A good writeup but flawed due to its core arguments.
The first flaw: Bitcoin is not money and will never be money. Money is entirely a phenomenon of the law (Good for all debts public and private) and bitcoin is the opposite of law. Transaction cost and capacity is an issue but is secondary to the reality that Bitcoin <> currency.
The second flaw : The assumption that bitcoin is orthogonal to the establishment. That may have been true 5 years ago; it is not true now. Bitcoin is being supported via CUSIP for HNWs - the HNWs themselves are largely the establishment.
The above then points to the unlikelihood of the remaining attacks: government won't because the PMCs and oligarchs have no interest in doing so. Hedge funds won't succeed because they would be opposed by other hedge funds and CUSIP institutions.
As for other secondary and tertiary benefits: privacy/crime. The reality is that if any government really wanted to crack down - they'd institute a Great Wall of China type setup. That would be the end of cryptocurrency in that country's internet = that country. Throw in some egregious cell phone surveillance and the net is complete.
However, this is not to say Bitcoin cannot have value ... as nerd art. If people are willing to pay millions for a painting or an old Ferrari, I don't see why they couldn't (not must, but could) pay tens or hundreds of thousands for a bitcoin.
It is a beautiful dream, like liberty itself. I'm not really a "disappointed libertarian"; my expectations were always low, and they continue to plummet. The price of liberty is just too damn high. Five minutes of vigilance seems a lot to expect nowadays.
Thank you, Elon. Well said. Another method of conducting a 51% attack is to control the very few global companies that manufacture the Application-Specific Integrated Circuits used for Bitcoin mining. Global Governments have a well-established history of requiring manufacturers to implant code and hardware into circuit boards. With just a few years of preparation along with government bribery or threat of force sufficient to require quietly installing a small amount of code into each new bitcoin ASIC, Government would be able, after just a few years of modified ASIC production, to quietly, instantly and cheaply, switch on control of all Bitcoin transaction verifications. Your link to Joe Kelly's work is appreciated, "How To Kill Bitcoin (Part 3): No Can Defend", https://joekelly100.medium.com/ See also, https://medium.com/what-government-will-do-with-bitcoin/governments-can-and-will-attack-bitcoin-c8979c077577
Thank you Girshin, I have read Jimmysong's debunking of the empty block attack. I like and appreciate Jimmy Song. I also really like Bitcoin and am heavily invested in it . Nearly 90% of my liquid assets. Unfortunately, I also realize that Bitcoin will be attacked, -hopefully later rather than sooner.
Jimmy's debunking is woefully incomplete. It was addressed by Joe Kelly in his post https://joekelly100.medium.com/. Here is my summary. Jimmy is suggesting that when a bad actor obtains 51% of the hash rate, the good actors on the network will ignore empty blocks, fork bitcoin, and start a new chain.
The problem is that even on the new chain Government would still have the majority of the Bitcoin mining hash rate, making it probable that Government would soon also control the new chain. Even if the Bitcoin code were changed in a manner that obsoletes all the old mining equipment, Government still has a sovereign's advantage in acquiring new equipment and would soon control the hash rate on any blockchain that Bitcoin good guys attempted to run. Jimmy gave only a superficial solution. Ignoring empty blocks and forking to a new change would not preserve bitcoin for long.
“Over time, the accumulation of obsolete mining rigs becomes like a restive Ronin; for sale to whoever wants to launch an attack.” The same argument used for why these old rigs are useful to an attacker applies to being mostly useful to miners as well. Hence many fewer of the old rigs would be “obsolete” and ready for usage by an attacker assuming an end to Moore’s law.
Indeed, and good-faith miners would be incentivized to destroy any sufficiently obsolete rigs when their time came since resale value would be negligible given narrow scope of use. If another use of ASICs arises then they’d still be incentivized to distribute sale of used inventory in a decentralized fashion.
Plenty of unknowns and plenty of vulnerabilities, but all the future projections of malfeasance don’t typically afford the same creative latitude to the agility and incentives of the network participants to anticipate and/or respond. Given the improbable success to date it would seem reasonable to steel man a future where BTC succeeds, if not in such total world dominating fashion as is often used in the straw man arguments.
Interesting theories. I personally feel that if Western governments and western friendly governments ban the banking and equities sectors that they regulate from accepting/interacting with BTC/crypto currency as a bigger threat. Now the obvious response is that even if they do that, this does not stop bitcoin. I would posture that if the on-ramps and off-ramps are shut down this reduces the retail user base by 60-90% (I have no data behind this - just a semi-educated guess) and removes institutional involvement 95+%. This in itself, IMO, would dramatically reduce the MC of BTC, likely by 90+% with limited growth opportunities. It is not a zero, but it is not too far off.
