The Hidden Costs of Bitcoin

by Daniel Larimer, co-founder Invictus Innovations, Inc

If you have been following Bitcoin and crypto-currencies in general you will have probably seen the claim that miners provide computation power that secures the network. To compensate these miners for the security services they provide they earn mining rewards and transaction fees. The questions become, is there any rationale to justify how many resources are currently directed into ‘securing’ the network and how much ‘value’ is being provided in exchange for the so-called security provided?

Conventional crypto-currency wisdom holds that the more hash-power dedicated to securing the network the more secure the network becomes. It then concludes that to defend against an adversary such as the government you need as much hashing power as you can get and that every single hash makes the network more secure.

Such simplistic views on the nature and purpose of the security provided by hash-power ignores a very important economic concept, marginal utility. Marginal utility dictates that the value of a good or service decreases as the quantity consumed or available increases. An example is food. Its value is very high if you don’t have any, but becomes worthless when there is more than you can eat.

[caption id="" align="alignright" width="300"]Security - You can never have too much.[/caption]

We live in a society where most people are conditioned to think of security as being an exception to the rule of marginal utility. Governments live on the propaganda that more and more security is required and that demands ever higher taxes. Unfortunately, each additional unit of security provides less value and costs more money. These principles are true in the realm of crypto-currencies as well. In fact, too much security can destroy utility.

There are many different ways to provide security and the technique used depends upon who the adversary is. For example, you do not attempt to defend yourself against government aggression by stockpiling weapons or building higher and higher walls. Regardless of how many weapons you have or how high you build your walls, they can lay siege and will win in a direct confrontation. On the other hand, a normal fence, a few dogs, and perhaps an armed guard or two would be more than enough to defend against the common private-sector criminal.

While weapons and walls will not protect you against the government, maintaining your privacy while courting a favorable public opinion is a combination that even the government cannot easily defeat in the long-run. Alex Jones, whether you like him or not, is 'safe' because he is extremely public and the outcry that would result if the government tried to suppress his radio show would cost the government where it hurts them the most, their perceived legitimacy. Without perceived legitimacy the government loses all power and this is the key to mounting a successful defense against their aggression.

Ultimately, security comes down to economics. If it is more profitable to use crypto-currencies than to fight them then market forces will conspire to see their success and growth in the market. I use the term 'profitable' in the most generic sense because the currency of government is control first and wealth second. So to be secure against governments a crypto-currency must give governments 'more control' by allowing it to thrive than by attempting to fight it. This doesn't necessarily mean that crypto-currencies will help governments increase control, but merely that fighting them will cause the government to lose the legitimacy that is the foundation of the control they already have.

With these concepts in mind I would like to explore ways that crypto-currencies can maximize their security against all aggressors.

How much hash-based security is required and how much are we paying for?

The easiest question to answer is how much are we (as the holders of bitcoin) paying for hash-based security? The answer is about 10% of your bitcoin savings per year or about $170 million dollars to protect about $1.7 billion in market cap. We make this payment through inflation, which devalues our coins, and through transaction fees.

Hashing power is supposed to protect us from what is known as the 51% attack where someone with enough hashing power can get away with what is known as a ‘double spend’ or spending their own money twice with two different people. Unstated in this attack is the need for the double spender to remain anonymous, without which they could be charged with fraud or theft. No significant transactions would occur in an anonymous manner and therefore the profits from double spending would be far less than would have been earned mining. In fact, merchants already deal with a far easier double-spend attack via credit-card charge backs.

This means that the threshold for protection against the ‘double-spend’ attack is the point at which it becomes too costly for anonymous private sector criminals to both isolate a user from the greater network and produce a forged block. For all practical purposes, this means $1 to $10 million dollars might be more than adequate to stop double-spend profit-motivated attacks. It would certainly stop almost every case where credit card chargebacks occur today.

What about government attacks that are motivated not by profit, but desire to destroy threats to their monopoly on money and force? These guys have secret budgets in the billions of dollars and the ability to write laws and print money. No amount of hashing power can defend the network from government mandated packet filtering (laying siege). The government has the resources to build custom hardware, to force mining pools to cooperate (secretly), and to otherwise control the market in ways that hashing power is made entirely irrelevant.

Furthermore, the government has the power to reverse-by-fiat every transaction that is disputed in their courts. Sure, they may not be able to directly break the cryptography in the block chain, but they can still effect the moral equivalent of a double spend any time they like.

So what are we getting for this $170 million dollars per year that we couldn’t get for $1 to $10 million dollars per year? In my opinion, absolutely nothing. It would be like how much added security does you home get by hiring 1000 armed guards over just 10? 10 is enough to protect against everything but the government, but even 1000 armed guards would not defend you against the government.

