Is Bitcoin over-paying for Hash-Power Security?

[bytemaster]

Ok, I am shocked!!  87% of people who have voted made the only vote that could possibly be wrong!   The reason 'more is always better' is wrong is because it entirely ignores cost (real and opportunity) as well as marginal utility.  In fact, I am willing to bet that given the choice between paying 10% of their bitcoins to some miner and not... most of these people would choose not to!   Why?  Because the opportunity cost would now be personal and not 'socialized' and people tend to think clearer when their own money is on the line.


So, I challenge each of you who voted for 'more is always better' to either withdraw your vote and post how much you would pay or select one of the other options.   Either that, or post here and explain why more is always better.

I have a theory that I believe yields an ASIC-proof design that is founded upon economics rather than technology.   I would like feedback.

1) Hashing power helps prevent double-spends.
     -  double-spends are only relevant with anonymous transactions of small amounts.
     -  if it is more profitable to mine than steal then private criminals will not steal
     -  where is the threshold at which the capital required to double spend is better invested in honest work?
  
2) Hashing power does nothing to prevent government takeover of the network.
     -  they can filter packets
     -  they can attack users, outlaw it, pass laws
     -  they can build asics
     -  they can coerce miners
     -  they have many other techniques other than 51% attack because a 51% attack only allows them to DOS the network for a short while.

3) I contend that hashing power centralizes control in the hands of who-ever has the economies of scale.  Even new POW designed for ASIC resistance do not change the economics of economies of scale and therefore centralization.

Theory:  The marginal utility of additional hashing power approaches 0 as difficulty approaches infinity.   Like all functions of this form there exists an inflection point where the value received by additional hash power is less than the price to purchase it.   So I started this poll to see where the community thinks this inflection point is.   Currently Bitcoin is paying $200 million / year to purchase hashing power from a handful of increasingly centralized ASIC firms.  This is coming at an inflationary cost of about 10% of the value of your bitcoins each year.   Is this amount of hash power actually providing you additional security for your coins or is it actually backfiring and causing centralization that ultimately leaves us less secure?

I contend that somewhere between $1 million and $5 million per year invested in hashing power would be more than enough to prevent all private (for-profit) criminals and anything more is ineffective against government criminals and thus waisted investment.

I then submit that if mining rewards could be capped at a market-value of  $1-5 million per year, that no one would ever invest money to create an ASIC or even invest significant resources to achieve economies of scale because the competition would be individuals with 0 capital costs using free-power provided by their employers, dorm rooms, hijacked bot-nets, etc and computers that have dual use.

This would then be the ultimate means of both decentralizing a currency and preventing ASICs while still defending against double-spend attacks.  The holders of the currency get the security they need and don't have to pay for security they don't.  

Is there some profitable attack that someone with $5 million could achieve on a network with $5 million in annual mining rewards?     Ie: could they profit more than $2.5 million / year from their double-spend attack and not end up in jail?

[1714826066]

1714826066

[1714826066]

1714826066

[solex]

Jeff Garzik's real time cost-of-attack measurement of Bitcoin network security:

https://www.resallex.com/bitcoin/brix

[bytemaster]

Jeff Garzik's real time cost-of-attack measurement of Bitcoin network security:

https://www.resallex.com/bitcoin/brix

Thanks for the link.  This link calculates the cost to attack, but doesn't factor in the profits from attack or what the attack would even yield.   You are only vulnerable if you accept payment from the attacker or if the attacker decides to stop including transactions (DOS).    For high-value transactions, the cost of the attack can be mitigated by waiting for enough blocks (say 100) to make the attack obvious to everyone on the network and pulling off repeat attacks would be very difficult as there are other measures that would kick in.

So, from a private criminal perspective how would they make money by investing $5 million dollars and attempting a double-spend?

[bytemaster]

Consider also that 'owners of the currency' have a financial incentive to mine below-market rates to protect their investment and ensure their transactions get processed.    So the cost to produce hash power would probably be greater than the direct payout received for mining it.

I suppose a rich, private company may attempt to undermine the currency and earn their profits on the side rather than directly via double-spending.

