Game Theory: Why Honesty Pays
We’ve seen that miners spend real resources and that honest mining tends to be the more profitable choice. This page makes that intuition precise. Bitcoin’s deepest claim isn’t “people are honest” — it’s that the system is incentive-compatible: it’s built so that selfish, untrusting, profit-maximizing participants converge on honest behavior anyway. That’s a far stronger guarantee, because it doesn’t depend on anyone being good.
Incentive-compatibility: the core idea
Section titled “Incentive-compatibility: the core idea”A protocol is incentive-compatible when following the rules is each participant’s best response to everyone else following the rules. You don’t have to police people; you arrange the payoffs so that cheating is simply the worse deal.
This is the only kind of security that works among strangers who have no reason to trust each other — which is exactly the Byzantine & Sybil setting Bitcoin was built for. You can’t verify everyone’s intentions. So instead of asking participants to be trustworthy, you make untrustworthy behavior unprofitable.
The recurring question of this textbook — how do untrusting strangers agree on one ledger? — gets its sharpest answer here: they agree because, given everyone else, agreeing is the move that makes each of them the most money.
Attacking is expensive and self-defeating
Section titled “Attacking is expensive and self-defeating”Consider the headline threat, the 51% attack: acquire a majority of hash power and use it to rewrite recent history (double-spend, censor, reorganize blocks). Game theory explains why this is rarely rational, in two stacked layers.
Layer 1 — it’s expensive. To out-pace the honest chain you must control more hash power than everyone else combined. That means buying (or renting) an enormous fleet of ASICs and paying their power bills continuously for as long as the attack runs. The cost is large, ongoing, and visible.
Layer 2 — it’s self-defeating. This is the deeper point. To attack Bitcoin you must first invest heavily in Bitcoin — in mining hardware whose only value is mining BTC, and often in BTC holdings themselves. A successful attack would destroy confidence in the network, and a network nobody trusts is a coin nobody wants. So the attack devalues the very asset you spent a fortune to acquire the power to attack. You would be setting fire to your own warehouse to steal one item from it.
The attacker's dilemma ─────────────────────────────────────────────── To attack, you must hold A successful attack lots of Bitcoin-specific → destroys trust in → Your stake and your capital (ASICs, maybe BTC) Bitcoin hardware lose value ▲ │ └─────────── net result: you lose money ◄────────────┘A rational actor with that much capital makes more money by pointing it at honest mining and collecting the steady security budget — subsidy plus fees — for years. Greed defends the chain.
Nash-equilibrium intuition
Section titled “Nash-equilibrium intuition”In game-theory language, “everyone mines honestly” is a Nash equilibrium: a state where no single player can improve their payoff by unilaterally deviating, assuming the others don’t change.
Walk through it from one miner’s seat:
- If everyone else is mining honestly, your best move is to mine honestly too — you collect rewards immediately, and any attack you launch alone is too small to succeed and only wastes your power.
- Trying to mine on a secret or shorter chain just means your blocks get orphaned and your effort earns nothing.
So no individual gains by defecting, which is what keeps the honest configuration stable. It’s the same logic that holds a fragile peace among the Byzantine generals: not trust, but a payoff structure where breaking ranks costs you the most.
A wrinkle: selfish mining
Section titled “A wrinkle: selfish mining”A textbook owes you the cases where the clean story frays. The most famous is selfish mining (Eyal & Sirer, 2014). The idea: a miner who finds a block secretly withholds it, keeps mining a private lead, and releases blocks strategically to make honest miners waste work on a chain that gets orphaned. Under certain assumptions, the analysis suggests such a miner could earn a share of rewards larger than their share of hash power — meaning the naive “honesty is always optimal” claim isn’t unconditionally true.
How worried should you be? In practice, several things blunt it:
- It generally requires a large hash-power share and favorable network timing to pay off.
- It’s detectable — unusual orphan patterns are visible on-chain — and detection itself can trigger a confidence (and price) hit that erases the gains, looping us back to the self-defeating argument.
- Honest miners and pools can adopt countermeasures.
