Is it possible to force miners to include a transaction in a block?

[AverageGlabella]

The problem is when people say "the government" it really comes down to which / what government.

Worrying about a transaction being blocked is not any type of a concern since there are large mining pools across the world operating under different rules and government regulations and some of those government don't like each other.

A pool operating in the US will probably listen to the US government and possibly others. Do you really think that one operating in Kazakhstan or Russia give a crap about what the US government says? Malaysian pools may care or may not. And so on.

Not something worth worrying about.

-Dave

All governments are the same they just appear different because some are better at covering up their tracks and others are better at public relations. The US government have the attitude of just doing what they want and no one challenges them because of that confidence. When they are challenged they put out curfews and spread rubber bullets around the sidewalks.

Any business that is located in a jurisdiction will listen to the government because they risk getting raided other wise. This is why companies or pools that do not store information by default are preferred over those that do. The trouble is verifying that they do not store personal identifiable information.

[1713875294]

1713875294

[1713875294]

1713875294

[1713875294]

1713875294

[1713875294]

1713875294

[1713875294]

1713875294

[1713875294]

1713875294

[NeuroticFish]

All governments are the same they just appear different because some are better at covering up their tracks and others are better at public relations.

This is widely incorrect. In some countries the 3 areas/powers - executive, legislative, and judicial - are correctly separated giving less chance to "the government" do anything he wants in the way he wants (of course, there are exceptions too sometimes, unfortunately).

The US government have the attitude of just doing what they want and no one challenges them because of that confidence.

If they would just do anything they want the supreme court would kick their asses pretty bad. So no.
If they have their backs insured properly, then yes, they can do certain things. Still, there are much worse cases around the world; and there the government really does whatever it wants. Do you need examples?

Any business that is located in a jurisdiction will listen to the government because they risk getting raided other wise. This is why companies or pools that do not store information by default are preferred over those that do. The trouble is verifying that they do not store personal identifiable information.

Some store information and tell you, some store information and lie to you and very few don't store information. Of course, governments don't like the 3rd category. Still, this doesn't make them the same.

[d5000]

I didn't have too much time the last few days, I only could read a couple of basic articles, but my intention is to investigate the Monero protocol further and look if there could be some elements which could theoretically be integrated into Bitcoin. Until now my understanding is that the censorship resistance in Monero comes from basically two elements:

1) the fact that all possible inputs which could be included in a transaction/block come from CoinJoin-style transactions with ring signatures and lots of inputs and outputs, so if the miner wants to censor transactions, he would have to do extensive blockchain analysis to see which of the inputs could belong to a tainted "chain of transactions".
2) a transaction can go to a stealth address, which obfuscates the real address of the receiver. I'm in doubt however if this is really an advantage to Bitcoin if you create always fresh addresses for your transactions (Monero seems to have an "account" model, which of course is not really privacy-friendly if it doesn't have a mechanism to obfuscate the real address).

Edit, to clarify point 2: If stealth addresses made it impossible for miners to see in which ring-signature transaction, or even in which block you received the payment you spend in a certain output, then the Monero way would have an advantage versus Bitcoin, and it maybe could be even thinkable to be adapted in BTC.

Another possibility to prevent this kind of miner censorship is to expand upon coinjoins.

[...]Let say instead that your transaction is part of a much larger coinjoin transaction, with 50 inputs and 100 outputs, and a combined fee of 100,000 sats.

Yep, this is an interesting alternative scenario which could be enacted without any protocol change, simply making it easier to use (i.e. integrate it into standard consumer-focused wallets) would already be an advancement.

But it leads me to another technical question: Can CoinJoin participants censor other potential participants of their CoinJoin? I.e. could there be CoinJoin transactions where a "tainted" input would be rejected by all other participants, so the often unfortunate owner of the tainted UTXO can't find a CoinJoin to integrate their transaction?

Of course it's possible that there may be altruistic participants who strive to integrate tainted and non-tainted inputs in CoinJoins, but the extend of that practice in the future remains speculation, a technical solution would be better.


I'd be grateful if we can focus the discussion to the technical side, and not derail too much into theories about possible government actions and also let out the PoW/PoS debate which is irrelevant for this question imo.

