How Decentralized is Bitcoin Core?

Conor Maloney

January 4, 2019

When it comes to talking Bitcoin forks, people tend to get heated. It’s a controversial subject in the cryptocurrency space, and unfortunately, newcomers asking about it are often met simply with derision or hyperbole from whoever answers them first. Many people have strong opinions on which fork is the best, but it often seems like these opinions are based on an emotional “my team is better than yours” mentality rather than hard facts.

Let’s get down to it – what is Bitcoin Core, who controls it, and is it centralized or not?

Bitcoin Core

Bitcoin Core is a Bitcoin client, meaning the end-user software that facilitates private key generation and security, payments, etc. It’s a version of the Bitcoin protocol, and because enough people have agreed to use it, it’s the most popular one. In 2014 the Bitcoin project was renamed Bitcoin Core by developers to distinguish it from other clients, so essentially Bitcoin Core = BTC. The source code for Bitcoin Core is stored on GitHub.

For operational security (op-sec) reasons, access to the code via GitHub staff accounts is restricted. The project has a system which constantly validates encrypted, trusted PGP keys which must sign every new addition to the source code – the keys are tied to known identities to verify the authenticity of new code commits and reduce the risk of sabotage.

Bitcoin Core is open-source, meaning anyone can contribute: however, the following developers are the ones who have the power to authorize new commits to the code.

Wladimir J. van der Laan 
Pieter Wuille 
Jonas Schnelli 
Marco Falke 
Samuel Dobson 

That said, anyone can be a Bitcoin Core developer, and any BC developer can verify the authenticity of the PGP keys of the above 5 devs at any time to help ensure the security of the project (this is done by running a which backchecks all PGP keys).

Anyone can propose new changes to the code by opening a pull request, and any developer can review a pull request and provide feedback. You can read more about additional security features here.

New proposals are verified by multiple developers and a system to establish binary determinism.

Once a deterministic build has succeeded then the developers sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used. This method removes the build and distribution process as a single point of failure.

Bitcoin devs with trusted “maintainer” PGP keys sign off on the proposal which is auditable by any developer, and even at that point it’s up to node operators to allow the new update – there is no auto-update feature to avoid code being slipped in surreptitiously.

Is That Centralized?

Well, perhaps it’s not 100% decentralized. At the end of the day, what is? From my point of view, it’s pretty damn close so far, although it has to be acknowledged that certain developers are given a trusted status to an extent.

Jameson Lopp partially addresses this in a recent Medium post:

While it is technically possible for a maintainer-organized coup to hijack the GitHub repository, censor dissenting developers, and perhaps even maintain the brand name of “Bitcoin Core,” the result would be that Bitcoin Core would stop being the development focal point.

The Bitcoin Core team includes or has included the pseudonymous developer or developers known only as Satoshi Nakomoto, who has not been active in years as far as the public is aware. Then there was Gavin Andresen, who is no longer a member and fell from grace in the eyes of many for supporting Craig Wright’s claim to the Nakomoto identity, as well as Wladimir van der Laan who is currently active and has over 6650 commits on GitHub.

That said, there are a great many developers contributing to the project in ways big and small. It’s open source, auditable, and decentralized – mostly.

Cryptocurrency teams are always brainstorming new ways to further decentralize control of their projects, and while many have accused Bitcoin Core of being overly centralized, hopefully this post sheds more light on the subject and will help inform you to make your own decision on whether the project is centralized or not.