Who controls node behaviour?

As you all know, from the beginning, we wanted to build a cryptosystem with no transaction fees. As explained many times (e.g. here), to get rid of the fees one has to get rid of miners. Miners are those individuals who have some resource (hashing power, stake, etc.) that others don’t have. This means that they invested something in order to have it, so they would naturally want to make a profit by charging fees.

The implication is that, without miners, the system needs to be collaborative: the users would have to help themselves by vetting each others’ transactions. As with any such system, there is a possible existence of free riders: individuals who want to use the system, but do not want to contribute to it.

Let me remind you that we call tips the transactions which don’t yet have any approvals; by definition, all incoming transactions start out as tips. As you know, by approving a transaction, you also indirectly approve all its “predecessors.” Intuitively, it is clear that to help the system progress, incoming transactions must approve tips because this adds new information to the system. Unfortunately, information does not propagate immediately through the network; sometimes there are delays, as we all know. Therefore, it is not really possible to impose a condition that incoming transactions only approve tips: how would you know that a transaction which you believe to be a tip, has not received an approval from someone else a fraction of a second ago?

Back in 2015, together with CfB (Come from Beyond a.k.a. Sergey Ivancheglo), we spent a lot of time trying to figure out how to force the nodes to behave in a certain way (for example, to approve only tips). We considered some complicated and bizarre rules that nodes would have to follow in order to get their transactions accepted by the system. However, nothing of that sort would work. Not only would those complicated rules lead to difficulties for honest nodes to have their transactions accepted, they would also open possibilities for attackers to mess with the system. Then, finally, we decided to stick to just one absolute rule: each transaction approves two previous transactions. The IOTA protocol itself does not require you to select any two particular transactions to approve, and it does not require you to approve them according to some set of rules that you must follow. IOTA in this sense is truly open because you are free to accept whatever transactions you want, and the same is true for any actor on the network.

What we didn’t completely realize at that point, is that this made the system essentially free. Due to the small number of “hard” rules, actors would consider behaving in “natural” ways. Our role was then merely proposing a set of “laws” (such as the MCMC tip selection algorithm) that are voluntarily accepted by the nodes and that make the “society” of IOTA nodes function reasonably well. In a way, we are benevolent advisors, nothing more.

So, what are these “natural” node behaviours? We will elaborate further in a series of blog posts. For example, if you have a neighbour which repeatedly mistreats you (e.g. by sending a lot of spam or “bad” transactions), it is only natural to cut your connections to this neighbour, isn’t it? If you, for some reason, trust a certain entity, it is then quite reasonable for you to also give more weight to transactions coming from there. Also, recall the local modifiers idea: the nodes of the network can interact with the ledger in different ways, depending on information locally available to them. Why would they do it? Well again, because it’s reasonable: if you see that something suspicious was suddenly inserted to the ledger, you are not obliged to collaborate with that, since it can be one of the many attacks of the type “do-something-secretly-then-broadcast.”

Now, let me stop here; more details will come soon. I would just like to make one concluding remark. IOTA works well and will work even better exactly because of this freedom. Just as human society adapts itself to changing circumstances (and ultimately, this generally works well), the nodes of the network would voluntarily adopt reasonable new rules that permit the system to function and defend itself against attackers and free riders.