Chapter 5: The Axiom of Resistance

"One who does not accept the axiom of resistance is contemplating an entirely different system than Bitcoin."

Eric Voskuil, Cryptoeconomics (2019)^1^

The book uses "axiom" three times: the Action Axiom of Chapter 3, the Argumentation Axiom of Chapter 4, and the Axiom of Resistance of this chapter. The three are not axioms in the same sense, and the difference is worth marking before the chapter proceeds.

The Action Axiom is self-evident in the strict praxeological sense. Mises holds that the proposition "human beings act purposefully" cannot be denied without performing the purposeful behavior the denial would deny. It is true a priori and grounds the descriptive science of action.

The Argumentation Axiom is performatively undeniable in Hoppe's sense. Anyone who enters argument has already presupposed self-ownership, the right to use one's body to make claims, and the norms that make discourse possible. It grounds the normative side of the framework.

The Axiom of Resistance is methodological. It is a working assumption about engineering possibility, drawn from cryptographic theory and the empirical record of deployed systems, that defines the subject matter of any analysis of freedom technology. Eric Voskuil introduced the term in Cryptoeconomics to mark the boundary between systems that can resist external control (Bitcoin, Tor, end-to-end encryption) and systems that cannot (PayPal, central-bank money, platform-mediated identity). One who rejects this assumption commits no logical error; the rejection shifts the subject matter to systems that do not resist.

The three serve different roles. Action explains the economics of voluntary order. Argumentation supplies the ethics that prohibits aggression. Resistance supplies the strategy without which the first two cannot be defended in practice. Perfect ownership of goods is an empty norm if the owner hands the goods over the moment an aggressor appears. The three together form the backbone of any thorough analysis of freedom technology, and the rest of the chapter examines what the third assumption asserts and on what grounds it is well-supported.

Introduction

This chapter presents the third foundation: the Axiom of Resistance. Unlike the preceding axioms, this is an assumption, not a self-evident or normative claim. Eric Voskuil, in his analysis of Bitcoin's security model, states that it is "not accepted as a fact but deemed a reasonable assumption, due to the behavior of similar systems."^2^

The assumption is this: systems can be designed to resist external control. Cryptographic tools can make surveillance technically difficult. Mathematical properties can protect privacy in ways that political promises cannot. You can coherently deny this assumption; PayPal-type systems, which rely on central authority, are perfectly coherent objects of analysis. Rejecting the Axiom of Resistance does not commit any logical error. It shifts the subject matter to the design of systems that do not resist.

But the assumption is well-grounded. It rests on mathematical foundations and empirical evidence, reinforced by methodological necessity. This chapter examines what the axiom asserts and why it is well-grounded, then marks where its limits begin.

5.1 What the Axiom Asserts

The Core Claim

The Axiom of Resistance asserts that it is possible to design systems that resist external control, and it rests on several concrete capabilities. Cryptographic systems can protect information from unauthorized access, decentralized networks can operate without single points of control, and mathematical properties can provide stronger guarantees than legal or political protections. Resistance is not guaranteed, but it is technically achievable.

What "Resistance" Means

Resistance is the capacity to impose costs on adversaries attempting control. A system resists to the degree that circumventing its protections requires resources exceeding what adversaries are willing or able to expend. Resistance is not binary but exists on a spectrum: a system may resist casual attackers but not nation-states, or resist all known attacks but remain vulnerable to advances in mathematics or computing.

Resistance operates across several dimensions: computational (cryptographic systems require resources that are practically unobtainable, as a 256-bit key demands more brute-force operations than the age of the universe permits), economic (the cost of attack exceeds the value of success, so even a breakable system resists if breaking it costs more than the information is worth), structural (decentralized systems present no single point to attack, since taking down one node leaves others operating and compromising one participant does not compromise the network), and jurisdictional (systems distributed across legal boundaries resist because no single authority can compel compliance from all components).

Resistance is not invulnerability. No system is perfectly secure. The axiom claims that resistance is possible: systems can be designed such that overcoming them requires resources exceeding what attackers are willing to expend. Resistance is also asymmetric, meaning defenders can achieve protection at lower cost than attackers can achieve breach; encryption is cheap, while breaking strong encryption is expensive. This asymmetry shifts the balance of power. Without cryptographic protection, surveillance is easy and privacy is hard. With cryptographic protection, privacy becomes feasible and surveillance becomes costly.

