Three Things #31: August 21, 2022
The Cypherpunks Were Right, or, Why Censorship Resistance is So Hard
(Delayed one day this week on account of there being a TON of stuff to write about, and also, good friends, wine, and deep conversation… the best possible reasons!)
I’ve always felt that truly decentralized networks like Bitcoin and Ethereum are subversive by nature and fundamentally incompatible with the nation state system. I imagined that as a result, someday, various nation states might ban blockchains or cryptocurrency entirely, or attempt to firewall or even shut down the networks. These are the threat models that get discussed the most often in cryptocurrency communities. Last week, one of the biggest and most effective attacks against a decentralized, cryptographic network on the part of a nation state took place, and it looked nothing like these imagined scenarios. It looks like, rather than engaging in all out war, it’ll be death from a thousand cuts.
While I’d rather write about and remain totally focused on Spacemesh, I can’t help but follow these developments closely and bring them up, not only because I feel that this is the most important moment since I joined the community in 2017, but because this is precisely the reason I work on Spacemesh in the first place. My work on Spacemesh and on decentralized infrastructure and privacy tools more generally is part of a bigger context, and that context includes tools like Tornado Cash and the Ethereum blockchain it’s built on.
Thing #1: What Happened?
A few days ago, the United States Treasury did something totally unprecedented and announced sanctions against not an individual, nor a company, nor a malevolent foreign actor, but against a set of Ethereum smart contracts (an act that was likely unconstitutional). The contracts in question are part of a decentralized application called Tornado Cash, a privacy tool known as a mixer that allows any Ethereum user to deposit ether or certain ERC-20 tokens and then withdraw them at a later date to a different account, breaking the link between the two. Due to its usability and strong privacy, Tornado Cash was pretty popular and saw around $7.4B in deposits. In fact, I wrote about mixers and about Tornado Cash just three weeks ago when I wrote about privacy.
In effect, this means that Americans, including US citizens and permanent residents, “all persons and entities within the United States,” all US incorporated entities and their foreign branches and subsidiaries, cannot directly transact or facilitate transactions with Tornado Cash. Under so-called “secondary sanctions,” it means that even non-American companies are strongly incentivized to do the same, as they can face severe penalties too.
Dozens of centralized exchanges and applications and DeFi applications alike subsequently banned movement of funds to or from the sanctioned addresses, as well as from accounts that had interacted with them—including those included in a “dust attack” sent by an anonymous source from Tornado Cash into more than 600 addresses belonging to prominent community members. The Tornado Cash frontend, GitHub account, Discord, and many other resources disappeared. The Tornado Cash application itself is deployed as an Ethereum smart contract and thus cannot be shut down, and can still be accessed through manually-generated Ethereum transactions or on mirrors of the frontend hosted on decentralized platforms like IPFS. Ether and other decentralized tokens in Tornado Cash can still be moved, but USDC, which is not decentralized and is in fact centrally issued and controlled, froze the roughly 75,000 USDC in those addresses. Many other companies followed suit and soon Metamask, Infura, Alchemy, and other infrastructure providers were also blocking access to these addresses.
As if all of that wasn’t bad enough, GitHub also deplatformed the Tornado Cash organization and several of its lead developers, one of whom was arrested in the Netherlands on grounds of “the development of a tool … for the sole purpose of committing criminal acts” (which, in the case of Tornado Cash, is obviously false). (The source code can still be found on places like IPFS and archive.org.) Jonathan Mann turned the code into a song in protest.
For more: Just… read all the links in this section
Thing #2: Why is this a Crisis?
It may be tempting to look at the Tornado Cash situation and think, Who cares? Why does this even matter? The service had at most a few thousand users, and even the total value of deposits, around $7.4B, is only a drop in the bucket compared to the total estimated $800B-$2T laundered each year. It may feel like just an obscure DeFi tool on the second biggest blockchain. Even if you care a lot about privacy, there are dozens of other mixers and privacy tools on Ethereum, and on other networks, and privacy coins like Monero and Zcash continue to operate unaffected.
But this is a crisis for four reasons.
