I've been considering decentralization since I was introduced to Bitcoin in 2013. In 2019 I began working in the Decentralized Identity space full-time. Decentralization is one of the main things I spend my time thinking about—how it works, how it affects the systems we're building in the decentralized identity community, and how to apply it to problems related to individual identity, privacy, and data sovereignty.
I've seen wide variations in decentralization's definition, understanding, evaluation, and application. With the prominence of blockchain technology and upcoming identity solutions rolling out to all major markets, it's worth trying to be more formal about what we mean when we say "decentralization."
Decentralization, What's That?
Decentralization describes the distribution of power, control, and authority. Power is the ability to influence or affect others toward a certain goal. Control is the ability to direct or regulate the actions and behaviors of others. Authority is the legitimization of power and control. We can think of these three facets of systems, and where they are well distributed, there is decentralization; where they are concentrated, there is centralization. Said differently, where there is decentralization, it is much more difficult for one party to exert power, control, or authority against another unilaterally. With decentralization, there can be a more democratic and equitable distribution of influence within a system.
As a shortcut, I think of decentralization as resistance to censorship and removing single points of failure. Instead, trust is placed in the system and its rules. Decentralization encourages transparency of rules, accountability, and accessibility to the system and is egalitarian toward power distribution.
Decentralized or Decentralizable?
In determining whether a system is decentralized, you must look at its current state. A decentralized design without a decentralized practice is not decentralization. For example, consider a blockchain with a whitepaper espousing an incredibly detailed technical design for robust decentralization with thousands of nodes participating in securing the network. The blockchain aims to be decentralized; however, it is a new system with one or two nodes in the network. It is not currently decentralized. It is decentralizable. Decentralizable means that decentralized concepts are baked into a system's design.
Balaji Srinivasan and Leland Lee, in 2017, put out a piece attempting to quantify decentralization, which puts forth an idea of a Nakamoto coefficient. The higher the value, the more decentralized the system is.
The basic idea is to (a) enumerate the essential subsystems of a decentralized system, (b) determine how many entities one would need to be compromised to control each subsystem, and (c) then use the minimum of these as a measure of the effective decentralization of the system. The higher the value of this minimum Nakamoto coefficient, the more decentralized the system is.
While I don't think the Nakamoto coefficient is a perfect system (and the authors admit as such)—# addresses is a faulty metric because the same entities can control them; the number of developers by commits is faulty because not all commits are equal; not all developers are equal either because a centralized source can fund them, etc.—I do believe it's a great starting point at measuring decentralization of blockchain systems. A perfect methodology could be endlessly complex, so it's important to determine when such a measurement is "good enough." A similar methodology could be created for systems of all kinds which care about decentralization.
The authors conclude...
Many have said that decentralization is the most important property of systems like Bitcoin and Ethereum. If this is true, then it is critical to be able to quantify decentralization.
And I agree. Decentralization is critical in certain systems, especially those that function because they're decentralized—like blockchains or decentralized identity systems (it's in the name!). A key takeaway is that you're only as decentralized as the most centralized component in the system, the so-called decentralization upper bound, limited by a centralization bottleneck.
A Decentralization Maturity Model
Decentralization is not a binary characteristic. Instead, it exists on a spectrum. To help illustrate that spectrum, I'd like to propose a maturity model for decentralization, which can be conceived of in four levels:
Level 1: Centralized
All power, control, and authority are concentrated within a single entity (individual or group). Transparency is minimal. The system is highly trust-driven, and participants have low levels of autonomy. The centralizing entity rules all.
Examples: Authoritarian governments. Single-maintainer projects (MacOS, Microsoft Windows).
Level 2: Federated (Hierarchical, Coordinated)
Power, control, and authority are distributed (shared)—though not always evenly—across multiple entities. A central entity within the system can still exert ultimate control at any time. Trust is beginning to be distributed, but most still lie in the entity at the top of the hierarchy.
