Bitcoin as Sound and Resistant Money
- Chapter 19: Bitcoin as Sound and Resistant Money
Chapter 19: Bitcoin as Sound and Resistant Money
“I don’t believe we shall ever have a good money again before we take the thing out of the hands of government, that is, we can’t take it violently out of the hands of government, all we can do is by some sly roundabout way introduce something that they can’t stop.”
F. A. Hayek, Denationalisation of Money (1976)^1^
Introduction
Chapter 18 showed how Bitcoin becomes possible. This chapter examines the monetary properties encoded in Bitcoin and the resistance properties that let the system survive opposition.
These two dimensions belong together. A digital asset that can be inflated, frozen, or easily shut down is not sound money in any serious sense. Bitcoin builds monetary discipline and resistance into the same architecture.^2^
19.1 Sound Money Properties as Schelling Points
Chapter 9 established the properties that sound money requires. Bitcoin exhibits these properties, and the mechanism that upholds them is worth getting right at the outset, because every claim in this section depends on it.
A consensus rule in Bitcoin is not enforced by the protocol in the way a contract is enforced by a court. There is no authoritative copy of the ruleset. Every full node runs its own software, holds its own consensus rules, and validates every block against those rules independently. Any operator can modify their own rules, run a fork that accepts blocks the rest of the network rejects, and produce an alternate chain on that basis. Nobody can compel another operator to do the same. The rules persist because independent validators have converged on them and refuse to recognize chains that violate them. The cap, the issuance schedule, the signature rules, the block subsidy, and every other consensus rule discussed below holds the same way: as a Schelling point on which validators have coordinated, where unilateral deviation produces a chain with no economic value because no other validator will accept it.
The convergence model predicts the actual behavior of the system in cases where the alternative framing fails. Bitcoin Cash forked off Bitcoin in 2017 by changing the block-size rule, and the resulting chain has its own market and is irrelevant to Bitcoin holders because Bitcoin validators did not converge on the new rule. Ethereum rolled back the DAO transactions in 2016 by social agreement among Ethereum validators, and the rollback succeeded because validators converged on it; the minority that refused now runs Ethereum Classic.^10^ In both cases the rule that prevailed was upheld by convergence among independent operators, and every property in this section holds the same way.
Fixed Supply Cap
Bitcoin’s supply is capped at 21 million coins. The cap is a consensus rule that every full node validates against blocks it receives, and a block containing transactions that create coins beyond the schedule is rejected as invalid by every node running rules consistent with that cap. A miner who produces such a block can publish it, but the chain extending from it is recognized only by nodes running modified rules, and no exchange, custodian, or merchant running standard rules will accept payments on it. The block has no economic value, so no rational miner produces one.
The cap is therefore immutable in the practical sense that holders care about: there is no path to changing the rule on the chain you are running short of you yourself running different software. A miner or developer who wants more supply can fork off and build a chain with a higher cap, but they cannot pull the original chain along with them. The original chain keeps running for everyone who keeps running the original rules, even if that is a minority of former participants. Unlike physical gold, where new deposits can be discovered, or fiat currency, where central banks can print, there is no entity with the power to increase the supply on the chain that holders are validating; an attempt to do so produces a separate chain that those holders ignore. Because solving double-spending makes bitcoin units rivalrous (one person’s possession excludes another’s), property rights can apply to this digital asset, and the cap on the asset class is itself a property right held in common by every node operator who refuses to accept inflation.
Predictable Issuance
The difficulty adjustment and the halving schedule means the entire supply curve is known in advance. Anyone can calculate future supply at any date. There is no emergency decree or discretionary policy that could change it, because there is no authority empowered to issue one; changing the schedule requires the same coordination problem as changing the cap, and validators who have refused inflation for seventeen years have no incentive to accept it now. Monetary policy is transparent because it is the same rule on every operator’s machine, and it is durable because deviation from it produces a chain nobody values.
