralized platforms, such as the potential impact if centralized platforms choose to act maliciously under legal pressure.

Although validator pools are not the ideal solution, they allow more ETH holders to participate, so stake pools are still beneficial to the decentralization of Ethereum.

So, how does Ethereum address the issue of centralization-related censorship?

Solution 1: Separation of block proposers and builders

A widely discussed solution is Proposer Builder Separation (PBS). PBS separates the roles of block proposers and block builders, allowing validators to receive MEV rewards without becoming complex operators, thereby mitigating centralization issues.

During the blockchain operation, there are three key participants who can balance each other to mitigate and ultimately eliminate potential censorship.

Builders, specialized in constructing blocks, extract the maximum MEV and transaction fees by ordering transactions. They then pay proposers the proposal fee and place their blocks on the chain. Therefore, without the help of proposers, builders with censorship purposes cannot publish transactions on the chain.

Proposers, also known as validators, either select the most popular blocks or do not include a block at all. If they believe that block builders are censoring transactions, they have the ability to propose an anti-censorship list (crList), which builders must include in their blocks as long as the block is not full or their block is not proposed. With EIP-1559 already implemented, over 80% of blocks contain spare gas, meaning that as long as users pay a priority fee higher than the base fee, they should be able to include their transactions in blocks. In summary, proposers can maximize their profits by selecting blocks that pay the most, but still have the ability to force through censorship using crList.

Verifiers monitor the block construction process and only attest to it when the proposer's block contains the highest paying block. This prevents malicious proposers from censoring transactions.

While the above method greatly improves the decentralization of validators, it still does not address the centralization of builders. How to decentralize builders is beyond the scope of this discussion, but you can read more about it here.

Solution 2: Encrypted mempool

Another solution being researched is the use of an encrypted mempool to address centralized censorship. Users encrypt their transactions before broadcasting them to the mempool, and the transactions are only decrypted after being included in a block on the chain. This prevents any potential censor from accessing the contents of transactions during the block construction process. Additionally, it helps prevent MEV abuse, such as front-running. Another benefit of the encrypted mempool is that it can actually address the centralization of builders in the future. In this scenario, proposers can construct their own blocks by selecting the highest fee transactions from the encrypted mempool, without needing to select blocks from complex builders.

Bitcoin

Bitcoin has long been hailed as "digital gold," a trait that not only manifests as a digital store of value but also in terms of censorship resistance. Although the programmability of the Bitcoin network is not as strong as Ethereum, the weaker programmability can minimize MEV to the maximum extent. However, it still faces the issue of mining becoming increasingly centralized geographically. Additionally, operating mining machines requires specialized technical expertise, and hardware and energy are capital-intensive. The Bitcoin mining industry has been moving towards resource sharing, with miners paying service fees to mining farms based on unit hash power, thereby reducing the cash flow pressure of investing in mining themselves.

Source: Cambridge Bitcoin Electricity Consumption Index

As shown in the above image, before China banned cryptocurrency mining in 2021, China's hash rate accounted for over 45% of the global total. However, the hash rate has now shifted to the United States, with the U.S. accounting for 38% of the global hash rate as of January this year. Mining companies may refuse certain transactions due to local regulations, posing a censorship threat.

So, how does Bitcoin address the issue of censorship brought about by centralization in mining pools?

Solution 1: Switching mining pools

When mining pool operators are constrained by censorship regulations that conflict with miners' interests, miners can easily switch to other mining pools (e.g., move to locations away from censored mining pools). Since the model used is on-demand purchasing of hash power, miners only need to change the mining pool address in their mining software to switch to a new mining pool. During the period when miners were banned by the Chinese government in 2021, miners were able to quickly migrate abroad and switch their addresses to offshore mining pools, and the hash rate has now recovered and is even higher than before the ban was announced.

While Ethereum can allow validators to withdraw or re-stake at their discretion, there is still a time lag due to the cooling-off period and queuing system.

