“The network is robust in its unstructured simplicity. Nodes work independently and accept the longest chain. If a greedy attacker gains more CPU power than all honest nodes, he could generate blocks faster than the honest network, outpacing them and possibly double-spending.”
“If a greedy attacker is able to assemble more CPU power than all the honest nodes, he can rewrite the transaction history.”
The core assumptions:
1. Miners are economically incentivized to extend the valid chain.
2. Misbehavior is only costly if it leads to blocks being rejected by nodes.
3. Consensus is enforced by proof-of-work, not by trust in humans.
Now, if a small number of pool operators control the block templates and can game them to earn more—even by including spam, gamified transactions, or reordering for profit—then the classical assumption breaks in this specific way: the economic penalty for misbehavior disappears. The attacker can profit while remaining technically valid by consensus.
Implications under Satoshi’s framework:
1. Consensus rules are intact. Nodes still validate blocks correctly. Nothing in the blockchain is invalid, so proof-of-work still secures the ledger in terms of correctness.
2. Economic incentives are misaligned. Pools can profit at the expense of the network’s intended efficiency and fairness. Satoshi acknowledged that miners’ incentives are critical:
“Nodes will reject blocks they don’t see as valid. If a majority is rational and honest, the network stays secure.”
But here, the “honest majority” is partially compromised: rational pools can earn more by a subtle form of misbehavior that is still within “valid” blocks. The assumption that miners lose money by misbehaving no longer applies fully.
3. Soft centralization pressure increases. By controlling block templates, a handful of operators influence what gets included, in what order, and potentially how fees are distributed. Satoshi recognized centralization as a theoretical risk:
“The network is robust as long as nodes are distributed. Centralization makes it vulnerable.”
4. System remains correct but socially degraded. Technically, the blockchain is secure. But from a usage and community perspective, the network may experience degraded service (spam, unfair fee extraction, gameable transaction ordering), which Satoshi would classify as outside the protocol’s ability to enforce.
The final point from his perspective: Satoshi’s design does not prevent non-consensus-based economic misalignment. He explicitly left certain problems to market incentives and node independence. If block-template centralization allows a profitable attack within valid blocks, the protocol cannot prevent it. The defense is only the same one he repeatedly emphasized:
“If a greedy attacker is able to assemble more CPU power than all the honest nodes, he can generate blocks faster than the honest network. The network is secure if the honest nodes collectively control more CPU power.”
Here, “honest nodes” are technically following consensus.
Pools misbehaving in a valid-but-gaming way do not break consensus, so they are _effectively invisible to the security guarantees_ Satoshi formalized.
That is exactly the gap his model leaves: it secures correctness, not fairness or optimal economic behavior.