Depth | Block rewards are about to be halved, is BTC still safe? (under)

Author: Hasu, James Prestwich, Brandon Curtis translation: Harry Zhang

Source: Encrypted Valley

If an application or protocol can achieve its goals in a confrontational environment, it is safe. In the case of BTC, the goal is to create a payment system that anyone can participate in. Only legal owners can spend tokens, and all valid transactions will eventually be deposited in a distributed ledger.
In its first decade of existence, BTC successfully acquired these security attributes. At the same time, however, the academic community has largely failed to replicate the stability of BTC in its research model, resulting in arguments such as "BTC is safe in practice, but not theoretically safe." . This paper aims to bridge the gap between theory and practice by introducing the BTC security model.
We believe that BTC can now withstand high attacks, so that miners' motives remain consistent with system benefits for a long time. Mining requires a large amount of upfront investment, and its value is closely related to the health of the network. Normally, miners are equivalent to buying in advance half of all the tokens they are expected to mine in the next two years. Before the miners receive these tokens, any damage to the value of the token is extremely destructive, which explains why many of the attacks that scholars are worried about do not work in practice.
On the other hand, the biggest threat to BTC security is more reflected in the protocol itself than external attackers. BTC's block reward halving mechanism will result in a reduced binding of the network to the interests of miners. If there is no booming block space market, the decline in block rewards will pose a major threat to the future. Users cannot make up for this by simply waiting for more block confirmations.
Finally, we have provided new ideas, including some suggestions for improvement for community discussions.
This article was officially released in October this year. It is a joint work of Hasu, James Prestwich and Brandon Curtis. In the process of creation, it draws on the existing research results of Nick Szabo and Emin Gun Sirer. Encrypted Valley compiles this article for professional investors and technology enthusiasts. Due to the length of the full text (close to 16,000 words), it is divided into three journals, this is the last one. For the previous part, please see:
Depth | Block rewards are about to be halved, is BTC still safe? (on)"
Depth | Block rewards are about to be halved, is BTC still safe? (in)"
Long-term security considerations
Without a strong block space market, BTC will not become worthless overnight. On the contrary, block rewards will decline steadily for a long time. Any problems caused by the low MR will first appear in a weak form and then become more severe over time, giving the user enough time to react and coordinate the possible solutions.
It should be noted that even if these problems become a reality, we are still optimistic about the prospects of BTC. BTC has the largest user base, the most respected supply allocation, and has been gradually integrated into the financial infrastructure. In its short life cycle, BTC has evolved from a "technology" to a social political movement, with its followers using BTC as the currency standard. It's hard to imagine that BTC can die for other reasons besides the disappearance of market demand.
After discussing all the invariances about BTC, we have shown that BTC can be continuously improved as long as the health of the system remains good. Future recommendations for improving safety are generally divided into three categories: seeking to increase MR, lowering MEV, or improving the ability to punish miners.
5.1 Increase block space
First, BTC developers can try to increase the need for BTC block space. This goal can be achieved by improving the protocol level and making the block space more attractive; developing profitable business processes that turn the consumption of block space into a revenue.
The need for BTC block space includes the transaction itself and the ability to store data on the chain. Innovative initiatives to enhance BTC trading capabilities and flexibility include: adding time locks and lightning networks.
Data storage can be used to implement non-consensus assets such as USDT or dyed coins, or to associate with other system states (such as Factom or Veriblock).
The BTC system is highly optimized for transmitting bitcoin, but limits other types of data storage. Since other data stores can be regarded as infinite value outside the BTC network, this way of consuming block space may have stable demand and high willingness to pay. In the long run, BTC will be changed "inefficient but necessary". Trading structure.
Although the demand for such data storage is relatively stable, in the case of large changes in BTC transaction demand, it will continue to increase transaction costs and increase MR, but this may also inject unlimited MEVs, boosting the power of attackers.
To this end, BTC users will have to consider the relative value of the block space usage and the corresponding risks, and accordingly limit other data storage behaviors to estimate the motivation for adjusting this demand.
5.2 permanent release
The second possible mechanism is to fork and become a new token for permanent issuance. We anticipate that such sensitive topics will be controversial in the BTC community, but we still want to discuss it in order to eliminate some common misunderstandings.
If we believe that a certain level of MR is necessary to make the BTC system function properly, then the MR must be paid by the user in another way. If the necessary MR is 1% per year, then all BTC users will lose 1% of their purchasing power each year in order to provide energy for the BTC system to operate. So, although BTC can be a nominal fixed non-inflationary asset, it is not necessarily an asset that can fix purchasing power.
