Bitcoin Series 31: Cost of a 51% attack against Bitcoin vs. a Traditional Ledger

US Forever stamp, circa 2015.

US Forever stamp, circa 2015.


In Bitcoin

  • A lot of ink has been spilled on the cost of a 51% attack* on the current Bitcoin ledger.  

    * an attack that would allow parts of the ledger to be re-written
  • Most attempts to do a pure calculation of the computing power needed come up with estimates in the range of a few hundred million dollars
  • Others argue with those estimates
  • Others say in a few years it will be billions of dollars
  • Others say that if existing miners collude it might be cheaper
  • Other say that miners aren't incented to attack the chain due to the diminished value of their Bitcoin future revenue stream
  • And so on

I personally think the explicit or implicit cost is well above $100M and rising, but the debate will go on for a while.

In a traditional financial ledger:

By contrast, it is extremely easy to calculate the cost of a 51% attack on a traditional financial services ledger.  

In the United States, circa 2015, it is $0.49, or the cost of one 1st class stamp.

This stamp needs to be attached to a letter addressed to the CFO of a financial services firm and would have one of the following as the sender: 

  • IRS
  • Treasury
  • OFAC
  • Federal Reserve Board
  • FDIC
  • OCC
  • SEC
  • A variety of state regulators in your state of choice
  • A variety of three letter agencies
  • A federal court
  • A state court
  • An insurance commissioner

I am not judging one model vs. the other as they each have their uses.   But I am comfortable saying that subverting a traditional ledger is a few orders of magnitude less expensive than subverting a decentralized one.*

* What if a three letter agency sent letters to miners ordering them to collaborate to execute an attack on Bitcoin?  I don't know how realistic that is but, to the degree it is realistic, it is an excellent argument for them being distributed.  This is why I don't worry about stories of miners at the Mongolian border of China leaching electricity from state-owned enterprises and hurting the ROI of other miners. The more miners, the more dispersed the miners, the more jurisdictions that they operate in, the safer the Bitcoin ledger is.

For the full Bitcoin series:
Follow us on Twitter: @polemitis and @ledracapital
Email Newletters:
Important disclaimer:

Posted on January 24, 2015 .

Bitcoin Series 30: Hashing Power and Difficulty

A short explainer

  1. It is critical to understand that "the amount of effort needed to mine a block" is a variable that resets every 2016 blocks (about every two weeks).
  2. Mining is effectively solving a computational puzzle.   The amount of "hashing power" in the Bitcoin mining system is effectively how many guesses per second exist to try to solve that puzzle
  3. The "difficulty" is how hard it is to solve the puzzle.   Simplified, the puzzle is like a massive version of Powerball where the miners have to guess a very long number.  The puzzle is made harder by requiring the winning number to have more 0s at the beginning of the number and made easier by requiring the winning number to have fewer 0s at the beginning of the number
  4. Because the puzzle is effectively a lottery, the algorithm can figure out approximately how much hashing power is in the system by seeing how often the puzzle is solved (aka how often a block is mined).   The target is every 10 minutes.   If the blocks are being mined sooner than every 10 minutes (on average) then the algorithm needs to raise the difficulty of the puzzle to get back to 10 minutes.   If the blocks are being mined longer than every 10 minutes (on average), the algorithm needs to reduce the difficulty of the puzzle to get back to 10 minutes
  5. This auto-adjustment is why you can safely ignore any statement in this format: "it costs $xxx to mine a bitcoin and that is not profitable and so Bitcoin is in trouble."   If the cost to solve the puzzle is higher than the value of the bitcoins earned by solving the puzzle AND the miners have no incentives to wait it out, then miners/hashing power will drop out of the system and difficulty will drop and the system will come into balance*

    In other words, the system auto-adjusts for how much hashing power is in the system, whether it is 2 laptops' worth (as it was Day 1) or xxx,xxx supercomputers' worth (as it is now)
  6. A more technical explanation can be found here.   Same story in tweetstorm format here and here.

* There is a known edge case that could cause an issue if there was a discontinuous drop in hashing power.

  • Let's say we just started a 2016 block period at a new level of difficulty and then for some reason all miners dropped out simultaneously (imagine all data centers were blown up as I can't really envision where they all drop out voluntarily). 
  • It is true that the difficulty will readjust in 2016 blocks to account for the lower hashing power but that might take months to get there with reduced mining power and in the interim blocks would be slow.  
  • If this happened in real-life, I expect at least some miners with a long-term incentive to have a functioning Bitcoin network would stay on (just like they have done recently) or worst-case scenario, you would need a soft-update to the Bitcoin algorithm.    
  • But, on the whole, long-term market incentives I think will handle this.  By analogy, if a steel manufacturer does not like the price of steel for a two week period, they usually would not put their customers out of business by not delivering steel until the price reset.
  • In the longer-term, miners will just hedge their output using futures, just like with other commodities

For the full Bitcoin series:
Follow us on Twitter: @polemitis and @ledracapital
Email Newletters:

Important disclaimer:

Posted on January 17, 2015 .

Bitcoin Series 29: Why Do We Mine Bitcoins?

Credit:   Wikipedia

Credit: Wikipedia

A lot of people seem to think that the purpose of mining is to create Bitcoins (as if there was something special about creating Bitcoins that requires lots of computation, electricity and datacenter).   This is not correct.  The purpose of mining is to provide transaction security for the Bitcoin network by creating a competitive environment for recording transactions so that no one bookkeeper controls the ledger.  The Bitcoin rewards for mining a block are an incentive to provide that transaction security and that is it.