Examples: The US Government. Most corporations. Multi-maintainer open source software (specific Linux distros, Kubernetes, Git). Bluesky. Mastodon. Replicated and distributed databases. Some blockchains (Hedera, Solana). The internet (in practice).
Level 3: Decentralized
Without a formal hierarchy, power, control, and authority are distributed across multiple entities. There are coordinated decision-making processes, such as mailing lists, calls, or other consensus-building mechanisms. At this level, the rules are transparent. Trust is placed in those transparent rules instead of any single entity in the system.
Level 4: Decentralized and Autonomous
At this level, we reach the apex of decentralization. The system runs automatically with self-enforcing rules that maintain a stasis of decentralization. There are no central authorities whatsoever. Each participant in the system is autonomous and makes their own decisions following transparent rules. Maximal flexibility, adaptability, and security through accountability are possible.
Decentralization is neither good nor bad. It does not make sense in every system—it would be overly simplistic to view a system as "needing decentralization" or not. Decentralization is a philosophy that can be applied when it makes sense: when it reduces risk and optimizes a system that could benefit from its properties.
Decentralization is useful when a system can benefit censorship resistance, transparency of rules, and trustlessness. We can consider the maturity model above and ask whether a system is operating properly and would benefit from being more or less decentralized. Certainly, there are other levers to pull besides decentralization, but those are out of scope for this post.
Let's tie our more abstract ideas around decentralization back to some real-world problems.
Decentralization in Practice
I often get the question, "Why do I need decentralization? The world works fine without it." Which, at first glance, may be an appealing thought. I propose a term called a systems test in which a system's way of operating is strained. Sometimes this exposes flaws. In good, antifragile systems, such tests make the system stronger. In other (fragile) systems, the system can collapse. We can consider such a test for any system, and there are plenty of examples throughout recent times to choose from.
As we dive into money, identity, privacy, and data sovereignty, consider the market tests of the 2008 financial crisis, hyperinflation, the 2023 banking crisis, the Snowden Leaks and mass surveillance, Cambridge Analytica, and the Social Credit System, among plenty of other recent examples. While these tests have exposed weaknesses with the current systems, ask yourself if they've resulted in any substantial change or move towards decentralization. With those changes, can any of these scenarios be fully prevented?
Fiat money today works in a fairly centralized manner. There's no fiat currency without a government (like the US Dollar) or a collection of governments (like the EU with its Euro). Depending on your view on economic theory, you may think our centralized financial system works quite well. History doesn't agree. If you do not live in a powerful country or set of countries (like the US, EU, or China), likely, your currency does not work for you at all.
Inflation is an easy sign of a currency not working for a nation. The more inflation you have, the less your currency's purchasing power, and the less your hard work and savings are good for. And if your hard work and savings aren't good for anything, how valuable is that society and its people's livelihoods? Inflation and hyperinflation have many examples in the modern world. There are entire articles dedicated to inflation and its effects on a country.
Not only is there the problem of inflation in such a centralized system, but there are also problems with manipulation, favoritism, and bias that are enabled by not having a system with transparent rules that works equally for everyone. Why would you choose an unfair system that favors the wealthy, large corporations and enables lobbying and corruption? Without incentives and forcing functions for fair play, there's room for abuse—and that's exactly what has happened and will continue happening in such a centralized system. What a ridiculous thing to be responsible for large-scale financial crises, effectively gambling with society's money and getting rewarded with giant bonuses.
Blockchain-based currencies offer a decentralized alternative to fiat. They are rooted in decentralized systems, promoting equal access, transparent rules, and decentrally-controlled inflation. Cutting out middlemen, like banks and the government, allow for increased efficiency, higher security, and far cheaper transactions (no need to print physical money and ship it around the planet, have physical banks, etc.).