Conclusion: don't rely solely on proof of work to define the best chain.  If someone pops up with a new chain that is more than 6 to 10 blocks forked they are ignored until manual intervention is taken after community consensus can be reached about whether or not that 6-block fork was mined in private or the result of a legitimate chain split caused by a network outage.

[cunicula]

Hard to discuss numbers without defining a set of common assumptions.

I assume the poll is asking, "how many usd worth of hasing power per annum is necessary to secure the network right now?"
Where a $ of hashing power per annum is the Th you can rent for $1 for one year.
Furthermore, do you assume that the USD cost of renting a terahash for one year = the USD revenue of 1 terahash-year of mining? This is the most reasonable starting assumption in my view, but people often make alternative assumptions.

I guessed $10 million and rounded up to 20 since there was no 10 option available. 

[bytemaster]

I am talking about the economic cost to purchase one-year's worth of hash power equal to the hash power of the network such that your hash power becomes 51% of the new total.

I use $USD because the amount of hash power per USD changes over time.   

I assume that market forces push the cost of producing a hash equal toward the revenue earned per hash.   

[cunicula]

Okay, there is the additional issue of when. Obviously $20 million would be too much when the network was created. Similarly, it could easily become too little if bitcoin appreciates further.

Are you implying that there is some amount that would always be just right, regardless of how much a bitcoin is worth?

[bytemaster]

To all of you people selecting more-is-always-better I challenge you to defend your irrational belief.  I suppose you would gladly spend 100% of your income on taxes to provide even more security for the banks.  A police man at every cash register and triple factor authentication on every transaction?    After all there appears to be no limit to how much you are willing to spend on 'security'.  

If you think it needs be be more than $100 M then post here with a number.  But to assume the sky is the limit is to avoid all rational economic calculation.  

What exactly the attack that one could profitably make against $10 million dollars worth of electricity invested in hash power?

[bytemaster]

Okay, there is the additional issue of when. Obviously $20 million would be too much when the network was created. Similarly, it could easily become too little if bitcoin appreciates further.

Are you implying that there is some amount that would always be just right, regardless of how much a bitcoin is worth?

Yes, I am implying that it only needs to be high enough to prevent private, for-profit, criminals from making a profit on a double-spend.   Changing the 'rules' of the network requires more than hash-power, it requires consumers and merchants to use your fork. 

Thus you would need to find some other way of deriving profit by 'messing' with the network and I suspect that there are other techniques aside from increasing the hash power that would be sufficient to prevent DOS attacks.

[cunicula]

Okay, there is the additional issue of when. Obviously $20 million would be too much when the network was created. Similarly, it could easily become too little if bitcoin appreciates further.

Are you implying that there is some amount that would always be just right, regardless of how much a bitcoin is worth?

Yes, I am implying that it only needs to be high enough to prevent private, for-profit, criminals from making a profit on a double-spend.   Changing the 'rules' of the network requires more than hash-power, it requires consumers and merchants to use your fork.  

Thus you would need to find some other way of deriving profit by 'messing' with the network and I suspect that there are other techniques aside from increasing the hash power that would be sufficient to prevent DOS attacks.

You could profit by imposing a higher minimum fee on all txns. Say 5% demurrage per annum for example. This is just a forced conversion of bitcoin into paypal. Of course you never have to txn anything, but that can't go on forever. Ultimately the new paypal would end up with 5% of BTC's market cap in profit every year from this.

If bitcoin were successful and entrenched enough, the masses would just accept getting shafted. Just like people happily receive paypal's shaft every day. It would never work right now though. Too many other options out there and too few compelling reasons to stick with bitcoin. The market cap would take a significant hit.

Since 5% demurrage per annum has no fixed USD value, I'd say that the necessary hash rate doesn't have one either. At least not in USD. I think maybe 1% of btc's market cap per year is the necessary hash rate. Thus ~10 million USD and change right now, much less last year, and potentially much more if appreciation were to continue in future years.

[bytemaster]

Assuming $10 Million / year investment in hashing power, that comes out to $27,000 / day or about $200 per block.

