Verification Without Enforcement
Why the “full node” thesis fails at three layers simultaneously — and what that tells us about the institutional architecture of public blockchains
Keywords: Bitcoin; SPV; full nodes; proof-of-work; propagation latency; consensus enforcement; permissionless consensus; institutional economics; commitment devices; polycentric governance; regulatory capture; cyber-physical systems.
1. The compound illusion
The folk theory of Bitcoin security says three things at once. First, that running a non-mining full node materially contributes to one’s own security against malicious chains. Second, that running such a node materially contributes to the network’s propagation reliability. Third, that the population of such nodes constitutes a meaningful check on protocol governance — the political analogue of the technical check. Each claim sits inside the next, and each is invoked when the previous one is questioned. The argument is reflexively defensive: if the security claim fails, the propagation claim is offered; if the propagation claim fails, the governance claim is offered; and if the governance claim is questioned, the entire structure is restated as a matter of decentralisation, treated as self-evident.
This essay argues that all three claims fail, and that they fail for the same reason. They confuse observation with enforcement. A node that watches the chain is not a node that decides the chain; a node that holds an opinion about the rules is not a node that controls the rules; and a system whose admission layer is open is not, on that fact alone, a system whose governance layer is dispersed. The conflation is the same conflation at each level, expressed in different vocabularies. Once the conflation is named, the technical, empirical, and institutional literatures collapse onto a single conclusion: in proof-of-work systems, the only nodes that matter for consensus are the nodes that produce blocks; the only entities that matter for governance are the entities that change the code; and the open-entry property the system advertises is a property of who can transact, not of who can rule.
The essay draws on two recent formal results from the cyber-physical-systems literature (Wright, 2026a; 2026b) and a forthcoming institutional analysis in the Journal of Institutional Economics (Wright, 2026c) to make this case. The first establishes that non-mining nodes have zero causal influence on global ledger state and that SPV is the Nash equilibrium for non-mining participants. The second establishes, through counterfactual ablation, that removing non-mining nodes does not degrade propagation but in fact improves it by between six and fourteen per cent. The third establishes that the “permissionless” label, as deployed in the blockchain economics literature, describes only the admission layer and silently abstracts away a governance layer that is identifiable, concentrated, and continuously exercised. Taken together, the three results dissolve the folk theory and replace it with a more disciplined picture: a layered system in which technical security, network operation, and institutional governance are independently specifiable, independently constrained, and — critically — independently captured by identifiable agents.
2. The technical layer: validation without enforcement is observation
Bitcoin’s consensus rule is the heaviest valid chain. Heaviness is measured in cumulative proof-of-work, and proof-of-work is contributed only by mining nodes. A node that does not mine does not contribute to chain weight. Whatever it concludes locally about a block’s validity has, by construction, no causal effect on which chain ultimately prevails. This is not a controversial empirical claim; it is the definition of the protocol.
The formal analysis in Wright (2026a) makes this precise. Define the global state transition function G(tx), which records whether a transaction is in the longest valid chain, and the local validation function V_i(tx), which records whether node i would accept the transaction by its own rule-set. For any non-mining node v_i, the partial derivative ∂G/∂V_i is identically zero. The proof is one line: G is determined by which chain miners build on, miners do not consult v_i’s validation outcome, therefore v_i’s outcome cannot enter the determination of G. The result is a corollary of the protocol’s own design, not a finding about it. Yet it has consequences the popular literature has consistently understated.
The first consequence is that non-mining full nodes and SPV clients (Nakamoto, 2008) are not differentiated by their causal effect on consensus, because neither has one. They are differentiated only by the locality of their checks. The full node verifies scripts, UTXOs, and block rules against a local copy; the SPV client verifies header-chain weight and Merkle inclusion. Neither modifies G. The second consequence is that the threat models routinely invoked to justify full validation — chain forgery, double-spending, censorship — are not threats that full validation defeats. Chain forgery requires hashrate; full validation against a forged chain is itself syntactically successful, since the adversary will have constructed the chain to satisfy the rules. Eclipse attacks (Heilman, Kendler, Zohar and Goldberg, 2015) target peer connections, not validation depth; an eclipsed full node is no more secure than an eclipsed SPV client, because both see only what the adversary feeds them. Censorship by individual nodes is irrelevant when those nodes lack enforcement capacity.
