Can i industry sign banking new york word secure
let's start so my name is hasu and I need to talk to you about the constant term security model quick slide about me I run the research desk for there a bit with Suzu and write a monthly column for coin desk my main focus is on better understanding bitcoins proof of work security model so we can have a system that is robust into the very far future because that is like what I think our ambition should be we should strive to build a system that can ask 200 years or longer for this talk will be heavily leaning on a paper published in 2019 with James Prestwich and Brennan Curtis acquired a model for Bitcoin security and the declining block subsidy the topic of today's talk is Bitcoin secure after the block subsidy ends we start by looking at where we are today Bitcoin secures more than 150 billion dollars and it has never had a dishonest majority at this size you could argue there's a pretty large incentive to a ticket and it's not exactly obscure anymore so almost everyone in the world has heard of Bitcoin and governments know about Bitcoin and so on so we are still not seeing any attacks and that tells me at this bitcoiners and typically is secure today but that's a minute we'll be secure in to the far future and in my opinion not necessarily because the coin is secure for a specific reason or specific reasons and they are changing over time before we dive in give you two definitions that will be important to remember the blocker bot is bitcoins block subsidy which is the co-invest reward let us pay too - and every block and the transaction fees set by users the security budget which I relate with SB is the ratio of this block reward and the network value so April 20 is just a different word for market capitalisation the network security budget can be expressed in a dollar value but most commonly would be expressed as a percentage so one could say Bitcoin security budget is 2% of its network value and what that means is Bitcoin spends 2% of its network value for its security by paying it - - and this is Bitcoin security budget over time as you can see it consists of the two parts that we discussed and the block subsidy part has been declining every four years that's the halving and the transaction fees have so far not replaced the box subsidy they have not made up for that decline why do we need the block reward anyway it comes down to what we think bitcoins ready proposition is bitcoins value proposition is to create distributed consensus between untrusted computers for example about the state of the ledger who owns how many bitcoins right now and that raises two problems the first of which is how do you get everyone to accept the same updates in the same order updates called blocks in Bitcoin and before Bitcoin there was really only a commissioned way to do this for computers to come to consensus because either the computers already trusted each other and then you could do a voting scheme or they all had someone in common who they trust and then like you can use them as a leader so they can send transactions to them that person process that system transactions updates the ledger and sends a new ledger state to everyone else but we can already see without trust neither of the two schemes works so in Bitcoin the second option is clearly not a real option because we want to make a system that does not depend on any one trusted party so you have to go with a sort of voting scheme which brings us to problem number two that is very very hard to do voting online why because you cannot prove your personhood online one party can take an unlimited number of identities and sway any vote in their favor that is called a civil attack the current solution to the civil attack is to use proof of work a proof of work is a proof that someone spent money in the real world and such a proof can be appended to any message that can be sent online so in Bitcoin anyone can make a block and prove that it was costly to make and that is the solution to problem number one how do we all update at the same time by using a so called for choice rule which means we all of our computers use the exact same rule for what the next update should be when we choose from all the different updates that fly across the network and the fork choice rule is what basically what what lets us distinguish between different updates and choose one that objectively looks the same for everyone and that is we look at the cost we all follow the most expensive to make chain the consequence from this is that to undo any old blocks one must redo or the proofs of work because due to the chain selection rule if someone wanted the network to switch to their block chain and they want to replace a block that's maybe an hour in the past then they would have to make a chain that was more costly to make than the one we have right now so and that necessarily means replacing all the proofs that happened in between the chain of proofs creates trust because they are expensive to redo however the network incentivizes the production of these proofs with the security budget why because - only spend as much on proofs as we pay them for so they don't spend more than they get paid from us in the security budget they are profit maximizing we hope that the block rewards incentivizes observe them to behave honestly - can really do they're not forced to mine on the tip of the chain include transactions and so on there one they can mine on any chain including in the past they can replace history which what because we really a double spender tech or they can just stop mining any new transactions entirely and do a denial of service on Bitcoin and there's nothing that for notes or just users can do to prevent this so i mentioned here for notes because it's a very popular idea that fully notes secure bitcoin : quote but there are only a few rules that four nodes can enforce and anything that is related to the time ordering of transactions anything related to the history is entirely in the control of the - and the only thing that users can get - to do what they want is to pay them for it so me and others have argued that bitcoin is protected by some costs in hardware right because - have to earn billions of dollars worth of specialized hardware and that however would become worthless when the 