Divisibility
Bitcoin is divisible to eight decimal places. The smallest unit, one hundred-millionth of a bitcoin, is called a satoshi. This enables transactions of any practical size, from micropayments to large settlements. The eight-decimal design was not Satoshi’s first sketch. Early correspondence with Hal Finney in January 2009 pushed for finer divisibility than the original draft contemplated, and the 10^8 satoshi-per-coin parameter was settled in that exchange before the network went live to a wider audience.^3^
This divisibility is part of Bitcoin’s current unit definition, not a physical limit. If future adoption requires finer subdivision, additional decimal places would require a consensus change. Divisibility is a parameter, not a fixed constraint.
No physical cutting or melting is required. A single bitcoin can be divided into 100 million satoshis without losing value or requiring trust in a third party. This exceeds the divisibility of any physical commodity.
Portability
Bitcoin can be transferred anywhere on earth with network connectivity. Value crosses borders without physical transport, customs inspection, or confiscation risk at checkpoints.
A private key, which controls any amount of bitcoin, can be memorized, stored on a device, or encoded in various formats. Carrying a billion dollars in gold requires trucks and guards; carrying a billion dollars in bitcoin requires remembering twelve words.
Durability
Bitcoin does not decay. Units created in 2009 remain identical to units created today. There are no storage costs for the asset itself, though maintaining secure access to private keys requires care.
The ledger is replicated across thousands of nodes worldwide. Individual storage media fail, but the network maintains redundant copies. This replication protects against data loss at the network level, though individual users can still lose access to their coins through lost keys, forgotten passwords, or destroyed backups. Gold and bitcoin share this vulnerability: both can be lost through carelessness or disaster. Bitcoin’s durability advantage over physical currency is clearer; paper money degrades, coins corrode, but bitcoin units remain cryptographically intact indefinitely.
Verifiability
Anyone running a full node can verify the entire monetary history. Unlike gold, which requires assay, or banknotes, which require specialized equipment to detect counterfeits, bitcoin authenticity is cryptographically certain. A valid transaction either satisfies the protocol rules or it does not; no judgment or expertise is required beyond running the software.
This verification extends to supply. Any participant can independently confirm that total supply follows the schedule. No central authority’s statement must be trusted. The ledger itself is the proof.
Fungibility Challenges
Sound money requires that units be interchangeable. A dollar is a dollar regardless of its history. Gold bars are fungible; one ounce equals any other ounce of the same purity.
Bitcoin’s transparent blockchain creates fungibility challenges. Every transaction is recorded; every unit has a traceable history. Some exchanges and services reject coins with histories involving sanctioned addresses, darknet markets, or ransomware payments. If units are not interchangeable due to their history, fungibility is compromised.
Compromised fungibility is a real limitation of base layer Bitcoin. Later sections examine privacy tools such as CoinJoin,^11^ PayJoin, Lightning,^12^ and ecash^13^ that address fungibility by breaking the links that enable discrimination.
How Validators Uphold Soundness
Traditional monetary soundness depends on institutional promises. Central banks promise stable policy and often break promises. Gold standards promise convertibility, and governments suspend convertibility.
Bitcoin’s soundness is upheld by every participant who runs validating software and refuses chains that violate the rules they hold. Full nodes verify every transaction against the consensus rules each operator has chosen to run. Transactions that violate those rules, including any that exceed supply limits, are rejected by the operator’s node and never enter the chain that operator recognizes. Each node holds its rules unilaterally; nobody can compel a node to accept a chain that violates them. Coordinated change among many operators produces a fork: the original chain continues running for everyone still on the original rules, the modified chain runs alongside it for those who switched, and the question of which chain carries monetary value is settled by markets, exchanges, merchants, and liquidity, not by any threshold of validator participation. Inflation, censorship, and rollback have been resisted in Bitcoin’s history because the holders who would lose under those changes have kept running the rules that protected them, and no one could take those rules away from them.
The system is not “trustless” in the sense of requiring no trust. Users trust that the software correctly implements the rules they want, and that the chain they are following will continue to attract the economic activity that gives their coins value. The first trust is verifiable: anyone can read the code and run a node that confirms each block obeys the rules they care about. The second is empirical: holders watch the markets, exchanges, and merchants that price and accept the chain they validate.
Bitcoin and the Regression Theorem
Chapter 9 presented the regression theorem and the questions it raises for novel moneys. Here we apply that framework directly to Bitcoin.