I think for now the Bitcoin incentive mechanism works well (so I partly agree with @pooya87 and others), but we don't know what could happen in the future, so at least discussing a bit about possible technical strategies and "Plan B's" isn't in vain, imo. At least that was the intention of the OP. Thanks

[o_e_l_e_o]

But it leads me to another technical question: Can CoinJoin participants censor other potential participants of their CoinJoin? I.e. could there be CoinJoin transactions where a "tainted" input would be rejected by all other participants, so the often unfortunate owner of the tainted UTXO can't find a CoinJoin to integrate their transaction?

It's possible, sure. But if there was a potential coinjoin with (say) 50 different participants, and I was holding the whole thing up because I didn't want my UTXOs to be coinjoined along side some other specific UTXOs, then the rational action for everyone else is not to ask me to share a list of the UTXOs I don't like and then double check all the other participants against my list, but rather to simply exclude me since I'm the troublemaker here. This becomes even more evident if there were two or three people like me who all had different lists of UTXOs they didn't want to be associated with.

People who don't want to be linked to other specific UTXOs simply wouldn't use this specific coinjoin protocol. Everyone else who does not buy in to the provable nonsense of taint could use the protocol freely. This essentially already happens in coinjoin protocols which do not cooperate with blockchain analysis and spy on their users (i.e. JoinMarket and Whirlpool, but not Wasabi). It would just be a case of scaling the transactions up to be much larger to make the fee for such transactions incredibly attractive to miners.

[o_e_l_e_o]

According to what I've heard, it uses a completely different cryptographic scheme than monero and is resistant to censorship.

It uses proof of stake, meaning it becomes more centralized over time. That's the last thing you want in any good cryptocurrency, but particularly one which is supposed to be focused on privacy and censorship resistance. Proof of stake cryptocurrencies can never be censorship resistant, as the recent hilarity with Ethereum shows, with somewhere around 80% of Ethereum blocks current censoring transactions to comply with OFAC regulations: https://www.mevwatch.info/

So sure, that particular shitcoin might allow you to avoid having to download the entire blockchain, but it is neither private nor censorship resistant. If avoiding downloading the blockchain is your main goal, then using bitcoin with a light wallet such as Electrum will be far superior.

[d5000]

For some reason (probably related to the Christmas holidays) I missed these two last thread answers. Now I've a little remark for one of them (better late than never ):

But if there was a potential coinjoin with (say) 50 different participants, and I was holding the whole thing up because I didn't want my UTXOs to be coinjoined along side some other specific UTXOs, then the rational action for everyone else is not to ask me to share a list of the UTXOs I don't like and then double check all the other participants against my list, but rather to simply exclude me since I'm the troublemaker here.

In general I think you're right here. At a first glance, I thought being blocked in the "pre-CoinJoin negotiations" wouldn't matter because you can always change your address and IP, but then you would have to move your coins, and this would mean investing money in fees. There may be possibilities to game this for people with large pockets but I think in general the incentives should work here.

This brings me to the idea to adapt the same principle to the relation between miners and other nodes, to prevent censorship of certain transactions:

Before a node submits transactions to another node, you could require it to send you a list of transactions which were signed by a "node key". If there is a transaction this node did not include but had been seen before when communicating with another node,* and is also not in your own transaction list, then you don't transmit your transactions.

To really prevent censorship his would of course have to be combined with the "challenger" role I outlined above -- the possibility to "overrule" a block if censorship has been detected. In this case, censorship would have been detected if a node can prove that in a block a transaction was excluded which 1) had been signed by the miner's "node key" (the public key would have to be included in the block header) in the node-to-node communication to build up the mempool, and 2) had higher fees than the lowest-fee transaction that had been included in the block.

If miners add lots of fake transactions, that would cost them (potentially a high amount of) fees.

The main problem here stays however the same, I think: The miners wanting to censor txes could simply use another "node key" for signing transactions in the node-to-node communication than the one they use later to mine blocks. If there was a way to enforce these keys to be the same, then the problem would have been solved without requiring privacy techniques. But I still have no idea how this could work and it may be impossible in a P2P context. (I "could" imagine a solution in a combined PoW/PoS protocol however, miners could be then be required to gather some support from "economic nodes" for their blocks or they will never see their reward.)