If you ignore the initial capital cost and assume that you can 'rent' this hashing power for the purpose of your attack, then it would cost you $1200 to produce 6 blocks and you would only have a 50% chance of having the longest chain.   As a result you would have to do 2 attacks, costing a total of $2400 and you still don't have 100% chance of success.

There is of course some risk with getting caught and hauled into jail.  So there is some kind of risk-premium criminals would put on top of their double-spending efforts.  Lets call it 20%. 

As a result, I estimate that you would have to earn over $3000 from your double spend attack for it to make economic sense and this assumes you have no capital costs and are merely renting the CPU power. 

Assumptions:
    Revenue from mining cancels costs of mining with a small profit, say 5%.  Therefore, you can profit $10 per block by providing hash power.
    A private criminal would 'earn' $60 from the attack simply by producing the blocks.
    Any double-spend attack would be gravy if they could get away with it.
    Assume an attacker owns a bot-net and thus is not paying for electricity or capital costs, their only cost is 'opportunity cost' ... in this case they earn $2400 from mining and the double-spend is gravy.

Conclusions:
    As long as it is directly 'profitable to mine' you are subsidizing someone who is performing a 51% and double-spend attack.   
    To fight both centralization and double-spend attacks, the mining reward needs to below the cost to acquire the hash.  This would have two consequences:
         - operating a mining business for direct profit (from mining rewards) would not happen.
         - a double spend attack must make up for cost of mining at a loss

[bytemaster]

Okay, there is the additional issue of when. Obviously $20 million would be too much when the network was created. Similarly, it could easily become too little if bitcoin appreciates further.

Are you implying that there is some amount that would always be just right, regardless of how much a bitcoin is worth?

Yes, I am implying that it only needs to be high enough to prevent private, for-profit, criminals from making a profit on a double-spend.   Changing the 'rules' of the network requires more than hash-power, it requires consumers and merchants to use your fork.  

Thus you would need to find some other way of deriving profit by 'messing' with the network and I suspect that there are other techniques aside from increasing the hash power that would be sufficient to prevent DOS attacks.

You could profit by imposing a higher minimum fee on all txns. Say 5% demurrage per annum for example. This is just a forced conversion of bitcoin into paypal. Of course you never have to txn anything, but that can't go on forever. Ultimately the new paypal would end up with 5% of BTC's market cap in profit every year from this.

If bitcoin were successful and entrenched enough, the masses would just accept getting shafted. Just like people happily receive paypal's shaft every day. It would never work right now though. Too many other options out there and too few compelling reasons to stick with bitcoin. The market cap would take a significant hit.

Since 5% demurrage per annum has no fixed USD value, I'd say that the necessary hash rate doesn't have one either. At least not in USD. I think maybe 1% of btc's market cap per year is the necessary hash rate. Thus ~10 million USD and change right now, much less last year, and potentially much more if appreciation were to continue in future years.

Under my assumption, they would not be able to raise fees and keep them.   Their total revenue would be limited to $X million per year regardless of fees.   I would argue that Bitcoin is becoming centralized and will suffer the fate you think would occur by limiting the economic payout to miners.    I was trying to avoid implementation details because they muddy the water, but this is how I would do it.

Assuming the block chain knows the value of Gold because of something like BitGold trading on the chain.   The block validation rules could be such that the maximum value of the mining reward paid to the miners is set in terms of gold.  Any surplus fees or mining rewards would be paid as dividends to the holders of the currency.   It is now in the best interest of the owners of the currency to maximize dividends and minimize mining rewards.   They could then profit by mining to include transactions with high fees even if the mining reward was below the cost  of electricity. 

As a result the network would insure a minimum level of security but there would still be financial incentive for the owners of the currency to mine on their own.  If someone attempted to turn it into paypal by charging high fees to be included in blocks, their profits would be split among everyone in the network rather than centralized in the miner.

[Anon136]

To all of you people selecting more-is-always-better I challenge you to defend your irrational belief.  I suppose you would gladly spend 100% of your income on taxes to provide even more security for the banks.  A police man at every cash register and triple factor authentication on every transaction?    After all there appears to be no limit to how much you are willing to spend on 'security'.  

If you think it needs be be more than $100 M then post here with a number.  But to assume the sky is the limit is to avoid all rational economic calculation.  