“As long as the payout is higher than the fees for honest mining, miners will prefer to mine empty blocks, rendering the Bitcoin network useless.”
I don’t think this is true. Miners aren’t stupid. They know the are undermining themselves in the long run by mining empty blocks. There is some multiple of mining revenues for which certain miners would accept to make an empty block. But it’s probably much higher than 1.
this seems to violate the basic tents of economics.
if i can put the same resources to more profitable use than you can, then i outcompete you, buy more resources, and become an ever more formidable competitor. it works like arbitrage and if you are not willing to live on the ragged edge of the production possibility frontier but i am, you're not going to last long.
presumptions of "taking the long view" or generalized altruism have been historically poor bases for the prediction of economic action in the face of profit motive and marginal cost vs marginal income calculations.
you'd need everyone to play along in what amounts to a massively iterated 10,000 sided prisoner's dilemma.
that's not a system you want to bet on the cooperation outcome in.
Let's analyze this massive prisoner's dilemma which I'll rename a miner's dilemma. It's not exactly the same as a usual prisoner's dilemma, as you need a very large percentage of the miners to "rat out" the others - one sell out will not suffice. Each miner assesses for themselves the probability of the attack's success. The greater the probability, the less they are willing to accept as a bribe to ditch ALL their future earnings and go out of business. However, because of confirmation bias (and Kahneman style psychology) we can expect these assessed probabilities to be much smaller than they ought to be. This results in a feedback loop and a self-fulfilling prophecy, making the attack much more difficult to effect than it seemingly would be on paper.
miners generally collaborate in groups. it's not like one small miner alone is likely to ever find a block or generate anything economically useful. thus, you have collaboratives seeking to attract individuals and mid sized entities.
those offering more profit for joining them find it easier to attract miners, and miners are better incentivized to "defect" than to mine full blocks. you're imagining the dilemma taking place in the wrong place.
collectives defect and individuals have to pick sides.
miners will chase profit, profit maximization will push them toward empty blocks, such blocks become more likely to be discovered first and thus other work wasted, etc. it is precisely this fear that all future earnings are shot that drives it and for a well funded actor this becomes like the currency markets breaking the bank of england. the profit from levering up, using derivatives, and pipeline becomes too great to resist.
the profit is not just the mining fees, it's all the ancillary bets as well.
arguing that kahnaman will drive altruism and long term focus here seems inapt.
this is too large a market with far too clearly defined probabilistic outcomes. it's like arguing that algos are going to express a preference around arbitraging volatility in options series. it also ignores the time bias shown in so much of his work.
everything about that market is set up to favor defection if you can make mining empty blocks more profitable than full. your argument is not rooted in kahneman, but rather in opposition to it.
people take the fast cash now and value later outcomes less than they "should" though this is actually something of an iffy framing as it simply implies a different time value of money and certainty utility curve and you can express it that was as well.
this is pitting making one big killing right now vs picking up pennies for a long time. the psychology there does not favor long term planning, especially if it looks like the game may be going away anyway.
this gets far more potent if the attack need only hit 10-20% as posited above (i lack the specific technical chops to assess if this is indeed so)
"we're all just going to keep working together and keep the game going" is not how bubbles burst. they burst because you ultimately cannot and faith shifts. we can argue about whether BTC is a bubble or not (and it'll be unsatisfying as proof either way is basically impossible) but i suspect bubble unwind is a good model for an attack like this.
suddenly, the winning play is "get out, switch jerseys, get short."
the presumption this can be coordinated away or avoided in the face of profit motive seems a tall order to prove and a dangerously thin assumption on which to base the security of a distributed financial instrument.
a block need not be empty to break the chain. it just need to be full of bad transactions.
so it's not at all clear those working on "bad blocks" would even know it. they would just chase the most profitable use of their processing power and get co-opted as "useful idiots."
this would take the system down just like an empty block.
this means you only need a very few coordinating bad actors offering higher fees to push a whole system into defection without the system even knowing it.
a few nodes will simply shift the locus of the work.
Besides, you can just exclude those that create the empty blocks.
It’s the same situation we have today.
Anyone can spin up a BTC node with custom code, and they can be excluded if they don’t meet the standards.
I don’t see this as a real threat atm.
If the network effects can be eroded then maybe but it’s getting harder and harder to do as buy in has institutional interest now with a wall of money just around the corner. US ETF is a big game changer for one.
