A couple of recent reports have questioned Lightning’s vulnerability, and both are related to its network structure. One claims that an emerging form of centralization could make it vulnerable to “split attacks”. The other sees hubs as targets for “congestion attacks”.

Centralization was also a hot topic in 2019, in 2018, in 2017, and even in 2016.

It’s true that many forces militate against decentralization: economies of scale, convenience, brand recognition, etc. But Bitcoin and Lightning are designed to overcome them. Centralization leads to vulnerabilities, power imbalances, censorship … fiat. But that’s the past. We’re more interested in the future — how to build a strong, free, and useful network for bitcoin payments. To reach that goal, we need to keep Lightning decentralized. Here’s why (and how!).

We’ve almost reached the future. Just a little farther… (Source: Tyler Lowmiller)

What is (de)centralization?

Of the dozens of ways to conceptualize the (de)centralization of a network, the most important is also the simplest: degree centrality. Degree centrality measures how connections are distributed across nodes in a network. If one node is connected to all the others, but none of them is connected to each other, we have a star graph with maximal degree centrality. If each node is connected to every other node, we have a beautiful jumble with minimal degree centrality.

Another way of thinking about this is to count the number of hubs. One hub for all = maximally centralized. Many hubs connected to each other, with each connected to many nodes = moderately (de)centralized. If each node is connected to every other, then every node is a hub, which means that none of them are really hubs = maximal decentralization.

Why does decentralization even matter?

Never change a running system, right? Fiat (generally) works. Custodial services (generally) work. Bitcoin works. If it’s the function that matters, why should anybody care about the form?

Beyond basic functionality, the form of a network like Lightning matters for three reasons: robustness/resilience, censorship, and power.

Robustness/Resilience

Being able to resist failure is robustness. Being able to recuperate from failure is resilience. Robustness and resilience are necessary for the utility of the network, for uptime. Even if we minimize the trust users and hubs must have in each other, they still need to trust in the network. Unless everyone on the network is reasonably confident that it will resist attacks and recover quickly from inevitable failures, they won’t use it.

A network built around few hubs is more dependent on the stability of each one, and the loss of any one will be harder to compensate. As degree centrality increases, robustness and resilience decrease.

A more pressing issue for Lightning is currently liquidity centrality. At the moment, 10% of the nodes on Lightning control 80% of the liquidity. However many connections they may have, these nodes are liquidity hubs. If one of them fails — whether due to an unforeseen technical flaw or an attack — “these routing nodes would nodes would leave gaping holes”. Not surprisingly, a network with gaping holes does not inspire confidence.

Decentralizing the network reduces the impact — and incentive — of attacking any given node, making it more robust. Decentralization also shrinks the “holes” left by any successful attack, making it more resilient.

Censorship

Censorship always pertains to communication, and communication always occurs in networks (even if you’re just talking to yourself). And the feasibility of censorship depends on the form of the network. Censoring a few national newspapers or broadcasters is pretty easy. Censoring a more distributed network, like the internet, will require a (not so) Great Firewall. Private conversations occur in a distributed network, so censors would need either a vast network of spies or a widespread atmosphere of fear (usually both).

In other words, choke points facilitate censorship by making it more economical. In the case of Lightning, hubs that concentrate traffic and liquidity are choke points. They allow censors to monitor, regulate, and restrict many transactions with only few interventions.

Of course, censorship on Lightning doesn’t consist of bugged telephone conversations and redacted documents. In fact, we’ve gotten used to it. We’ve even learned its disarming acronym: KYC. Whatever its merits, KYC is censorship. KYC regulations determine who can access bitcoin, how much, and under what circumstances.

Under snappy titles, like “DIRECTIVE (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU”, regulators write such things as:

competent authorities should be able, through obliged entities, to monitor the use of virtual currencies.

… by which they mean that they want to squeeze exchanges and custodial operators for information on their users. It gets better:

Financial Intelligence Units (FIUs) should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency. In addition, the possibility to allow users to self-declare to designated authorities on a voluntary basis should be further assessed.

An informal, decentralized network of intelligence services to monitor financial transactions. How could anyone construe that as censorship? 😬 (Everybody act normal!) If you have nothing to hide, you have nothing to fear, right?

And it’s obvious why the regulators are focusing on custodial services and exchanges: they’re choke points. If the censors are using a “decentralized” network, shouldn’t we? A decentralized network might not make censorship impossible, but it would make it much more difficult, expensive, and aggravating for the censors.

Don’t forget to relish life’s small victories.

Power

Centrality generates the power to make and change the rules that people were already planning and betting on. Centralized hubs can dictate terms to their users, and regulators can leverage hubs’ centrality to enforce arbitrary rules. This is the power to control who can use the network and when. It’s the power to put innovative people out of business and nullify the value of their hard work.

But government authorities aren’t the only ones exercising power. As long as Lightning requires significant technical expertise to use properly, there will be a power imbalance between the experts and novices. Incoming users will have to trust experts to protect their interests and maybe even to guard their bitcoin. The higher the barriers to entry, the more knowledge becomes centralized, and the more Lightning will be a tool by and for the cognoscenti. Here, decentralization means making the network easy to understand and use, arming users with knowledge, and liberating them from trust.

Counterintuitively, weakness can also be power. Wait — power through weakness? It sounds counterintuitive, maybe even paradoxical. But it’s the same paradox behind “too big to fail.” When banks — hubs of the monetary system — fail, the consequence is that everyone has to give them more money in exchange for no equity. Heads they win; tails you lose. And it’s not because the banks were strong. They were all too weak, but they occupied a central position in the network.