20-city is so dense in us our long-term alliance with Bitcoin because of that investment and Satoshi knew that there's nothing that the whether a greedy attacker could overpower the network at any time scores from the white paper that's what she said he'd the greedy attacker ought to find it more profitable to play by the rules than to deviate from him so it is on us users to make it more profitable for - to be honest now the last Bitcoin isn't mine until 21 40 and I hear that thrown around a lot but this matters a lot sooner than you think yesterday Bitcoin security budget has dropped to just below 2% in four years it could be below 1% and I say could be because it also depends on the transaction fees we don't know how high a transaction fees will be in the future but if there increase then we know it will be below 1% in eight years it will be below half a percent and so on so how much security budget is enough well it shouldn't be too low since then - could find that proper - the geotech but it also shouldn't be too high since users have to pay for it in inflation and transaction fees so that clearly is the Goldilocks zone somewhere but we really don't know where it is and there are two primary schools and thinking about finding the zone the first things security budget must be certain value in relation to the network value and the second since it in relation to the transaction volume - the first school the network related school is best understood by looking at a void analogy so the network value schools thinks the words of a void should be in some proportion to what a stored inside the board Bitcoin in the case of Bitcoin that would be currently 850 billion dollars and proof-of-work has this really nice property that the dollar value of the block reward scales proportionally with the dollar value of the network since the rewards are paid in BTC so if we map this on the above analogy then if the price of Bitcoin increases then the amount that is stored in the vault increases but the warts of the world also increase in thickness because the walls are basically the security budget and they are increase or decrease in lockstep if the price moves but this property disappears as the block subsidy declines so it eventually becomes less and less costly it costs less and less as a share of the trans network related to a ticket this is how mostly a nation-state attacker would think about attacking the crime because the state mostly cares about how much wealth is stored outside of his control as it makes taxation a lot harder and and this will be especially true when taxation is more and more replaced with debt monetization or just straight-up money printing which seems to be the paradigm where we are going right now and this paradigm kind of relies that is to my knowledge on there the ability for the state and for some level of capital controls the second school assumes that the incentive for -2 tech goes up as more people receive payments in Bitcoin because then - have more opportunities to double spend and this requires us through for us us to realize that an attacker is not just constrained to double spending a single party he can double spend many parties at once and the more people transact the more people could double spend the risk of double spending is strongly mitigated when the receiver has veered across and knows the identity of the sender so it is mostly the untrusted transactions where no other forms of requests exist that add to this potential honeypot this model would mostly apply to a private attacker because the attack is much easier to execute it could be done by reorganizing as that's one or two blocks you really don't need a lot of hash power to do this plus the rewards are paid out in BTC right so you would send PTC to someone and then you would steal the BTC back both models are correct as they represent the incentives of two different attacker types it's not enough to be secured from any one of them they're gonna need to be secured from both at the same time now to some wargaming exercises we will go through the various options that could play out as Bitcoin subsidy declines and for that we will lean on a very nice framework and by Raphael hour which is quite Bitcoin security trilemma trilemma posits that as the subsidy the clients request properties will suffer and at least one of three areas are the liquidity decentralization or scarcity and this makes logical sense as we can users where at that point is spending far less on security value inflation so they spent less and they also get less in returns so yeah this is the trilemma and we'll go through the three corners one by one so the first option is that bitcoin is the block subsidy declines transaction fees have to rise to generate the same amount of security but fees are created by congestion not by demand for security giving rise to a tragedy of the Commons situation because if there's if they are fee paying transactions for example in the main pool then it is much more attractive to transact it's much more secur to transact as well at the same time but there's really no incentive to be the one who pays these transaction fees as long as there's no congestion as a result blocks as we have talked about earlier with the blocker what blocks will become a lot cheaper to reverse and which means users will have to wait longer to finality and would probably be afraid to make larger transactions a toy and this significantly weakness bitcoins medium of exchange qualities the second option is that we break this tragedy of the Commons that people would really like to transact but they would not want to be the one who pays for security for everyone else the way you break this is by basically forcing users to pay so if that is there any economist or people interested in economics in the audience so what you would do is but this is the typical way that you break a tragedy of the Commons by making it known by making it excludable that's how you can expand now exclude people who are not contributing to the pot there are three ways to implement this can extend the issuance schedule you can do the merger or you can do coin rent but the scenario or the result is really the same in all three cases the coins start where you call it this would degrade and finally it could become less decentralized because