# Bitcoin security model: trust by computation

## A shift from trusting people to trusting math.

Bitcoin is a distributed consensus network that maintains a secure and trusted distributed ledger through a process called “proof-of-work.”

Bitcoin fundamentally inverts the trust mechanism of a distributed system. Traditionally, as we see in payment and banking systems, trust is achieved through access control, by carefully vetting participants and excluding bad actors. This method of trust requires encryption, firewalls, strong authentication and careful vetting. The network requires investing trust in those gaining access.

The result is that such systems tend to be closed and small networks by necessity. By contrast, bitcoin implements a trust model of trust by computation. Trust in the network is ensured by requiring participants to demonstrate proof-of-work, by solving a computationally difficult problem. The cumulative computing power of thousands of participants, accumulated over time in a chain of increasing-difficulty proofs, ensures that no actor or even collection of actors can cheat, as they lack the computation to override the trust. As proof-of-work accumulates on the chain of highest difficulty (the blockchain), it becomes harder and harder to dispute. In bitcoin, a new proof-of-work is added every 10 minutes, with each subsequent proof making it exponentially more difficult to invalidate the previous results.

Here’s the most important effect of this new trust model of trust-by-computation: no one actor is trusted, and no one needs to be trusted. There is no central authority or trusted third party in a distributed consensus network. That fact opens up a completely new network model, as the network no longer needs to be closed, access-controlled or encrypted. Trust does not depend on excluding bad actors, as they cannot “fake” trust. They cannot pretend to be the trusted party, as there is none. They cannot steal the central keys as there are none. They cannot pull the levers of control at the core of the system, as there is no core and no levers of control.

As a result, the network can be open to all; the transactions can be broadcast on any medium, unencrypted; and applications can be added at the edge without vetting or approval. In other words, bitcoin is not just money for the Internet, it is the Internet of money — an open, de-centralized, standards-based network where innovation can occur at the edge without permission and where the network itself is simply a neutral and open transport layer.

Like the Internet and other open networks, blockchain-based crypto-currency networks are susceptible to denial-of-service and other nuisance attacks. Attacks that cannot violate the trust of the distributed asset ledger, but can clog the pipes and attempt to confuse the participants. When such attacks occur, they can cause deep concern among those who have a predilection for the security model of access control. If a bad actor gains access to a closed financial network, the results are catastrophic. Open access and trust are fundamentally at odds in a closed centralized network based on access control. Therefore, within that context, a denial of service attack or any bad actors on the network have dire consequences and signify a compromise of security and a failure of the trust model.

On bitcoin and other open crypto-currency networks, however, bad actors on the network are inconsequential because the trust model does not depend on excluding them. The bad actors are not trusted any more than any other user of the network and their access does not grant them any special rights. The trust model depends on computation and the demonstration of computation through proof-of-work. As long as good actors form the majority of the computation used for forming consensus, the bad actors cannot change the trusted ledger.

It will take time for the idea of decentralized trust through computation to become a part of mainstream consciousness, and until then, the idea creates cognitive dissonance for those accustomed to centralized trust systems. With thousands of years of practical use, centralized systems of trust are accepted unconditionally and without much thought as the only model of trust.

Until recently, decentralized trust at scale was not possible. Now that it is, it conflicts with most people’s understanding of the world. That’s why when you explain crypto-currencies to people, they immediately search for the central actor or authority that establishes the trust, establishes the value or has the control: “Yes, I see it is decentralized, but who runs it? Who controls it? Can’t someone take over?” These questions reveal the context of trust centralization, which is deeply embedded in our culture and our thinking. We’ve been taught to fear the bad actor and look for self-interested “trusted” individuals; we no longer have to do that.

Gradually, decentralized trust will be accepted as a new and effective trust model. We have seen this evolution of understanding before — on the Internet. The Internet led to the decentralization of authority-of-opinion, by making it possible for anyone to be a publisher without a multi-story building-sized printing press. At first, this challenged our expectations and forced us to reconsider the source of authority. If anyone could have an opinion and publish it, how can we tell which opinions are important? We had used the centralization of printing presses and distribution and the purchasing of ink by the barrel as a proxy metric of authority, to help us filter our news and opinions. Suddenly, we were thrust into a new world in which these anchors of authority were swept away and each opinion had to be judged by its merits, not the size of the publisher’s press.