A game-theoretic argument completes the structural one. Each non-mining participant chooses between full validation and lightweight verification under a utility function in which revenue is identical across strategies (because non-miners earn no block rewards in either case) and cost diverges sharply (because full validation entails bandwidth, storage, and processing burdens that lightweight verification does not). Under standard utility assumptions, SPV strictly dominates for non-miners and the Nash equilibrium has miners fully validating and everyone else verifying via headers. Wright (2026a, Proposition 5) formalises the equilibrium and Lemma 5 shows that any putative equilibrium in which non-miners run full nodes is not stable: each such node has an individually profitable deviation to SPV. The persistence of non-mining full nodes in the wild is therefore not an equilibrium phenomenon but a behavioural one, sustained by belief structures that the formal analysis identifies as ungrounded.
The deeper result is what Wright (2026a) calls the Transaction Inertia Principle. Finality is a property of enforcement, not of observation. The probability of a transaction being reorganised out of the heaviest chain decays exponentially in confirmation depth, and the rate of decay is a function of miner enforcement against alternative chains. Non-mining observation does not enter this rate. SPV clients connected to at least one honest miner-adjacent peer inherit the same exponential bound as fully validating nodes; the underlying inequality (Garay, Kiayias and Leonardos, 2015; Pass, Seeman and Shelat, 2017) is a property of the consensus layer, and full validation at the observation layer adds nothing to it. Resource-normalised security — security divided by cost — is therefore strictly higher for SPV clients than for non-mining full nodes, because the numerators are equal and the denominator is much smaller.
3. The empirical layer: full nodes do not just fail to help; they actively impede
The technical argument establishes that non-mining full nodes contribute nothing to consensus. A separate empirical question is whether they contribute to network operation — relay, propagation, reachability. The folk theory holds that they do: a larger node set is asserted to be a more robust network. Wright (2026b) tests this through counterfactual ablation, defining three falsifiable metrics for propagation-layer operational role and removing non-mining nodes from a calibrated discrete-event simulation of both BTC and BSV to measure the consequences.
The three metrics are formal. Marginal Relay Contribution measures the fraction of transaction-to-miner paths that traverse at least one non-mining node. Delay Contribution measures the change in median miner-arrival latency under ablation. Reachability Contribution measures the change in the fraction of miners reachable from a random origin within a deterministic threshold. The folk theory predicts non-trivial Marginal Relay Contribution, negative Delay Contribution (removal raises latency), and positive Reachability Contribution (removal reduces reachability). The simulation finds the opposite of the second and third predictions and a near-zero value for the first.
Marginal Relay Contribution is below 1.7 per cent in BTC and below 0.9 per cent in BSV. Non-mining nodes are intermediate relays in fewer than two transaction propagations in a hundred. The number is not zero — the relay protocol is stochastic and does not enforce shortest-path routing — but it is small, and in the latency-optimal path set, non-mining nodes appear essentially never. Delay Contribution is negative in both networks: median miner-arrival time falls by 6.1 per cent in BTC and 8.3 per cent in BSV when non-mining nodes are removed, with 95th-percentile latency falling by 11.7 per cent and 14.2 per cent respectively. A random-removal control with class proportions preserved produces sub-one-per-cent changes, ruling out the possibility that the effect is a graph-size artefact. Reachability Contribution is non-positive: removal does not reduce miner reachability and in fact marginally improves it.
The mechanism is identified through a queueing-theoretic model of the inventory-advertisement protocol. Bitcoin Core’s relay layer uses inv messages with Poisson-distributed trickle delays and per-peer backoff (Naumenko, Maxwell, Wuille, Fedorova and Beschastnikh, 2019; Grundmann, Neudecker and Hartenstein, 2019). When a transaction reaches the densely connected miner subgraph it propagates within roughly a hundred milliseconds. Non-mining nodes, receiving the same transaction several hundred milliseconds later via slower peripheral paths, then schedule their own inv advertisements toward peers that already possess it. The redundant advertisements consume connection slots, trigger redundant getdata/notfound exchanges, and trip per-peer backoff timers that temporarily deprioritise subsequent relay from those peers. The effect compounds: across thousands of non-mining nodes each advertising to eight peers, tens of thousands of redundant messages are generated per transaction. An M/M/1 model parameterised by empirical arrival and service rates predicts a 6.1 per cent latency reduction under ablation, in close agreement with the simulated BTC outcome. The BSV improvement is larger because the larger-block paradigm amplifies the bandwidth asymmetry; the relevant ratio λ_F/(μ − λ_M) is bigger.