First of all, it gives the lie to the entire Web3 story of decentralization. Web3 technology, including blockchains and smart contract platforms like Ethereum, ostensibly achieve censorship resistance through decentralization: there’s no single actor, and no majority operator, that a government or similar adversary can sanction or go after to force the network to censor transactions. This is true in theory, but as Moxie Marlinspike warned us a few months ago, and as the Tornado Cash situation proves, it’s far from true in practice. Decentralized tools are still clumsy and hard for the average user to master, and it’s difficult to develop, operate, and govern projects in a purely decentralized fashion, so we end up resorting to centralized exchanges and infrastructure tools like OpenSea, Infura, Alchemy, and Metamask, all of which bowed to sanctions last week. And when we do, we totally fail to achieve the one thing we set out to achieve in the first place: censorship resistance. If we fail to achieve this one most essential thing, then we’ve basically failed and I think we can all pack our bags and go home and maybe find real jobs. Over the past few days we’ve watched centralized service providers and ostensible decentralized DeFi applications alike implement black lists, one after another, totally giving the lie to decentralization and censorship resistance.
Secondly, as if the present situation isn’t bad enough, it could get much worse after Ethereum completes its transition to proof of stake in a few days. While proof of work is permissionless, the miners are mostly not in the United States, and Ethereum’s layer one has thus far mostly been free of censorship (USDC is a centralized layer two application), things will look quite differently under a proof of stake regime. Some of the very largest operators of validators will be large, known companies like Coinbase, since they will stake the coins that users deposit with them. These companies are obviously subject to OFAC regulations, and as a result, there’s a real possibility that they’ll be forced not to include transactions that touch sanctioned accounts, or even not to validate blocks containing such transactions. This will get messy very quickly. Coinbase already operates at least 15% of beacon chain validators, and there’s a good chance it’ll be forced to either stop operating those validators entirely and get punished in the process, or else censor transactions and blocks, which would likely lead to it and other OFAC-compliant validators being UASF-ed out of the network and losing all of their stake. This would inevitably lead to a contentious chain split. In other words, Coinbase is stuck between a rock and a hard place, and this has grave and severe implications for Ethereum.
Thirdly, Treasury has clearly overreached by sanctioning not a person, and not a company, but autonomous applications. This is likely unconstitutional for multiple reasons, including that it violates due process (an autonomous application is not a person that can be charged and defend itself). Lawsuits will surely follow, and it’ll be interesting to see how they play out, but I’m not at all confident that justice will prevail in this case, and in any case it will take years and cost millions of dollars to litigate. This is the first major case in what’s sure to be a long, drawn out battle between the old system (nation states and courts) and the new one (decentralization and autonomous applications). It’s also been disappointing to see companies like GitHub (Microsoft) roll over in front of the government, banning not only sanctioned entities but even the developers of the application in question (who were not designated on the sanctions list), despite the fact that publishing code is protected under the first amendment. Microsoft did not even feel it was necessary to publish a statement explaining their actions. Shame on them. Censorship is not the answer. I'm not opposed to sanctions and I certainly don't want to make it any easier for North Korea to launder money, but at what cost? Privacy is incredibly important too, and without it, the very foundations of democracy and free society are threatened.
Finally, and most chillingly, it’s pretty clear that this is just the beginning, just the first volley in what’s sure to be a protracted war of attrition between these two diametrically opposed ideas. Just as the government fought and lost the first cryptography war in the nineties, they are mathematically bound to lose this war against the forces of decentralization. Different governments will respond differently: wise, nimble ones will embrace the coming change and compete on services and cost, like companies. Lumbering, tax-fat welfare states will attempt to crack down harder, since private cryptocurrency transactions are antithetical to their ability to tax and spend. Some states will doubtless respond in authoritarian fashion and attempt to ban the use of cryptocurrency outright, as China has already done. The eventual outcome is foreknown, but the path to get there will be messy and this change will play out over a generation.
Let me say it again: decentralized applications including cryptocurrency are fundamentally incompatible with the existing nation state model. I don’t think most have woken up to this reality yet. This is the beginning.
For more: Read Phil Zimmerman’s justification for publishing PGP. It’s more relevant now than ever.
Thing #3: What Can We Do About It?
We can have hard things like censorship resistance and privacy, but only if we care enough about them and are willing to make sacrifices for them. These are hard things and we definitely do not get them for free. We need to be absolutely unwavering in our commitment to these ideals on every level and at every opportunity: in other words, we need to be maximalists about them.
The reality is that the Ethereum community has not been dedicated to these ideals for the past few years and it shows: in the wake of the Tornado Cash sanctions, it’s painfully obvious. This is visible in the way that so many important applications and infrastructure providers rolled over in the past few days, and went above and beyond the sanctions to block non-designated parties, rather than fight for what’s right. It’s also visible in the enormous centralization of staking and validating that’s happened on the beacon chain in the lead up to the upcoming Merge.
I think Ethereum is in a very precarious situation. We’re not quite at the precipice yet and I hope my fears are overblown, but I think it’s definitely worth discussing all of the possible scenarios and how the community could and should respond in each of them.