Now, we must rethink the source of trust in networks and the source of monetary value of currencies, disconnected from the issuer, without a central authority and without the need for access control. The trust model has already changed, but it will take a while for society to accept that a new model is possible.

Related:

tags:
• @Bitcoinrat

Everyone needs to read this analysis from Andreas, and distribute it to all their contacts ( social and personal ) The momentum is growing , adoption is increasing, but we are not yet at the point of ‘lift off’ . There are going to be tough battles ahead, ( both PR-wise and cyber-attacks ) as those big-player actors ( State and Corporate ) with the most to lose will hit back .

Hang on in there Guys , as Dylan wrote in his earlier and revolutionary days .. “The Times they are A-Changing “

• David Irvine

Well done a pretty nice article well explained. I am a huge supporter of the trust math models. Now think about it for all data types and communications using ‘proof of resource’, then it rocks the very foundation of many unfair systems today. We can discuss more in Austin :-)

• Telepatheic

The first problem is that computation is more efficient if it can be grouped together. This is why we see large data-centres in a few locations dominating over lots of small servers dotted around the globe. Bitcoin “mining” has also begun to cluster in a small number of large data-centres as bitcoin goes more mainstream and mining requires a large amount of capital to purchase expensive bitcoin specific chips. Just a few companies can produce these chips and could potentially exert huge power over the bitcoin network.

The second problem is that we have yet to expand bitcoin beyond the control of virtual assets. Virtual assets do not physically exist and therefore it is the ability to represent these assets within multiple computers across the network which give bitcoin its decentralized nature. These virtual assets also have to have real world value to everyone, without value, there exists no economic incentive (block rewards and transaction fees) for securing the network through computation.

Nobody yet has come up with a protocol which works which can extend to the control of physical assets and systems without having to trust centralized third parties. Nor has anyone come up with a blockchain which does not have an associated crypto-currency.

• David Irvine

Can I ask the moderator why the link I posted here was removed. It answered this question

” Nobody yet has come up with a protocol which works which can extend to the control of physical assets and systems without having to trust centralized third parties. Nor has anyone come up with a blockchain which does not have an associated crypto-currency.”

With an actual example of a project that does just this.

• Jenn_Webb

Ah. The system marked it as spam. I’ll approve it now and it should appear.

• briatx

Nonsense. Bitcoin doesn’t eliminate human counterparty risk, it just transfers it. Just look at the latest episodes with the Silk Road and MtGox for unambiguous examples.

• oldsmokey

Exactly. While the underlying process may be solid, new risk can and will be introduced by humans for various reasons, whether nefarious or well-intended.

The roles played by banks and brokerages in traditional currency systems is only partially about ‘holding the money’. It is also about developing and enforcing rules and processes that attempt to prevent fraudulent abuse of the system as transactions flow through it.

So it is important to separate ‘Bitcoin’ as a system from the rules/processes enforced by Bitcoin-based banks and exchanges. So far, Bitcoin itself seems like a solid system. It’s the implementations of the ‘banks’ and ‘exchanges’ that have caused issues.

Transitioning to a crypto-based currency is also complicated somewhat by the reality that traditional centralized banking systems serve a couple of purposes – first, to enable legitimate transactions, and second, to prevent ‘bad actors’ (as defined by the laws in place at the time/place) from participating in the system. In other words, traditional banking also serves a quasi-law-enforcement function. This function is completely absent from crypto systems, so people get upset that ‘bad guys’ can use Bitcoin just as easily as ‘good guys’ – ignoring the large number of laundering schemes in play that basically allow the ‘bad guys’ to use the current banking system undetected.

• OpenThePoBayDoorsHAL

How ironic, then, that banks, having failed at their duty to exclude bad actors (HSBC among MANY examples), and having conversely saddled society with $24 trillion in costs due to their own bad actions (per the latest GAO report on the cost of the Financial Crisis), are now leading the charge against Bitcoin. The UN says that$1 trillion is laundered per year in the major currencies through the major banks…and yet the regulators are charging after tiny little Bitcoin. This is not about crime, people, it’s about POWER and CONTROL.

• oldsmokey

Oh, I’m not saying that the banks are in any way pure, or that they can or should have any say over the success of crypto-currencies.