If they want to stop BTC it needs to happen yesterday.
There are two good use-case scenarios for crypto (in general, not just BTC) and thus two market-cap / prices for it: The most maximalist is obviously broad adoption across OECD as the currency of reserve, but the second is the currency of exchange for gray/black markets of US/China/EU under a Sovietized world economy. That's not just vice goods, but general consumer needs (e.g. need a new tire? either procure a letter of need from local apparatchik or send Tony the Tire 20,000 sats). I estimate that's somewhere in the 2-20% of world economy range.
Can these gray markets be significantly discouraged by coordinating parties wielding vast mining and energy resources to 51 percent attack? I'm skeptical that attack would be sustainable for the malicious parties, or that a once-off attack would crater the price long term.
If I'm remembering correctly, 51 percent attack simply allows you to double spend from an account you own, not that it allows you to unlock tokens from addresses for which you do not have the keys for. Furthermore, such attacks have a limited time from when they start to end (based on the chance that the 49 percent of *selfish* will find a longer chain of legitimate blocks, thus negating the attackers chain as the consensus chain.). With those ideas in mind, it almost seems like a "wire clearance wait time" of a day or two for large-sum transfers (essentially "bank" to "bank") to be authenticated is sufficient to reduce the cost of the risk of attack to less than 1%. But I could be wrong there, if anyone know better...
The only disagreement I have is with the author’s guess that Bitcoin goes to zero. Company stock can go to zero because of bankruptcy and delisting. But Bitcoin isn’t a company with a balance sheet. It can’t go bankrupt anymore than a refrigerator can go bankrupt. As long as there is a single buyer for all sellers, the price will be a nonzero, positive number. My guess is that bitcoin goes to $0.01.
A good writeup but flawed due to its core arguments.
The first flaw: Bitcoin is not money and will never be money. Money is entirely a phenomenon of the law (Good for all debts public and private) and bitcoin is the opposite of law. Transaction cost and capacity is an issue but is secondary to the reality that Bitcoin <> currency.
The second flaw : The assumption that bitcoin is orthogonal to the establishment. That may have been true 5 years ago; it is not true now. Bitcoin is being supported via CUSIP for HNWs - the HNWs themselves are largely the establishment.
The above then points to the unlikelihood of the remaining attacks: government won't because the PMCs and oligarchs have no interest in doing so. Hedge funds won't succeed because they would be opposed by other hedge funds and CUSIP institutions.
As for other secondary and tertiary benefits: privacy/crime. The reality is that if any government really wanted to crack down - they'd institute a Great Wall of China type setup. That would be the end of cryptocurrency in that country's internet = that country. Throw in some egregious cell phone surveillance and the net is complete.
However, this is not to say Bitcoin cannot have value ... as nerd art. If people are willing to pay millions for a painting or an old Ferrari, I don't see why they couldn't (not must, but could) pay tens or hundreds of thousands for a bitcoin.
It is a beautiful dream, like liberty itself. I'm not really a "disappointed libertarian"; my expectations were always low, and they continue to plummet. The price of liberty is just too damn high. Five minutes of vigilance seems a lot to expect nowadays.
Thank you, Elon. Well said. Another method of conducting a 51% attack is to control the very few global companies that manufacture the Application-Specific Integrated Circuits used for Bitcoin mining. Global Governments have a well-established history of requiring manufacturers to implant code and hardware into circuit boards. With just a few years of preparation along with government bribery or threat of force sufficient to require quietly installing a small amount of code into each new bitcoin ASIC, Government would be able, after just a few years of modified ASIC production, to quietly, instantly and cheaply, switch on control of all Bitcoin transaction verifications. Your link to Joe Kelly's work is appreciated, "How To Kill Bitcoin (Part 3): No Can Defend", https://joekelly100.medium.com/ See also, https://medium.com/what-government-will-do-with-bitcoin/governments-can-and-will-attack-bitcoin-c8979c077577
This has been addressed imo. https://jimmysong.medium.com/debunking-the-empty-block-attack-10513858b3f8
Thank you Girshin, I have read Jimmysong's debunking of the empty block attack. I like and appreciate Jimmy Song. I also really like Bitcoin and am heavily invested in it . Nearly 90% of my liquid assets. Unfortunately, I also realize that Bitcoin will be attacked, -hopefully later rather than sooner.
Jimmy's debunking is woefully incomplete. It was addressed by Joe Kelly in his post https://joekelly100.medium.com/. Here is my summary. Jimmy is suggesting that when a bad actor obtains 51% of the hash rate, the good actors on the network will ignore empty blocks, fork bitcoin, and start a new chain.