What the Axiom Does NOT Assert

The axiom does not claim that resistance is guaranteed; systems can fail, implementations can have bugs, users can make mistakes, so the axiom assumes resistance is possible, not that it always succeeds. Nor does it claim that resistance is absolute, since states have resources individuals lack and can sometimes overcome resistance through legal compulsion, physical coercion, or massive resource expenditure when sufficiently motivated. The axiom does not claim that resistance solves all problems, as physical coercion, social engineering, and human error affect both costs and outcomes. Finally, unlike the Action Axiom, denial of resistance creates no logical contradiction; the axiom is assumed, not proven, and this distinguishes its logical status from the self-evident foundations examined in earlier chapters.

5.2 Why the Axiom Is Well-Grounded

Though an assumption and not a proof, the Axiom of Resistance rests on substantial foundations.

Mathematical Grounding

Modern cryptography rests on computational hardness assumptions.^3^ Certain mathematical problems appear to be difficult to solve. Factoring large numbers presents one such challenge: given two large primes, multiplying them is easy, but given their product, finding the original primes is computationally infeasible with current technology. The discrete logarithm problem exhibits similar properties; in certain mathematical structures, computing a value is easy while reversing the computation is infeasible.^13^ Hash function preimage resistance provides another foundation: given a cryptographic hash output, finding an input that produces that output is computationally infeasible. These hardness assumptions underlie RSA,^14^ elliptic curve cryptography,^15^ and the hash functions used in Bitcoin and other systems. If the assumptions hold, the cryptographic protections are real.

The assumptions are not proven. If P equals NP, a question that remains open, most current cryptographic assumptions would collapse. The entire edifice of public-key cryptography rests on conjectures that, while well-supported by decades of failed attacks, have no mathematical proof of correctness.

Algorithmic progress continues. The General Number Field Sieve^16^ improved factoring efficiency over earlier methods, lattice-based attacks weakened certain elliptic curve implementations, and quantum computing, discussed in Chapter 14, threatens to break most current public-key cryptography entirely.^4^ The security margins that seem comfortable today may narrow as mathematics and computing advance.

What decades of research have established is not that these problems are provably hard, but that no one has yet found efficient solutions. The assumptions are empirically well-grounded, not mathematically proven. Cryptographic security is therefore contingent on the continued failure of attack research, not on impossibility already proved. Chapter 14 examines these computational foundations in detail.^5^

Empirical Track Record

Systems designed for resistance have shown actual resistance. The Tor network, operating since 2002, has provided anonymous communication at meaningful scale despite state-level adversaries. Its limits are real: timing attacks, compromised exit nodes,^17^ and user error remain concerns. Even so, Tor has continued operating and remains one of the most durable public anonymity systems ever deployed. Bitcoin, operating since 2009, has processed transactions and maintained consensus without a central authority; states have constrained exchanges, miners, and access points, but they have not shut down the network. PGP and its descendants have protected communications for decades with strong encryption.^6^ When keys are unavailable, prosecution still does not give authorities decryption by fiat. Signal and other end-to-end encrypted messaging applications have protected private communications at scale.^7^

This empirical record does not prove resistance will always succeed. But it establishes that resistance has succeeded in practice over extended periods against well-resourced adversaries.

Methodological Necessity

Voskuil emphasizes that accepting the Axiom of Resistance defines what we are analyzing. "One who does not accept the axiom of resistance is contemplating an entirely different system than Bitcoin."

If you assume resistance is impossible, you are analyzing permissioned systems: PayPal, bank accounts, regulated financial institutions. These systems operate at the pleasure of authorities and can be shut down or surveilled at will.

If you assume resistance is possible, you are analyzing permissionless systems: Bitcoin, Tor, end-to-end encryption. These systems operate independently of authorities and resist control by design.

Both types of systems exist. Both are worthy of study. But they are different, and analysis appropriate to one may not apply to the other. The axiom is a methodological choice that defines the subject matter.

Epistemic Problem with Denial

There is an epistemic peculiarity in denying the Axiom of Resistance.

If resistance is impossible, if states can control all information flows and overcome all cryptographic protection, then how would you know? Your sources of information would be controlled. Your ability to discover resistance possibilities would be limited. Your belief that resistance is impossible might be a product of the control you think is total.

The observation is not a proof that resistance is possible. But it suggests that confident denial faces its own epistemic challenges. The denier cannot easily verify their denial without access to information that, if the denial is correct, they cannot trust.

5.3 Relationship to Other Foundations

Action Axiom (Chapter 3)

The Action Axiom establishes that privacy is built into the structure of action. Deliberation is internal; preferences are subjective; information asymmetry is inherent.