In a recent (and on-going) poll of 44 members of bitcointalk.org, 88% of respondents selected 'more is always better' as the amount of money that the network should spend on hashing power. This demonstrates two things. One, when costs are socialized people always want more because someone else is paying. Two, few people understanding marginal utility. After reading the rest of this article I encourage you to vote in the poll and explain your assessment in the comments.

What about currency Issuance?

Security isn’t the only thing accomplished by mining. Mining serves several other purposes including distributing the currency and regulating the rate at which blocks are produced. Unfortunately, overpaying for hash-security is undermining both goals.

In the first case, mining is becoming increasingly centralized and because of the limited window during which new hardware can recoup its investment mining will be increasingly in the hands of those closest to the latest manufacturing processes with access to enough capital to take advantage of them. This ultimately means that over the next couple of years a hand full of ASIC companies will end up earning 30% of all bitcoins ever produced. Clearly such a concentration was not the commonly accepted intent of using mining to distribute the currency. This level of centralization also compromises the security of the network.

Lastly, because the hash rate is increasing so rapidly, Bitcoin is actually producing blocks faster than every 10 minutes and therefore these ASIC companies are contributing to inflation significantly beyond what the intended design and social-contract of bitcoin. The blockchain was over 8000 blocks ahead of schedule in May 2013 and if the hash rate growth continues then inflation will continue to be more than intended. The result is that more hash-security is being paid for each year than intended and only the providers of the ‘security’ benefit. This has disconcerting parallels with the nature of government provided ‘security’.

Hopefully by now I have convinced you that overpaying for security by an order of magnitude can have negative side effects such as bitcoins being debased far more than is necessary to regulate the block production rate and defend against double-spend attacks. Furthermore, I hope that it is now obvious that over $150 million dollars is being spent every year on ineffective security measures based upon the tragic belief that hash power can protect against attacks by the banks and government.

How can we improve overall Security of the Network?

The easiest thing to fix is the block-production rate because the current behavior is a ‘bug’ and outside the intended parameters of Bitcoin's social contract. With a slight tweak to the manner in which block difficulty is calculated the network could put an end to the block production skew and even bring it back in line with the intended block production rate. Unfortunately, the Bitcoin developers do not consider this to be a problem worth correcting and it would work against the interest of the miners who make money due to the accelerated block production rate.

It is too late to consider other solutions for Bitcoin such as changing the hashing algorithm or the way mining rewards operate due to the social contract and vested interests. Bitcoin’s weakness here is a boon to new alt-coins who can provide solutions to these issues as a way to gain some ground against the incumbent.

Next Generation Crypto-Currencies

While it is too late for Bitcoin, Invictus Innovations is introducing some new ideas that aim to solve these problems. Imagine what could be accomplished if the $150 million dollars / year that are currently directed toward overpriced and ineffective surplus "hash-security" could be redirected into developing, marketing, and promoting the currency in such a way that overall security is increased?

But before getting into some of these ideas, I would like to take a moment to introduce a new metaphor for explaining crypto-‘currencies’.

Think of a crypto-currency as shares in a Decentralized Autonomous Corporation (DAC) where the source code defines the bylaws. The goal of the DAC is to earn a profit for the shareholders by performing valuable services for the free market. With this goal in mind set out to maximize shareholder value at every stage as you design the bylaws that govern operation of the DAC.

The DAC only has one way that it can acquire the services it requires to operate and that is to pay for them with shares in the decentralized company. One service that is required is transaction validation, another is security against double-spend attacks by private (for-profit) criminals. Another service that is required is a viral marketing campaign. Other services include but are not limited to privacy for the customers and defense against traffic filtering.

The goal of a for-profit DAC is to maximize value and minimize costs. In this case, we only want the DAC to pay for useful security, but no more than necessary to maximize shareholder value.

To achieve these goals Invictus Innovations is considering the following techniques:

GPU and ASIC resistant hashing function backed by a social contract to change the hashing function on a regular basis whether or not GPU or ASIC mining has become available. Issue new shares via stock-splits rather than pay them entirely to miners. Pay dividends from transaction fees earned from operating the business. Limit block sizes to maintain decentralization and increase competition for space in blocks which will drive up transaction fees. This is a win-win because we consider decentralization a valuable good produced by the company and transaction fees generate profits for the shareholders. Improved difficulty adjustment algorithm to maintain steady and predictable long-term average block production rate. Introduce many new features and services not provided by any other DAC in the market.

To summarize, the DAC should aim to pay the miners just enough to promote viral marketing and acquire enough computational resources to secure the network against private sector criminals and no more. In our white paper on BItShares, we call for a 50 / 50 split between dividends and mining rewards, but based upon the economic analyses and value of ‘hash-security’ this may still be too much.

In case there is any confusion, we are committed to not pre-mining shares of our DACs and mining is the only way to initially acquire shares. This is a strategic move designed to maximize public perception, encourage adoption, and ultimately drive the value of the DAC shares higher faster due to the increased value provided by the network effect. In other words, we believe that pre-mining does not maximize shareholder value and thus a DAC should not take this approach.