Solution 2: Giving miners more control over the block construction process

Most Bitcoin miners direct their hash power to mining pools, where they use a messaging protocol called Stratum v1 to communicate with these pools, organizing the creation and submission of hashes. If mining pools collude to censor transactions, the community has no recourse. However, with the use of Stratum v2, miners will be able to choose their own transaction set, giving them more control over the block construction process, which can counteract the censorship intentions of malicious mining pool operators.

If you are interested in learning more about Stratum v2 and its feature upgrades to enhance miner security and income, please read more here.

Solution 3: Free market competition

Bitcoin supporters believe that the proof-of-work mining incentive mechanism is the best form of defense against any transaction censorship. As block rewards decrease with each halving cycle, transaction fees will tend to make up 100% of miner income. Therefore, even if compliant mining pools or miners censor fee-paying transactions, miners/pools from different jurisdictions will be very willing to take advantage of this and capture the transactions. Ultimately, these compliant mining pools or miners will be outcompeted in the free market, leading to a decrease in their market share and profitability.

Conclusion 1: Bitcoin can better handle censorship issues caused by centralization in block creation processes compared to Ethereum.

Today's Bitcoin is more capable of addressing centralized censorship in the block construction process. If there are mining pools censoring certain transactions, miners can now switch mining pools without delay, greatly increasing miners' autonomy.

While Ethereum has feasible solutions to address censorship issues, they are primarily in the research stage and have not been implemented, as there is competition with other programmable blockchains, so other aspects of functionality need to be prioritized.

Issue 2: Strong censorship risk may occur if the network's security budget is low

The impact of a low security budget is the potential for a 51% attack. In such a scenario, the attacker would be able to control the blockchain, prevent incoming transactions, reorder new transactions, and even rewrite the blockchain's history, leading to double spending.

Ethereum's security budget

Once a 51% attack is launched on Ethereum, all new deposits or withdrawals may be subject to review by the attacker, making network recovery difficult. Therefore, token distribution within the network should be as decentralized as possible to prevent the acquisition of the required tokens by force and potential attacks. At the time of writing, there are 13.6 million ETH staked on the Beacon Chain. The economic security of Ethereum can be calculated by multiplying 13.6 million ETH by the price and then by 51%, to obtain the minimum amount required for transaction censorship. Based on the current price of $1,700 per ETH, today's economic security is approximately $11.5 billion. In reality, given that the price will increase non-linearly with increasing demand for ETH, the cost will be much higher.

Since allocating these funds is not an issue for some organizations or countries, we still need to consider preventive solutions.

Solution 1: Encourage more users to stake

Compared to other POS networks, only 11% of ETH is currently staked (e.g., Solana is 77%, Cosmos is 66%, Avalanche is 65%), indicating significant potential. With an increase in staked amount, it will become very difficult for an attacker to gain control of 51% of the total staked amount.

However, a barrier to more people staking is the opportunity cost of DeFi returns for users. If users can earn better returns in DeFi, they may prioritize financial incentives, reducing the incentive effect of ETH staking returns. One solution to overcome this barrier is a liquid staking protocol, but this may also lead us back to the centralization issues seen in Lido. While we can see that Lido is allocating stake to approximately 30 validators on its whitelist, the approval of this whitelist is still controlled by Lido. Therefore, the criteria and ability to add and remove validators are crucial, requiring strong governance within decentralized autonomous organizations.

Encouragingly, Lido has been exploring governance solutions using dual governance proposals, where key governance issues will be voted on by stETH and LDO holders together, maintaining consistency between the two token holders. Another key issue related to censorship resistance is the potential to change the distribution of ownership among node operators in a way that may be harmful or unexpected. In governance situations, once initial proposals are passed by LDO holders, stETH holders will also be involved, and if all available negotiations fail, they can also opt out of the protocol. Read more here for a more detailed explanation of the voting mechanism and subsequent results.