Two further results sharpen the empirical picture. A graduated ablation protocol — removing non-mining nodes in 10 per cent increments — shows that latency improvement is monotonic in the fraction removed, with no critical threshold. There is no subset of non-mining nodes whose presence is structurally necessary; the entire class is contention-generating in proportion to its size. Eclipse-recovery simulations show that SPV clients re-converge on the heaviest chain in 1.2 ± 0.3 block intervals after eclipse release, while non-mining full nodes require 3.8 ± 1.1 intervals, owing to download, validation, and reorganisation overhead. Validation-surplus estimates across four transaction classes find that for standard P2PKH and P2PK transactions, OP_RETURN payloads, and orphaned-block transactions, the proportion of transactions on which full validation could in principle have changed an outcome — but did not, because miners had already enforced the rule — exceeds 0.9999. The only class for which full validation has any operational utility is malformed transactions, which account for less than 0.01 per cent of observed traffic, and even there the rejection latency is 32 per cent higher than the corresponding SPV confirmation latency.
The technical and empirical findings together close one half of the folk theory. Non-mining nodes contribute nothing to consensus security (Wright, 2026a) and nothing positive to propagation performance (Wright, 2026b). The remaining defence shifts to a different layer: even granting the technical and empirical findings, full nodes are said to provide a check on protocol governance — a political function distinct from the technical one. The remainder of this essay examines that defence.
4. The observation layer and the enforcement layer are not the same layer
Before turning to governance, it is worth stating explicitly the conceptual move on which the technical and empirical results both depend. They distinguish what may be called the observation layer from the enforcement layer of a public blockchain. The observation layer comprises all activities — validation, header verification, transaction relay, mempool maintenance — that record, check, or transmit consensus-relevant data without altering it. The enforcement layer comprises the activities — block production, chain extension, transaction inclusion — that determine consensus state. Mining nodes operate on both layers. Non-mining nodes operate only on the observation layer.
The conflation of the two layers is what produces the folk theory. If observation were enforcement, then a node validating against its own rules would be checking the system; the larger the observation population, the more thorough the check. The problem is that in proof-of-work the system is checked only by hashrate. Whatever the observation population sees, hashes, or rejects has the effect of zero on which chain prevails. The observation population is, in this precise sense, epiphenomenal to consensus.
The consensus-layer analyses of Garay, Kiayias and Leonardos (2015) and Pass, Seeman and Shelat (2017) are sometimes invoked against this conclusion, on the ground that they prove safety and liveness under honest majority. They prove no such thing about non-mining nodes. The theorems concern the chain quality, chain growth, and common-prefix properties of the consensus mechanism itself; they apply equally to any node that follows the heaviest valid chain, whether through full validation or through SPV header verification. The theorems are inherited by the observation layer; they are not produced by it. Wright (2026a, Theorem 4) makes this inheritance explicit: under honest majority and at least one honest peer connection, SPV clients and full nodes converge on the same conditional probability that an accepted block is in the heaviest chain, with the difference vanishing as O(e^{-αk}) in confirmation depth k.
A natural objection is that this is a technical result, true under the model, but that the value of running a full node is institutional rather than technical. Even if your full node does not check the chain in a way that binds others, it checks the chain for you; and if many participants check the chain for themselves, the resulting transparency disciplines those who do enforce it. This objection moves the argument from the observation layer of the protocol to a different layer entirely: the layer at which the rules themselves are set. The remainder of the essay examines whether non-mining nodes have institutional standing at that layer.
5. Layered architecture and the category error in classification
A digitally-mediated economic system is constituted by at least three institutional rule-systems, each operating at a structurally distinct layer. The first rule-system governs clearance — who has authority to record and finalise transactions, and under what procedure. The second governs connectivity — under what procedures nodes discover one another, peer, propagate messages, and gossip information through the network. The third governs rule-amendment — how the first two rule-systems are themselves modified, who allocates that authority, and how disputes about rule-interpretation are resolved.
The three layers are independently specifiable. Clearance can occur without any digital communication network (face-to-face cash settlement is the limiting case), so clearance rules do not reduce to connectivity rules. Connectivity rules can exist without performing clearance (broadcast networks are an example), so connectivity rules do not reduce to clearance rules. Rule-amendment is a meta-rule not entailed by any particular configuration of either of the first two. Hodgson’s (2006) definition of an institution as a system of established and prevalent social rules structuring social interaction applies at each layer; North’s (1990) distinction between formal constraints (rules, laws, constitutions) and informal constraints (norms, conventions, codes of conduct) cuts across all three.
The folk theory collapses the three layers. It moves from the connectivity property of the Bitcoin peer-to-peer graph (every node has multiple peers) to a clearance claim (clearance is therefore distributed) to a governance claim (rule-amendment authority is therefore distributed among the participating nodes). None of these inferences is valid, because the three rule-systems are independent. A network with the topology Baran (1964) called distributed — every node connected to several others, with no privileged hub — can host any of the three clearance arrangements (centralised, decentralised, or peer-to-peer) and any of the three rule-amendment arrangements (developer-controlled, foundation-controlled, or genuinely dispersed). The topological property tells us nothing about either.