The problem appears simple: Mises showed that money’s current value traces back through prior valuations to a time when the money commodity was valued for non-monetary use. Gold was ornament before it was money. But Bitcoin was designed as money from the start. Does it violate the theorem?
The resolution lies in the subjective theory of value itself. The theorem requires that first valuers had reasons for valuing; it does not specify what kinds of reasons qualify. Early Bitcoin adopters valued it for various reasons: ideological commitment to cypherpunk goals, technical fascination with the cryptographic innovation, speculative anticipation of future adoption, or practical desire for censorship-resistant transactions. Each of these is a subjective valuation. Praxeology provides no basis for declaring some valuations legitimate and others illegitimate.
Bitcoin’s original utility was real: it enabled permissionless, censorship-resistant transactions that no other system could provide. This utility is distinct from monetary use; one could value Bitcoin for this capability without expecting it to become generally accepted money. A market price for bitcoin in fiat existed before any goods trade: BitcoinMarket.com, the first BTC-USD exchange, opened in March 2010 and produced a continuous quoted price two months before the pizza event.
The May 22, 2010 transaction is the canonical illustration of how that price anchors into commerce. Laszlo Hanyecz posted on the BitcoinTalk forum offering 10,000 BTC for two pizzas delivered to his door, and a forum user (Jeremy Sturdivant, “jercos”) accepted by ordering Papa John’s pizzas with his own dollars. Papa John’s never handled bitcoin; the BTC moved from Laszlo to Jeremy in exchange for the fiat-purchased pizzas. The praxeological content is in that peer-to-peer trade: Jeremy’s willingness to accept 10,000 BTC for goods worth roughly twenty-five dollars and Laszlo’s willingness to part with them at that rate are two subjective valuations meeting at a price already framed by exchange trading.
Direct merchant acceptance came later. By late 2010 the BitcoinTalk Marketplace board hosted vendors taking bitcoin directly for goods, with the alpaca-sock vendor Michael Stoneman emblematic of the period. Silk Road’s launch in February 2011 made direct BTC commerce routine at scale, with buyers and vendors settling end-to-end in bitcoin without any fiat-rail intermediary. The regression chain runs through all of these.^4^
The theorem’s core insight is that money emerges through market process, not decree. Bitcoin validates this insight more purely than any historical example. No legal tender law compelled acceptance, no government backing supported it, and no commodity convertibility anchored it. Market participants adopted bitcoin because they valued its properties, and that voluntary adoption produced monetary status. The emergence shows that the theorem explains how money typically develops; it does not restrict which goods can become money.^5^
19.2 Resistance Properties: Why Bitcoin Survives
Decentralization Prevents Single-Point Shutdown
Bitcoin has no headquarters and no CEO. It also has no single server to seize. The network consists of thousands of nodes worldwide, each independently validating transactions. Eliminating Bitcoin would require shutting down all nodes simultaneously across every jurisdiction.
Previous digital currencies failed because authorities could target central points. Bitcoin’s distributed architecture eliminates such targets.
Global Distribution
Bitcoin nodes operate in every major country. Mining occurs across continents. Development happens across jurisdictions. This geographic distribution means no single government controls the network.
Even concerted multinational action faces coordination problems, because different governments have different interests. While some jurisdictions restrict Bitcoin, others embrace it, and the network routes around restrictions.
Network-Level Attack Vectors
Decentralization does not eliminate all attack vectors. Network-level attacks can disrupt Bitcoin without targeting individual nodes.^6^
BGP hijacking allows autonomous systems to divert Bitcoin traffic by announcing false routing information. Research has shown that hijacking fewer than 900 IP prefixes could partition significant portions of the network. An ISP carrying Bitcoin traffic can delay block propagation by 20 minutes while remaining undetected. Such attacks can cause chain splits and double-spending opportunities during the partition, along with loss of mining revenue when orphaned blocks are discarded after the attack ends.
Eclipse attacks target individual nodes by monopolizing their peer connections, isolating them from the honest network. The original eclipse attack research (2015) prompted improvements in Bitcoin Core’s peer selection and connection handling. Current versions use several mitigations, including diverse outbound connections across different network groups, anchors that persist across restarts, and detection of suspicious peer behavior. The specific attacks described in early research are largely mitigated, though the attack class remains a concern that ongoing development continues to address.