So in the end, if this problem is not solved, the "CoinJoin/Monero way" would be the only one to really prevent censorship.

*You could fine tune that so latency losses aren't taken into account. For example, only "punish" nodes that have excluded transactions which you already saw more than 20 seconds ago or so.

[o_e_l_e_o]

Before a node submits transactions to another node, you could require it to send you a list of transactions which were signed by a "node key". If there is a transaction this node did not include but had been seen before when communicating with another node,* and is also not in your own transaction list, then you don't transmit your transactions.

This all sounds very computational expensive, for every node not just to be verifying and broadcasting transactions, but also verifying each transaction was signed by each node's key. I'm also don't know how you could actually verify that a node had indeed previously seen a transaction it was not broadcasting. Each node would have to store and share a list of every transaction it was broadcasting to every node, but even then, there would be no way to verify that a node actually received what was being broadcast to it.

I also don't think it's particularly necessary. One or two nodes participating in censorship is irrelevant - transactions will spread around them without issue. Even if we pick some ridiculous number like 50% of nodes which start censoring transactions, then given that by default each node connects to 8 others, there is only a 0.4% chance that all 8 of the nodes you connect to would be censoring.

Given how easy it is to run a node, I don't think this will ever be a problem. There are plenty of people who run nodes who would never implement censorship, and there are plenty of people like me who would quite happily spin up 10 nodes to counteract such censorship.

[DaveF]

Leaving out the tinfoil hat wearing paranoia that some people have about the government censoring transactions, just due to the locations that pools operate in. There is no way to do this. Do you really think if North Korea, Russia or any of those governments want to move what the US would think should be a censored transaction that the mining pools in Kazakhstan care.

Or if the CIA got the private key for one of the addresses that North Korea has moved their ransomware funds to that Foundry Digital would not happily mine it for them?

With nodes, as o_e_l_e_o said, there are so many out there that it's not a real worry.

-Dave

[digaran]

I was wondering, isn't counter productive even if all miners and nodes decide to comply to all the regulations imposed even by every single country?
Meaning, whatever that is against the principles of bitcoin, if applied to bitcoin, then it is no longer bitcoin and the reason for such current adoption is because it hasn't gone against said principles yet.

As an example, if the whole world says that we can't use end to end messaging apps, then such apps will cease to exist given if all host providers follow the rules of the entire world, but what will really happen? Well, those in need of such apps will use dark versions and such apps simply transit to the underground section, though people will keep using "end-to-end" apps no matter what governments demand.

That's the bitcoin principle, no central authority, whether it be one country or the whole world.

[d5000]

I'm also don't know how you could actually verify that a node had indeed previously seen a transaction it was not broadcasting. Each node would have to store and share a list of every transaction it was broadcasting to every node, but even then, there would be no way to verify that a node actually received what was being broadcast to it.

Of course a node could not verify which transactions the other node saw. What each node could verify, in contrast, are the transactions which were signed. That whole mechanism only makes sense combined with the "challenging blocks" mechanism I described earlier.

I'll probably wrap my head a bit around that mechanism. I suspect there could be a way, based on such a mechanism and maybe a slight PoS component, to force miners to include only the transactions with most fees, or at least provide very strong incentives to do so. You're right that this would be much more intensive computationally, but maybe it is worth it thinking about it anyway.

I also don't think it's particularly necessary. One or two nodes participating in censorship is irrelevant - transactions will spread around them without issue. Even if we pick some ridiculous number like 50% of nodes which start censoring transactions, [...]

The mechanism I was referring to is directed more to miners than to normal nodes. Miners unfortunately could start to censor massively, like it seems to have occurred in Ethereum. Thus the idea to punish them for misbehaving (censoring, in this case).

Anyway, this discussion is mainly a theoretic one. I believe that in general Bitcoin's incentive mechanisms work well. But it's not wrong, I think, to try to imagine possible bigger improvements for the long term.