Accession Number:



Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers

Descriptive Note:

[Technical Report, Final Report]

Corporate Author:

Trail of Bits

Report Date:


Pagination or Media Count:



Project to investigate the extent to which blockchains are truly decentralized. We focused primarily on the two most popular blockchains Bitcoin and Ethereum. We also investigated proof-of-stake PoS blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as our novel research on software centrality and the topology of the Bitcoin consensus network. In this report, we identified several scenarios in which blockchain immutability is called into question not by exploiting cryptographic vulnerabilities but instead by subverting the properties of a blockchains implementation, networking, or consensus protocol. A subset of a blockchains participants can garner excessive, centralized control over the entire system. The majority of Bitcoin nodes have significant incentives to behave dishonestly, and in fact, there is no known way to create any permission-less blockchain that is impervious to malicious nodes without having a TTP. We provided updated data on the Nakamoto coefficient for numerous blockchains and proposed a new metric for blockchain centrality based on nodes topological influence on consensus. A minority of network service providers including Tor are responsible for routing the majority of blockchain traffic. This is particularly concerning for Bitcoin because all protocol traffic is unencrypted and, therefore, susceptible to attacker-in-the-middle attacks. Finally, software diversity in blockchains is a difficult problem in terms of both upstream dependencies and patching.

Subject Categories:

  • Administration and Management
  • Computer Programming and Software

Distribution Statement:

[A, Approved For Public Release]