DNS-based attacks can disrupt node discovery, and ISP-level blocking can impair operation in specific jurisdictions. China’s 2021 mining ban^15^ changed mining geography, showing that jurisdictional action can affect the network even without eliminating it entirely.
These attacks illustrate the distinction between implementation vulnerabilities and structural constraints. Implementation vulnerabilities (specific eclipse attack vectors, peer selection weaknesses) are addressed through ongoing Bitcoin Core development; the project maintains active security review and regularly releases updates. Structural constraints (reliance on internet routing infrastructure, BGP vulnerabilities) cannot be fully eliminated at the application layer, though mitigations like Tor usage and diverse connectivity help. Nodes can use Tor^14^ to hide their IP addresses, reducing exposure to some network-level attacks.
Mining Concentration
A mining pool is a cooperative arrangement among many independent miners who combine their hash power to smooth their income. Solo mining at modern difficulty produces highly variable returns: a small operator might wait years between blocks, with long stretches of zero income punctuated by occasional full block rewards. Pools fix this by aggregating miners under a coordinator who builds candidate block templates, distributes them to members, collects “shares” (low-difficulty proofs that members are hashing on the assigned templates), and pays out the eventual block reward in proportion to the shares each member contributed. The miner trades a small operator fee for steady income; the pool delivers payouts large enough to attract participation. The mining hardware stays with the individual miners; but the coordination layer and block template construction is centralized.
The pool layer has concentrated in practice. A small number of pools coordinate the majority of hash rate; as of recent measurements, the top five pools often control over 70% of it.^7^
The concrete vulnerability is template construction. Because the pool builds the candidate block, the pool chooses which transactions appear in it and which prior block the template extends. An operator under legal or political pressure can refuse to include particular transactions, and the miners hashing for that pool produce the censoring blocks without knowing the difference.
The same mechanism enables reorg attempts. A pool that points its templates at an older block instead of the current tip directs its members’ hash power into an alternative chain that, if it wins the race against the honest tip, replaces the recent history with a different one. Whether the reorg succeeds depends on hash rate; a majority pool can force shallow reorgs at will, and a substantial-minority pool can occasionally succeed against the most recent blocks before they accumulate confirmations.
The hard limit is theft. A pool cannot spend coins whose private keys it does not hold, no matter how much hash rate it commands. Reorg attacks can double-spend the attacker’s own recently-broadcast transactions, but they cannot take other holders’ funds. Individual miners can switch pools at low cost, and pools that censor visibly or attempt visible reorgs would lose them to competitors, which is the disciplining mechanism in practice.
Stratum V2 and Datum address the architectural problem directly. Both protocols let individual miners or mining farms construct their own block templates and submit them to the pool, with the pool retaining only the share-aggregation and payout role. A miner using either remains in the pool’s payout system but picks which tip to extend and which transactions to include, decoupling template censorship and reorg-direction from coordination scale.^8^
Why Proof-of-Work Admits Perpetual Competition
The resistance properties above depend on a specific design choice: Bitcoin ties block production to the consumption of a resource produced outside the ledger. A miner votes for a chain by spending electricity on specialized hardware that was manufactured, shipped, and installed in the physical world. The security resource, hashrate, is a higher-order good assembled from silicon, energy, capital, and labor that exist independently of Bitcoin itself. This has a consequence most discussions of consensus understate: the supply of hashrate is exogenous to the protocol. No attacker can corner it.