The empirical structure of the Bitcoin network does not even satisfy the egalitarian-mesh picture that the folk inference quietly assumes. Lischke and Fabian (2016), Tao, Dai, Wu, Ho, Zheng and Cheang (2022), and Javarone and Wright (2018) document heavy-tailed degree distributions and small-world structure. Park, Im, Seol and Paek (2019) and Essaid, Lee and Ju (2023) confirm persistent role asymmetry between high-connectivity miner nodes and peripheral non-mining nodes. The Bianconi and Barabási (2001) fitness-driven preferential attachment model accounts for the condensation: mining nodes possess high fitness (uptime, bandwidth, latency advantage) and form a dense, low-diameter core; non-mining nodes occupy low-k-core shells with high churn. Eigenvector centrality concentrates more than 97 per cent of its mass on under 5 per cent of nodes (Wright, 2026b). Decker and Wattenhofer (2013) showed in the earliest measurement study that inter-miner propagation completes on the order of 100 milliseconds; Fischer and Meiklejohn (2020) confirmed that propagation bottlenecks reside at the boundary between the high-bandwidth relay tier and the general population, not within either.
The empirical picture is therefore: a densely connected miner subgraph with high persistence and short paths, surrounded by a high-churn periphery of non-mining nodes that connect sparsely to the core. This is not the flat egalitarian mesh the folk theory invokes. It is a core-periphery architecture in which the core is small, identifiable, and dominant on every centrality measure. Whatever institutional properties accrue from network structure accrue to the core, not to the periphery.
6. The permissionless assumption and the governance layer
This brings us to the principal claim of Wright (2026c): that the term “permissionless,” as deployed in the blockchain economics literature, describes only the admission layer (anyone can submit a transaction) and silently abstracts away the governance layer (who controls the rules). The label was originally taxonomic, distinguishing systems that gatekeep participation from systems that do not. Its passage through the academic blockchain economics literature — beginning with the importation of the Pease, Shostak and Lamport (1980) and Lamport, Shostak and Pease (1982) honest/faulty partition from the distributed-systems literature, and consolidating in the formalisation by Lewis-Pye and Roughgarden (2023) — has carried with it a much stronger assumption: that participants are anonymous, interchangeable agents without identity, sunk capital, legal exposure, or institutional context.
This assumption is load-bearing. It is what makes attacks cheap in Budish (2025), generates the impossibility results in Budish, Lewis-Pye and Roughgarden (2024), produces the zero-profit equilibrium in Auer (2019) and Huberman, Leshno and Moallemi (2021), and underlies the currency-competition models in Schilling and Uhlig (2019) and the settlement model in Chiu and Koeppl (2019). Wright (2026c) audits ten papers across four categories and finds the same structural error in each: an anonymous-agent framework inherited from the hardware-fault literature, in which a faulty processor is faulty as a property of hardware liveness rather than as a strategic choice by a profit-maximising firm. The proofs in these papers are correct given their assumptions. The issue is that their assumptions describe a system without identifiable governance, and no major public blockchain has that property.
A taxonomy of eight major public blockchains — Bitcoin, Ethereum, Solana, Cardano, BNB Chain, Uniswap, MakerDAO, and Tezos — identifies six structural governance mechanisms, each observable, each documented in primary sources. Developer commit access concentrates the authority to merge protocol changes in a handful of maintainers; BTC Core has approximately five persons with merge rights. Foundation and corporate control concentrates funding and roadmap authority in legal entities; the Ethereum Foundation held a treasury of approximately USD 1.6 billion in early 2024. Validator and miner concentration places block production in the hands of small cartels; in BTC, five mining pools produce roughly 75 per cent of hashrate, and in Ethereum proof-of-stake, three staking providers control roughly a third of staked ETH. Sponsor and investor capture aligns developer work with the commercial interests of funding entities; Blockstream has raised approximately USD 728 million since 2014, with several BTC Core developers on its payroll. Fork-type authority allows the reference-implementation controller to determine whether a change requires a hard fork (inaction = rejection, costly coordination) or a soft fork (inaction = acceptance); the asymmetry was decisive in the SegWit episode. Token-weighted governance makes protocol changes a function of token holdings; concentrated holders such as a16z Crypto have been decisive in Uniswap votes.