The Axiom of Resistance asks: can this inherent property be protected? Can the privacy that exists as a fact of human action be preserved against attempts to eliminate it?

The Resistance Axiom assumes yes. Technical protection is possible. The structural privacy of action can be maintained through cryptographic means.

Argumentation Axiom (Chapter 4)

The Argumentation Axiom argues that privacy cannot be coherently denied in discourse. Self-ownership includes control over one's mental processes and communications.

But this normative conclusion is empty without implementation. Claiming that privacy should be protected does not make it protected.

The Axiom of Resistance bridges the gap between normative and practical. If resistance is possible, then the privacy that ought to be protected (per Chapter 4) can be protected (per Chapter 5).

The Three Foundations Together

The three foundations fit together. Chapters 3 and 4 established what privacy is and grounded its moral and economic stakes. This chapter adds the practical premise: it can be protected.

Chapter Summary

The Axiom of Resistance is the third foundation: systems can be designed to resist external control, not as a proved fact but as a well-grounded assumption. It rests on computational hardness in cryptography, the empirical record of Tor,^8^ Bitcoin,^9^ and end-to-end encryption resisting pressure for years, and the methodological point that accepting the axiom defines the subject matter of the rest of the book. The epistemic peculiarity of its denial, that a person who could never verify resistance also cannot reliably conclude it is impossible, does not prove the axiom but narrows what confident rejection can coherently assert.

The axiom claims possibility, not inevitability. Resistance often fails under physical coercion (the "$5 wrench attack"),^10^ implementation error,^11^ user mistakes, or insufficient network scale. It is also not costless. Cryptography makes digital defense cheap and digital attack expensive, but physical coercion inverts the asymmetry, and system design can shift costs without eliminating them. Today's security may be tomorrow's vulnerability as threats evolve and states bring resources individuals lack: legal authority, compelled cooperation, supply-chain access. The assumption remains an assumption, and reasonable people can reject it while analyzing different systems. What it makes possible is the rest of the book, which proceeds under the first choice.^12^

---

Endnotes

^1^ Eric Voskuil, "Axiom of Resistance," Cryptoeconomics: Fundamental Principles of Bitcoin, available at https://github.com/libbitcoin/libbitcoin-system/wiki/Axiom-of-Resistance.

^2^ Voskuil, "Axiom of Resistance." The full quote: "The axiom is not accepted as a fact but deemed to be a reasonable assumption, due to the behavior of similar systems."

^3^ On computational hardness and cryptographic assumptions, see Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, 3rd ed. (Boca Raton: CRC Press, 2020), particularly chapters on computational security and hardness assumptions.

^4^ On post-quantum cryptography, see NIST Post-Quantum Cryptography Standardization project, https://csrc.nist.gov/projects/post-quantum-cryptography. NIST released the first finalized post-quantum encryption standards in August 2024.

^5^ On the P vs NP problem and its implications for cryptography, see Scott Aaronson, Quantum Computing Since Democritus (Cambridge: Cambridge University Press, 2013), and Michael Sipser, Introduction to the Theory of Computation, 3rd ed. (Boston: Cengage Learning, 2012).

^6^ Phil Zimmermann released PGP (Pretty Good Privacy) in 1991; for "Why I Wrote PGP" (1991) and the cypherpunk-history treatment, see Chapter 2, note 15. The protocol is standardized as OpenPGP, currently RFC 9580 (July 2024) with RFC 4880 (2007) as the historical reference; the canonical project page is https://www.openpgp.org/.

^7^ Signal Foundation, https://signal.org/, with protocol specifications at https://signal.org/docs/. The Double Ratchet protocol underlying Signal is the reference design for modern end-to-end encrypted messaging; for the wider systems-cluster treatment, see Chapter 2, note 8. Substantive treatment of Signal occurs in Chapter 17.

^8^ On Tor's security model and limitations, see Roger Dingledine, Nick Mathewson, and Paul Syverson, "Tor: The Second-Generation Onion Router," USENIX Security Symposium (2004). For ongoing analysis, see https://blog.torproject.org/.

^9^ On Bitcoin's security model, see Voskuil, Cryptoeconomics (cited in note 1 above), particularly the sections on security models and economic assumptions. For the wider Austrian-praxeological treatment of Cryptoeconomics, see Chapter 2, note 5.

^10^ Randall Munroe, "Security," xkcd #538, https://xkcd.com/538/. The comic depicts an attacker bypassing strong encryption by physical coercion ("hit him with this $5 wrench until he tells us the password"), the canonical illustration that cryptographic resistance does not extend to the threat model of physical force. The phrase "rubber-hose cryptanalysis" is the older synonym in the cryptographic literature.

