Note that this is from last July, when the price of BTC was significantly lower and thus the price of the attack is likely higher now. That said, this becomes more feasible in the long-run when mining is purely funded by transaction fees.
Something I don’t see talked about much is the fact that, although Bitcoin is intended to be non-inflationary in the long run, the mining network that keeps it secure is currently 80-90% subsidized by inflation.
Hey, author here - I think you're absolutely right that there is a risk that demand for blockspace doens't generate sufficient block reward to provide useful security guarantees. If that is the case, it could cause the price of BTC to fall which could create a negative feedback loop. This would, at best, create an end of the 21m cap and at worst trigger a collapse of the game entirely.
Is the plan to secure a fully-mined chain just rampant value-inflation in a way that is completely detached from supply and demand? Today my 1e-1000 bitcoin is worth 10 carrots, tomorrow it is worth 20 everything else held equal? How does that even work in practice?
Alternatively you need transactions to pay entirely for the security of the chain. This doesn't seem feasible when chain security costs rise everyday as the cost of energy deceases. And if transaction fees increase to compensate and people transact less the whole thing blows up.
The "official" plan is for low-value transactions to happen on the Lightning Network and high-value (e.g. >$1M) transactions paying high fees to happen on-chain.
Lets assume they solve all the math challenges with the routing: The on-boarding is still a challenge as it demands one initial on-chain transaction.
If 10% of the current facebook users want to get on lightning and we can make 6 transactions per second it will take 17 months before all are on board - and this is assuming no other types of transactions (so any payment made with BTC will delay this)
A very simple way to increase block rewards is making blocks SMALLER.
It is game theory: If you really want your transaction to be on-chain, you pay for it. And smaller blocks means less transactions will fit in one block. So fees will need to go up.
In theory... but demand has elasticity. If the market has no way to equilibrate at a state that produces sufficient returns, there's no constraining of supply that can produce the returns needed. And that is the risk/unknown.
Many people (me included) would consider Bitcoin to have failed at that point. It's pretty clear that the ecosystem believed in the cap, and removing it is a bait-and-switch.
Given we're currently floating around 10-15% fee-supported at the moment, I'd say most people are optimistic that we will succeed in moving Bitcoin into its final economic phase (i.e. in 10 years it will be 50% fees).
This is why the original design focus on fees in great volume to be the main incentive to be a miner and using the block reward as both A) a way of distributing the original minting of coins and B) a transition mechanism until volume is so large that the fees can sustain the miner incentive.
The reward paid to miners is mostly newly minted BTC.
Presently 6.25 BTC newly created with each block, about 1-2 BTC in fees. Mining has been paid for by increasing the BTC supply, for all of Bitcoin's history so far. Eventually that will have to change as the reward keeps halving. At some point there is no block reward and it's all fees. Will people pay enough in fees to sustain mining at a rate that's impossible for a large actor to 51%?
No they won't. As the cost of 51% attack is actually the cost of fee of cancelled transaction(and subsequent ones) plus created coins. The attacker can collect all the fees also from those blocks they mined for attack...
Ofc, if the mining is sufficiently large that it is impossible for anyone to collect enough power, then sure. But that is quite expensive proposition in general...
No he means inflation. New coins are being mined all the time, causing existing coins to lose value. This does not really matter yet since total demand for bitcoins has been increasing faster than the total supply, leading to an increase in price.
Thanks, but I mean inflation: miners were paid a subsidy in new Bitcoin for their contribution to the network. This has an inflationary effect on Bitcoin, although it was overshadowed by increased demand over the same period.
GP might be referring to the fact that currently, 80-90% of the miners' reward is "coinbase", ie newly minted coins (which expand the money supply and could be considered inflationary), while only 10-20% of the mining reward is from fees, ie cut on the transactions.
I would assume that the author meant to mean "growth in the supply of bitcoin." Which seems like a reasonable error to make, because printing money typically has an inflationary effect, even if it isn't technically synonymous with inflation.
Maybe dilution is a better term? If all other factors could be held equal, then the real value of the ~6BTC reward for mining a block would, in effect, come from a tiny reduction in the real value of everyone else's BTC assets that would result from the supply of BTC having increased.
It creates an interesting situation. Right now, the cost of actually operating the BTC network is largely supported by every single person who owns BTC, proportionally to how much BTC they actually have. As the mining reward continues to taper off, that is going to shift toward the cost primarily being covered by transaction processing fees. That will change something fundamental about the economics of Bitcoin, although I'm not sure exactly how.
It's not an error, it's a different (yet common) usage of the word "inflation" to mean expansion of the money supply, rather than the more common usage meaning a decrease in the purchasing power of money.
I always wondered about that and perhaps someone here can explain. After bitcoin reaches its "full" volume, mining rewards will go away and the only way miner income can stay the same is if transaction fees rise to match. Since the competition of miners basically converges to "block reward is equal to electricity cost equivalent", this would mean transaction costs increase to an insanely huge amount. Not paying the larger transaction costs would lead to the less efficient miners being squeezed out of the pool of miners, leading to less hashing power overall and thus an increased vulnerability to attack.
How does the system intend to keep up miner income after all bitcoins have been mined?
There are a couple answers to this question, but the truth is we have ~100 years to figure this out, and the world will be a very different place then.
It's an unsolved problem, and all solutions would require a majority of the mining pool to get on board.
You could periodically increase the block size, splitting the transaction fee among more transactions. Although larger blocks make it more difficult to produce hashes, so more power would be consumed, thus increasing the transaction fees further.
You could change the block reward such that there's a larger block reward or even some kind of sustained rate of inflation. The cap of 21 million bitcoin isn't a fundamental unit, it can be changed if a majority of the mining pool decides to.
You could switch to Proof of Work, which doesn't use nearly as much electricity. Given how long this has taken Ethereum, this would probably be a multi year effort.
If the Lightning network were to take off, it might also help with this for day to day users. I'm not super confident about that though. I don't think a Layman is going to deal with the Lightning network, personally. Especially with the current narrative of bitcoin being a "store of value" rather than a currency. Bitcoin proponents don't seem to be advocating using it as a day to day payment tool.
Of course, there could also just never be any consensus on the direction to take, the network could be attacked, people could bail on bitcoin for other cryptocurrencies or just abandon cryptocurrencies all together and it could become a relic of history.
periodically increase the block size, splitting the transaction fee among more transactions. Although larger blocks make it more difficult to produce hashes
Couldn’t they simply lower the baseline difficulty along with a block size?
Edit: and wouldn’t difficulty drop automatically in this case?
Bitcoin is best understood as a timestamping service that signs up to 1MB of information every 10 minutes. Recording monetary transactions is only one of its applications.
The 10 minute interval is an important part of the consensus mechanism as it has been proven secure both theoretically and practically. With shorter block interval and odds of orphan blocks and small chain reorgs would become more likely and this could break some aspects of security model such as zero-conf transactions.
By the way larger blocks don't take longer to hash - only the fixed size header is used for PoW. However larger or more blocks do require more bandwidth and storage to process.
By the way larger blocks don't take longer to hash - only the fixed size header is used for PoW.
Yeah, I forgot about merkle trees or something like that. So, do I get it right, there is no problem in increasing a block size? Just start to sign up to 50MB every 10 minutes in 2022 and that’s it?
However larger or more blocks do require more bandwidth and storage to process.
But isn’t amount of data depend on tx count? No matter how big chunks you split them into, it’s the same bytes per minute in the end. Why hard limit at all?
The original security model of bitcoins also assumes that:
1. Every network node participates in mining. So everybody is incentivized to keep, validate and forward the blocks they receive as quickly as possible.
2. Anybody should be able to bootstrap a network node and verify the entire blockchain from the genesis block without explicitly trusting any other node. Thus when a new block arrives one can independently verify it.
#1 has not been the case for a few years since the advent of mining pools, whereas #2 might as well be a lost cause. The entire bitcoin blockchain sits at 330GB and counting, and the live UTXO database is rarely below 3GB.
Hence people have argued against making the blocks larger as it could bloat the blockchain to the point that only people with very powerful computers could afford to validate the chain on their own. However with the status quo we are already seeing the number of network nodes stagnate around 10k since 2017 as running one is largely an altruistic effort.
>But isn’t amount of data depend on tx count? No matter how big chunks you split them into, it’s the same bytes per minute in the end. Why hard limit at all?
That is correct. You could also see the limit as putting a minimum cost for putting information on the chain and this could benefit the miners too.