The full-node defence of governance distribution against this taxonomy is empirically weak. Full nodes do not vote on Bitcoin Improvement Proposals; they update software to remain compatible or face exclusion. Soft-fork signalling mechanisms measure willingness to update, not informed consent to a policy change. Alston, Law, Murtazashvili and Weiss (2022) document, on the basis of Ostromian polycentricity, that even though cryptocurrencies are designed to be governed autonomously, in practice they require continuous updates and maintenance, and that the burden of governance falls on humans and usually only a few humans. Frolov (2021) documents the broader pattern: even in nominally decentralised systems, the likelihood of such [abusive] actions is high, because whoever controls mining also controls the protocol, with a network of third-party intermediaries having emerged to extract rents from coordination positions. Davidson, De Filippi and Potts (2018) describe blockchain as an institutional technology — the right framework — but their core conclusion that opportunism is significantly reduced through radical public transparency requires two institutional conditions they do not specify: protocol immutability and identity-linked governance transparency. Neither is satisfied by any of the eight systems surveyed in Wright (2026c).
7. Protocol immutability as a commitment device
If governance is real and concentrated, the question becomes how it should be evaluated. Wright (2026c) argues that the appropriate analytical framework is not anonymous-agent game theory but the comparative institutional analysis Williamson (1979) developed for transactions involving relationship-specific investment. Three convergent results from institutional economics apply.
The first is hold-up under asset specificity. Williamson (1979) identifies site, physical, dedicated, and human asset specificity as the dimensions along which the fundamental transformation — from ex ante competition among many potential partners to ex post bilateral monopoly — can occur. All four are present in Bitcoin: ASIC hardware has near-zero salvage value outside its hashing algorithm (physical); mining facilities are located near cheap electricity and cannot be relocated (site); merchant integrations and application ecosystems must be rebuilt if the protocol changes (dedicated); developer expertise is codebase-specific (human). The total industry capital stock in Bitcoin mining is of the order of USD 10–20 billion, extrapolated from the SEC 10-K filings of publicly listed mining firms. Where investments are this specific, a party with discretion to change the rules after investments are sunk can extract the appropriable quasi-rents from those who have invested. The institutional solution is credible commitment: a rule that the rule-changer cannot revise.
The second is time inconsistency under rational expectations. Kydland and Prescott (1977) demonstrate that policy chosen sequentially under discretion does not maximise the social objective function when agents are forward-looking. The consistent policy — best given the current situation at each point — is suboptimal because there is no mechanism to induce future policy-makers to account for the effect of their decisions, via expectations, on current choices. The solution is rules rather than discretion. A protocol controller who announces stable rules has an incentive to deviate once participants have acted on the announcement, and unless the announcement is structurally binding, rational participants discount it accordingly.
The third is hierarchical collusion. Tirole (1986) shows that in a three-tier principal/supervisor/agent hierarchy, when the supervisor possesses both information about the environment and authority to report or conceal it, supervisor and agent can form a coalition against the principal. The mapping to blockchain governance is direct: the principal is the class of UTXO holders; the supervisor is the developer group with commit access; the agent is the commercial sponsor. Developers possess both the relevant information (they understand the codebase better than any other party) and the relevant authority (commit access to the reference implementation). Under Tirole’s conditions, these are sufficient for rent extraction. The design response is to remove the supervisor’s discretionary authority — protocol immutability — while preserving its information function through open-source code that anyone may read and audit.
Protocol stability functions as a commitment device with all three properties simultaneously. It attenuates hold-up by removing the possibility of ex-post rule revision against invested participants; it resolves time inconsistency by binding future decisions through a rule the present cannot alter; and it constrains the authority dimension of the developer-supervisor in Tirole’s hierarchy. The closest analogue is TCP/IP, whose base-layer semantic contract has remained stable since deployment while higher layers have evolved freely. The xedness of the base layer is what makes investment in the higher layers possible. Bitcoin was originally described in these exact terms — the nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime — and the institutional logic of that description is precisely the commitment-device logic above.
8. SegWit and the DAO: discretion exercised
The BTC Core SegWit episode and the Ethereum DAO intervention provide two case studies of what discretionary protocol authority looks like when exercised. The institutional reading offered here follows the documented record; the causal-claim space is acknowledged to be contested.