Proof-of-stake systems work differently. In a stake-based protocol, the resource that grants voting rights is the coin itself. An attacker who captures a majority of active stake does not face a minority that can respond by manufacturing more of the security resource. The minority can only acquire more coins by purchasing them, and in a proof-of-stake system the attacker is the largest coin-holder by definition. The attacker need not sell, and the remaining holders do not collectively control a majority. Slashing can destroy misbehaving stake when a violation is cryptographically detected, but a majority that operates within protocol rules while censoring, re-ordering, or capturing rewards is not misbehaving in a way the protocol can detect. Recovery, when available, depends on social coordination around a user-activated soft fork that repudiates the captured chain, which is exactly the out-of-band political process proof-of-work was designed to avoid.^9^
Proof-of-work reverses the problem. A 51% hashrate holder today faces a market that can respond in several ways at once: new ASICs can be manufactured, offline hardware can be brought online, miners who dislike the attacker’s policy can redirect their hashrate to another pool, and entirely new entrants can be drawn in by the profit opportunity an attack creates. The attacker is competing against the global capacity of the semiconductor industry and the global price of electricity, neither of which is captured by holding the chain. This is what Hugo Nguyen called the timelessness of work: the electricity that secured past blocks cannot be un-spent, and the hardware that secures future blocks is producible by anyone willing to pay.
The empirical record supports the recovery claim even under severe stress. In June 2021, China banned Bitcoin mining, removing roughly two-thirds of the network’s hashrate within weeks. Within six months, hashrate had returned to its pre-ban level, redistributed across the United States, Kazakhstan, Russia, and Canada. The attacker in that case was the jurisdiction that had contained most of the world’s mining capacity, and the minority recovered by relocating hardware to jurisdictions that had not joined the attack. A proof-of-stake chain in the same position would have had no comparable response: the stake that the Chinese miners held could not have been moved to new validators in other countries, because stake is the chain, not hardware aimed at it.
Economic Incentives for Defense
Miners have invested billions in equipment and infrastructure. This investment is worthless if Bitcoin fails. Miners therefore have strong incentives to defend the network against attacks.
Holders of bitcoin also have incentives to support network health. Running nodes and defending the network against attacks serves holder interests directly.
Axiom of Resistance in the Record
Bitcoin shows the Axiom of Resistance in the record. The network has survived repeated government crackdowns in various countries, bans in some jurisdictions, multiple exchange failures and hacks, sustained negative media coverage, technical attacks on the network, and regulatory uncertainty with hostile legislation.
Since launch, Bitcoin has continued producing blocks approximately every 10 minutes without interruption. The hash rate (computational security) has increased by orders of magnitude. This empirical track record validates the resistance properties that theory predicts.
Chapter Summary
Bitcoin’s sound-money properties are Schelling points upheld by independent validators, not promises made by issuers. Fixed supply, predictable issuance, divisibility, portability, durability, and public verifiability are consensus rules each full node holds locally and validates against every block it receives. Each operator’s rules are theirs alone; no one can take them away or force the operator to accept a chain that violates them. A coordinated shift to different rules produces a separate chain that runs alongside the original, and the question of which chain carries monetary value is settled by markets, merchants, and exchanges, not by any threshold of validator participation. Transparent fungibility remains the real base-layer limitation: every unit has a traceable history, and some exchanges reject coins tied to sanctioned or darknet activity. The privacy layers in Chapter 20 exist to restore what the transparent ledger does not give natively. Bitcoin also satisfies the regression theorem through voluntary market adoption, not by decree. Early subjective valuations of censorship-resistant transaction capability provided the non-monetary use from which monetary emergence proceeded, consistent with the praxeological framework of Chapter 9.
Resistance properties and monetary properties are architecturally inseparable. Sound money that can be inflated or frozen by decree is not sound money, and Bitcoin’s decentralization, global distribution, and economic incentives for defense ensure that the monetary rules cannot be changed by external pressure. Proof-of-work ties block production to a resource produced outside the ledger, so an attacker who captures a majority of hash power faces a market that can respond by manufacturing more hardware, relocating miners, and drawing in new entrants, the same response that restored hash rate after China’s 2021 mining ban. Proof-of-stake systems cannot respond the same way because the security resource is the coin itself. Resistance is not unlimited. Network-level attacks, mining concentration, and jurisdictional action can disrupt access and degrade security at the margin, and the chapter documents these vectors alongside the resistance properties. What the empirical record supports is that Bitcoin’s base layer has continued producing blocks approximately every ten minutes since January 2009 under repeated state and market pressure, which is the operational evidence the theoretical chapters predicted.