How much hash-security is Ideal?

Unfortunately, it is not easy to know in advance whether $1 million of hashing power or $100 is sufficient to prevent double-spending attacks. Anyone familiar with economics knows that price fixing always has unintended side effects and price-fixing the mining reward in either dollar or percentage terms or based upon some fixed equation are the only options currently considered viable. Bitcoin is experiencing the unintended consequences of setting the price too high. Every new alt-coin attempts to make the best guess at where to 'fix' the price and the reality is they will be right less often than a stopped clock.

What is really needed is a means for the market to adjust the amount paid for hash-security based upon changing consensus as to what is appropriate. If there are no noticeable double-spend attacks then the market would adjust the mining rewards down, if there are reports of double-spending then the market would start adjusting the mining rewards up. The question becomes how can this be done in a fair, non-biased, manner that is resistant to long-term manipulation by parties who would benefit from it?

We theorize that a prediction market that attempts to 'predict' market consensus on what the desired level of hash-security should be could provide the DAC with meaningful, decentralized, information that would allow dynamic tuning of network parameters. Any parameter that is currently hard-coded into the block chain could be converted into a prediction (aka information) market. If the hash-power is seen as getting too high, market participants could speculate that consensus will agree and therefore 'short' the prediction market. If the hash-power is seen as too low, participants could buy. With such a market it is only possible to make money in the long-run if you buy or sell based upon where the consensus of the market will eventually move.

Such a system might work for other fixed parameters that are normally hard-coded into the block chain such as: block interval, block size, minimum transaction fee, dividend/mining fee split, and hashing algorithm. All of these things need to change over time based upon what the market thinks is best and if they are hard-coded then they will not be able to adapt with changing market conditions.

Using prediction markets as a means of 'government' is an idea that has been explored in the book Predictocracy by Michael Abramowicz. There is solid evidence that prediction markets are both accurate and hard to manipulate in the long-run. It is for these reasons that we are looking very closely at how to leverage them for decentralized decision making within a block chain.

Increasing Hashing Power by Reducing Mining Rewards

As counter-intuitive as it may appear at first, we theorize that reducing mining rewards and instead using them to pay dividends will ultimately lead to more hashing power than is currently being applied to Bitcoin. Hash-power provided can be approximated by the total market value of all mining rewards paid and not by the number of Bitcoins paid. If the value of Bitcoin were to double, then twice as much money will be spent purchasing hashing power. While increasing hash-power was not our intent, the potential to get more for less fees (monetary inflation and transaction fees) is certainly an improvement.

From this it is clear that maximizing the value of a DAC’s stock can increase the amount of hashing power acquired even while paying a smaller share of the decentralized company. This is why it is important to design a DAC to maximize profit for the shareholders, because the side effect will be higher security at lower costs (in percentage of revenue terms).

Bitcoin is an asset that has no return aside from speculative appreciation in an inflationary environment (for the next several years at least). As a result, its value would be less than an otherwise identical asset that paid dividends and has less monetary inflation.

It is our belief that paying shareholders dividends will result in a better long-term viral marketing campaign and also increase the demand for shares of the DAC. This increase in demand will bid up prices beyond competing DACs that do not offer dividends and as a result miners make more money despite having a smaller share of the pie.

Turning Enemies into Friends

Part of providing security is making sure that this is a large financial interest for all parties to lobby the government to keep things legal. Creating a new crypto-currency that enables Wall Street to make consistent returns or to speculate in new ways is one way of buying off potential adversaries. With BitShares we are creating a decentralized exchange with support for most of the traditional tools used by hedge funds and major players. We believe that by giving them a tool by which to make money while earning back a favorable public opinion via increased transparency will turn them into allies against government overregulation or outlawing.

We are also providing new crypto-assets such as BitUSD that will provide a positive return on investment without exchange rate risk. Such a return will be received as a very positive thing in a world of 0.1% interest savings accounts. By offering higher, low-risk returns, systems like BitShares can gain the support of retired individuals and they will become a powerful source of political support that the government normally turns against crypto-currencies with propaganda about drugs and child porn.

These are just two examples of how redirecting blockchain resources from hash-power toward dividends or other uses can increase security in far more effective ways than simply paying for more hash-power.

Conclusion

There is far more to security than preventing a 51% attack which is rather insignificant in the grand scheme of things. Other ways of providing security include: encrypted communication between nodes, maintaing financial privacy, and winning the the court of public opinion. These other forms of security are ultimately far more important. Most existing crypto-currencies are currently tilting at windmills fighting imaginary threats while paying a hefty inflationary price. This is the Achilles' Heel of existing crypto-currencies and new alt-coins should carefully consider their own designs if they hope to compete against emerging Distributed Autonomous Corporations.

Views: 20,182