What exactly the attack that one could profitably make against $10 million dollars worth of electricity invested in hash power?

http://www.youtube.com/watch?v=faSa3r8WIU0

[smoothie]

No.

Overpaying compared to existing pay networks and banking system? Definitely not.

[AnonyMint]

If you think it needs be be more than $100 M then post here with a number.  But to assume the sky is the limit is to avoid all rational economic calculation.

With a $40 trillion a year global economy, 5% in PoW debasement (the USA wages and GDP both grew by 5% nominally per annum from 1790 to current, so inflation goes into wages) is $2000 billion a year. That is how much I think we need to prevent the scenario I am worried about below.

Also this $2000 billion ($2 trillion) will go to the owners of PCs, if we perfect the PoW algorithm, so they get both the rise in wages and the debasement back as mining profits. Win-win.

What exactly the attack that one could profitably make against $10 million dollars worth of electricity invested in hash power?

This (world war 3 to bring in the SDR system)! And it is underway now. Most people are naive to the reality ongoing now. Go watch the video of General Wesley Clark explaining that the USA had a plan for over a decade to overthrow 7 countries in the Middle East. Obama is going to war with or without the vote of Congress and the public, just as he did in Libya.

Conclusion: don't rely solely on proof of work to define the best chain.  If someone pops up with a new chain that is more than 6 to 10 blocks forked they are ignored until manual intervention is taken after community consensus can be reached about whether or not that 6-block fork was mined in private or the result of a legitimate chain split caused by a network outage.

Forget the profit motive. What we have to protect against is the international bankers are moving us to a NWO with SDRs as explained in my first link above.

Network outage and packet filtering is something they can do.

So we have to think about what happens to the blockchain in that case.

This is why I am not enamored with BitAssets right now. I want to focus on designing a currency that can survive what we will be going through in the next few years. I'd rather give up exact timing on the arrival of the blocks of the blockchain under adverse conditions.

[bytemaster]

If you think it needs be be more than $100 M then post here with a number.  But to assume the sky is the limit is to avoid all rational economic calculation.

With a $40 trillion a year global economy, 5% in PoW debasement (the USA wages and GDP both grew by 5% nominally per annum from 1790 to current, so inflation goes into wages) is $200 billion a year. That is how much I think we need to prevent the scenario I am worried about below.

Also this $200 billion will go to the owners of PCs, if we perfect the PoW algorithm, so they get both the rise in wages and the debasement back as mining profits. Win-win.

What exactly the attack that one could profitably make against $10 million dollars worth of electricity invested in hash power?

This (world war 3 to bring in the SDR system)! And it is underway now. Most people are naive to the reality ongoing now. Go watch the video of General Wesley Clark explaining that the USA had a plan for over a decade to overthrow 7 countries in the Middle East. Obama is going to war with or without the vote of Congress and the public, just as he did in Libya.

Conclusion: don't rely solely on proof of work to define the best chain.  If someone pops up with a new chain that is more than 6 to 10 blocks forked they are ignored until manual intervention is taken after community consensus can be reached about whether or not that 6-block fork was mined in private or the result of a legitimate chain split caused by a network outage.

Forget the profit motive. What we have to protect against is the international bankers are moving us to a NWO with SDRs as explained in my first link above.

Network outage and packet filtering is something they can do.

So we have to think about what happens to the blockchain in that case.

This is why I am not enamored with BitAssets right now. I want to focus on designing a currency that can survive what we will be going through in the next few years. I'd rather give up exact timing on the arrival of the blocks of the blockchain under adverse conditions.

Exactly, we need to spend 200 billion on security at that scale, but not via hashing power.   It would be like a $200 B lock on your front door while you have windows right next to it. 

I argue that security comes from privacy and public support / popularity.   You must win the hearts and minds of the public against the propaganda that government will throw at the system to justify their crackdown.   

Then the protocol must be robust to high-latency, low-bandwidth situations and not rely entirely on hash power for validating the consensus.   So to blindly throw $200 million toward hash power when it could be redirected toward public relations and other forms of security is insane.