The best case scenario is that, well, nothing changes. The Merge happens in a few days as planned, validators keep validating, and no one gets in trouble for including transactions or notarizing blocks with nasty transactions. No censorship occurs in block production (although the application-layer censorship described above continues, obviously). In this scenario we should focus on decentralizing the validator set, such as by making it even easier to run your own validator, and by encouraging hodlers to do this rather than leaving their coins on exchanges. There are things that can be done in protocol to encourage this behavior, such as correlation penalties (which already exist to some extent). Of course, we also clearly still have a lot of work to do in terms of decentralizing infrastructure and the application layer. There’s a lot more that influential players like the Ethereum Foundation could do to encourage this work.
A more realistic case would involve some degree of censorship among block producers. This is not necessarily the end of the world: indeed, there’s some evidence of it happening today, and some history of it happening in Bitcoin as well, and both networks are still quite healthy. And it’s important to distinguish between block producers being selective about which transactions they include—let’s call this “censorship lite”—versus a much more serious form of censorship where they actually refuse to build on top of certain blocks and carry out a “reorg attack” that really threatens network stability and could lead to contentious forks. But even “censorship lite” is a slippery slope and sets a very dangerous precedent.
Proof of stake introduces new risks here. I’ve written and spoken many times, including here, about why I dislike proof of stake. My complaints included the fact that exchanges control too much of the stake and, therefore, voting power, making censorship easier. But I didn’t foresee this specific scenario, where an overwhelming portion of the validator set is politically exposed to possible sanctions violations.
I’m optimistic that large, politically exposed validators are more likely to just stop validating, regardless of what that costs them, than they are to carry out reorg attacks. If this did occur—and, just to reiterate, I think this is pretty unlikely—the community should not lay down and accept it. To do that would be to give up on censorship resistance which is the one cause that brought us all together in the first place. It’s unclear exactly what this would look like, but the most likely scenario would be a user-activated soft fork (UASF) that slashes most or all of the stake of the provably censoring validators. At least some Ethereum core devs have committed publicly to punishing such behavior. This would be painful and disruptive in the short term but potentially positive in the long term as it would further decentralize staking.
Another related risk involves centralized applications such as stable coins. There’s nearly $100B of value in Ethereum on just the top two centralized stable coins. If forced to choose between an OFAC-sanctioned chain and a permissionless “OG” chain, they would likely be forced to choose the former, and could possibly take a lot of users and a lot of value with them. This increases the risk of a contentious, value-destroying hard fork.
There’s a potential in between scenario where a large portion of the validators stop validating and attempt to “voluntarily exit” the validator set, rather than potentially violate sanctions. The exit queue is currently empty, but in a “rush for the door” scenario it would take months for many validators to exit. This could also cause network stability issues, at least in the short term and especially if, while queueing to exit, validators stopped validating and accepted the inactivity penalties. It could be made less painful, such as by allowing validator key rotation, but that would take time to figure out.
One final option is to postpone the Merge until the dust has settled and we have a better idea how large, exposed stakers like Coinbase will respond. I don’t think this will happen and I don’t think it’s a good idea, anyway. Ethereum has made its bed and it’s time to lay in it and see what happens, come what may. If anyone can figure this out and get to the other side, it’s the Ethereum community.
For more: Run your own full node, and your own validator. It’s the best thing you can do to support censorship resistance and the decentralization of the network.
what am I missing here🤔. thought a UASF is only possible if we had more individuals running their own nodes. that isn't the case with Ethereum as the validators set is heavily centralized, because it's practically impossible for little Jimmy to run a full node.
I don't see how a centralized set of validators would choose to punish each other. here are my worries;
- for instance, would blockdeamon (who's a regulated US company that runs Ethereum nodes), choose to slash Coinbase (assuming they are OFAC compliant), when tomorrow it could be blockdeamon that's been put on the hot seat.
- secondly, in an instance where Coinbase gets slashed, isn't it customers funds that would be at loss? and how would I for example, being in support of slashing Coinbase (assuming they are OFAC compliant), when I know my ether is staked with them.
I think decentralization should be at the protocol level and not based on social concensus. if Ethereum is going to rely on UASF in the future, then it's no different from what we have in the existing fait system (in terms of decentralization).
humans are faliable and a UASF is not a sustainable approach in my opinion. and coupled with the fact that a UASF would be only successful if more individuals ran their own nodes, rather than relying on someone else's node. I'm not picking on Ethereum here, just saying that the way this protocols are designed from the start makes them prone to centralization.