In addition, it is wrong to regard permanent issuance as inflation. If the BTC requires the user to lose 1% of their purchasing power anyway, then paying these fees through a permanent issuance will not be less effective than lowering the consumer's actual purchasing power by increasing the transaction fee. In fact, in this system, the purchasing power corresponding to a BTC with a constant annual issuance rate of 1% and higher security may be higher than that of a system with a constant zero rate of 0% but a lower security rate.
We should ask, who should pay for the MR, what mechanism is used? In an ideal system, the user measures the operating costs that should be paid based on the value available. This will maximize revenue and maximize security as all users pay for utility. This mechanism ensures the fairness and continuity of the system. Unfair systems are not far off, because users can create a more equitable blockchain by forking.
The person designing the system may not know who is the most valuable user in advance. But once the system is built, all users may want to optimize the original parameters, which will cost more.
Conceptually, there are two main types of users in the BTC system: holders and traders. But there is no clear boundary between them and they can be transformed into each other. Any trader must hold the BTC for at least a short period of time, and any holder must participate in the transaction (although not necessarily on the chain).
A good system needs to be able to withstand external shocks, which is risk-resistant. In the case of permanent issuance, MR will not be affected by incidents in the block space market, and at zero issuance rate, the demand for block space will cause the security of the entire system to plummet.
We want to monetize the ownership of any commodity. If you want to monetize the block space by the trader, you must ensure that the ownership of most of the block space is always owned by someone. The act of charging the holder completely eliminates this friction because each BTC has a specific ownership.
It is worth pointing out that the holder's contribution to the system is not as obvious as the trader, but it still makes sense. When the system is attacked, the holder will have more chips on hand and will be more willing to pay the coordination fee. When assessing the contribution of any use case to security, it is important to have a thorough understanding of the BTC system.
Although the permanent issuance of tokens may reduce the uncertainty of miners' income, some people believe that the zero-issuance policy is the eternal Schelling point of digital assets (which can be simply understood as: the spontaneous choice generated by the game mechanism). If the user really hates the implicit taxation attached to the permanent issue, then those who bet on a zero-issue, low-security architecture may receive additional returns.
5.3 crowdfunding
Under the market paradigm of block space, BTC holders have less controversy by crowdfunding to increase MR. Large holders and institutions working to maintain BTC security can pay for funds that create the "anyone-can-spend-transactions" model. Miners can apply for such funds at a certain block height and can therefore be considered as privately funded block rewards.
The benefit of this approach is that there is no need to change the agreement. The downside is that we end up in a “free rider” paradox: people want BTC to be safer, but no one wants to pay for it.
One possible solution to the above problem is the Leading Assurance Contract (DAC). This is a variant of a crowdfunding contract that attempts to take a proactive strategy to make people contribute rather than passively waiting for others to make a difference. In the DAC, one must assume the role of an entrepreneur who wants to raise funds, aiming to achieve the production of a certain commodity (in this case, MR). He needs to define the target amount to be raised, and he needs to encourage them to act aggressively by paying a small amount of money to others when the fundraising goal is not met. It is said that this small detail makes the donation more attractive, because in either case, the donor will benefit – they either get the goods or make money back.
5.4 Adjusting the supply of block space
Finally, a solution to improve MR can be found in the supply of changing block space. The biggest disadvantage of the fixed block space supply system is that as long as the demand is slightly lower than the supply, the transaction cost will immediately become zero. All users in the block may be willing to pay 5 BTC transaction fees collectively, but if there is excess supply, they will not be willing to pay any fees, because the block is no longer congested and the cost of spillover no longer makes sense.
Even if the total demand exceeds the available supply, there is no guarantee that the revenue will be maximized. For example, suppose that 1 MB of demand is willing to pay 15 BTC, while another 1 MB of demand is willing to pay 5 BTC. If the available supply is between 1 MB and 2 MB, the total cost will be slightly higher than 10 BTC, because the group that wants to pay the least set the price for the other owner (the first group pays 5.01, the second group pays) 5.00). If the supply drops below 1 MB, the first group will have to pay 15 BTC, which will result in a significant increase in MR, while the second group will have no supply at all.
Capturing value can be achieved by reducing the block size to just below the demand to cause permanent congestion. Such changes can be manually operated by the developer or automatically triggered by the BTC protocol itself. One of the ideas is adaptive block size: the system looks at the MR generated by the charge and compares it to the targetMR needed to ensure system security. If MR <targetMR, the maximum block size will be reduced, causing human congestion; if MR> targetMR, the user pays a high price for security, and some artificial congestion will be removed, which increases the block size. Until the hard limit of community selection (currently 2.3 MB) is reached.