[johnyj]

The biggest concern IMO is the heat generated by ASIC devices, they might melt antarctica  

(Edit: This is not a concern anymore, thanks to D&T's clarification)

[AnonyMint]

Exactly, we need to spend 200 billion on security at that scale, but not via hashing power.   It would be like a $200 B lock on your front door while you have windows right next to it. 

I argue that security comes from privacy and public support / popularity.   You must win the hearts and minds of the public against the propaganda that government will throw at the system to justify their crackdown.   

Then the protocol must be robust to high-latency, low-bandwidth situations and not rely entirely on hash power for validating the consensus.   So to blindly throw $200 million toward hash power when it could be redirected toward public relations and other forms of security is insane.

The international bankers are taking us into chaos of WW3 with or without the support of the people. You can do all the PR you want and won't stop them from taking us into war and impoverishing the majority.

The majority is weak. They depend on socialism and the international bankers for their daily needs.

Unless you can design a socialistic coin to give all the masses everything they want for free, you are never going to win the PR battle against the international bankers who offer the masses everything via debt and socialize the defaults into wars.

So I completely disagree with your naive idea that you can overthrow human nature. Go ahead and try if you want.

I am interested in a coin design that can continue to function even under attack by the $trillions that the powers-that-be have access to.

It doesn't need to be used by everyone, just by those who want to exist outside the "system". I am not going to try to change the "system". Everyone who has tried since before and after Jesus has failed to stop human nature.

Is it possible to design a system that can withstand attacks both on the PoW and also on the network infrastructure that carries the packets?

I am not so sure it is possible. That is what I am evaluating now.

[bytemaster]

Exactly, we need to spend 200 billion on security at that scale, but not via hashing power.   It would be like a $200 B lock on your front door while you have windows right next to it. 

I argue that security comes from privacy and public support / popularity.   You must win the hearts and minds of the public against the propaganda that government will throw at the system to justify their crackdown.   

Then the protocol must be robust to high-latency, low-bandwidth situations and not rely entirely on hash power for validating the consensus.   So to blindly throw $200 million toward hash power when it could be redirected toward public relations and other forms of security is insane.

The international bankers are taking us into chaos of WW3 with or without the support of the people. You can do all the PR you want and won't stop them from taking us into war and impoverishing the majority.

The majority is weak. They depend on socialism and the international bankers for their daily needs.

Unless you can design a socialistic coin to give all the masses everything they want for free, you are never going to win the PR battle against the international bankers who offer the masses everything via debt and socialize the defaults into wars.

So I completely disagree with your naive idea that you can overthrow human nature. Go ahead and try if you want.

I am interested in a coin design that can continue to function even under attack by the $trillions that the powers-that-be have access to.

It doesn't need to be used by everyone, just by those who want to exist outside the "system". I am not going to try to change the "system". Everyone who has tried since before and after Jesus has failed to stop human nature.

Is it possible to design a system that can withstand attacks both on the PoW and also on the network infrastructure that carries the packets?

I am not so sure it is possible. That is what I am evaluating now.

Everything has a price and the market balances cost vs benefit of every choice you make.  Decentralization isn't free and the measures required to defend against WWIII level attacks would require extensive compromises in functionality, speed of transactions, transaction fees, etc.   Ultimately all that is needed is:

1) a means to broadcast to the entire world.
2) a means to receive that broadcast.

If you can do those two things cheaply and in a decentralized/timely manner then the system will work.

[crumbs]

Can we discuss bitcoin security using bitcoins instead of dollars?

If bitcoin value (in $$$) doubles, the dollar total spent on securing the network should also double.  Denominating security cost in bitcoins would spare us needles mental acrobatics.

I'm also not sure of utility to be gained from the answer.

Profit is the primary motivator of both ASIC manufacturers and miners.  Not network security.  If additional hashpower didn't offer any extra security, it wouldn't effect the miner arms race in the slightest.

TL;DR:  Added security is simply a byproduct, not the goal of upping the hashrate.  As long as it is possible to make more bitcoins with MinerX than the sum of its cost & energy cost, MinerX will go online.  If security is improved?  That's just a clever bit of the bitcoin concept.