Your speculation doesn't square well with the original whitepaper that preempts your concerns by pointing out how you don't have to run a full node. It introduces SPV and points out you just need to store 80byte block headers (total of 50MB in 2021). (Satoshi was a big believer in SPV)
I was more or less quoting the point of view of the current crop of developer who are very keen to keep the status quo. Not that I necessarily agree with all of their arguments, however they make good counter points to the other extreme viewpoint of "let's have 4GB blocks tomorrow and everything will be A-OK"
Well that’s the question and the reason for the block war and the BTC/BCH split.
I’m not sure myself. Attempt to drive people towards LN or other “second layer” solutions for payments? Or deliberate attempt to create a high fee market for miners? Or attempt to keep bandwidth and storage costs down to lower barrier to entry for mining, to keep it more decentralised?
Certainly the decision to keep the cap has caused the move from “digital currency” to “digital gold” / store of wealth.
Yea, difficulty would drop. You'd end up producing a block more often than every 10 minutes. There's probably some lower bound on difficulty (and block frequency) that also maintains network consensus.
I meant drop xN by less baseline but increase xN by more difficult blocks, thus still 10min per block. But your sibling commenter now noted that the block size doesn’t affect difficulty. That’s confusing.
It's unclear if that would solve the problem. If BTC becomes a global store of value (which it seems to be in the process of), the avg. transaction value goes up and with it the fees that can potentially be paid. The block size cap ensures that there is a fee market if there's enough demand for transactions, so that not everyone simply pays the minimum fee. If you increase the cap this market might disappear and leave miners with _less_ income.
> The cap of 21 million bitcoin isn't a fundamental unit, it can be changed if a majority of the mining pool decides to.
No.
1. It is one of _the_ fundamental selling points of BTC.
2. A miner majority isn't sufficient to force such changes, the mined blocks would simply be invalid for any validating client. So you need to get users on board too.
I think the solution will be L2/L3 transactions for payments and L1 transactions for settlement and large transfers, so that each L1 (=on the blockchain) transaction has enough economic value to afford high fees.
It seems likely to me that the cap will just be expanded at some point, but that is likely tens of years away and its expansion will likely be equal to or less than the replacement value of lost coins.
Transactions will move to lightning, and since this allows multiple transactions to be aggregated into a single on-chain transaction, fees will be higher per transaction on chain.
There is no strict technical limit on the number of transactions per block. Due to the rising price, each block is currently worth something like $350k.
The Bitcoin network rules restrict it to a couple thousand transactions per block. Even with that, each on-chain transaction would "only" need to cost $100 or so to replace the block reward. Infeasible for micropayments, perfectly fine for large scale settlements.
Another possible solution would be increasing the block size limit - the mining effort is a per-block cost, the cost of additional transactions is minimal. So small fees + massive transaction volume could work. With a million transactions each block, $0.35 per on-chain transaction is enough to pay for the current security level. More transactions allow for even lower fees. The Bitcoin Cash fork aims for this.
However, all of this is very long term. The halvings happen a bit faster than every 4 years. Let's assume 3.5 years - that means 20 halvings in 70 years. The block reward not drop to 0 until 34 halvings, so this is not a problem we have to deal with in our lifetime. So for the forseeable future, one possible solution is for the Bitcoin price to keep going up, paying for the same or an increasing security level despite the halvings.
A million transactions per block would increase the block size to a Gigabyte or so. That means the blockchain grows at 52TB a year, significantly increasing the cost of maintaining a full node.
But even that is really not fully taking into account how expensive transactions would be.
The current Bitcoin block size and block rate and transaction size limit the network to 7 transactions per second. There are over 7 billion people. Which means that if everyone used Bitcoin, they could get at most 1 transaction every billion seconds. A billion seconds is over 31 years. Bitcoin as it is now is not for the rubes. Layer 1 transactions will, long-term, only be for larger entities. There’d effectively be a hierarchy of who can actually afford to submit transactions on the blockchain, which very much goes against the ethos of the original Satoshi paper.
And even with your million transactions per block, you’re still talking about only one transaction per month or two per person in the world, which is far from microtransactions. The transaction fee would necessarily be a lot more than 35¢, as otherwise more people would use it directly.
So it’s just not feasible to be both scalable and accessible without a huge hierarchy (ie only big players get to do transactions) and high transaction costs. At least not with the current architecture.
Yes, about 1700 per second. Which is about the average number of Visa transactions when averaged over a whole year but still very small compared to what VisaNet is capable of (about 65,000 transactions per second)
I can’t find examples of number of cash transactions per second globally, but the Eurozone averages 1.2 cash transactions per person per day (and 0.3 card txs/person/day). Give that there are 7.8 billion people in the world, if each makes on average 1.2 cash transactions per day and 0.3 card transactions per day, that’s about 100,000 cash transactions per second and 25,000 card transactions per second.
Cash, of course, is trivially scalable. At current usage rates, VisaNet could handle all card transactions if everyone used cards as much as Europe. Total payments of about 125,000 per second is about 2 orders of magnitude greater than what a Bitcoin with 1000 fold increase in block size could do.
None of these systems is setup for micropayments. And increasing the Blocksize doesn’t change that. Visa or cash still seem far better for the small, casual payments Satoshi imagined Bitcoin would enable.
> That means the blockchain grows at 52TB a year, significantly increasing the cost of maintaining a full node.
Indeed, bigger blocks increase the cost of running a full node, but anyone who has a need to run a full node is likely processing many transactions each day, i.e. the increased cost of running a node is nothing compared to the transaction costs.
That's what I don't understand about the "oh, but full nodes will be more expensive" argument. Apparently, you can still run a node on a Raspberry Pi with a SSD attached to it, for a hardware cost of ~$200. That's less than the cost of 20 transactions (bitcoinfees.co, 6 blocks fee ~$12 right now). To me, that seems like the tradeoff between cost-to-run-a-node and cost-to-transact-on-chain has been chosen very poorly.
This is discussed in this bitcointalk thread [1].
By constraining the block size, bitcoin is developing a fee market where transactions have to bid up the fee in order to be included in the next few blocks. Without such a constraint, transactions would only pay around 1 cent to be included (just to cover network broadcast costs), and it's next to impossible to make up for that tiny fee with a huge tx volume.
In the next 3 or 4 halvings, as the block subsidy drops by an order of magnitude, fees will start to dominate the bitcoin block reward.
The exponentially diminishing block subsidy is a bigger problem for less popular PoW coins that fail to develop a fee market, such as Bitcoin Cash.
Bitcoin talk is basically propaganda for the lightning network since everything that goes against increasing throughput is deleted.
Right now the average transaction costs $25 and the throughput is about 1.5 KB/s (900KB block every 10 minutes on average). The entire blockchain over 11 years takes up about $6 of hard drive space. It is technically trivial for the few people who need to sync with the actual chain of any cryptocurrency to do it. There is no universe where people use bitcoin for normal transactions now or in the future.
There is also no reason to use a complicated second layer that still has to go through the bitcoin chain when other cryptocurrencies can be used more easily, more directly and much more securely.
People are not going to pay $25 fees for anything other than speculation, there is no utility for normal transaction and plenty of competition.
Right now that only makes up 14% of the total mining reward. A year ago fees only made up 0.3% of the mining reward.
For mining fees to ever take over, there needs to be a lot more transactions.
Then there is the volatility of combining both the price and transaction fees. When the price goes down, the transaction fees dip even lower. Three months ago the average transaction was 1/20th the price.
If the mining reward goes down rapidly to 1/20th of what it was before the block time can adjust, mining should go down to match. Then blocks will be created more slowly and the time to the block reward will be pushed into the future. This might make the average fee price go up since the transaction throughput will go down. I'm not sure what effect this will have on the network since it might mean miners monitor transactions and wait until there are enough out there to make their chance at finding a block worth turning their mining on.
The cost of diskspace is not as limiting as the time needed to do an Initial Block Download, which would become too burdensome with huge blocks. Transacting on 2nd layer makes a lot of sense as txs are instant, more private, and don't need the whole world to download and verify them (except for an open and close). It improves scalability by orders of magnitude
> The cost of diskspace is not as limiting as the time needed to do an Initial Block Download, which would become too burdensome with huge blocks.
The current throughput is 1.5KB/s. Regular users don't even need to sync with the blockchain. Anyone can rent a server for $10 a month that will download the entire chain of the last 11 years in a single hour. What math are you doing where you think the -current- max block size makes sense?
> Transacting on 2nd layer makes a lot of sense as txs are instant
No they aren't, they still have to make it to the main chain.
