Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Kamikaze Attack – Block Halving and the Perils of Proof-of-Work
Episode Date: March 2, 2015Is Bitcoin secure from attacks that could destroy the currency? To a large part, this is determined by how expensive it is to carry out an attack and by the potential profits the attacker could genera...te. Ideally, an attack is so expensive to carry out that no profit-driven attacker would engage in it. But in this episode, Brian argues that the cost of attacking Bitcoin will likely decrease in the future and the ability to short Bitcoin and thus benefit from an attack will increase dramatically. Topics covered in this episode: How an attacker would need to go about shorting bitcoin How the kamikaze mining pool could be used to bribe miners to join the attacker Why all profit-driven miners will have an incentive to join the attack, whether or not they believe it will succeed Why the block halving in 2016 could be an exceptionally dangerous time for Bitcoin, since an attack would be cheap to execute and likely to succeed How a gradual decrease of the block reward, instead of the 4-year halving rhythm would reduce risk Episode links: Bitcoin Development Mailing List Thread - Death by halving This episode is hosted by Brian Fabian Crain and Sébastien Couture. Show notes and listening options: epicenter.tv/068
Transcript
Discussion (0)
This episode of Epicenter Bitcoin is brought to by Shapeshift.I.O.
With no account or sign up required, it's the easiest way to buy and sell light coin,
doche coin, dark coin, and other leading cryptocurrencies.
Go to shapeshift.io to instantly convert all coins and to discover the future of cryptocurrency exchanges.
Hello, welcome to Epicenter Bitcoin, the show which talks about the technologies, projects,
and startups driving decentralization and the global cryptocurrency revolution.
My name is Sebastian, Andrew.
And my name is Brian Pribankaj.
train. So today we have a bit of a special episode because one of our guests canceled. So
and next week there's the Inside Bitcoin's conference coming up. I'm going to be giving a talk
on the inside Bitcoin's at the Inside Bitcoin's conference about a topic that I've been thinking
about a lot, which is the economics of proof of work and the security of proof of work. So this
episode today we're going to dive into that. It's your practice run. It's a practice run. Yeah.
But I think it would be very interesting.
There's some, I have this scary attack scenario that I've, it's been on my mind for a while.
There's actually quite a few times I've asked guests about that and they often had like
revances, but today we really dive into that.
So actually what, so this is a topic that Brian is doing a lot of research on.
I'm sort of following from the distance because, you know, since he's sort of interested in
them, taking interest, but I mean, he had to walk me through the whole attack.
scenario before the show in order for me to at least get an idea of what what this entails.
So I'll, so I guess today Brian's sort of the guest. In a sense, I'll be asking him some
questions and we'll try to explain this attack scenario that he, well, him and others have
been imagining. And yeah, so it'll be sort of a way for you to practice your talk and also
for me to get more understanding about this topic, which up until now I had very little knowledge
about. So speaking of
inside Bitcoins, so
inside Bitcoin to Berlin is happening
on the, so this week, that is
Thursday Friday. Thursday Friday, the 5th and 6th, right?
And there's a Bitcoin meetup on Wednesday too. Actually, yeah, in Berlin.
So I'm going to be in Berlin tomorrow
as of Monday or the day that this is released.
Really excited about that. And so if you want to
if you want to go to Inside Bitcoins,
Berlin, you can get 15% off by using the code epicenter IBC, all in caps, epocenter IBC,
and you get 15% off. And so we'll be there. I can't wait to go. So I'm so excited,
I'm so excited to believe, tomorrow. Before we get started to, there's another thing that we
want to briefly mention. So as many of our listeners know, this show started as an entry and a contest
in the LTV network.
we came in second place in that contest that was over a year ago
and at the time we had the opportunity to join the network
we went back and forth with Adam about it
and sort of debated for a long time whether we wanted to do that or not
and at the time we came to the conclusion that it wasn't right for us at that moment
and we decided to stay independent and to do our own thing
we stayed in good contact with LTV and think that they produce really good content
and all the shows there on the network really and successful
So recently when we had Adam on again, we reopened the discussion with him and a lot of people in the common sections were saying, you guys should join LTV.
Where's the magic word? Where's the magic word?
So, you know, long story short, so we decide that we would like now, now that we've sort of established our brand and we've established a show and we've kind of grown to where we are today that we wanted to join the LTV network.