Solution 2: Diversification of validators to prevent the acquisition of governance rights by force

If ETH cannot be obtained in the market, another way to gain control of the network is to forcibly co-opt 51% of validators. Therefore, increasing the diversification of validators in the following forms to achieve censorship resistance:

• Increase jurisdictional/geographical diversity to ensure that no single jurisdiction/country can take validators offline

• Increase operator/stakeholder diversity to ensure that in the case of widely distributed stakes, forcing censorship becomes extremely difficult

• Increase client diversity to ensure that no single error in validator clients can take validators offline

• Reduce hardware requirements for participation to ensure that everyone can start validators as needed

• Increase the number of validators with complete transaction copies

Solution 3: Social layer intervention

If preventive measures fail, Ethereum will intervene at the social layer. Specifically, the system will automatically execute the forking process upon detecting censorship, while allowing sufficient time for consensus to be reached for the fork. Ideally, full online nodes will identify and distinguish which blockchains are intended for censorship by checking the memory pool, and once identified, a fork will occur, and the chains with censorship intentions will be penalized, all without the need for social intervention.

However, forking is rarely a direct and quick process, as censorship may sometimes be accidental, such as due to errors in validator clients. In such cases, it is important to intervene and distinguish between what is genuine censorship and what is an accidental event. Additionally, there are other considerations, such as how to select the new blockchain, which checkpoint to use to initiate the new blockchain, and how to penalize attackers on the new blockchain, all of which will impact the economic value of the chain. These details are provided to help new users understand that if they wish to participate in a new uncensored blockchain, they must first be able to extract funds from the chain. Although there are currently no rules and guidelines to help users understand how to deal with various policy interventions, it is important that the governance and decision-making processes of the chain be as decentralized as possible.

Bitcoin's Security Budget

If Bitcoin is subjected to strong censorship, miners will be able to mine all rewards and reorganize the chain as they see fit. Given the current hash rate of 230m TH/s, assuming existing miners do not participate in the attack, an attacker would need to control over 230m TH/s of hash power to control the network. Let's do the math: using the most efficient ASIC chips on the market today, the Antminer S19 PRO (110 TH/s), it would require a total of 2.09 million ASIC chips (230,000,000 TH/s divided by 110 TH/s) to launch the attack. At today's price of $4,400, the total cost of hardware required to attack the network, without considering energy costs, would be $9 billion.

Solution 1: Bitcoin's Resistance to Censorship Due to Difficulty in Acquiring ASIC Chips

While the cost may not be prohibitive for attackers strongly motivated to carry out certain attacks, there is significant resistance to acquiring ASIC chips, as only a few companies can produce these chips. Additionally, due to the limited supply released each year, attackers cannot launch rapid attacks.

Solution 2: Low Conversion Cost of Miners Leads to Decentralization of the Bitcoin Network

Acquiring the machines required to control the network is very difficult, so attacks are likely to be carried out through coercion or control of existing mining pools. This issue can be addressed by relying on the emergence of mining pools in different regions globally, as their presence significantly reduces the cost of miner conversion, allowing for quick switching in the face of censorship, thus achieving censorship resistance.

Conclusion 2: Bitcoin is More Resilient Than Ethereum in Preventing 51% Strong Censorship Attacks. Ethereum's social layer as the last line of defense solution provides more power to a minority, but there are still many issues regarding social consensus.

On the surface, Ethereum's security budget appears higher than Bitcoin's. However, the resistance to acquiring hardware for taking over the Bitcoin network is much greater than the resistance to acquiring the majority of tokens in Ethereum.

If attackers gain control of the network through strong censorship of centralized mining pools, Bitcoin's solution is much simpler, as honest miners can help rebalance the hash rate by switching to non-attacking mining pools.

In the case of Ethereum being strongly censored, while the social layer can intervene, there are still many issues regarding how to transition to a user-activated soft fork. Firstly, how can social consensus be reached among non-attacking participants? Can the majority in the new minority make decisions? Or is it decided by the core team? The decision-making process can be likened to a "Ethereum DAO" vote to reach a majority decision. Should it be decided by the majority of voters or the majority of stakeholders? A common criticism of DAO voting is that the vast majority of holders can vote in favor of a result, but it can ultimately be vetoed by a single holder with more shares. This is not to reflect the actual process of deciding fork rules, but to emphasize the issues of social governance that the Ethereum community has yet to implement. Ultimately, as Nic Carter has said, the social consensus layer inevitably leaves room for politicization, and Ethereum may suffer the same fate as a national government expropriating.