In fact, in an anonymous system, many types of financial crime would simply have to become ‘acceptable’, since there would be no way to trace them. And assuming unlimited network and compute speed, an anonymous system wouldn’t ever need ‘banks’ or ‘brokerages’ (like MtGox, etc.) at all. But, as long as such entities are ‘needed’ (if only to speed up the rate at which transactions can occur), those entities will become the ‘weak point’ where crime is most likely to occur – very analogous to today’s banks.

• Mark Hahn

except that btc/etc are not anonymous. they’re pseudonymous and *public*. this is profoundly more transparent than traditional banking, as silkroad people have learned.

• OpenThePodBayDoorsHAL

Nonsense. Silk Road and Gox are no more risks to the decentrailzed network than Yahoo is a risk to the Internet.

• distributon

This is far from “nonsense”. No where does this article claim human counterparty risk is eliminated. It can, however, be managed with centralized or decentralized systems. Silk Road and MtGox are centralized services, relying on a centralized trust model.

I would argue they were centralized because of economics and technology considerations, not because of some “inherent nature of trust”. For example, decentralized currency exchanges will soon be a reality. Here’s a basic building block: https://en.bitcoin.it/wiki/Atomic_cross-chain_trading

• Pascal Torvin

It doesn’t shift power from people to math… it shifts power from self-interested “trusted” individuals to a self-interested “trusted” percentage of good actors needed in society to make the concensus rules (math) work.

• Fran_Kostella

I’m trying to wrap my head around how a system like this behaves over time. Does it mean that if the “bad” actors marshal more computation than the “good” that they might bend the “truth” of a system to their will? Also, if Moore’s Law changes, either flattening out, or some breakthrough accelerates the growth dramatically, then what happens?

• Mark Hahn

the blockchain defines the true ledger, and if there is any disagreement, you have a “fork”, when there are two possible chains/ledgers. the current heuristic simply defines the longer blockchain as the true one. so if some conspiracy amounting to >50% of mining rate wanted, they could (sometimes) include or exclude particular transactions.

• Mark Hahn

I’m not sure why you say that: the whole point of the BTC scheme is a public ledger and a decentralized, non-repudiatable way to stay with the legitimate ledger. who is being trusted?

• Pascal Torvin

The ledger will only stay legitimate as long as the majority of the users (miners & nodes) stay honest. So the only way in which you trust the math, is how it describes a game theory that will motivate enough people in society to remain honest. However, you also trust society not to screw it up, like we are doing with our natural resources and poluting our planet.

• Mark Hahn

yes, but why do you claim there is trust involved? 51%, whether a single entity or not, *defines* the correct side in a fork – so where is the trust?

• Pascal Torvin

You need to trust in humanity over individuals.

• Telepatheic

Thanks David for introducing me to Maidsafe. I can understand the high level overview of how Maidsafe works but I haven’t been able to understand the implementation in enough detail to understand how it technically works. You need to work on your documentation to offer a mid level technical overview of how the whole Maidsafe system works like Satoshi did with the bitcoin whitepaper.

As the CEO of Maidsafe could you explain how Maidsafe can be used to implement a blockchain without an associated currency. That is how it implements a public ledger that everyone can easily verify is genuine and which everyone can use to verify that a reference in the public ledger can be associated with an identity (public key/address).

• David Irvine

You are more than welcome. We are finalising a token based system as we speak If you stay tuned you may hear something very soon (Austin perhaps) that will clearly show not only a distributed blockchain but a network full of blockchain architectures for many different networks. We do expect that to be public in the next 4-6 weeks,

• This is a random number beacon by THE NATIONAL INSTITUTE OF STANDARDS!

http://www.nist.gov/itl/csd/ct/nist_beacon.cfm

First, the Beacon-generated numbers cannot be predicted before they are published. Second, the public, time-bound, and authenticated nature of the Beacon allows a user application to prove to anybody that it used truly random numbers not known before a certain point in time. Third, this proof can be presented offline and at any point in the future.
—-
Once every 60 seconds. In five minutes, just 5 possible numbers.

• Mark McKenzie

This certainly helps to clarify some my concerns but I still curious as to whether the people with superior technology and computational skills would be primary benefactors. How differently will they behave from amassing of power and bitcoin “wealth” than oligarchical or monopolistic financial institutions?