So this show will be the first show on the LTV network since the pilot, actually.
So our show will still be available.
If you listen to the show now, it'll still be available on the feed that you listen to on iTunes or SoundCloud.
We'll be on our own YouTube channel as well.
But we'll now also be on LTV channel, the LTV distribution channel.
So that means there are assess on iTunes and any other podcasts that you listen to the TULS.
you use on their SoundCloud page as well.
I might, no, not the SoundCloud page,
but in their RSS feed and as well in their iOS app.
So we're really excited about that for several reasons.
One, I mean, it's just, it's an opportunity for us to reach
another part of the Bitcoin community that we haven't been reaching so far.
And also to be in touch with the LTV community,
which I mean, is quite a large community,
lots of interesting people,
and there's a lot of discussion happening there.
So yeah.
Yeah. So having said that, so we'll also be doing the magic word as of now.
So pay attention.
Yeah. At some point during the show, you'll hear the magic word.
And then you'll be able to go to let's talkbitcoin.com to sign in and get your listener reward.
So for those of you who don't know how this works, if you don't listen to LTV at all,
I've never heard the magic word concept.
The idea is that as a reward for listening to the show, you get some LTV coin,
Bitcoin is of course Let's Talk Bitcoin's currency, which is built on top of counter party.
Once you hear the magic word, you have seven days to go to let's talk bitcoin.com, sign in,
and in your account, there'll be a place where you can enter the magic word and you'll get part of the listener reward.
It's sort of a way for you to get rewarded for listening to the show, which is what makes the success of the show, really.
And also a way for us to know who's listening and get some analytics and feedback on who's listening.
So we look forward to this new adventure, look forward to growing some more and growing
with LTV and we couldn't be more excited.
Absolutely.
So you were telling me about this attack scenario that is being talked about.
And it's based on what will happen in 2016, which is the block reward will have.
Well, I would put it like this, actually.
The attack scenario that I've been thinking about is sort of a broader, it's a broader question, right?
It's just a question like, what makes Bitcoin secure, and how is the security going to develop,
and what's the risk of an attack happening?
I actually didn't think of it in terms of the 2016 block halving, but I was talking with Jonathan Levin about it a few days ago,
and he mentioned that.
And 2016, indeed, will be sort of an ideal time to execute this attack, but it doesn't,
it's not limited to then. It could happen sort of any time or later to. And if it doesn't happen
then, it could happen some other time. Right. So this attack could happen now. It could happen
in the future. Just the block having gives initial additional incentive to do that. Yeah, it can't
really happen now, but we'll talk about that. So, but maybe to start off,
let's take a step back and figure about, you know, what makes Bitcoin secure. Right. And I mean,
in Bitcoin, sort of the truth or the state of Bitcoin is determined by the longest blockchain,
right? So the longest chain of blocks. And the security in Bitcoin is 100% an economic concept,
right? It comes from the idea that the longest chain is the true chain. And as long as a majority
of the Bitcoin network is honest, then, you know, you can't attack it. Right. So this is a
This is, so it's an economic concept of security because if somebody has unlimited resources,
unlimited money, unlimited hashing power, they can obviously get the majority of the hashing power
and they can be the true chain.
And in that case, sort of all bets are off.
Like you can do all kinds of evil things.
So I think the important thing to realize there is that, you know, Bitcoin security is an economic concept.
It's a concept of cost.
The question is like, how much does it cost you to get the majority of the hashing power
and Bitcoin is secure as long as it costs you so much that nobody has an incentive to do that.
I think that's sort of the core idea of Bitcoin security and also where one can sort of think about is Bitcoin actually secure.
Because of course the question then come up if you think of security in that way, number one,
One, who has an incentive to attack Bitcoin?
How large is that incentive?
And number two, how much does it cost to attack Bitcoin?
Because Bitcoin is only secure so long that the cost of attacking Bitcoin is larger than what you can get out of attacking Bitcoin.
And when that reverses and you start to be able to get more from attacking than the attack itself costs you,
Bitcoin is no longer secure.
Bitcoin becomes very vulnerable to attacks.
And the sort of case, a claim I want to make here
is that I think this is going to reverse this relationship in the future.
And it will be possible to make more money
from attacking Bitcoin than it costs you.
Like today, that's not the case, I think.
Today, it would probably be, you probably wouldn't be able to make more money
from an attack, then it costs you.
But in the future, I think you will be.
