Tuesday, August 5, 2014

Joe Coin's Law

We aren't shy about self-promotion here in Farragut North. That's why, with much fanfare, we're proud to finally announce the not-so-modestly-named Joe Coin's Law.

Ever since blockchain technology captured the imaginations of Silicon Valley visionaries, my associates and I have been extremely skeptical of all the questionable promises they've been making about how the manifold forthcoming applications of it are going to Change the world. Ever avengers of truth, we set about to compose a pithy equation that captures when a proof-of-work blockchain is an appropriate solution to a problem, and more importantly, when it is not.

We were hoping to end up with a sort of e^(i*Tau)-1=0 (or e^(i*Pi)+1=0 for the unenlightened)-type equation that ties in all the variables we care about, and indeed they all went into it, but after tinkering with the various factors and then distilling things out, we arrived at the following inequality which must be true in order for a blockchain to be an appropriate solution to a problem:

DoS Attack Value < Mining Revenue / 2

That might not look like much, but after explaining more precisely what those terms mean, breaking it down, and running through an example, we're confident that it will offer some insight.

First, what is DoS attack value? As a reminder, we're Austrians here and subscribe to a subjective theory of value. Accordingly, the value of an attack is in the eye of the beholder, so might be as vague and unquantifiable as the kicks and bragging rights a hacker would get from destroying a blockchain, or it might be as coldly-rational and precise as the Excel calculations of a well run nation state whose seigniorage from its own currency is being eaten into by a competing blockchain-based currency.

For both terms, the unit will simply be dollars (or bitcoins, or whatever unit of value you prefer). Having chosen a unit of value, you must then decide how long a DoS attack you wish to conduct. For instance, running a 51% attack on Bitcoin for five seconds would probably have zero value because nobody would notice. But running it for a day, or a week, or a month might be long enough to send even the most hardened Bitcoin enthusiast running for the hills, thereby destroying Bitcoin once and for all. And how much is such a feat worth to a would-be attacker? Who knows...but whatever it is it's the first term.

The second term, mining revenue, is the sum of all proceeds accrued to miners during a time period the same length as the proposed attack. In Bitcoin's case that breaks down into:

Length of attack (in blocks) * (Average block reward + Average transaction fees per block)

Having explained the meaning of the terms a bit further, let's see how we got there.

First, we consider the Law of Diminishing Marginal Returns and recognize that in equilibrium, marginal revenue from mining will equal the marginal cost of mining. Or in plain English, miners will keep adding mining capacity until there's no more profit to be made. In equation form:

Mining revenue per block = Mining cost per block

Next, we break down mining cost:

Mining cost per block = Amortized hardware cost per block + Electricity consumption per block

The amortized cost of hardware is basically its initial cost divided by its life (we'll assume zero salvage value). Advances are still being made in ASICs, but as I understand it, they're quickly becoming commodities, and I infer will have a useful life approaching infinity, as opposed to CPU and GPU miners, whose lives were cut short by the advent of ASICs due to the formers' vast energy-efficiency disadvantage, not to mention the logistical inefficiency if one attempted to build an array of them just to match the gross hashing power of an ASIC.

So, given that:

Hardware cost per block = Hardware cost / Hardware useful life

and the fact that hardware useful life is headed toward infinity, we can set hardware cost per block to zero and end up with:

Revenue per block = Electricity consumption per block

The cost of running a 51% attack per block is therefore:

Cost of attack = 51% * Electricity consumption per block

Or, to clean up the equation, because technically it's any amount greater than half:

Cost of attack = Electricity consumption per block / 2 + ε

Moving things around, substituting, and getting rid of epsilon we're left with:

Cost of attack ~= Mining revenue per block / 2

We further assume that the value of an attack must be less than its cost. Otherwise it'll definitely happen, right? And so, we arrive back at our original inequality:

Value of attack < Mining revenue per block / 2

Having gone through that exercise, let's examine a couple implications about blockchain design. First, note that block difficulty and expected block frequency are independent of Joe Coin's Law. Increasing or decreasing the block difficulty has zero impact on resilience from a 51% attack.

Energy efficiency, too, does not affect the analysis, as long as we assume that there is no asymmetry in the energy efficiency of attackers and honest miners, which seems reasonable given the commoditization of ASICs.

Next, we'll build on World Bitcoin Network's 51% attack analysis and examine Bitcoin through the lens of Joe Coin's Law.

Bitcoin at Present


In its analysis, World Bitcoin Network calculates the cost of an attack based on the cost of hardware. It looks at retail prices of the latest and greatest ASICs and figures out how many of those would be needed to co-opt the Bitcoin blockchain. It also reasonably discounts the cost of the hardware from the retail, given that a 51% attacker would probably be a nation state buying at a large enough scale that they might as well just procure their own chip fabrication plant. They ultimately arrive at a figure of $20M as being what's needed to attack Bitcoin at today's prices.