Endnotes
^1^ F. A. Hayek, Denationalisation of Money: The Argument Refined, 3rd ed. (London: Institute of Economic Affairs, 1990; first published 1976). The epigraph is from Hayek’s 1984 lecture “The Future Unit of Value,” often quoted as his prediction of something like Bitcoin. Hayek argued that competitive private currencies would discipline governments more effectively than any rule a government could impose on itself, a line of thought that the Bitcoin architecture of Chapter 18 realized twenty-four years later through a different mechanism. For the canonical Austrian sound-money statement this book draws on throughout, see Ludwig von Mises, The Theory of Money and Credit, trans. H. E. Batson (New Haven: Yale University Press, 1953; German original 1912), especially part III on monetary policy; cited at Chapter 9, note 4.
^2^ Further reading on Bitcoin runs in several directions. For technical depth: Andreas Antonopoulos, Mastering Bitcoin, 3rd ed. (O’Reilly, 2023) is the standard developer reference, and Kalle Rosenbaum, Grokking Bitcoin (Manning, 2019) is the best illustrated introduction to how the protocol works. For monetary and historical perspective: Saifedean Ammous, The Bitcoin Standard (2018), Nik Bhatia, Layered Money (2021), and Lyn Alden, Broken Money (2023). For narrative history: Nathaniel Popper, Digital Gold (2015) on Bitcoin’s emergence, and Jonathan Bier, The Blocksize War (2021) on the 2015-17 scaling dispute. Primary: Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008), cited at Chapter 18, note 1; and the Bitcoin Core source tree itself at https://github.com/bitcoin/bitcoin. For running infrastructure: Bitcoin Core (https://bitcoincore.org/) for full nodes, Sparrow Wallet (https://sparrowwallet.com/) for desktop self-custody with coin control, Specter Desktop for multisig, and hardware signers such as Blockstream Jade, Coldcard (https://coldcard.com/), and Trezor.
^3^ On the divisibility design, see the early Satoshi Nakamoto–Hal Finney correspondence collected at the Satoshi Nakamoto Institute, https://satoshi.nakamotoinstitute.org/emails/, in which Finney raised the question of how finely a bitcoin could be divided and Satoshi described the rationale for the 10^8 (eight-decimal-place) base unit that became the satoshi. The reasoning preserved in those emails has the units sized to give substantial room for both microtransactions and large appreciation in unit value without requiring a future consensus change to the field width.
^4^ For the early BTC-USD exchange that established a continuous market price before the pizza trade, see the BitcoinTalk announcement thread for BitcoinMarket.com, https://bitcointalk.org/index.php?topic=20.0 (March 2010), launched by the user “dwdollar.” For the pizza transaction, see Laszlo Hanyecz, “Pizza for bitcoins?”, BitcoinTalk forum thread, May 18-22, 2010, https://bitcointalk.org/index.php?topic=137.0, in which Laszlo makes the offer and the user “jercos” (Jeremy Sturdivant) accepts and confirms delivery via Papa John’s; the proxy-mediated structure is documented in the thread itself, with Jeremy ordering the pizzas in his own dollars after receiving Laszlo’s BTC. For the BitcoinTalk Marketplace board’s emergence as the first venue for direct goods-for-bitcoin trade, including the alpaca-sock vendor Michael Stoneman, see the Marketplace subforum archives at https://bitcointalk.org/index.php?board=2.0 (threads from late 2010 onward) and Nathaniel Popper, Digital Gold (2015), chs. 4-5, which traces the path from the pizza event through early merchant adoption. For Silk Road’s launch and operating model, see Nick Bilton, American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road (Portfolio, 2017), and the operational descriptions in the federal indictment of Ross Ulbricht (United States v. Ulbricht, S.D.N.Y., 2014). The site went live in early 2011 and ran on direct buyer-to-vendor BTC payments routed through a centralized escrow operated by the site.
^5^ For regression theorem discussions applied to Bitcoin, see Peter Šurda, “Economics of Bitcoin” (2012); Konrad Graf, “On the Origins of Bitcoin” (2013); Eric Voskuil, “Regression Fallacy,” Cryptoeconomics (2020). These sources are collected at Chapter 9, note 5, which covers the regression debate in full.