I won't evaluate specific blockchains here, but I will note that just because a currency is blockchain-based does not make it inherently better than fiat or more secure. One must examine the fundamentals of any system before reaching such conclusions. Further, even a highly decentralized blockchain can have a centralized currency created on its platform. One example is Terra, a stablecoin with a large centralization risk that blew up in 2022. Another example—considered the gold standard (pun intended) of stablecoins—is USDC. USDC is centralized by design, controlled by Circle, and operates on several blockchains. Not only is Circle a centralizing factor, but the US government is too—it could regulate away Circle's business at any time, they say as much on their website.
This does not mean more centralized blockchains like Solana or more centralized blockchain projects like USDC are bad; it just means they've made a set of choices for the set of use cases they're going after. Having various tools and ensuring you use them appropriately for the system you're working within is more important.
Decentralized Money Maturity Model
|Level 1: Centralized||Money is controlled and issued by a single entity (such as a government or central bank) with little to no involvement from the public.||Traditional banking systems, credit card companies|
|Level 2: Federated (Hierarchical, Coordinated)||A central authority issues money and can be created and used by other entities or individuals (such as commercial banks).||SWIFT, Checks, CashApp, PayPal|
|Level 3: Decentralized||Multiple entities have equal control and authority. Money is issued and controlled by a decentralized network (such as a blockchain) with no central authority.||Bitcoin, Tezos, Ethereum|
|Level 4: Decentralized and Autonomous||Money is fully decentralized and autonomous, with no need for human intervention. Smart contracts or other automated systems govern the creation and use of money.||DAI Stablecoin, MakerDAO|
Evaluating Decentralization in Money
- Maximum individual freedom and control over what they do with their money and when
- Enable high-security and privacy-preserving transactions
- Promotes a free and open market without borders
- Removes the temptation for power brokers to interfere and "manage" the monetary system
- Reduces corruption by eliminating "freebie" mistakes (bailouts)
- You have to be your bank (risk, security, management)
- The average user has to have a higher level of expertise in finance
- Regulatory trouble (dubious legal status, tax reporting is tougher)
- Irreversible transactions without intermediation (e.g., refunds are difficult)
Identity, Privacy, and Data Sovereignty
As I have previously written...
Historically, your data hasn’t been in your control. It lives with the institutions you interact with: large tech companies, governments, health care providers, etc. This applies to both physical records, which there are increasingly less of, and digital records, which there are increasingly more of. There’s so much digital data that most of it is untouched — sitting around doing nothing. When something is done with the data, given the misaligned incentives of our existing financial system, it is often used to extract value from individuals: selling data to advertisers, facilitating political agendas and dragging you deeper into walled-garden ecosystems.
Is it your data if you don't control it? What happens after you share your data, or is it harvested from your activity? Do large data brokers, advertising companies, tech companies that profit from selling your data, and governments that track every activity make you feel good about having a digital self in 2023?
Self-Sovereign Identity (SSI) is an umbrella term well-detailed by Christopher Allen and inspired by many in the Identity community before him in his 2016 blog post: The Path to Self-Sovereign Identity, which identifies Ten Principles of Self-Sovereign Identity. These principles apply decentralization to identity. Enabling decentralization opens up opportunities for increased user control, transparency into how your data is used, increased access to your data on their terms, portability and interoperability between providers, reduced centralized vendor lock-in, and more.
Putting SSI tools in the average person's hands means higher privacy and control in each interaction. I see this world in two classes of use cases: those where identity is required—usually by a government—and everything else. Where identity is required, consider two common examples: proving you're over 21 to get a drink at a bar and applying for a job.
Proving you're over 21 today requires you to share a government-issued credential—likely a passport or driver's license–which contains much personally sensitive information, like your age, height, weight, and home address. With SSI tools, you can ensure you share the minimum possible information with an enquiring party while guaranteeing information accuracy and security. In the best case, you could share a Zero Knowledge Proof (ZKP), proving that you're over 21 without disclosing your actual age or any other information that may be on your official identity document.