The problem is that even on the new chain Government would still have the majority of the Bitcoin mining hash rate, making it probable that Government would soon also control the new chain. Even if the Bitcoin code were changed in a manner that obsoletes all the old mining equipment, Government still has a sovereign's advantage in acquiring new equipment and would soon control the hash rate on any blockchain that Bitcoin good guys attempted to run. Jimmy gave only a superficial solution. Ignoring empty blocks and forking to a new change would not preserve bitcoin for long.
I find Jimmy’s response sufficient. Anything is possible in the imagination and it’s impossible to predict the future. So who knows.
I’m falling on the positive side for a few reasons.
Government organizations are incompetent. Good luck, give it a try.
Network effects are king though. The money is still moving into BTC in a big way. Even with the uncertainty around it.
The longer this goes on the harder an organization that wants to kill BTC will have to work for it.
I don’t consider attacking miners en masse to be effective or efficient at this stage of the game.
“Over time, the accumulation of obsolete mining rigs becomes like a restive Ronin; for sale to whoever wants to launch an attack.” The same argument used for why these old rigs are useful to an attacker applies to being mostly useful to miners as well. Hence many fewer of the old rigs would be “obsolete” and ready for usage by an attacker assuming an end to Moore’s law.
Indeed, and good-faith miners would be incentivized to destroy any sufficiently obsolete rigs when their time came since resale value would be negligible given narrow scope of use. If another use of ASICs arises then they’d still be incentivized to distribute sale of used inventory in a decentralized fashion.
Plenty of unknowns and plenty of vulnerabilities, but all the future projections of malfeasance don’t typically afford the same creative latitude to the agility and incentives of the network participants to anticipate and/or respond. Given the improbable success to date it would seem reasonable to steel man a future where BTC succeeds, if not in such total world dominating fashion as is often used in the straw man arguments.
Interesting theories. I personally feel that if Western governments and western friendly governments ban the banking and equities sectors that they regulate from accepting/interacting with BTC/crypto currency as a bigger threat. Now the obvious response is that even if they do that, this does not stop bitcoin. I would posture that if the on-ramps and off-ramps are shut down this reduces the retail user base by 60-90% (I have no data behind this - just a semi-educated guess) and removes institutional involvement 95+%. This in itself, IMO, would dramatically reduce the MC of BTC, likely by 90+% with limited growth opportunities. It is not a zero, but it is not too far off.
“As long as the payout is higher than the fees for honest mining, miners will prefer to mine empty blocks, rendering the Bitcoin network useless.”
I don’t think this is true. Miners aren’t stupid. They know the are undermining themselves in the long run by mining empty blocks. There is some multiple of mining revenues for which certain miners would accept to make an empty block. But it’s probably much higher than 1.
this seems to violate the basic tents of economics.
if i can put the same resources to more profitable use than you can, then i outcompete you, buy more resources, and become an ever more formidable competitor. it works like arbitrage and if you are not willing to live on the ragged edge of the production possibility frontier but i am, you're not going to last long.
presumptions of "taking the long view" or generalized altruism have been historically poor bases for the prediction of economic action in the face of profit motive and marginal cost vs marginal income calculations.
you'd need everyone to play along in what amounts to a massively iterated 10,000 sided prisoner's dilemma.
that's not a system you want to bet on the cooperation outcome in.
early defection is the clear dominant strategy.
Let's analyze this massive prisoner's dilemma which I'll rename a miner's dilemma. It's not exactly the same as a usual prisoner's dilemma, as you need a very large percentage of the miners to "rat out" the others - one sell out will not suffice. Each miner assesses for themselves the probability of the attack's success. The greater the probability, the less they are willing to accept as a bribe to ditch ALL their future earnings and go out of business. However, because of confirmation bias (and Kahneman style psychology) we can expect these assessed probabilities to be much smaller than they ought to be. This results in a feedback loop and a self-fulfilling prophecy, making the attack much more difficult to effect than it seemingly would be on paper.
miners generally collaborate in groups. it's not like one small miner alone is likely to ever find a block or generate anything economically useful. thus, you have collaboratives seeking to attract individuals and mid sized entities.
those offering more profit for joining them find it easier to attract miners, and miners are better incentivized to "defect" than to mine full blocks. you're imagining the dilemma taking place in the wrong place.
collectives defect and individuals have to pick sides.