So that's sort of the main case.
I think it's a very scary scenario.
I remember recently we had a podcast with Tim Swans
and somebody commented, like,
God, this was so depressing for Bitcoin.
Well, you get another one of those today.
So just to sum up,
the security of the Bitcoin network is based on the cost of attacking it.
And what you're proposing here is
that, well, with you're theorizing, is that that cost, those costs will flip at some point
in the future.
Yeah, right.
So there's the cost and there's the, and there's how much to make from it, right?
Because if it's, if it's relatively cheap to attack Bitcoin, but there's no way to benefit
from an attack, then, well, you can also say it's kind of secure relatively.
Of course, ideally, we would like to have the cost of attacking Bitcoin be really, really high
and the potential payoff be much lower.
And then we could say Bitcoin's really secure.
Yeah, so, well, let's talk about the attack, right?
So there are sort of two parts to the attack.
Number one is you short Bitcoin.
So for those you don't know, shorting Bitcoin essentially means that you make a bet with someone
on the Bitcoin price.
And so, for example, me and Sebastian, we make a back on a Bitcoin price.
and if the Bitcoin price by let's say June 1st is below $30,
Sebastian pays me $1,000 and if I'm wrong and it's above $30,
then I pay Sebastian $100, something like that.
So first, someone, the attacker takes a large short position on Bitcoin.
so that if Bitcoin collapses dramatically the price,
they make a lot of money from that.
And two, you spend money on attacking Bitcoin,
destroying the trust in the currency,
and collapsing the price.
That's sort of the way you would do this.
So the consequence of that also are that you are willing to lose money on the attack.
So it's not, if you sort of look at Bitcoin in isolation,
without the shorting that's happening elsewhere, the attacker is losing money.
He's spending money to undermine Bitcoin, and that's money lost.
He's not going to get it back.
So most often, I think when people thought about 51% attack, they thought about double
spending.
And of course, I think it makes not really a lot of sense, because, you know, what can
you do with double spending?
Yeah, because if there's a double spend attack, what happens is people lose a trust in a network
and your bitcoins are worth less.
You could still imagine that you'd be making money
if the difference between what you've made
and the reduction of the price is still higher.
Or you do it on some exchange
and then you get like 100,000 extra doge coin or something.
But it's, yeah, it's...
I mean, the potential payoff of a double spend on the Bitcoin network
is just, I don't think it's very large
and I don't think it will be very large.
Mind you, that's what most people think about when you talk about a 51% attack.
What gets talked about the most is this double spend.
Exactly.
So people can buy shoes and then get their bitcoins back to buy shoes again.
Right.
But what you're saying is that's very unlikely.
The attack scenario is much more dire than simple double spend attack, which...
Yeah, I think the real danger comes when an attacker does not care about...
that like does not, it's not trying to double spend any money or anything like that.
It's just trying to undermine Bitcoin.
And, and, you know, that's, that's really where it becomes dangerous.
So how would you do that?
So first of all, we need to talk about the short position.
If you wanted to do that as an attacker, you would need to have a short position that pays you out in, in dollars or in some fiat currency, right?
Because if you're kind of destroying Bitcoin, you don't want to then make a lot of bitcoins in the process.
That doesn't make any sense.
Yeah, it would make no sense if you were shorting for Bitcoin and then the price goes like drops.
What are you going to do with that?
Yeah, exactly.
So you need to have, you need to make your money in dollars, for example.
But that's like right now, so I don't think right now this wouldn't be possible.
But in the future, let's say on Wall Street, there are some investment banks that start order derivatives that are based
on Bitcoin, then I could make a contract with some hedge funds, some banks, etc., that pay me
a certain amount of dollars if the Bitcoin price goes below a certain amount.
And then I don't need to own any big ones to have that position, and the other party doesn't
need to own any big ones to have that position.
It's really a counter-party risk then.
Like basically, I trust the other party that they have the ability to pay to make good on their
promise and it's the same thing on my side. So also it means the attacker should probably be
some sort of financial institution, hedge fund in particular. And another way could be, for example,
if there's an ETF, often there's abilities to short the ETF. So if the Winklewurst wins,
get their ETF through, one could maybe short that. Let's say there are some big
companies that go public, Coinbase, maybe they have an IPO, you could short their stock.
And an attacker, ideally, would short all kinds of things, right? Like, you wouldn't have,
like, one party to have a big short position against, but you would have 50 different parties.