if you look back at two slides earlier if the settlement assurances of the blockchain weak and then it becomes more attractive for users in comparison to use other forms of transfer so for example when you know you have to wait a really long time before transaction finalize on the blockchain you might just transfer it by a Bitcoin bang or something that right so more and more transfers would then have more chain the second option is that mining itself institutionalizes so something that we touched on it said that's really all we can really only incentivize - to behave well because we don't have any recourse against them so we have to make sure they behave way by paying them for it but if - had their like reputation on and we weren't some kind of legal relationship with them then there would be a lot less potential for misbehavior so mining could have institutionalized right so the - within the legal entities that are subject to state oversight and so on yeah and finally something like that could also emerge in a more free market style where a group of miners basically forms a monopoly and when you have a monopoly in a blockchain then you can start charging monopoly prices that is not possible without a monopoly and the reason for that is of course that another mine I could always accept transactions that don't a lot of peace but if you have most of the hash power then you can ignore all of those blocks that include these fields and therefore you can effectively exclude Free Riders but in all three scenarios I think Bitcoin users would agree that Bitcoin censorship resistance qualities are significantly degraded can we solve this trilemma I think there are few ways that shift the balance a few options that shift the balance further in favor of the defenders so counter attacks play a big role in that users can manually coordinate on what the right change should be so they don't have to use proof of work necessarily right and but this is very hard and it's a reason weeds proof of work in the first place so it should be you sir is pairing it does not maybe make sense to do this like when there's a one-block New York but if there's a hundred block New York then it's worth talking about it the crane connotes users can also change the proof of work function or attend a Bitcoin Oh together which may not sound like something that's very effective but just the mayor threat of this means that a minor who would attack Bitcoin has to be willing to lose everything the more we talk about these option mechanisms before they are needed the easier and cheaper there will be to execute and now there's also a new class of counter-attacks that has recently been studied by Morris arrived and it shows that when it's changes or other large merchants are willing to strike back then the new equilibrium becomes not to attack I give you a very brief example of that because it almost happened in Bitcoin in May 2019 so a hacker stole seven thousand BTC from violence and violence briefly considered to create a published series of transactions that would have paid these seven thousand BTC to minus instead but these seven thousand distant these transactions would have only worked in a chain whereby nine still owns the coins so it effectively would have been a bribe for - to undo the heck and then instead of the coins being sent to the heck are they would have been sent to the minors so that's you could think that violence is really no better off from this because they still lose the 7,000 BTC but the game theory behind it says that if violence is willing to do such a thing then it becomes a lot less attractive to attack them in th
future and if all exchanges do this then it just becomes a lot less attractive to attack any one of them the only downside is that it breaks some existing business logic and infrastructure in the software so we have to a lot more to learn about this kind of context and yeah so the final option that I want to talk about is increasing minor capex cap extends for capital expenditures it's the opposite of OPEX operating expenditures our paper found that security comes almost entirely from the capex part of a minor balance sheet the OPEX is really more impact than a feature because if you think about it cheap energy is very unevenly distributed and exposed as Bitcoin to geopolitical risk and for example the incentives are like aligned and saturated almost 70 percent ash Park is in China but that's not even that's not even the biggest thing it's really that minor - only put capex pretty much on on their balance sheet so if if there was a class of mining algorithms that was had more basically that was more kept X intensive then - would have to own more hardware that which means they basically have to own more you have to dedicate more money to mining in advance that is then lost something happens to the coin and there is incidentally a new class of mining algorithms that does this with which is called optical proof-of-work and it uses photons instead of electrons to perform computation so as soon as I'd it doesn't require a lot of energy and that ultimately means that - would have more skin in the game and you have to edit benefit that mining can be done from anywhere in the world there are some downsides as well to this particular proposal because it would sacrifice bitcoins pretty mature mining Hardware space and so it took Bitcoin a long time to you for the manic space to mature to the level where it is right now and we are now in a situation where than the next generation of a saccade there is maybe 10% better 20% better than the previous one but it's impossible for there to be still like huge breakthrough whereas if we started with the green field in optics Hardware then there would be room for these huge breakthroughs and for a very dominant company to emerge that's a sort of it meant 2.0 vortex my conclusion is that it coin will almost certainly look different in 10 to 15 years than it does today the declining block subsidy will demand trade-offs and this shouldn't really be controversial since we are currently spending billions of dollars on security if we stop spending that then it is one has to choose what trade-offs we want to accept for that we should continue to explore this problem and see how we can prevent the trilemma from becoming a reality thank you