^6^ On BGP hijacking and network-level attacks against Bitcoin, see Maria Apostolaki et al., “Hijacking Bitcoin: Routing Attacks on Cryptocurrencies,” IEEE Symposium on Security and Privacy (2017). For eclipse attacks, see Ethan Heilman et al., “Eclipse Attacks on Bitcoin’s Peer-to-Peer Network,” USENIX Security (2015). For the stealthier EREBUS attack, see Muoi Tran et al., “A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network,” IEEE S&P (2020).
^7^ Mining pool concentration data: Cambridge Centre for Alternative Finance, “Cambridge Bitcoin Electricity Consumption Index,” pool distribution data, https://ccaf.io/cbnsi/cbeci/mining_map; real-time pool hashrate distribution tracked at https://mempool.space/mining.
^8^ On Stratum V2, see the protocol specification and reference implementation maintained by the Stratum V2 Working Group, https://stratumprotocol.org/, particularly the Job Declaration role that lets a miner or mining farm construct its own block templates while continuing to participate in pool payout via a separate share-tracking channel. For Datum, see the project documentation from Ocean Mining, https://ocean.xyz/docs/datum, which implements decentralized template construction for pool members so that the pool operator no longer chooses which transactions appear in candidate blocks. Both protocols leave the share-aggregation and payout layer with the pool while moving template construction to the individual hashing endpoint, which is the architectural separation that addresses pool-operator censorship without requiring miners to leave the pool’s variance-smoothing payout structure.
^9^ For the resource-externality argument developed here, see Hugo Nguyen, “Proof-of-Stake & the Wrong Engineering Mindset” (2018), and “Work is Timeless, Stake is Not” (2018). For the canonical proof-of-stake critique, see Andrew Poelstra, “On Stake and Consensus” (2015). Vitalik Buterin’s counter-arguments are developed in “Proof of Stake: How I Learned to Love Weak Subjectivity” (2014) and “Why Proof of Stake” (2020); Buterin concedes that recovery from majority capture in proof-of-stake requires coordinated social forking. For the China-ban recovery data, see the Cambridge Centre for Alternative Finance, “Cambridge Bitcoin Electricity Consumption Index,” mining map, https://ccaf.io/cbnsi/cbeci/mining_map.
^10^ On the Bitcoin Cash fork: the August 2017 hard fork resulted from the block-size scaling dispute that split the Bitcoin development community between 2015 and 2017. Bitcoin ABC (led by Amaury Séchet) and Roger Ver’s Bitcoin.com advocacy were the primary drivers of the larger-block chain. Jonathan Bier, The Blocksize War: The Battle for Control over Bitcoin’s Protocol Rules (self-published, 2021), is the definitive account of the dispute from the perspective of those who opposed the fork. For the Ethereum DAO hack and fork: the DAO (Decentralized Autonomous Organization) was exploited in June 2016 for approximately 3.6 million ETH via a reentrancy attack. The Ethereum Foundation and a majority of validators executed a hard fork in July 2016 to return the funds, producing two chains: Ethereum (ETH, the forked chain) and Ethereum Classic (ETC, the chain that continued the original state). For the technical details of the reentrancy vulnerability, see Phil Daian, “Analysis of the DAO Exploit,” Hacking, Distributed (June 18, 2016). For the governance implications, see Vitalik Buterin’s contemporaneous blog posts at https://vitalik.eth.limo/ and the Ethereum Foundation announcement of the hard fork at https://blog.ethereum.org/2016/07/20/hard-fork-completed.
^11^ CoinJoin was proposed by Gregory Maxwell in a BitcoinTalk forum post on August 22, 2013: “CoinJoin: Bitcoin privacy for the real world,” https://bitcointalk.org/index.php?topic=279249.0. The technique allows multiple users to combine their transactions into a single transaction with multiple inputs and outputs, making it difficult to determine which input corresponds to which output. Implementations include Wasabi Wallet (https://wasabiwallet.io/), which uses a coordinator-based equal-output CoinJoin with blind signatures, and JoinMarket (https://joinmarket.net/), which uses a maker-taker market for trustless coordination. For the academic treatment of CoinJoin privacy and its limitations under traffic analysis, see Felix Maurer et al., “Anonymous CoinJoin Transactions with Arbitrary Values,” IEEE TrustCom (2017), and Sjors Provoost and Adam Gibson’s work on PayJoin (P2EP), which improves on basic CoinJoin by eliminating the equal-output heuristic. Chapter 20 of this book covers CoinJoin and its variants in detail.