^11^ On implementation failures and their lessons, see Ross Anderson, Security Engineering, 3rd ed. (Indianapolis: Wiley, 2020), particularly the chapters on cryptographic implementation failures.

^13^ On the discrete logarithm problem as a cryptographic hardness assumption, see Whitfield Diffie and Martin E. Hellman, "New Directions in Cryptography," IEEE Transactions on Information Theory 22, no. 6 (1976): 644–654. This foundational paper introduced public-key cryptography by exploiting the asymmetry between computing discrete logarithms and inverting them, establishing the computational basis that RSA and elliptic curve systems later extended.

^14^ R. L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM 21, no. 2 (1978): 120–126. The original RSA paper; the system's security rests on the integer factorization hardness assumption described in the surrounding paragraph.

^15^ Victor S. Miller, "Use of Elliptic Curves in Cryptography," in Advances in Cryptology - CRYPTO '85, Lecture Notes in Computer Science 218 (Berlin: Springer, 1986), 417–426; Neal Koblitz, "Elliptic Curve Cryptosystems," Mathematics of Computation 48, no. 177 (1987): 203–209. These two independent papers introduced elliptic curve cryptography; ECC achieves equivalent security to RSA with shorter keys, making it the dominant public-key primitive in modern deployments including Bitcoin's secp256k1 curve.

^16^ A. K. Lenstra, H. W. Lenstra Jr., M. S. Manasse, and J. M. Pollard, "The Number Field Sieve," in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (1990), 564–572. The General Number Field Sieve is the most efficient known classical algorithm for factoring large integers, running in sub-exponential time; its development required significant upward revision of RSA key-length recommendations and illustrates how algorithmic progress can erode assumed security margins.

^17^ On Tor's known attack surface, see Steven J. Murdoch and George Danezis, "Low-Cost Traffic Analysis of Tor," Proceedings of the 2005 IEEE Symposium on Security and Privacy (2005), 183–195; and Aaron Johnson et al., "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries," Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (2013), 337–348. These papers document timing-correlation and exit-node attacks that remain the primary practical limitations of the Tor anonymity model against well-resourced adversaries.

^12^ Further reading on resistance, security, and the cryptographic-political interface. On the theoretical foundations of computational security, Katz and Lindell, Introduction to Modern Cryptography (cited in note 3 above), is the graduate-level standard. For the practitioner introduction (Ferguson, Schneier, and Kohno) and the canonical treatment of cryptography and state capability (Diffie and Landau, Privacy on the Line; Landau, Listening In), see Chapter 1, note 5. For the conceptual case that cryptography changes political economy, Timothy C. May's Cyphernomicon, already cited, is the primary-source sprawling cypherpunk framing. For the cryptocurrency-specific version, see Voskuil, Cryptoeconomics (cited in note 1 above), and the wider Austrian-praxeological treatment at Chapter 2, note 5. On resistance as a broader phenomenon beyond cryptography, James C. Scott's corpus is the standard: for Seeing Like a State (Yale University Press, 1998), see Chapter 1, note 6; the wider corpus extends through Weapons of the Weak: Everyday Forms of Peasant Resistance (Yale University Press, 1985) and The Art of Not Being Governed: An Anarchist History of Upland Southeast Asia (Yale University Press, 2009). For Austrian-libertarian political theory on resistance, Murray N. Rothbard, For a New Liberty: The Libertarian Manifesto (Macmillan, 1973), and The Ethics of Liberty (cited at Chapter 2, note 3); and Hans-Hermann Hoppe, Democracy: The God That Failed: The Economics and Politics of Monarchy, Democracy, and Natural Order (Transaction, 2001), are the canonical texts. For the analytic defense of philosophical anarchism from outside the Austrian tradition, Michael Huemer, The Problem of Political Authority (cited at Chapter 4, note 13). On the post-quantum transition and its strategic implications, Michele Mosca, "Cybersecurity in an Era with Quantum Computers: Will We Be Ready?" IEEE Security & Privacy 16, no. 5 (2018): 38–41, https://arxiv.org/abs/1512.04202, introduces the "Mosca inequality" framework; the ongoing NIST process at https://csrc.nist.gov/projects/post-quantum-cryptography tracks the standardization.

---

<- **Previous: Chapter 4: The Argumentation Axiom and Self-Ownership** |

-> Next: Information, Scarcity, and Property |

The Praxeology of Privacy -- third edition. New chapters publish daily at 1600 UTC.