Okay, so what does Joe Coin's Law have to say about this analysis? Unfortunately, not much. Remember that all it proposes to address is, in essence, whether the built-in-by-design operating costs of a particular blockchain are sufficiently high to stave off a 51% attacker. Accordingly, the best we can do is plug in some numbers based on where we think Bitcoin is headed and then ask whether "monetary commodity" might be an appropriate long-term application of a blockchain. But just for fun, we'll analyze Bitcoin now as if it were in or near an equilibrium state.

Currently, blocks are paying 25BTC and nominally occur every 10 minutes (ignoring the effect of hashing acceleration). At ~$500/BTC the cost of operating the Bitcoin blockchain is therefore about $1.8M per day or $650M per year. And with a market cap around $6B, that means that Bitcoin hoarders like me are currently paying over 10% in dilution per annum for the privilege of holding Bitcoin. Ouch.

Meanwhile Bitcoin transaction fees seem to be hovering around 15BTC/day, which is a 0.4% drop in the bucket of the 3,600BTC block rewards per day.

Based on those figures, it would imply that a week-long 51% attack on Bitcoin would have to yield the attacker at least $12.6M (7*$1.8M) to be justifiable. Or a month long attack $54M.

In my assessment, it would be absurd to believe that an attacker could pocket that much through double spend attacks and/or rewriting previous transactions. The "honest" Bitcoin community would undoubtedly cease transacting once it became known a 51% attack was on, and at the end of the attack would presumably work out a way to identify the bad blockchain branch(es) and rewind to one that wasn't wreaking havoc on previously assumed-valid transactions.

The only other value I can think of someone would derive from a 51% attack on Bitcoin is destroying it as a competitor. And do you really think that Bitcoin (remember, we're talking about in its present form) is stealing  more than $12M per week in seignorage or other fees from the Dollar? No chance.

Now let's explore the much more interesting question of the Bitcoin end game, and see what Joe Coin's Law has to say about that.

The Future


As discussed last month, we share Moldbug's (and others' no doubt) "Highlander" view of money, that "there can be only one." As such, we expect Bitcoin's future to be binary, either petering out with a trivial market cap perhaps similar to today's, or becoming such a desirable (and easily transferable!) form of savings that it displaces the Dollar, the Euro, gold, and every other other money-ish commodity in existence, resulting in a Bitcoin market cap on the order of $10 trillion. Perhaps even more than that. I confess I find it very difficult to predict whether and to what extent fractional reserve banking might exist in a Bitcoin world where the supply of specie is truly rigid. So for all I know the total value of instruments redeemable for Bitcoin in existence could end up closer to base money, or it could be closer to M2 (and that's before adding gold, etc.)

Looking to the future, block rewards are headed to zero, which means that in this specific case Joe Coin's Law can be rewritten as:

DoS attack value < Transaction fees / 2

And what do we think is a reasonable transaction fee volume to expect? I again struggle to model what exactly what the world would look like, but my intuition is still that the average person will demand one or more layers of financial service atop the blockchain for convenience and consumer protection, and that the bulk of non-criminal transactions (more on that point in a later post) will occur off-blockchain, and only be cleared upstream to the blockchain among such intermediaries.

With that, it's certainly an imperfect set of figures (to my dozen or so readers, please suggest any comparable you think is better), but we'll use Fedwire volume as a loose approximation. Daily Fedwire volume runs around $2 trillion per day. And how much will the giant payments intermediaries willing to pay on their transactions to clear with one another? One percent? No way. Ten basis points? Maybe?

Let's go with 10bps and see where that takes us. On $2 trillion in daily volume, that means they're effectively paying $2 billion per day in transaction fees to miners to operate and protect the network from DoS.  These figures are all back of the envelope of course, but I dunno about you...I think it could work. $2 billion per day seems like a sufficiently high cost to disincentivize non-state attacks on the global financial system's core, and any state action to that effect would clearly be an act of war and responded to as such.

In future posts, we'll explore the incentives created for savers and spenders based on the structure of mining rewards, as well as the phenomenon of new applications being built atop the Bitcoin blockchain. Further, we'll address other applications of (generic) blockchain technology, the most obvious of which being a blockchain qua security transfer agent. Ever the visionary, Overstock's CEO is continuing with his painfully stupid implicit mindset of "all centralizaton is bad" and leading the charge on this front. We'll see how that plays out. My prediction: poor, uneducated people get screwed.

No comments:

Post a Comment