So, with this in mind, we are in a position to figure out what it means when miners "overinvest" and lose money mining.  

The first order effects are simple:

  • If miners overinvest and it costs them more to mine a block than they can earn from selling the Bitcoins earned all it means is that a user of the Bitcoin network gets extra security (extra protection from a 51% attack) for free.
  • And the miner who made the CapEx investment in mining equipment based on an incorrect assessment of 'how many other miners will be in the market simultaneously" and "what the price of a Bitcoin will be" will have a poor return on the capital invested.

It might be useful to reason by analogy.  

  • Let's say the strategic planning committees of all the world's steel producers see a bull market for steel and build out a lot of steel capacity (that would be profitable in isolation, but, in aggregate creates too much steel).  
  • The price of steels falls and certain steel manufacturers lose money.
  • This is bad for the steel producers but fantastic for steel customers.  When General Motors can buy cheaper steel procurement doesn't think "oh no, 'steel is dead' but hurrah I can get more steel for my money".    

The analogy in Bitcoin is that the Bitcoin user gets more transaction security than would logically be needed given the market capitalization of Bitcoin.   It is a boon to consumers of Bitcoin (network users) and a tough market for Bitcoin producers (miners).   That's all.

For the full Bitcoin series:
Follow us on Twitter: @polemitis and @ledracapital
Email Newletters:

Important disclaimer:

Posted on January 17, 2015 .

Bitcoin Series 28: Sidechains


I met Austin Hill, one of the founders of Blockstream in April and he messed with my mind a bit talking about pegged sidechains.  So I have been waiting for the formal announcement to come out so I can write about it. 

I am going to simplify the technical side and focus on the practical implications.    The basic concept technically is that pegged sidechains allow you to:

1. Lock up some bitcoins on the main Bitcoin blockchain

2. Make that corresponding value appear on another blockchain (the 'sidechain') that might have different characteristics than the Bitcoin blockchain

3. Engage in transactions on the sidechain

4. Optionally, exit back to the Bitcoin blockchain to 'cash out' so to speak.  

For this to work, it will require a smallish change to the Bitcoin blockchain in the form of a soft fork that will have to be accepted by leading miners.  For the purposes of this post, let's assume the change is made at some point in the future.

What are likely usage cases?

1. The main point that is highlighted is that sidechains eliminate the need for alt-coins to develop their own market / currency liquidity in order to test a new blockchain concept (aka, 'faster transactions', 'different monetary policy', 'better privacy', 'more extensive scripting', 'contracts', 'different cryptography', 'different mining models' and so on).   This is a good thing overall, as I believe as it is not plausible that we will have as many liquid blockchain currencies as we will have ideas to test. Getting a cryptocurrency to critical scale is a tough process.  Even Bitcoin itself is no more than 1-5% of the way there, and alt-coins are nowhere close to being ready...  

So, this allows a developer/team that is interested in a different blockchain policy to piggyback on the currency/liquidity/market access of bitcoin to be able to pull value in and out of their blockchain.  Now, they still need to provide some security within their own sidechain, but that may or may not be relevant given the usage case.  If, for example, I wanted to make an ultra-low transaction fee, ultra-fast confirming blockchain for ultra-micro-payments, then transaction security on the sidechain is a lower priority, as the amounts at risk are very small.   

2. While the above is interesting, I think the Blockstream team is burying the lede a bit in their announcements by focusing mostly on alt-coins.  I think the bigger opportunity here has to do with other assets altogether (aka, colored coins) and markets that have different levels of openness (from fully open/decentralized to guaranteed by trusted counterparties to private marketplaces).   Illustratively:

a. A blockchain focused on trading real estate titles

b. A blockchain that works with fractional reserves among semi-trusted parties.   AKA, move in $1 worth of bitcoin to be able to exchange $5 worth of [other assets]

c.  A blockchain with 20 investment banks trading 'instrument X' where counterparty risk is handled outside the blockchain, and the blockchain is used for settlement.

And so on

What Does This Mean?

I think there are several implications *if this works*:

1. I think it is unavoidable that it will increase the market value of bitcoin as larger amounts of value will need to be pushed through bitcoin into the sidechains.   While some sidechains might work on a fractional reserve system, not all will.

2. For the sidechains to get to any serious scale, they will need some hashing power or other proof-of-work scheme.   Blockstream proposes merged mining as an approach, but you might see marketmakers in sidechains needing to bring mining power online as part of their contribution.

3. Bitcoin exchange rate stability with sovereign currencies (something that I expect will come in time) will become relevant as you need it to get value out of the sidechain (in most sidechains that I can imagine).   Otherwise, you could have successful transactions on the sidechain only to discover that your ability to cash out back to sovereign currency is impacted by bitcoin exchange rate moves.

In aggregate, if you think about these conditions, they are reflect a world of a vastly more powerful, extensive and valuable Bitcoin network and bitcoin currency.  Blockstream is fundamentally a very bullish bet on Bitcoin.

Further Reading:

1. The Blockstream paper (fairly technical)

2. @gendal's brief explainer (not technical)

For the full bitcoin series:
Twitter: @polemitis and @ledracapital

Posted on November 1, 2014 .