> more private
Anyone could make a new address and use VPN for each transaction if that's what they want. At least they could if they weren't in danger of transaction fees becoming larger than what is in their address, which essentially disables it until transaction fees go down. Other cryptocurrencies are already much more private if that is what people want.
> don't need the whole world to download and verify them
Very few people actually need to sync with the whole chain unless they want to. Exchanges, payment processors and of course miners. Most people never sync with the whole chain and few of those that do are doing it out of a neccesity. Even so, syncing with the blockchain was never a technical limitation.
There is nothing that a second layer offers that simply using a non-crippled cryptocurrency doesn't already solve. Ethereum and bitcoin cash have already exceeded bitcoin's transaction volume over the last week. Ethereum has had far more transaction volume for a long time now.
It's interesting as well. If block rewards+transactions fees over confirmation period is lower than value of transaction it will lead to 51% attack being actually profitable. And actually even the transaction fees don't matter. As you can still collect them in 51% attack.
Block rewards are designed finite but also designed to end outside most peoples lives. So in short no one needs a solution. Block reward of 0 theoretically would be reached in 2140. Of course earlier halving will already have a similar effect BUT ONLY if the price does not at lest double every halving (4 year). Essentially this means bitcoin will allays run on inflation. The finite supply is a "lie" that just doesn't work the same way if the price per unite can simply multiply. You constantly add a smaller fraction of the total but suck out more and more value anyway. mining has never become cheaper if price/hash drops it just raises the hashing required to mine.
The people who hold BTC but dont use it pay (via inflation) for thous who use it so they have cheaper (still laughably expensive) transactions. They just dont care about that as long as price gains far outperform the inflation loses.
At some point it has to crash and wont recover because double-spends happened and the network can no longer be trusted which renders it useless.
If the price (real world purchase power not the price in USD) doesn't multiply for more than 4 years... the end is near. Likely the end would come before the 4 years are over.
historically hash rate drops the most 1-1.5 years before halving in sync with the price. it basically boils down to how good large miners are at managing risk. they need to have the money to keep mining while its not profitable. if a large player goes bankrupt it could create a chain reaction crashing the whole thing.
BTW, next generation blockchains like the XRPL have solved all of theses problems a long long time ago. The lead dev (ex btc dev) saw these problems ~10 years ago and it took them 1-2 years to come up with something better.
I don't think it's a problem at all: There have already been blocks in the past where the transaction fee portion of the miner reward was higher than the block reward.
>There is currently no defense for this attack in Bitcoin, as the simulation
demonstrates.
The entire Bitcoin miner reward model is the defense for this attack.
Nation states have powerful computers... but nowhere near as powerful as the decentralized Bitcoin mining network combined.
Even if they did currently, the endgame for Bitcoin as envisioned by Satoshi Nakamoto was for everyone on the planet to be mining Bitcoin at the same time.
If a Nation State could ever become more powerful than every single private processor on the planet combined... I think it would be game over for a lot more than just Bitcoin.
ASIC chip fabrication is centralised in China. The government could seize the means of production, as well as the centralised mining operations that they've attracted by subsidising electricity.
If a handful of governments that control fabs agree Bitcoin has to go, the efficiency of ASIC mining becomes a big threat.
Governments can purchase large runs of ASICs while other mining will revert to GPU. Controlling 51% of the hash rate in this manner isn't as outlandish.
Further, you're not limited to double spend attacks. If you're the government with a decent advantage, you just treat your own chain as true and never accept blocks from other miners. The reward for mining will collapse, since even if you produce a valid block it'll not be on the longest chain once government miners catch up.
And once the reward for mining collapses you can probably even power down some of the ASICs.
There are counter measures, but combined with attacking the financial onramps and making possession criminal, it's hard for me to believe that BTC would survive an attack like this.
But of course, it's predicated on large governments agreeing it's worth seriously attacking. I don't know how likely that is.
Nation state wouldn't need to become more powerful than all miners if most miners (more accurately, vast majority of hash power) were located in one, authoritarian country with a penchant of controlling "private" businesses.
I also imagine that after a few days of the network being jammed up, getting social consensus to fork the network to use a different hashing function would be fairly viable.
Right. And now this theoretical actor that controls 10x the hashrate of the rest of the world has lost 10x the amount of capital invested compared to the rest of the mining world.
It's the equivalent of shooting a bullet through your chest to shoot your enemy in the finger.
I don’t think the realistic attack vectors include nation states trying to out-compete the network on hash rate by building a competing network. If China wanted to make this a priority, for example, they’d just use military force to seize existing mining operations which are heavily centralized and easy to find.
A more realistic attack angle would be a large mining corporation recognizing a financial opportunity to undermine Bitcoin. If some organization could position themselves as a superior alternative to Bitcoin, crashing the Bitcoin network with periodic mining attacks could be worth the cost. Alternatively, if an entity could amass a large enough short position on Bitcoin, attacking the network to drive down the price might be attractive. We’d have to run the math on the scenarios, which is the point of projects like this.
> Even if they did currently, the endgame for Bitcoin as envisioned by Satoshi Nakamoto was for everyone on the planet to be mining Bitcoin at the same time.
The amount of wasted energy would be insane if everyone on the planet was mining Bitcoin.
Currently, it looks like we’re on a trajectory where large mining operations will centralize a lot of the eventually custom mining hardware. Individuals will have less and less incentive to mine Bitcoin as the reward decreases.
Right. The protections against this are already baked into the protocol.
51% attacks don't make sense because you're hurting yourself 51% and hurting everyone else 49%.
And for this theoretical attack you'd probably need to sustain 90%+ hash power for a long time.
Your first hurdle will be producing enough ASICs to surpass current hashrate by nearly 10x. Solve that problem and you'll need a massive amount of energy and you'll have to set up huge mining facilities in various locations to prevent crippling local power grids.
This would take years to plan & execute. A lot of people would have to be involved. Good luck keeping it a secret. Network hash rate will continue to increase while you're building this infrastructure.
If by some miracle you've pulled this off, Bitcoin users will switch to a fork of Bitcoin that uses a different mining algorithm and your entire investment is now completely worthless.
The protections aren't baked into the protocol because they don't account for external real world motives of nations states which could incent them to act in a "non-economic" way according to the internal rules of the Bitcoin game.
It's baked into the incentivization structure, if you prefer it worded that way. Investing hundreds of billions of dollars and years of work to place a temporary speed bump in front of Bitcoin's growth doesn't make sense.
This isn't a temporary speeedbump, it's a permanent end to proof of work mining as an investable activity (and viable sybil resistance mechanism for bitcoin).
Remember UASF? If incentives align amongst users, nodes, merchants and exchanges Bitcoin absolutely will switch to another mining algorithm and now the attacker has to start from 0.
If the attacker attempts to keep up the game of cat-and-mouse long enough they will eventually go bankrupt and will no longer be able to participate.
And this theoretical discussion completely dismisses the fact that it's nearly impossible to execute an attack like this at this stage in the game anyway.
UASF effectively became a negotiation between honest miners and fullnodes. Honest miners are incentivised to close off conflicts because it risks devaluing their future rewards. In this scenario the attacking miner is acting "non-economically" so it's nothing like UASF.
I think eventually it will be nation states that bring the endgame, on national security grounds, through regulation.
Looking mostly at the US here. It is highly unlikely the government will sit by and watch trillions of US capital flowing into a Chinese-controlled infrastructure, undermining their reserve currency status.
Also worth mentioning that the US has leverage over the entire world’s banking system, that is how they enforce sanctions. Cutting the link between crypto and major currencies would qualify as an endgame.
What a great idea. The attack described there is plausible, and experimenting in the means of defence before it happens is crucial for the continuity of cryptocurrncies.
I think under these circumstances, the economic majority of bitcoin users will fork to use, eg a new hash algorithm, rendering the seized mining farms useless. Remember, bitcoin is a collective trusted network based on agreement between users, miners and developers. If the miners turn, just switch to a set of new miners.
You mention that this wouldn't work in your article. Can you explain why?
In order for change in hash function to work, it would require remonitising to a significant hash rate. Why would anyone invest in mining equipment on that new hash function if they already know how the game ends? (ie. their equipment being written off)
Theres no need to start at a huge hash rate.
You can fork and then reset/reduce the difficulty, or adjust the difficulty in the way BCH does. You can also use POW algorithms that can be done only on commodity hardware like GPUs or CPUs so that the community can do it in a more distributed way.
If the difficulty is low then re-attacking the forked chain is inexpensive so you have exactly the same problem. Additionally, reducing the hashrate reduces the settlement assurances increasing the number of confirmations required to be sure your transaction is finalised.