Other proposals (such as miners being allowed to control block size) are not operational because they encourage miners to endlessly increase the block. The reason why this proposal does not work is because, as the block propagation time increases, the larger the scale and the better the network bandwidth, the better the miners get. Since the upper limit of the block size is limited to a low limit, it is ensured that the propagation time is always kept short. We don't have to worry about this.
5.5 Reduce the extractable value of miners
In addition to increasing MR, BTC users can also consider using various means to reduce MEV. A good starting point is to consider the potential sources of MEVs in the BTC blockchain.
As mentioned earlier, as the cost of system exits decreases, the motivation for reviewing the system will also decrease. When a miner cannot distinguish between different transactions, he cannot review any individual users. As a result, fierce competition between different digital assets with private trading capabilities and the ability to conduct unlicensed transactions with each other will make them all stronger to resist censorship attacks.
If users ignore the Nakamoto consensus by adopting a strategy such as USAF, they may reduce the MEV of certain attacks at the expense of reducing the scalability of the entire system. As more and more people in the BTC system hold different or even opposite political views, it seems that it will only become more difficult to reach consensus without proof of workload.
Perhaps, during this time, technical solutions can be found to further limit the options available to miners, thereby reducing the attractiveness of the attack. One way is to have BTC transactions submitted to a specific block where they become invalid outside of the block. This will make it impossible for miners to restore transactions in the rewrite block, which has two distinct benefits:
  • As miners cannot access previous transactions and their costs, the cost of attacking becomes higher.
  • Since miners are no longer able to attack individual users individually, it is easier to coordinate whether to suspend the Nakamoto consensus. The attacker must choose between rewriting many transactions at a time and not rewriting any transactions.
In addition, we can improve the level of automatic detection of malicious miners' behavior. To deal with an attack, you first need all users to understand its characteristics. The better we can monitor the BTC's system status, the less prospective miners will follow the agreement and the chances of successful escape, including non-consensus attacks such as selfish mining.
Proper user education can also reduce the risk of theft. Every transaction the user receives is not from a miner or a bribery miner, and there is a risk of being attacked by a double flower. If possible, in addition to the BTC protocol mechanism, the use of a traditional legal system can greatly enhance its commercial viability. As long as there is a legal relationship between the buyer and the seller, the seller can treat the transaction as an external commitment through the legal system, thereby gaining additional confidence that the payment will not be revoked.
5.6 Increase the penalties of miners
The low tolerance of BTC users is a powerful intervention in the behavior of miners. When the price responds more strongly to the attack, the BTC should be able to withstand the same level of MEV. If the price is very robust, the attacker's interest bundle must be greater.
The cost of exiting the system is also a balance between BTC price sensitivity and system availability. When the cost is low, exit is relatively easy, because BTC will no longer be the only choice, there is competition between digital assets. In fact, when there are many “micro-chains” that are more vulnerable but allow them to trade freely, the entire digital asset system will become stronger. The reason is that smaller blockchains make it easier for users to quit, and they become a scorched defense against attackers.
Future research direction
At this point, our BTC security model can be extended in a number of ways.
First, you can study the ability of miners to unbundle their own interests from the system. So far, we have conservatively estimated that if miners make large-scale shorts on BTC prices, we can increase their MEVs to reflect this. When there is huge capital, miners can fully hedge their own bundling costs while maintaining the same level of computing power – thus having more potential MEVs. Subsequent analysis can focus on the impact of hedging capital costs on costs and MEVs, and how the existence of deep derivatives markets affects participants' motivations.
Second, previous security analyses may greatly underestimate the potential for small-scale computational miners to respond immediately during an attack or immediately after an attack to defend their bundled interests. Because in reality, the defender is in a free-rolling situation, hash mining at a higher unit cost becomes profitable and the old miner may rejoin the network. In addition, existing mines can be overclocked to increase their efficiency in the short term, but at the cost of mines depreciating at a faster rate. Usually, the user and the small power mine union regard each other as an ally. The dynamic relationship between attack and defense deserves further exploration.
Finally, even if a strong block space market is indeed developed, the BTC's security model will change—in various ways. These changes will affect the choice of miners and users. For example, if each block is accompanied by a very low transaction fee, then selfish mining will be more attractive. The increasingly fierce competition between miners will revolve around “rich” blocks, leading to gaps between transaction fee competition and block production. We strongly recommend integrating the differences between transaction-based systems and distribution-based systems. (End of the article)

The content is for reference only, not as an investment recommendation.

Copyright is strictly prohibited without permission