^12^ The Lightning Network is a payment-channel network built on Bitcoin enabling high-throughput, low-latency off-chain payments. The protocol was first described in Joseph Poon and Thaddeus Dryja, “The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments” (2016), https://lightning.network/lightning-network-paper.pdf. Payments route through a network of bidirectional payment channels secured by Bitcoin’s scripting system; only channel open and close transactions settle on-chain. Principal implementations include LND (Lightning Labs, https://github.com/lightningnetwork/lnd), Core Lightning (Blockstream, https://github.com/ElementsProject/lightning), and Eclair (ACINQ, https://github.com/ACINQ/eclair). From a privacy perspective, Lightning improves fungibility by keeping payment amounts and counterparty identities off-chain, though routing nodes have partial visibility into payment flows; see Bastien Teinturier, “Lightning Network Privacy,” https://github.com/t-bast/lightning-docs/blob/master/lightning-privacy.md, for a technical overview. Chapter 20 of this book covers Lightning’s privacy model in detail.
^13^ Ecash refers to Chaumian blind-signature token systems redeployable over Bitcoin, with Cashu (https://cashu.space/) and Fedimint (https://fedimint.org/) as the primary modern implementations. Cashu uses David Chaum’s blind-signature scheme (see Chapter 18, note 2) to issue bearer tokens against a Bitcoin-backed mint; the mint cannot link withdrawal to redemption, restoring the unlinkability that the transparent Bitcoin base layer lacks. Fedimint combines a federated multi-sig custody model with Chaumian ecash issuance, distributing trust across a federation of guardians. For the Cashu protocol specification, see https://github.com/cashubtc/nuts. For Fedimint’s design rationale, see Eric Sirion et al., “Fedimint: Federated E-Cash as a Secondary Layer,” https://fedimint.org/docs/intro. Chapter 20 covers ecash systems as Bitcoin privacy tools in detail.
^14^ The Tor Project (https://www.torproject.org/) develops and maintains the Tor anonymity network, which routes TCP traffic through a series of volunteer-operated relays using onion encryption so that no single relay knows both the origin and destination of a connection. Bitcoin Core has supported Tor natively since version 0.12 (2016), and nodes run as hidden services (.onion addresses) are not reachable from the clearnet, hiding their IP addresses from peers and observers. For the Tor integration in Bitcoin Core, see the documentation at https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md. For the privacy and network-topology implications of Tor usage for Bitcoin nodes, see Ethan Heilman et al., “Eclipse Attacks on Bitcoin’s Peer-to-Peer Network,” USENIX Security (2015), already cited at note 6, which discusses both the vulnerability and Tor-based mitigations.
^15^ China’s ban on Bitcoin mining was announced by the National Development and Reform Commission (NDRC) and the People’s Bank of China (PBoC) in May 2021, with enforcement intensifying through June 2021. The ban caused Bitcoin’s network hashrate to drop by approximately 50% over the following weeks. By early 2022, hashrate had recovered to and surpassed pre-ban levels, with mining activity redistributed primarily to the United States, Kazakhstan, and Russia. For the regulatory text, see NDRC, “Notice on Rectifying Virtual Currency ‘Mining’ Activities” (May 2021). For the hashrate recovery data, see Cambridge Centre for Alternative Finance, “Cambridge Bitcoin Electricity Consumption Index,” mining map, https://ccaf.io/cbnsi/cbeci/mining_map, and Nic Carter, “How Much of Bitcoin Mining Is Powered by Clean Energy?” CoinDesk (2021), which documents the geographic redistribution. The episode is the primary empirical test of Bitcoin’s resistance to state-level mining suppression cited throughout this chapter.
<- Previous: Bitcoin and the Digital Money Breakthrough |
-> Next: Bitcoin Privacy and Monetary Layers |The Praxeology of Privacy – third edition. New chapters publish daily at 1600 UTC.
Write a comment