Human beings already know how our game ends (we die), and yet we do all sorts of things on this earth in the ~80 years before that, even knowing that everything we do for ourselves becomes meaningless once we're gone.
Time preferences are a thing. Lots of folks do things with a time horizon much lower than their equipment being written off. Whole companies are destroyed for quarterly earnings, relationships are destroyed for a promo that lasts only for the ~2-5 years that you've got remaining at the company, people get married even knowing that 50% of them end in divorce, parents birth children knowing that they'll leave the nest and develop their own opinions and say they don't love you and eventually die.
Yeah it seems like the real defense of an obvious attack is "This Ethereum proof of stake chain with all of the wallets from right before the attack is the new Bitcoin".
In the general case I don't think that majority miner attacks can be defended against without changing the hash algorithm.
Specific cases like "empty blocks" could be addressed via a hard fork.
But there's nothing stopping miners from faking transactions in blocks, sending amounts to themselves, filling the block with OP_RETURNs, or just doing the minimum possible to get around your "fix".
PoW absolutely relies on >50% of miners being honest, always has done.
The purpose of this project is to challenge people to be specific about the details of that hard fork. Currently there are no theoretical proposals, or concrete BIPs to address.
It depends how rationally the market responds, I guess.
A reorg attack and a DoS are equivalent in my mind - anyone who's capable of pulling off a lengthy DoS is also capable of performing a reorg attack, whether they actually do or not is kind of irrelevant.
there is a type of reorg attack I proposed that's now been dubbed a "purge attack", that has the effect of destabalising the network by creating a window for all affected users to double spend their previously "finalised" transactions: https://medium.com/deribitofficial/destabilizing-bitcoin-con...
It's not an attack vector precisely because of that. Another scenario is the 1% could just then continue mining non-empty blocks from where the attacker left of which would make them the most accurate blockchain with regards to proof of work, this case is even more passive than the hard fork option if you are in sync with the attacker at the time of the attack.
You don't need a DoS attack under the assumptions of this project. It's already assumed that you control ~80% of hash rate, so you execute a 51% attack that mass double-spends coins and destroy all confidence in the integrity of the currency. Poof, nobody uses it.
Note that China already controls ~65% of Bitcoin hash rate, so if they wanted to execute this right now, they probably could.
That they haven't is one reason I'm bullish on cryptocurrency, and specifically Ethereum and Stellar, and it's entirely separate from why many other Bitcoin bulls are bullish on cryptocurrency. You don't need proof-of-work to secure a blockchain. You only need game theory: as long as each participant has more to gain from allowing Bitcoin's continued existence than destroying it (and they can't subvert or destroy it in a way that will be invisible to other market participants), it will continue to exist. China gains no benefit from destroying Bitcoin; they can just continue to let it exist and tax all the Bitcoin miners in China, generating revenue for themselves and their citizens and continuing to be a thorn in the side of dollar hegemony.
This also implies that proof-of-stake (if done right) is just as good as proof-of-work, which'll solve the energy issues associated with Bitcoin. And it means that cryptocurrency adoption, if it happens, isn't going to be because it's particularly good: rather, it'll be because the U.S. has destroyed the dollar. There's value in cryptocurrency simply in it being an alternative that's readily available, so that civilization doesn't stop if the U.S. does end up miscalculating and hyperinflating the dollar.
I'm not so sure. If you don't need proof of work to secure a blockchain, then why is the free market of Bitcoin consensus continuing to expend huge amounts of capital to stick with it as its sybil resistance mechanism? If it wasn't considered a value destroying move, the transition away from PoW would've happened already no?
It has, in new cryptocurrencies. Virtually all cryptocurrencies launched since 2017 are proof-of-stake: Cardano, EOS, Stellar, Polkadot, Tezos, TRON. Ethereum is in the process of a very expensive and painful transition from proof-of-work to proof-of-stake.
The reason you haven't seen this in the global cryptocurrency industry is because of network effects and adoption curves. Most programmers would probably agree that C++ is archaic and that the software industry has moved on to newer languages like Rust, Go, Kotlin, ES6, etc. Why then do Microsoft, Amazon, Apple, Google, etc. all rely on large quantities of C++ code? Because they were founded in the last millennia, when C++ was basically the only alternative for what they were trying to do, and have deeply enmeshed ecosystems and value chains that are all dependent on their existing C++ codebase. Throw it out and you throw out the $5T+ in value they've built. They couldn't have built that up without the 20 year head start they have, but if you're founding a tech company now, you're pretty dumb to use C++.
Similarly, Bitcoin has built a whole ecosystem of miners, speculators, traders, exchanges, payment systems, wallets, etc. Throw proof-of-work out and you throw all that out, and along with it your advantage over Ethereum, Cardano, Stellar, etc.
> if you're founding a tech company now, you're pretty dumb to use C++
All us unreal engine using indie developers must be pretty dumb then. It’s true that programming in c# in unity is easier, but the end result of the c++ is a prettier game with more things happening at once at a higher frame rate. More grass, more characters, more animations, more AI nuance, more physics interactions, lower system requirements during a gpu shortage, etc
> If it wasn't considered a value destroying move, the transition away from PoW would've happened already no?
I think there's a conflict of interest issue here that would prevent such a move even if it would be worth it - the miners clearly have an incentive to keep the current PoW mechanism, as without it they're left holding a bunch of expensive useless tech. And without the miners willing to go along with a move from PoW to PoS, at best you're going to get a split between the PoW and PoS chains rather than a clean shift from one to the other and just create a mess, which isn't ideal for anyone.
I think the answer to what you actually said is; miners don't control consensus on the network - it's not up to them, it's up to fullnodes/users who can change the ruleset whenever they want.
And I agree to a point, but miners are the ones that effectively run the network, and there aren't actually all that "many" of them. Without the existing miners willing to contribute the existing network would fall apart. PoS is an interesting situation because it technically makes the miners unnecessary, but obviously the miners are going to say "no" and just keep going with the existing Bitcoin. It would just create another Bitcoin Cash situation effectively, which is a lot less appealing than if everybody switched to PoS and left nobody using the old version.
Miners don't control the price. If a PoS coin became valued, they'd be leaving free money on the table to ignore it. And if Bitcoin became devalued, the mining rate would drop to match (otherwise they'd be spending in excess of the reward on electricity)
Miners don't control the price but they control the upgrade. Why would the miner vote (with their hashpower) to upgrade to a PoS consensus and kill their business?
They don't control the upgrade: new miners can simply come in to take the free rewards on the new coin if the existing ones refuse to do it.
All that matters is the market's valuation of the currency: it would be irrational for miners to do anything except expand until their costs nearly match the reward.
Given China’s political structure, wouldn’t it just take one participant (President Xi) to wake up and decide “party over” if it became politically favorable to do so?
Citation needed on this one I'm afraid. If nothing else, a currency that the Party cannot control would be A Problem. China did not have much economic benefit in halting the ANT IPO, yet it did not go through all the same. There _might_ be a benefit in allowing bitcoin to continue to exist of course, if they think it advances their cause more than it hurts it. But as soon as that calculus changes, it seems quite likely that the big mining corps (with as you say at the moment of speaking about 65% of total hash rate)
will receive some "friendly invitations" (from unfriendly people with guns) to stop their business operations.
Frankly, because it’s not as much of a threat as the popular narrative suggests. They may actually benefit from being able to use cryptocurrency for their own ends, either by using it directly or using the public ledger nature combined with their surveillance powers to get insight into transactions.
Regardless, the attacks described here require large concentrations of mining power. In theory, the best way to attack it would be to wait for (or even encourage/subsidize) your country to become the geographical leader in mining operations.
Or even better: Wait for companies in competing countries to start holding BTC on their balance sheets and consumers to put their investments in BTC. Now you have a kill switch for part of the balance sheets of competing countries.
I personally doubt this is happening, but I’m sure it’s being considered as an attack scenario.
It's not inconceivable (to me at least) that at some point in the future it would be politically or personally beneficial for the leadership of a totalitarian government to do something that is economically costly to it's citizens (in this case we're talking about damaging bitcoin, but it could be anything).
I think at least part of the reason is because they own it. Per https://www.statista.com/statistics/1200477/bitcoin-mining-b... 65% of all bitcoin mining is in China, this means majority of newly minted coins are in China, but also they can launch 51% attack at any time.
1. If you watch the market - it dumps each time when it's 9AM in China. The moment the miners wake up, they sell the BTC. It creates an inflow of foreign currency into China.
2. Traceable currency.
3. Soft power / control of narrative? Bitcoin seems to symbolize people's loss of faith in fiat system, and their governments.