In August 2017, BIP141 (Segregated Witness) was activated on the BTC chain through a soft-fork mechanism in which non-upgrading nodes’ inaction constituted acceptance. The competing proposal — increasing the block size limit, which would have addressed congestion in a different direction — required a hard fork, and was abandoned in November 2017 after the SegWit2x compromise was withdrawn. The framing choice was decisive: soft-fork SegWit shipped without requiring active community consent; hard-fork capacity expansion required active consent it could not muster against an entrenched reference-implementation incumbent. BIP141’s author and several other BTC Core developers were on Blockstream’s payroll. Blockstream’s commercial products — the Liquid sidechain, Core Lightning, mining services, and hardware wallets — were structurally complementary to a Bitcoin in which on-chain capacity was constrained and value migrated to second-layer constructions. Pre-SegWit transaction fees were on the order of USD 0.20 to 0.50; following activation and continued capacity constraint, fees spiked above USD 20, with the December 2017 median briefly exceeding USD 30. The Lightning Network, which depended on SegWit’s transaction-malleability fix, launched on mainnet five months later. Those rejecting the change maintained the original design as Bitcoin Cash, with Bitcoin SV subsequently diverging from BCH in November 2018; in each case, it was the party that altered the protocol that constituted the fork.
The institutional reading of this sequence — that it satisfies the four products Stigler (1971) identifies as the outputs of capture (direct subsidy, control over entry, policies affecting substitutes and complements, and administered scarcity) — is presented in Wright (2026c) as consistent with the documented mechanism, not as settled causal identification. The structural facts are uncontested: a small group held commit access, a commercial sponsor funded their work, a protocol change was implemented as a soft fork, fees rose, and the chain diverged. Whether the technical merits of SegWit independently justified the choice is orthogonal to whether the governance structure through which the choice was made was institutionally vulnerable. Both can be true. The institutional diagnosis is that the structure exhibited the features identified by Williamson, Kydland-Prescott, and Tirole, regardless of whether the engineering judgement was correct.
The Ethereum DAO intervention of July 2016 makes the time-inconsistency mechanism even clearer. The DAO contract, exploited through a software vulnerability, drained approximately USD 60 million of Ether into a time-locked address. The Ethereum development team executed a hard fork to reverse the outcome. Those who rejected the change continued as Ethereum Classic on the unaltered ledger. The initial commitment — that the protocol would execute smart contracts exactly as written, without human intervention — had induced investment in DAO participation. After agents acted on the commitment, the controlling party deviated by forking. The deviation destroyed the commitment value of the original rule. As Frolov (2021) observes, this constitutes a de facto rejection of the principles of decentralisation. Whether the welfare consequences of the intervention were net positive in the specific case is empirically uncertain; the institutional consequence — that the meta-rule under which contract outcomes are honoured was itself shown to be subject to discretionary revision — is unambiguous.
9. Convergence
The three works examined here approach the same object from different methodological positions: formal proof, simulation-based empirical analysis, and comparative institutional reading. They converge on a single picture.
At the technical layer, non-mining nodes have zero causal effect on consensus state. Their validation behaviour is structurally epiphenomenal to enforcement, and the apparent equilibrium in which they continue to exist is not an equilibrium under the standard utility assumptions of the literature. The Nash strategy for non-miners is SPV; the Transaction Inertia Principle assigns finality to enforcement rather than to observation.
At the empirical layer, non-mining nodes are not neutral observers. They generate contention in the relay protocol that measurably slows propagation through the miner backbone. Removing them improves median latency by 6–8 per cent and 95th-percentile latency by 12–14 per cent, with the relationship monotonic in the fraction removed and predicted within fractions of a percentage point by a queueing-theoretic model. Whatever institutional virtues non-mining nodes might be said to possess, propagation-layer contribution is not among them.
At the institutional layer, the permissionless assumption captures the admission layer but not the governance layer. Every major public blockchain exhibits identifiable governance structures — developer commit access, foundation control, validator concentration, sponsor influence, fork-type authority, token-weighted voting — that the permissionless framing abstracts away. Once the governance structure is restored to the analysis, protocol mutability becomes identifiable as a commitment-device failure, with hold-up, time-inconsistency, and hierarchical-collusion mechanisms all available to identifiable parties at identifiable points in the system. The BTC Core and Ethereum DAO episodes are not anomalies; they are the institutional consequence of the structure operating as the institutional theory predicts.
The common thread is the conflation of layers. The technical literature conflates the observation layer with the enforcement layer of the protocol. The empirical literature conflates participation in relay with contribution to relay. The institutional literature conflates the admission layer with the governance layer. Each conflation produces an inflated estimate of what non-mining participants do — for the security of the system, for its operation, for its rule-setting. Once the layers are distinguished, the inflation collapses, and a more disciplined picture takes its place: a system whose technical operation depends on miners, whose empirical performance is best served by minimising peripheral contention, and whose institutional governance is concentrated in a small set of identifiable agents who hold discretion over the rules.