Selfish mining hasn’t been a demonstrated, sustained problem on Bitcoin, but it’s a real and important caveat: Bitcoin’s incentive-compatibility is strong and well-tested, not a closed mathematical theorem. For this and other real-world stress tests of the incentive model, see famous incidents & attacks.
What to take away
Section titled “What to take away”- Security comes from incentive design, not from assuming good actors.
- Attacking is both expensive and self-defeating, because attackers must first invest in the asset they’d be destroying.
- “Everyone honest” is a stable Nash equilibrium: unilateral cheating doesn’t pay.
- Wrinkles like selfish mining show the guarantee is robust but not absolute — exactly the honest, balanced view a textbook should leave you with.
The architect’s lens
Section titled “The architect’s lens”Incentive-compatibility is a chosen security model — interrogate it like any design decision:
- Why does it exist? Because you can’t verify the intentions of untrusting strangers, Bitcoin secures the ledger through incentive-compatibility instead of trust — arranging payoffs so that selfish, profit-maximizing participants converge on honest behavior anyway.
- What problem does it solve? Security without trustworthy actors: “everyone mines honestly” is a Nash equilibrium, and a 51% attack is both expensive (out-hash everyone, continuously) and self-defeating (you must first invest in the very asset the attack would destroy). Greed defends the chain.
- What are the trade-offs? It’s robust, not absolute — selfish mining (Eyal & Sirer, 2014) shows a large miner could, under favorable timing, earn more than its hash-power share, so this is a strong, well-tested empirical property, not a closed theorem.
- When should I avoid it? Incentive-based security is the wrong frame when participants are identifiable and trustworthy — a permissioned BFT quorum reaches agreement without paying a perpetual security budget to keep the selfish in line.
- What breaks if I remove it? Drop incentive alignment and security rests on goodwill, which fails the instant a greedy actor appears — the whole inversion is that the design gets stronger the more self-interested its participants are.
Check your understanding
Section titled “Check your understanding”- What does “incentive-compatible” mean, and why is it a stronger guarantee than “participants are honest”?
- Explain the two layers of why a 51% attack is irrational — the expense argument and the self-defeating argument.
- What is a Nash equilibrium, and why is “everyone mines honestly” one for Bitcoin?
- What does selfish mining claim, and why doesn’t it simply demolish the “honesty pays” story?
- Tie it back to the recurring question: how do incentives (not trust) get untrusting strangers to agree on one ledger?
Show answers
- A protocol is incentive-compatible when following the rules is each participant’s best response to everyone else following the rules — cheating is simply the worse deal. It’s stronger than “participants are honest” because it doesn’t depend on anyone being good: it gets stronger the more self-interested participants are, whereas a rule resting on goodwill fails the moment someone greedy shows up.
- Layer 1 (expensive): to out-pace the honest chain you must control more hash power than everyone else combined — buying/renting a huge ASIC fleet and paying its power bills continuously, a large, ongoing, visible cost. Layer 2 (self-defeating): to attack you must first invest heavily in Bitcoin (mining hardware, often BTC itself), and a successful attack destroys confidence — devaluing the very asset you spent a fortune to acquire the power to attack.
- A Nash equilibrium is a state where no single player can improve their payoff by unilaterally deviating, assuming the others don’t change. “Everyone mines honestly” is one: if everyone else is honest, your best move is to mine honestly too — a solo attack is too small to succeed and just wastes power, and mining a secret/shorter chain only gets your blocks orphaned for nothing.
- Selfish mining (Eyal & Sirer, 2014) claims a miner can withhold found blocks, build a private lead, and release strategically to earn a reward share larger than their hash-power share — so “honesty is always optimal” isn’t unconditionally true. It doesn’t demolish the story because it generally needs a large hash share and favorable timing, it’s detectable on-chain (and detection can trigger a confidence/price hit that erases the gains), and pools can adopt countermeasures.
- By incentive design: the participants with the most power to corrupt the ledger are the ones with the most to lose from corrupting it, so self-interest and network security point the same way. Strangers agree not because they trust each other but because, given everyone else, agreeing is the move that makes each of them the most money.