If they executed a 51% attack, it will most likely result in a hard fork. Every full node would be able to tell where China branched off. We'll have BTC and BTC-China, with their individual markets. Keep in mind that while China has the bulk of miners, the majority of reachable full nodes are in North America.
> Note that China already controls ~65% of Bitcoin hash rate, so if they wanted to execute this right now, they probably could.
When you say "China" do you mean like an actor that can make coordinated decisions? Or just a geographic region? I'm asking out of curiosity because yeah there's a lot of miners in China across many geographic regions but I never saw any evidence that they even talking to each other, even less coordinated enough to agree on making a decision as drastic at attacking the Bitcoin blockchain.
I think the concern is that the authoritarian Chinese government can exercise an awful lot of influence when they are inclined. For a supposedly decentralized system it's an awfully big risk.
The question is whether CCP has sufficient control over them. If it does not yet, it might consider working on that. OTOH I like the game-theoretic argument: they don't need to.
Is the theater of starting the process worth the concessions I can win?
It's not bluffing if you're willing to do it. But it's a lot cheaper if you don't have to follow through.
China is scary because of the big risks they're willing to take. Like giant earthquakes or drowning Shanghai if their hydro power system has the failure that western civil engineers have predicted.
I'd make a wild guess that when parent is talking about 'control', they mean that if a miner is located within China, the Chinese government has the ability to put a gun to that miners head and tell them what to do.
With that kind of control, they could just put a gun to anyone's head and ask them to start mining bitcoin and do it the way they want them to. It wouldn't have to depend on how many bitcoin miners are in China at the moment.
It's a lot easier to point a gun to someone's head and say "Switch your equipment over to the network pipe that we give you" rather than point a gun to someone's head and say "Build a datacenter, secure an extremely large source of power, buy a few thousand Bitcoin mining boards, hook them all up in this extremely technical way, and then switch it over to the network pipe we give you."
The gun in the head strategy works best when you're only asking your populace to do simple things. For complex, technical tasks, the usual response is "Oops, I can't concentrate while you've got a gun against my head", and then you can shoot them but that's not going to help your task get accomplished any quicker. (This is also why working conditions at say Google or Apple tend to be pretty good, and why Soviet scientists were treated relatively well even if the rest of the population wasn't.)
And exert that control in subtle ways. "We know you, we watch you. You can do what you are doing because we permit it. When we come asking for a favor you won't think twice"
You can't just ask a random person to mine Bitcoin (well you can't, it just won't do much). It needs to be someone who has the mining hardware. So how many miners there are (specifically, how much mining hardware there is) matters.
China would benefit more by confiscating all hashrate & hoarding all of the BTC for themselves before announcing that BTC is their national currency and driving BTC price to millions per-coin.
It's just as farfetched and unlikely, but anti-Bitcoiners just keep theorizing about a hostile China takeover crashing BTC price as if it's feasible, without considering the inverse.
Because China has already announced DCEP as their national crypto. So the chance of them making btc their currency is basically none while China has already cracked down on btc in various ways in the past. They could in theory use btc as some kind of reserve or exchange currency, but not sure why they would need to when everyone has to bend to their will to trade with them.
The implication, that no other nation-state may use force to assert control of a strategic economic resource, is in contradiction with both history and common sense.
GP is ipso facto calling out lazy casual racism,
but framed constructively because they’re better at it than me.
Uh, no, other countries don’t have 65% of the hashing capacity. The USA could put a gun to miners heads, but it wouldn’t give them 51%, so there’s no point.
Uh-huh. The agencies of, let’s say, the US federal government, or the Kremlin, or similarly those of governments in the UK, France, Germany, all have no history of overseas intervention or onshore direct action to preserve economic interests. Got it.
if 51% of hash power were located in the US, the statement would have been about the US. it is not something special about china that makes this the case, only the fact that it is a sovereign state with the means and will to control activity in its territory, just like every other functioning state. one could also make the case that china might be more likely to intervene in such a way in the economic affairs of its subjects than a liberal democracy, but that is a secondary argument.
No, China is not a person with a single will. The assumption/assertion that the mining equipment may as well all be sitting under MSS guard in Beijing is horsecrap.
For small scale miners in China it might be a different story.
However, if Xi Jinping decided to crush Bitcoin for whatever reason large scale mining in China, which is well past 50%, would quickly do what he wanted. As such he has de facto control over Bitcoin, though I personally doubt it’s something he would do.
why do you expect that? you're talking about tens of thousands of individuals and companies, all themselves invested in bitcoin, being asked (through no existing command or enforcement mechanism) to essentially destroy their own personal wealth. even assuming the chinese state could achieve compliance from 77% of the existing hardware, it would optimistically take several days. the only way around that stumbling block would be to mandate centralized control of the miners, which would be impossible to keep secret and would also inspire some sort of reaction.
the idea that every miner in china will jump when xi says is pure fantasy.
Remember, China is a country with concentration camps, so they (the CCP) clearly have the ability and desire to do extreme things and convince their people it's the right thing or that it's not happening.
and america has the largest prison population in the world. we still have plenty of people that don't immediately comply with whatever the president says at any moment.
yall act like china is populated entirely by robots. it's a complex society just like anywhere else.
Well I guess the question is, if the US govt (or any other superpower) felt it was in their interest to take over / destroy the blockchain, would they be able to?
It seems to me if Bitcoin got to be of huge strategic importance to global finance, countries like the US would start to build out that power. The idea that the economy of say the US was at the mercy of other foreign governments would probably not sit well.
This applies to all large powers just using the US as an example.
The Chinese government has 100% power to do whatever they want. If they want to kill you on an invented charge and send the bill for the bullets to your parents, they can do so (and have done so).
Yes Western governments can use force to intervene with private companies and have done so in the past, but it's unusual for them to do that because people and companies have rights and they can contest the action in court. That's nothing compared to what China can do with no recourse, see Alibaba or the Canadian Michael's for a recent example.
You cannot pretend that the two are similar situations, and doing so is whataboutism. It has nothing to do with race and everything to do with the difference between a free country and a totalitarian country.
The Chinese government is not China any more than the US government is America or the Kremlin is Russia.
Having a go at authoritarian demagoguery and secret police is one thing, have at it.
But doubling down on the casual false equivalence between a people, a country, a government, and a person, just reinforces the point.
Oh, and when you find a free country, do let me know. I haven’t seen one yet. So far, from Australia to Zimbabwe, all governments coerce and murder their citizens.
The OP was not taking about the Chinese people, he was taking about China the Chinese government. It was very clear to me reading that, I'm not sure why you're all confused.
Too often it seems like the more precision matters, the easier it is to choose the wrong word.
In this context IMHO the choice of words matters quite a bit. I do my best to never write “China” if I’m in fact referring to the entity commonly identified as “CCP”.
(I understood OP’s point though, probably because I used to make the same mistake—perhaps still inadvertently do with some other countries.)
The wumao and supporters of the CCP have been pushing this racism nonsense for a while now to try to divert criticism against the CCP. It’s unfortunately very common.
I have seen people doing this and it's deeply annoying to reframe criticism of the CCP as racism. Not everything is about race. I'm deeply annoyed by how much race is becoming a thing in general - that seems like it's going to end up being counterproductive to ending racism. I'm not going to go so far as to say it's purposeful by the CCP. But it could be.
The difficulty with this alleged "clarity" is there is no single entity called "the Chinese government" either.
See also:
Using "China" but assuming .hk and .mo are included
Using "China" but assuming .hk and .mo are excluded
Using "China" to mean the area administered by the ROC
Using "China" to mean the area administered by the PRC
Using "China" to mean the area claimed by the ROC
Using "China" to mean the area claimed by the PRC
Using "China" to mean any area historically associated with the rule or influence of the Xia, Shang, Zhou, Qin, Han, Xin, Wei, Shu, Wu, Jin (1st/2nd), Sui, Tang, Wu Zhou, Liao, Song, Yuan, Ming, or Qing dynasties and their associated interregna and feudal periods.
Using "Chinese government" to mean the CCP, but not the State Council, the NPC, or the PLA
Using "Chinese government" to mean the CCP, the State Council, the NPC, and the PLA
Using "Chinese government" to mean Xi Jinping.
Using "Chinese government" to mean the KMT or DPP.
Using "Chinese government" to mean any and all the above, except the KMT, DPP, or PFP.
Using "mainland China" to try to be more specific (it still isn't, and now you've started a war)
Using "Greater China" to name your regional offices. Looking at you, Apple. (no such thing, it's a western fabrication, like General Zuo's chicken)
Referring to the Chinese language (which one?)