For applied work — in particular for cyber-physical systems integrating blockchain settlement, where verification cost determines whether blockchain integration is feasible at all — the implications are practical. Resource budgets at the edge are best allocated to robust peer connectivity and miner-diverse header sources, not to redundant local validation. For institutional and policy analysis, the implications are different but equally specific. The relevant variables are who controls the codebase, who funds the developers, how forks are classified, and what disclosure regime applies to sponsor influence. None of these is captured by the permissionless label, and none can be regulated by a framework that assumes them away.
The folk theory survives because each of its three layers is invoked when the others are challenged. The structural finding is that all three layers fail, and that they fail together. The remaining work is to identify what institutional architecture — if any — would deliver the properties the folk theory mistakenly attributes to the present arrangement. That is a forward question. The backward question, which the three works examined here answer, is what the present arrangement actually delivers; and the answer, at every layer, is less than has been claimed.
References
Alston, E., Law, W., Murtazashvili, I. and Weiss, M. (2022) ‘Blockchain networks as constitutional and competitive polycentric orders’, Journal of Institutional Economics, 18(5), pp. 707–723.
Auer, R. (2019) Beyond the doomsday economics of proof-of-work in cryptocurrencies. BIS Working Papers, No. 765.
Baran, P. (1964) On Distributed Communications: IV. Priority, Precedence, and Overload. Memorandum RM-3638-PR. Santa Monica, CA: The RAND Corporation.
Bianconi, G. and Barabási, A.-L. (2001) ‘Bose–Einstein condensation in complex networks’, Physical Review Letters, 86(24), pp. 5632–5635.
Budish, E. (2025) ‘The economic limits of Bitcoin and anonymous, decentralized trust on the blockchain’, Quarterly Journal of Economics, 140(1), pp. 1–63.
Budish, E., Lewis-Pye, A. and Roughgarden, T. (2024) ‘The economic limits of permissionless consensus’, in Proceedings of the 25th ACM Conference on Economics and Computation (EC ‘24), pp. 1–28.
Chiu, J. and Koeppl, T. V. (2019) ‘Blockchain-based settlement for asset trading’, Review of Financial Studies, 32(5), pp. 1716–1753.
Davidson, S., De Filippi, P. and Potts, J. (2018) ‘Blockchains and the economic institutions of capitalism’, Journal of Institutional Economics, 14(4), pp. 639–658.
Decker, C. and Wattenhofer, R. (2013) ‘Information propagation in the Bitcoin network’, in Proceedings of the IEEE 13th International Conference on Peer-to-Peer Computing (P2P). IEEE, pp. 1–10.
Essaid, M., Lee, C. and Ju, H. (2023) ‘Characterizing the Bitcoin network topology with Node-Probe’, International Journal of Network Management, 33(6), e2230.
Fischer, A. and Meiklejohn, S. (2020) ‘Bitcoin’s latency — The Achilles heel of the cryptocurrency?’, Computer Communications, 167, pp. 56–66.
Frolov, D. (2021) ‘Blockchain and institutional complexity: an extended institutional approach’, Journal of Institutional Economics, 17(1), pp. 21–36.
Garay, J., Kiayias, A. and Leonardos, N. (2015) ‘The Bitcoin backbone protocol: analysis and applications’, in Advances in Cryptology — EUROCRYPT 2015. Berlin, Heidelberg: Springer, pp. 281–310.
Grundmann, M., Neudecker, T. and Hartenstein, H. (2019) ‘Exploiting transaction accumulation and double spends for topology inference in Bitcoin’, in Financial Cryptography and Data Security Workshops, LNCS 11599. Springer, pp. 113–126.
Heilman, E., Kendler, A., Zohar, A. and Goldberg, S. (2015) ‘Eclipse attacks on Bitcoin’s peer-to-peer network’, in Proceedings of the 24th USENIX Security Symposium. Washington, DC: USENIX Association, pp. 129–144.
Hodgson, G. M. (2006) ‘What are institutions?’, Journal of Economic Issues, 40(1), pp. 1–25.
Huberman, G., Leshno, J. D. and Moallemi, C. (2021) ‘Monopoly without a monopolist: an economic analysis of the Bitcoin payment system’, Review of Economic Studies, 88(6), pp. 3011–3040.
Javarone, M. A. and Wright, C. S. (2018) ‘From Bitcoin to Bitcoin Cash: a network analysis’, in Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems (CryBlock’18). Munich, Germany: ACM, pp. 77–81.
Kydland, F. E. and Prescott, E. C. (1977) ‘Rules rather than discretion: the inconsistency of optimal plans’, Journal of Political Economy, 85(3), pp. 473–491.