Therefore, we believe that Bitcoin is more resilient. It is also worth noting that this may not be the case in the future. One potential scenario is that as block rewards tend towards zero, if Bitcoin's transaction activity does not recover, the lack of transactions will lead to miners lacking income, making it difficult for them to remain solvent. This will lead to miners shutting down machines and reducing the hash rate, weakening Bitcoin's security budget. Therefore, the Bitcoin network needs to continue attracting new users in order to operate as a healthy network.

Issue 3: External dependencies may pose censorship risks to the underlying network

Stablecoins

The face value of each cryptocurrency is anchored by stablecoins, and Bitcoin and Ethereum are no exception. A quick look at the market value of stablecoins reveals that the top 3 are all supported by fiat collateral held by centralized custodians. This places them within the regulatory purview, raising the question: what should be done if custodians prevent users from converting stablecoins to fiat currency solely due to government censorship or prohibition? While this is unlikely to happen, the chain reaction it would cause is frightening. Recently, USDC issuer Circle froze funds worth over 75,000 USDC associated with Tornado Cash addresses in accordance with the OFAC sanctions list.

Potential Solution 1: Overcollateralize Stablecoins

People can mint tokens pegged to fiat currency in exchange for collateral in cryptocurrency. MakerDAO's DAI is currently the largest decentralized stablecoin in the crypto space, and when asset prices start to fall, they maintain the peg of 1 DAI = 1 USD by liquidating the collateralized crypto assets. Since 2017, they have weathered the price fluctuations of Bitcoin and Ethereum and have proven to be robust. However, they also have over 30% USDC exposure as part of their collateral. Following the recent USDC and Tornado Cash incident, they are currently in governance discussions on whether to implement negative interest rates to make DAI more freely circulating, in line with their vision of becoming a public, neutral financial infrastructure.

Another option favored by Vitalik is Reflexer's RAI. In this protocol, users can deposit ETH and mint RAI, up to 2/3 of the deposited ETH value. The main difference here is that RAI does not maintain a fixed peg like the US dollar, meaning the peg of RAI will fluctuate based on market volatility. They also allow for negative interest rates, which helps provide a balance where excessive growth can be restrained, thereby reducing the volatility of stablecoins. Read more here for a more detailed explanation of how RAI works.

However, a fundamental issue with overcollateralized stablecoins is that they continuously extract liquidity from the market (which is not ideal if we expect financial activity to occur in cryptocurrencies). We also need to consider which collateral can be used as the underlying asset for collateralization.

Feasibility for Bitcoin: Bitcoin is almost the best collateral available. However, due to the extraction of liquidity from the market through overcollateralization, it is not an ideal solution if we expect financial activity to occur on-chain.

Feasibility for Ethereum: Using ETH as collateral for stablecoins may not be the way forward. If ETH faces censorship, these stablecoins will face redemption issues, as users may want to exit their ETH positions. While using Bitcoin as collateral can mitigate this related risk, it still faces the issue of liquidity extraction.

Potential Solution 2: Algorithmic Stablecoins

Although algorithmic stablecoins have gained a bit of notoriety due to the collapse of Luna, they are another option. The goal of algorithmic stablecoins is to create a stablecoin pegged without the need for collateral, using some form of governance token for pegging. It is then pegged through arbitrage opportunities between the governance token and the algorithmic stablecoin. However, this system design is very fragile, as it requires rational participants and strong confidence in the value of the governance token.

Once confidence is shattered, a death spiral may occur: when the price of the governance token falls, market participants not only fail to maintain the stability of the token price, but further sell off their holdings of the governance token, exacerbating the price decline.

In theory, algorithmic stablecoins can play a role similar to our existing banking system without extracting liquidity. However, it seems that there are no suitable candidate projects to refine the system design of algorithmic stablecoins to make it less risky.

Feasibility for Bitcoin: Not applicable, there are no viable candidate projects in the market.

Feasibility for Ethereum: Not applicable, there are no viable candidate projects in the market.