Referring to Chinese characters (hanzi? kanji? jiantizi? hanja??)
Referring to "Chinese food" (this is like categorizing haggis with paella)
Referring to "Chinese people" as though it's one ethnic group
Calling anyone who you think looks Chinese, Chinese.
"The mountains are high and the Emperor is far away".
Neither mining pools (who practically have the actual power over transaction inclusion an ordering) nor the miners are cooperating. I'm also certain the CCP wouldn't be practically able to locate and control all of them that easily.
I'd assume their intelligence services are identifying miners now while the miners don't have incentive to hide. If China wanted to strike at bitcoin they could do it in one fell swoop.
All the small dams or whatever power generator they are using are state owned property, hell even all the available internet access, and since they are the biggest supplier of money laundering vehicles and aids the capital outflow that the party hates to the bone, you better assume that they all have tabs being kept on already.
Hypothetically how long would it take the country that produces most of the computing hardware in the world to simply direct all their factories to build mining ASICs as quickly as possible while not exporting any more GPUs? Of course everyone would know what comes next but I am just curious.
Even in Western countries, if draconian anti-cryptocurrency laws were passed and even slightly enforced, it would kill, or at least force into regulation, large-scale mining operations.
Same thing that a lot Chinese people thinking of the West. Like anything is coordinated behind thing, led by US, and followed up by the developed countries.
> rather, it'll be because the U.S. has destroyed the dollar. There's value in cryptocurrency simply in it being an alternative that's readily available, so that civilization doesn't stop if the U.S. does end up miscalculating and hyperinflating the dollar.
Even before Bitcoin, we had plenty of other alternative currencies that could have replaced the dollar. I’ve been reading headlines speculating about the dollar being replaced by other currencies as long as I can remember, before Bitcoin existed.
To your point: If Bitcoin somehow did become an alternative world currency and USD was out of the running, wouldn’t that create great incentive for China to crash Bitcoin prices and drive everyone to use their national currency?
I’m not happy with the current rate of inflation, but I think it’s also clear that true hyperinflationary scenarios aren’t likely in modern countries. As much as we like to criticize governments (often rightfully so), it takes orders of magnitude more incompetence and malice for a government to enter hyperinflation. It’s not something that is stumbled upon by accident.
US monetary dominance is up for grabs. This doesn't mean the US is necessarily supplanted as the world reserve currency, but it does mean lots of trade may dedollarize to some extent. My bet is there will be two major currency zones. Dollar/Euro in the West + Middle East + India, Renmimbi in the East + Australia + Africa.
Given the explosion of debt to GDP in the west vs the east, I see no way the Renmimbi will not continue to appreciate against the dollar, and I fully expect Chinese monetary dominance to increase with the government's continued annexation of Hong Kong.
BTC will probably dominate in countries were currency value is routinely destroyed (developing nations, Russia, the US and Europe to some extent) but as only as a back channel currency: I doubt any major commodity market or trade is ever going to be priced in BTC.
This is just silly, US military dominance is not anywhere close to up for grabs. They US might not have total dominance anywhere on earth anymore due to asymmetric weapons, but in a big fight the US is far and away the biggest dog still. It is not that it is not close, it is not even close to being close.
Edit: You may have misread. I said US /monetary/ dominance not military. Nonetheless, there is a thesis that military dominance dictates monetary dominance, which I do not subscribe to. Below is why.
The idea that the US can use its military to reassert financial dominance in the modern age is silly especially after having exported near all manufacturing capacity to China.
US aircraft carriers are worthless in the pacific. They haven't accomplished anything significant in the South China Sea. Hell, even more aggressive annexations like that of Crimea were never blocked.
Modern warefare is no longer physicial. It's economic and online. If anything the information economy in the US and the West are more at risk from espionage, information manipulation and other attacks given the value of the intellectual assets are far greater and that China has a vice grip on communications. Additionally, our supply chain is incredibly dependent on the East. As local demand picks up and the region can afford to be less dependent on the US, they can afford to cut off supply chains with mild consequences compared to what the US would face.
> BTC will probably dominate in countries were currency value is routinely destroyed (developing nations, Russia, the US and Europe to some extent)
I’m not a fan of the current inflation in the US, but the idea that the US currency is being destroyed has been blown out of proportion online. People like to quote M1 money supply as if it’s the only measure of wealth, while ignoring that investors weren’t keeping investments in cash in the first place. Inflation drives up the value of assets, by definition.
"If Bitcoin somehow did become an alternative world currency and USD was out of the running, wouldn’t that create great incentive for China to crash Bitcoin prices and drive everyone to use their national currency?"
It would, but there's no guarantee that if people left Bitcoin they would end up in RMB. More likely they'd jump to another cryptocurrency, or to Euros. People tend to distrust the last party that fucked them over.
I could see a dangerous situation if China let Bitcoin thrive for a generation, let all the other currencies wither on the vine through normal market mechanisms, and then decided to exercise their national control over Bitcoin. That's basically the Amazon strategy - make your product so appealing that all the other retailers go bankrupt, and then jack up prices once there's no alternative and a whole generation assumes you're the normal way to buy things. (Come to think of it, that's kinda the U.S. dollar strategy now.) But that's a generation off, so naturally I'm not thinking of it, and I doubt very many others outside of HN are either.
How would a hyperinflation on the US dollar cause civilization to stop?
In any case, crypto trading since 2017 has been nothing but people buying and selling imaginary ticker symbols on unregulated exchanges.
For example, XVG and ETC has been subject to successful 51% attacks more than once and every time the price was hardly affected. And each time the "solution" to deep chain reorg involved the exchanges freezing all trading while developers rushed to add a hardcoded checkpoint. Once the "correct" version of history has been manually restored, everybody sing kumbaya and goes back to paying real cash for monopoly money.
Crypto need no proof of anything (PoS is still vaporware - debate me if you want), other than a shared delusion of value headed by the bucket shops.
No PoS algorithm has yet managed to solve the Nothing-at-stake problem, nor are they any more resistant to the abovementioned kind of hostile takeover by the nation state player compared to PoW.
I can't speak for every PoS coin out there but Cardano/Ouroborous explicitly assumes partial synchrony which is arguably never a good idea for a supposedly permissionless blockchain.
Except the trust of the currency itself, as if you're attacking a currency you have a lot of stake in, you reduce the value of your stake because you attacked it.
There are no miners in a PoS chain, and PoS participants technically have nothing to lose through double forging. There are myriad different ways to find and punish the bad actors in such a situation. I don't claim to know about all of them, however they all make the same assumption you made that staked validators are rational people who look after their interest on the blockchain. But what if they are not rational, or worse, could make gains by disrupting the chain?
This is far from a solved problem, and this is the reason why PoS coins exist mostly on the fringe and ETH is taking very slow baby steps towards a ETH2. Nobody is certain that PoS will stand the test of time and my prediction is that it never will.
One might argue that they don't have to worry about anything judging from how well exchanges has been able to coordinate with the developers to pick a side whenever a major fork is spotted. But then it calls into the question whether we actually need a blockchain when a couple of interested party are the ones who gets to decide which fork is valid.
Tezos has a fully working Proof of stake system, and there are others. Feel free to share whatever you're on about, but I have a feeling "the debate" will be an exercise in goalpost moving.
> How would a hyperinflation on the US dollar cause civilization to stop?
The dollar is the value used to denominate world debt via the IMF. It's also (partially related to this fact) the "mattress currency" of a lot of nations... Nations hoard US dollars to back-stop their own economies, since if their currency starts to tank, they can use dollars to pay their international debts.
A worthless US dollar would have wide-ranging international currency disruption.
Every now and then I get the impression that crypto currency advocates have seriously and repeatedly underestimated and/or misunderstood the complexity and scale of real-world economics.
> In any case, crypto trading since 2017 has been nothing but people buying and selling imaginary ticker symbols on unregulated exchanges.
You can trade regulated BTC futures. (Regulation by itself isn't much of a feature. But it can be a good indicator to see how well something is integrated into mainstream finance.)
> [...] other than a shared delusion of value headed by the bucket shops.
You shouldn't dismiss the original bucket shops like that.
Right now they don't, no. But to my mind Bitcoin being subject to the whims of a major world power is a big knock against it, given that it aims to be a currency alternative. I don't want such an alternative to subject to any kind of geopolitical mood.
Yes. Much like mutually-assured-destruction with WMDs, we need to try to keep China to <50% of the mining pool, otherwise they can do as they wish with it.