Lamport, L., Shostak, R. and Pease, M. (1982) ‘The Byzantine generals problem’, ACM Transactions on Programming Languages and Systems, 4(3), pp. 382–401.
Lewis-Pye, A. and Roughgarden, T. (2023) ‘Permissionless consensus’, arXiv preprint, arXiv:2304.14701.
Lischke, M. and Fabian, B. (2016) ‘Analyzing the Bitcoin network: the first four years’, Future Internet, 8(1), p. 7.
Nakamoto, S. (2008) ‘Bitcoin: a peer-to-peer electronic cash system’. Available at: https://bitcoin.org/bitcoin.pdf.
Naumenko, G., Maxwell, G., Wuille, P., Fedorova, A. and Beschastnikh, I. (2019) ‘Erlay: efficient transaction relay for Bitcoin’, in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. London: ACM, pp. 817–831.
North, D. C. (1990) Institutions, Institutional Change and Economic Performance. Cambridge: Cambridge University Press.
Park, S., Im, S., Seol, Y. and Paek, J. (2019) ‘Nodes in the Bitcoin network: comparative measurement study and survey’, IEEE Access, 7, pp. 57009–57022.
Pass, R., Seeman, L. and Shelat, A. (2017) ‘Analysis of the blockchain protocol in asynchronous networks’, in Advances in Cryptology — EUROCRYPT 2017. Berlin, Heidelberg: Springer, pp. 643–673.
Pease, M., Shostak, R. and Lamport, L. (1980) ‘Reaching agreement in the presence of faults’, Journal of the ACM, 27(2), pp. 228–234.
Schilling, L. and Uhlig, H. (2019) ‘Some simple Bitcoin economics’, Journal of Monetary Economics, 106, pp. 16–26.
Stigler, G. J. (1971) ‘The theory of economic regulation’, Bell Journal of Economics and Management Science, 2(1), pp. 3–21.
Tao, B., Dai, H.-N., Wu, J., Ho, I. W.-H., Zheng, Z. and Cheang, C. F. (2022) ‘Complex network analysis of the Bitcoin transaction network’, IEEE Transactions on Circuits and Systems II: Express Briefs, 69(3), pp. 1009–1013.
Tirole, J. (1986) ‘Hierarchies and bureaucracies: on the role of collusion in organizations’, Journal of Law, Economics, and Organization, 2(2), pp. 181–214.
Williamson, O. E. (1979) ‘Transaction-cost economics: the governance of contractual relations’, Journal of Law and Economics, 22(2), pp. 233–261.
Wright, C. S. (2026a) ‘Formal security analysis of SPV clients versus home-based full nodes in Bitcoin-derived systems’, Proceedings of the IEEE Conference on Cyber-Physical Systems (CCNCPS), accepted for publication.
Wright, C. S. (2026b) ‘The redundancy of full nodes in Bitcoin: a counterfactual ablation study of miner-centric propagation topologies’, Proceedings of the IEEE Conference on Cyber-Physical Systems (CCNCPS), accepted for publication.
Wright, C. S. (2026c) ‘Beyond permissionless: governance, commitment, and rule change in public blockchains’, Journal of Institutional Economics, accepted for publication.
Yes, it is frustrating.
Here's the thing: I've brought up many times the idea of economic rent, with you, in the context of economic folklore pervading the left and the right. And you present me with the same kind of cog diss as you state so well above within bitcoin folklore. Identical psychologically.
I've been doing these 'audits' for over 20 years now, they are easy for me to run as scientific experiments and the results are always clear and repeated - almost nobody passes the test. Your response was no exception to this general rule so do not take this is an attack on you. Treat it as an opportunity for personal transformation...if you so choose.
The challenge for you as always will be that you are well aware of the cog diss in other people, yet are oblivious to your own - so fail the test.
Can you pass the Orwell Test?
https://www.northstokelife.com/2026/01/the-orwell-test.html
Why am I telling you this?
Because you are the worlds number one expert on Bitcoin yet have not succeeded in delivering after a decade of building. And, if you can take on my challenge authentically, there is a strong possibility, now you can 'see' again, your work may finally start to produce fruit.
What's in it for me?
I see a successful and widely adopted Bitcoin as a giant Labour Saving Invention. I own lots of real estate for which the income stream is 'un-eanred' and largely tax free in the end, once the tax liability is clawed back and plenty more in capital gain. The ultimate economic effect of your invention will be to increase rents. And while property in land remains privatised and earned incomes remain highly taxed, I win, big time. Are you getting the picture yet?
Get there quickly though. Once a state has recognised your patents as salvific for their currency, they will not pay you for them. They will just take them. And you will no longer have even 5% control over them.
Go well.