Potential Solution 3: Bitcoin or Ethereum as Decentralized Stablecoins

Consideration: What if Bitcoin became an uncensored decentralized "stablecoin"? This seems to address the issues faced by Bitcoin and Ethereum.

Feasibility for Bitcoin: It seems that all Bitcoin holders can join, as 1 BTC = 1 BTC. This may address the situation where a decrease in security budget occurs due to a lack of transaction activity (recalling: block rewards tend towards zero = all miner income depends on transaction fees = sufficient transaction activity is needed to maintain solvency and high hash rate). If BTC is widely used on Ethereum (and any other programmable blockchain), transaction activity will come from it being the base layer currency for DeFi and many other applications, which can then maintain economic incentives for miners, further strengthening resistance to any censoring attackers.

Feasibility for Ethereum: Imagine if USDC or USDT faced censorship leading to a chain fork, and there were no stablecoins pegged to fiat currency on the chain, how many users would choose that "bubble and low trading volume" stablecoin? If Ethereum were used as a decentralized stablecoin, it would eliminate the reliance on stablecoins pegged to fiat currency, making a chain fork a more realistic option in the face of strong censorship attacks. Users would not have to worry about the destruction of economic value, as Ethereum as the base layer currency has strong anti-censorship characteristics.

RPC Network

The RPC (Remote Procedure Call) network is crucial for blockchain. It provides access to server nodes and allows users to communicate and interact with the blockchain while interacting with an independent program. Given that running these RPC nodes requires specific hardware, most developers turn to centralized RPC networks, such as Infura and Alchemy, to meet their dApp API needs. The downside is that these centralized RPC networks can restrict access to blockchain data when compliance with any jurisdictional laws is required, and can also serve as easily hackable central points of failure. The end result is that users may face service interruptions, greatly reducing the user experience.

Solution 1: Light Clients

Ethereum has been hoping for more users to run their own light clients. Light clients do not store the full state history of the chain, but rely on sync committees to sync to the chain. They can also query the network state arbitrarily by asking other full nodes instead of through centralized Infura or Alchemy.

Bitcoin has also been encouraging users to run their own light clients. Light clients on Bitcoin can interact with the network but do not store the blockchain, and can query interested block and transaction data from other nodes.

Solution 2: Decentralized RPC Network

Decentralized RPC network providers offer economic incentives for distributed RPC nodes to provide applications and users with access to blockchain data. By using a set of decentralized RPC nodes, the underlying protocol layer can enhance its security and resistance to censorship due to the absence of single points of failure. Existing solutions include Pocket Network, Ankr, and Solana's GenesysGo. Both Ethereum and Bitcoin would benefit from a decentralized RPC layer, considering the large number of applications using RPC networks, which would enhance Ethereum's resistance to censorship.

Core Developers and Project Teams

The arrest of Tornado Cash founder Alexey Pertsev has sparked discussions on whether developers or project teams should be held accountable for their open-source code. Should they remain anonymous? Identifiable identities could place individuals within a jurisdiction, potentially making them susceptible to regulatory control. While there is no explicit requirement for founders or developers to be accountable for their code, ensuring that the team is geographically distributed to address potential scrutiny from a specific jurisdiction may be a wise move.

Conclusion 3: External dependencies significantly impact the resistance to censorship of underlying protocol layers.

We believe that the primary issue to address is the choice of underlying currency, as the economic value of Bitcoin and Ethereum is tied to USDC and USDT, which are susceptible to US regulations. For other potential sources of censorship risk, including the RPC layer and protocol developers, we believe that existing solutions can mitigate and ultimately eliminate these issues.

Conclusion

While we have extensively compared Bitcoin and Ethereum, they also have their own characteristics and solutions in terms of resistance to censorship. For example, Bitcoin's characteristics make it suitable as a base layer currency, but we still need the programmability of blockchains like Ethereum to have on-chain applications. Ultimately, the characteristics of decentralization, resistance to censorship, and sovereignty are the goals that Bitcoin, Ethereum, and many other blockchains are striving to achieve.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。