Maybe the US government doesn't mind that? Maybe they hope it will die, and send everyone flocking back to the dollar?
Yea I can't see a power like China controlling bitcoin to be a good thing. I also can't see myself maintaining a substantial fraction of my wealth in a unit of value subject to the whim of a totalitarian government.
It's not inconceivable (to me at least) that leaders could decide it's personally beneficial to them (or politically beneficial) to damage Bitcoin, even if it cost a ton of their tax payers money.
No power controlling Bitcoin is a good thing (at least for Bitcoin). That's true for China, who could force its miners to do what it wants, as it is for the US, which could make it arbitrarily hard to transact or hold BTC (and which also has the habit if imposing sanctions on other states' entities).
> China gains no benefit from destroying Bitcoin; they can just continue to let it exist and tax all the Bitcoin miners in China, generating revenue for themselves and their citizens and continuing to be a thorn in the side of dollar hegemony
CO2 emissions is probably why I'd do it if I were the Chinese government frankly.
Will Bitcoin even be that decentralized in 50 years? The miners control the network, and most mining is done by big companies now and their data centres. If it’s like other companies, won’t they gradually acquire one another until there is only 1-2 companies controlling almost the entire future crypto economy? The scale of the computing power we are talking about is not something that individuals can compete with
I've posted here before about it. I'm of the opinion that it currently is not decentralized. There is such a shortage of hardware that can be competitive right now and there are only a few organizations that can get their hands on them. I think this problem is just going to get worse when the manufactures start to realize it doesn't make sense to sell any of their miners at all.
> China gains no benefit from destroying Bitcoin; they can just continue to let it exist and tax all the Bitcoin miners in China, generating revenue for themselves and their citizens and continuing to be a thorn in the side of dollar hegemony.
That's making a lot of assumptions which I don't think there are good grounds to assume. For instance, that Bitcoin tax revenue is something the Chinese government cares enough about for it to affect its decision-making, or that Bitcoin is a "thorn in the side of dollar hegemony."
I think the reality is that Bitcoin (and cryptocurrency in general) is a niche thing that isn't nearly as important as its fans like to think it is, so there's little for a state-actor to gain by making the effort to disrupt it.
I think I agree with you and think there's a parallel to other conventional currencies.
Controlling the hash is similar to controlling a central bank - you've got the power to trash your currency, but that's coupled with you probably having the most to lose if you do so.
You could maybe do something stupid short-term - Say you own a controlling amount of hash, but a fraction of the currency. You could seize the currency, but by doing do you devalue it all. Who in their right mind would buy a seized bitcoin from you for any price, knowing you could seize it right back?
Currency equivalent would be the Fed suddenly stating a dollar was worth half-as-much as it was before (compared to some external thing) and compensating all US citizens by doubling their dollar earnings. As a dollar earner/spender you'd notionally be unaffected.
Dollar debt the US owed would be halved - Yay!
However the effect on non-US dollar holders would be cataclysmic - "You made half my money vanish, you might do it again, I don't want to ever hold US dollars again" and bricks of your currency is being used by children worldwide to build forts.
The entire selling point of BTC is that it's outside of conventional government control. If proved otherwise, it's without value.
More realistically, "Chinese Miners" aren't the government. They're miners, who happen to be in China, due to cheap power costs. At the first whiff of any meddling, their ASICs going to be on a plane and plugged into the Hoover Damn or Iceland's geothermals.
> More realistically, "Chinese Miners" aren't the government.
I think that's largely the point, other comments are appealing that somehow the Chinese govt has a lot to lose by seizing control of bitcoin, but in reality they probably just have no reason to yet, it beggars belief that an authoritarian government would allow private citizens to control an important currency on their own soil. My own take is that they are letting it run because of the shadow of doubt it is casting on the USD.
> ASICs going to be on a plane and plugged into the Hoover Damn or Iceland's geothermals
A little simplistic to think non-negligible percentages of the hash pool would turn themselves off, relocate internationally, completely disrupt the difficulty rate, put themselves at a massive disadvantage and subject themselves to an unknown foreign government who might be completely hostile toward them.
More pertinently the CCP might "meddle" with their ability to fly out of the country as they have done with countless dissidents already.
I wonder if at some point Bitcoin might become important enough that nation states will work together to ensure that no one state has more than a 51% hashrate as a matter of national security.
Even if you do control 51%, it would be a big long term capital and operational expense to do so, so you'd probably want to play nice rather than destroy what you've built.
Besides, even if you attack it, a new network will just spring up again, possibly with a different mining algorithm, making your old mining gear obsolete.
Also, in PoS, another last resort "nuclear option" defence strategy would be to slash the nodes that attack the network through a hard fork. It's a "nuclear option" because in theory it's unlikely to happen, only used a deterrent.
"Slash" here means to confiscate and burn their staking deposit on the new network. (The old one will continue to operate where the arrackers reside, thus a "fork")
How do you account for “let the world burn”-type actors in this scenario though? It seems this pulls at the key misunderstanding around crypto and blockchain in general — it can’t sanitize the endpoints.
If any human party has the power to defraud, manipulate, or commit any other nefarious act (as you imply China does), the system is vulnerable.
This is why proof of work provides some level of resilience—you have to be nefarious AND have access to massive compute resources to do harm. China has the compute resources, but not the incentive. A proof of stake power broker may have the incentive and not need the compute.
"You only need game theory: as long as each participant has more to gain from allowing Bitcoin's continued existence than destroying it (and they can't subvert or destroy it in a way that will be invisible to other market participants), it will continue to exist."
The CCP doesn't allow Chinese citizens to own Bitcoin as far as I know - however they allow mining because it's generating revenue.
And of course, Bitcoin's continued existence by the "army of HODLers" is a non-brainer when you join an MLM - everyone who has adopted it will push for its price to go up (or return to the prior buy price) so they can realize a profit - until the latest adopters are left holding the bag.
Ehh, this blog posts focuses way too much on technical tricks that are, in reality, not really the main risks to the bitcoin network.
For example, the blog posts focuses on things like 51% attacks to either reorg the chain, or prevent transactions from being published. This is not really as big of a deal. When 51% attacks happen, it certain disrupts crypto networks in the short term. But the defenders always have the nuclear option in their back pocket, which is to change the proof of work algorithm, and force the attackers to spend a bunch of money building their attack infrastructure up again.
Threats to change the POW algorithm, were thrown around during the 2017 blocksize debate, when things got really heated, and parties involved were threatened what amounted to 51% attacks. So it is already established that this is something that devs consider doing.
The only real avenue of attack against crypto networks, is simply the social one. You simply arrest anyone who does anything at all related to crypto, and hope the threat of government violence is enough to make it so most people dont use crypto.
Those social attacks would be the most likely to succeed, IMO, but they also have the problem of being difficult to implement. You know, because we living in a society, with a court system, and elections, and people that care about not living in a totalitarian hellscape, so any attempt by the government to simply arrest everyone, will likely be punished politically.
So sure. The blog post is correct that if the government simply arrests or kills everyone who has anything to do with bitcoin, then they could stop crypto. But the counter argument to that, is such recommendations are completely out there, and extreme, and society wouldn't let that happen and would punish the people doing that.
The actual attack vectors that matter, are not some fantasy land conspiracy, of every world government becoming a dictatorship. Instead, the attack vectors that matter would instead be every day bad actors, that seek to defraud people, in secret, and are not willing or able to kill/arrest everyone in the world who opposed it.
I don't think China being a dictatorship is much of a conspiracy. That's where a lot of ASICs are deployed, as well as the majority of the fabrication of the hardware itself.
> I don't think China being a dictatorship is much of a conspiracy.
But china enacting authoritarian measures isn't good enough. The blog post did not suggest that the attack vector to worry about was a single country banning crypto.
Instead, the blog post said that the attacks would only happen if every major country in the world colluded together, to all being authoritarian, and banning crypto everywhere.
If only China decides to take over crypto, the solution is relatively simple. The developers of bitcoin/whatever simply change the proof of world algorithm, and turn all of china's ASICs into space heaters.
That would be disruptive to crypto, sure. But lots of disruptive things have happened in the space. People would move on. And if china spent another X billion dollars building even more asics, then the algorithm could be changed again.
Changing the hash function doesn't solve the problem. The mining game doesn't remonitise becuase everyone knows where it ends (denial of service and collapse, rendering mining hardware valueless).
> (denial of service and collapse, rendering mining hardware valueless).
No, actually. China being able to DDOS every internet service that it does not like is already something that they provably are unable to do in the current day world.