When you apply for a job, your prospective employer often requires a background check. This check ensures you haven't lied about your credentials: did you really go to Harvard? Did you really work for Apple? Today, these types of checks are invasive and privacy-minimizing. With each check, information is disclosed about you to a 3rd party (1) you're looking for a new job, and (2) where you're applying. You may not wish for your university, prior employers, or current employer to have this information since it could be sold to data aggregators or used to target you or people like you with advertisements.
Under the everything else category, consider all the data you create daily: your documents, photos, preference data (the music you listen to, content you consume), browsing history, shopping data, and much more. The possibilities that are enabled when this data becomes yours instead of being controlled by centralized parties in their data silos are endless. One such example you can find in a post I wrote going into decentralizing movie streaming data.
The principles of Self-Sovereign Identity are highly aligned with those of Web5 and the reason I work for and believe in the mission of TBD. Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and Decentralized Web Nodes (DWNs) are decentralization tools for identity, privacy, and data sovereignty. Simply using these technologies is insufficient; one must make conscious choices for decentralization at each step. Your DID method is not decentralized if it can be turned off by a single provider (like a domain registrar with did:web, or a consortium member with any of the common public permissioned DID methods). Your DWN is not decentralized if it only has a single instance provided by a major cloud provider or a single app on your phone that a single app developer can censor.
Our job in the decentralized identity community is incomplete until we can achieve sufficient decentralization for the average human. This means a low bar of complexity and a high bar of utility.
Identity & The Decentralization Maturity Model
|Level 1: Centralized||Centralized identity systems||National ID cards, Social Security Numbers|
|Level 2: Federated (Hierarchical, Coordinated)||Federated identity systems||Single Sign-On (SSO) services like Google Sign-In, Facebook Login|
|Level 3: Decentralized||Self-sovereign identity (SSI) systems||Some applications of Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and Decentralized Web Nodes (DWNs).|
|Level 4: Decentralized and Autonomous||Autonomous identity systems||Blockchain and DWN-based identity with greater decentralization. DID methods such as Sidetree, KERI, and ENS. Smart and automated DWN-based agents.|
Evaluating Decentralization in Identity
- Consent-driven data sharing
- Higher individual privacy and data security
- Reduces the ability for your data to be used against you and people like you (for ads, political manipulation, etc.)
- Improved data experiences with the removal of data silos; data interoperability and composability
- You have to be your identity provider (risk, security, management)
- The average user has to have a higher level of expertise in identity
- Data leaks become more serious—all data has cryptographic authenticity!
- Complexity in user experience, integrating data in new ways
Risks of Decentralization
When people talk about Bitcoin and other crypto assets being a tool for freedom, they often don't mention the complexity that comes along with this freedom. Banks do a lot for us. They manage risk; secure and ensure our money; handle regulation and compliance on our behalf; give us added features like purchase protection; investigate fraud; and more. This isn't to say using a bank only has an upside; we've discussed some of the serious system risks in the centralized banking world.
Similarly, risks exist with decentralized identity. Just like being your own bank, now you are your own identity provider (like a bank for your data). Centralized identity systems give us a lot: they protect our data and comply with laws relating to privacy and data security; make sure we can sign into our accounts; provide data resiliency and availability; enable personalized experiences across the web; and more. Moving to a decentralized identity world is, too, not only upside.
By now, you should know what decentralization is, how to consider it, evaluate it, and how it applies to different systems. Decentralization is more than a buzzword; it's a methodology that encourages reducing the distribution of power, control, and authority in systems.
It is important to recognize that centralized and decentralized systems have tradeoffs. The more we can bring these tradeoffs to the forefront, and discuss them, the more opportunity we have to address and mitigate future problems that may arise from them. Once the risks of decentralized systems are mitigated, with greater technological advancement, such systems will realize their strong benefits and create better systems that keep human rights at the forefront and work better for all of us—distributing power, control, and authority, and empowering us individual humans to act equitably in the systems we are so vital to.
Stay tuned for future posts where I plan to dive deeper into decentralization in the context of identity and evaluate whether your decentralized identity system is truly decentralized.