miners will chase profit, profit maximization will push them toward empty blocks, such blocks become more likely to be discovered first and thus other work wasted, etc. it is precisely this fear that all future earnings are shot that drives it and for a well funded actor this becomes like the currency markets breaking the bank of england. the profit from levering up, using derivatives, and pipeline becomes too great to resist.
the profit is not just the mining fees, it's all the ancillary bets as well.
arguing that kahnaman will drive altruism and long term focus here seems inapt.
this is too large a market with far too clearly defined probabilistic outcomes. it's like arguing that algos are going to express a preference around arbitraging volatility in options series. it also ignores the time bias shown in so much of his work.
everything about that market is set up to favor defection if you can make mining empty blocks more profitable than full. your argument is not rooted in kahneman, but rather in opposition to it.
people take the fast cash now and value later outcomes less than they "should" though this is actually something of an iffy framing as it simply implies a different time value of money and certainty utility curve and you can express it that was as well.
this is pitting making one big killing right now vs picking up pennies for a long time. the psychology there does not favor long term planning, especially if it looks like the game may be going away anyway.
this gets far more potent if the attack need only hit 10-20% as posited above (i lack the specific technical chops to assess if this is indeed so)
"we're all just going to keep working together and keep the game going" is not how bubbles burst. they burst because you ultimately cannot and faith shifts. we can argue about whether BTC is a bubble or not (and it'll be unsatisfying as proof either way is basically impossible) but i suspect bubble unwind is a good model for an attack like this.
suddenly, the winning play is "get out, switch jerseys, get short."
the presumption this can be coordinated away or avoided in the face of profit motive seems a tall order to prove and a dangerously thin assumption on which to base the security of a distributed financial instrument.
also note:
a block need not be empty to break the chain. it just need to be full of bad transactions.
so it's not at all clear those working on "bad blocks" would even know it. they would just chase the most profitable use of their processing power and get co-opted as "useful idiots."
this would take the system down just like an empty block.
this means you only need a very few coordinating bad actors offering higher fees to push a whole system into defection without the system even knowing it.
a few nodes will simply shift the locus of the work.
Besides, you can just exclude those that create the empty blocks.
It’s the same situation we have today.
Anyone can spin up a BTC node with custom code, and they can be excluded if they don’t meet the standards.
I don’t see this as a real threat atm.
If the network effects can be eroded then maybe but it’s getting harder and harder to do as buy in has institutional interest now with a wall of money just around the corner. US ETF is a big game changer for one.
If they want to stop BTC it needs to happen yesterday.
This criticism in part has been addressed imo. https://jimmysong.medium.com/debunking-the-empty-block-attack-10513858b3f8
I'm amused by your first paragraph as that's how I've described myself in the past.
"I basically turned up the knob on 'libertarian' to all the way to 'anarchist'. Think of it like the '11' setting on Spinal Tap's amps."
And then the rest of it was rather disappointing. (Insofar as I really want Bitcoin to work out.) Fuck fiat currency.
Bravo bravo!
There are two good use-case scenarios for crypto (in general, not just BTC) and thus two market-cap / prices for it: The most maximalist is obviously broad adoption across OECD as the currency of reserve, but the second is the currency of exchange for gray/black markets of US/China/EU under a Sovietized world economy. That's not just vice goods, but general consumer needs (e.g. need a new tire? either procure a letter of need from local apparatchik or send Tony the Tire 20,000 sats). I estimate that's somewhere in the 2-20% of world economy range.
Can these gray markets be significantly discouraged by coordinating parties wielding vast mining and energy resources to 51 percent attack? I'm skeptical that attack would be sustainable for the malicious parties, or that a once-off attack would crater the price long term.
If I'm remembering correctly, 51 percent attack simply allows you to double spend from an account you own, not that it allows you to unlock tokens from addresses for which you do not have the keys for. Furthermore, such attacks have a limited time from when they start to end (based on the chance that the 49 percent of *selfish* will find a longer chain of legitimate blocks, thus negating the attackers chain as the consensus chain.). With those ideas in mind, it almost seems like a "wire clearance wait time" of a day or two for large-sum transfers (essentially "bank" to "bank") to be authenticated is sufficient to reduce the cost of the risk of attack to less than 1%. But I could be wrong there, if anyone know better...
The only disagreement I have is with the author’s guess that Bitcoin goes to zero. Company stock can go to zero because of bankruptcy and delisting. But Bitcoin isn’t a company with a balance sheet. It can’t go bankrupt anymore than a refrigerator can go bankrupt. As long as there is a single buyer for all sellers, the price will be a nonzero, positive number. My guess is that bitcoin goes to $0.01.