There are lots of things that China would like to DDOS off the internet, right now, and yet they aren't able to succeed at doing that.
A crypto service isn't any different than anything else that China is attempting to, and failing at, DDOSing off of the internet right now.
What is china going to do? Take out cloudfare and aws and any other major web hosting platform in the world? C'mon. Lets enter back into the real world. If the US is refusing to cooperate with china, then there are many ways of defending against something as simple as a DDOS attack.
The community of users simply attaches harder cryptographic proofs to their transactions, forcing up the cost of producing empty blocks. The approach is capable of bankrupting nation-states as a side-effect of eliminating 51% attacks.
Not unless the block sizes down, or the block times/ block/transaction relaying latency go way up. The great firewall of China might cause some issues, but in theory it should not get worse.
You don't need a transaction to be routed by many nodes: how quickly it propagates (and thus how quickly it gets included/confirmed) just depends on how much hashing you do before sending it.
The halving penalty on work just forces attackers (who have +1 routing hop compared to honest nodes) to double the work of those honest nodes if they wish to outcompete them in producing a longer chain (i.e. no 51% attack).
It also allows users to respond to attacks in real-time by affixing harder proofs to their transactions, increasing the attack-cost on the network in minutes should anyone try to pull off the sort of gambit described in the linked page.
My prediction is that Bitcoin will crash 50-80% in the next 12 months due to insider/rogue employee hack at Coinbase, and/or some other event that will render wallets irrecoverable or the company insolvent.
I never understood why empty blocks is allowed... you can start immediately and get a head start over other mining pools. Granted it is just the time to load in transactions from the mempool and hash the result of appending them to the blockchain, but still... if you're in a race, why not take any advantage you can get?
I've monitored the chain for years, and empty blocks are very very common. I know there is a civil war of people that want to make the block size larger vs keep it the same... I think at this point it they would both agree that every block should at least be 90%+ full before it is accepted. That seems like a simple fix.
The attackers would then like just fill up the blocks passing a tiny amount of bitcoin between all their wallets, but at that point they might as well just use the mempool.
In the end, if you have mining dominance, you win. No point denying that. If you want to "ban" miners, or rewrite history, bitcoin is no longer decentralized.
The network needs a blocks every 10 minutes or so in order to mint a coinbase transaction (the tx that generates new Bitcoins). This is important to ensure that the network reaches 21million cap on time. If new blocks are not minted every 10 minutes, the calculation to reach 21million will be distorted.
The network adjusts the difficulty (number of prefixed 0's in the hash) based on estimated mining capacity based on a running average time to complete previous blocks. There is no "on time" to reach the 21 million cap. All those "calculations" that would be "distorted" are those of the hedge fund managers who are holding strictly out of speculation.
There is no way to prove an entity hasn't been mining on the side, capable of mining blocks faster than the main chain, even keeping up with increased difficulty, and any day they could publish their chain to the network, and it would be accepted as it was the longest chain. This would obviously destroy bitcoin, so the only reason to do that would be pure terrorism. Exploiting a 51% attack to double spend would also destroy the trust, so any attacker in it for the money is currently just mining empty blocks and getting rewarded for it, and there is nothing anyone can do to stop them.
Once the 21 millions coins are all in the wild, transaction fees will need to be enough to entice them to keep running... otherwise, they cash out and burn it all down. If they aren't capable of burning it all down, perhaps the number of people validating transactions on the network goes way down... and the difficulty goes way down... until eventually all those old people from the mining days could turn their machines back on one day for a much easier 51% that they are now capable of.
Governments are the only entities who could try to attack Bitcoin if they collaborated. The only motivation would be to stop the network, not to make gains in other cryptocurrencies.
Oh cool so my magical internet money that I’m meant to use as my main currency is essentially untrustworthy as an actual store of value, because I’m supposed to keep migrating to whatever the hasn’t-had-a-51%-attack-yet flavour of the month currency is?
It may be 0.21 but it is one of the best reviewed software in tbe worls for security issues. Also there's a trillion dollar bounty especially on the public signature infrastructure.
what on earth does choice of versioning have to do with anything. React Native isn't at 1.0 and tons of companies use it. Google releases versions/APIs of their software with tons of bugs.
Is it fair to say this is a subset of the general problem of majoritary-consensus networks (which includes PoW, PoS, PoA, PoR, PoET, and PoTS cryptocurrencies)? https://doi.org/10.1109/COMST.2020.2969706
BTC fork using Algorand consensus. Same bitcoin, same LEDGER, but the consensus technology is vastly superior. Why willfully ignore 10 years of advances in cryptography and distributed computing.
For presumably the same reason the crypto-currency community in general will fully disregards decades on decades of economic theory and experience to pursue a libertarian wet dream?
Assuming that the Chinese government can exercise control of the top 5 Chinese companies that control > 50% of the hash rate, what's stopping the Chinese government from corrupting the blockchain? E.g. only transactions from whitelisted wallet ids (e.g. CCP-approved institutions) go through, extortion, etc.
Stocks are held up because they do have a grounding in the value of the corporations in the broader economy. For their value to go to zero everyone would have to pull out of the broad economy, stop buying manufactured goods and go back to farming their land.
There are a huge number of incentives that make it extraordinarily difficult for people to just wake up one day and pull out of the economy, stocks and USD.
There's literally no such incentives for crypto. Nobody has to buy into crypto or they can't buy food or cars or homes or pay their taxes or anything else. Opting out of crypto is very easy, opting out of the US economy is very hard.
It’s crazy that some people seriously think Bitcoin is anything like these stores of value.
All these are ties to some fundamental value to society. If gold goes down, manufacturing will buy more of it because they use them for ICs and lots of other things. Most companies have some tangible assets behind them. If a stocks price goes far enough down someone might buy up a controlling stake and liquidate all the assets. A fiat currency in a functional state is generally strongly tied to borrowing for real physical assets. It’s deeply entangled with the economy.
There is no bottom for Bitcoin. Especially now that it’s not a very viable currency for most purchases or for lending.
What’s more, value is continually being extracted from the currency. People cashing out and payments to miners (who are basically just burning a lot of the money they make by converting electricity to heat without doing much useful work).
In gold or stocks the money put in actually exists in something valuable to society, and you own a piece of that. The the value might be boosted up 2-10x its real value today, perhaps due to its perceived future value. But you do own a piece of something tangible.
With Bitcoin, the money you put in is already gone. Used by a miner to pay for electricity or an early miner/purchaser who is now cashing out to buy an apartment. You just gotta pray that a few years down someone is willing to buy bitcoins from you for its perceived value alone. Because nobody is going to buy it for any other reason. Not to make something out of it (gold), not to liquidate the assets behind it (stocks), and not to pay taxes or pay back their mortgage (fiat currencies)
There’s so much utter insane and thinking around cryptocurrency these days. Especially Bitcoin. It’s madness.
I mean, it’s a super cool tech. But I think that blinds a lot of people to the facts around it.
An interesting aspect of these cryptocurrencies is the aspect of consensus, not through the intended mechanisms like PoW, but through societal acceptance. Look at BTC and BTG (bitcoin and bitcoin gold). One has the suffix of "gold" while the other maintains the (arguably?) superior lack of any such embellishments/augmentations. Was it the miner's decision to call it that? Was it the users?
Look at Ethereum v Ethereum classic. Same deal. We have two chains that share a common history, yet at some point the users of both decided to split and then society had to come to a consensus on what each chain would be called. Again, did the miners sit around and conspire to which chain would be called "Ethereum?" I don't think so. I think the decision was decentralized and emergent.
My point is, even if there was a nefarious actor who attempted a 51% attack, it seems like there would be enough of a societal pressure to ignore their empty blocks. There would exist a chain that would still be valued by the perpetrators, but not so much by the individuals being harmed by such an attack. The attacked chain would be maintained and acquire a new name "Bitcoin Hacked" or something similar, and the chain where society ignores the empty blocks would go on its merry way still being called "bitcoin."
I take the point you're making (in principle, there is some off-chain consensus at work here), but for these particular examples I believe society didn't decide these names as much as the people deciding to do the forks did.
if a nation-state wanted to attack btc, they'd simply make transactions between its currency and btc illegal, and prosecute citizens and exchanges which transact with its citizens
Note that this is from last July, when the price of BTC was significantly lower and thus the price of the attack is likely higher now. That said, this becomes more feasible in the long-run when mining is purely funded by transaction fees.
Something I don’t see talked about much is the fact that, although Bitcoin is intended to be non-inflationary in the long run, the mining network that keeps it secure is currently 80-90% subsidized by inflation.
reply