So maybe you would do all at the same time. You would short the Bitcoin stock. You would do that,
you do that, you do that, try to get some derivatives to short it. And that way you could
accumulate a large short position that let's say if Bitcoin price solar collapses, you make
500 million or something like that, or maybe less, maybe 100 million is enough to incentivize
an attack. And what's important to realize also is that when we talk about a Wall Street
derivatives market, it's very, it's not transparent. So, I mean, I'm not an expert on that,
but I think it might be possible to accumulate a significant short position
without people knowing about this.
Like it may not drive to be comprised down directly.
At least there will be some delay for that happening,
and you could try to execute part of the attack in a covert way.
And of course, yeah, the consequences, like you can't do this attack today,
because you can't do a big enough short position today.
But I think you will be in the future, right?
So especially if Bitcoin is successful.
I mean, I think that that's the interesting thing about this scenario
and a sort of interesting thing about the larger point here
is that I think Bitcoin may become less secure
as it becomes more successful
because you start having much larger incentives to attack Bitcoin.
So that's sort of the very broad picture
thing. And now we will talk about this kind of like really in depth on how to execute this.
Does this scary, Sebastian, does it make sense roughly?
Well, one thing that one thing that I noticed in here is that so when we think about this
attack scenario, when we think about attack scenarios, I myself in any case, I see it like a point
in time where, in fact, it could take place over a very long.
time. So if there's a Bitcoin ATF or if a CoinDespo is public, people can start shorting now.
So someone who's planning an attack for say in five or ten years, maybe not that long, but sometime in the future, they can start setting that up now by placing short positions against Bitcoin.
So it doesn't look at the point like when they're doing the attack, it doesn't seem like they're doing the attack, you know.
Yeah, I mean, well, yes and no.
I mean, I think to hold a short position, you generally have to pay some money on that,
like at least you reserve capital on that, so it's not free, right?
So I don't think it would make sense, like, to go that far ahead,
but you could have a few months, right?
Like maybe over a few months, you would accumulate a short position.
That's definitely true, right?
So you would do that gradually.
That's correct.
So then how would such an attack be executed?
So basically the attacker would try to control the majority of the network.
And then what an attacker can do,
and there may be several ways of basically disrupting trust in Bitcoin at that stage,
but one sort of very simple way,
which is be to mine empty blocks.
So whenever another miner mines a block,
you go back to your own chain and you keep mining empty blocks.
And the consequence of that, of course, would be that nobody can spend your bitcoins anymore.
So if I try to send Sebastian some bitcoins during that attack,
like my wallet could send out the Bitcoin into the network,
but because the majority of miners are only mining empty block
and they disregard any block, including transactions,
no transaction will ever get into a block.
Of course, how long would it take for people on Reddit to go crazy?
It's like, you know, this is an attack that would be executed in the open.
You know, you would tell people about it.
You would show it to people.
And the very point would be the panic that ensues.
So there are basically, so at this stage, that's sort of, you know, the broad picture,
the broad picture situation so you're shorting so you're shorting Bitcoin on one side you
on in the on the Fiat world I guess okay with dollars or whatever and you're leveraging a large
you're controlling a large portion of the network to mine empty blocks so the
transactions don't don't go through and the consequence of this and the like you said
the panic and the mayhem is that people try to sell their bitcoins on exchanges and the price
goes down yeah because the point is uh you would still be able to trade bitcoin on exchanges because
of course off chain right so like somebody on uh coinbase exchange or on bit finax or on on all these
other exchanges at least the conventional exchanges would still be able to trade their bitcoins
So you could totally have people selling the coins.
You just couldn't get that.
Right.
So it's a little bit similar.
It could be a bit of a similar scenario as it happens with Mount Cox.
You know, where there was that other thing, Bitcoin Builder, it was called,
where you could trade Mount Gox coins, even though you couldn't access them and you couldn't move them.
So this would be a little bit similar.
So, you know, maybe I could still trade the coins on some exchange.
without being able to withdraw them.
And the hope, I guess, of those people trading the coins would be that, you know,
once you're able to withdraw them again, they would recover in value or something.
But of course, that's...
It would be very scary.
It also means that only the people would be able to trade the coins
that already have them on an exchange, right?
Everybody who holds them in wallets elsewhere
wouldn't be able to do that.
Now, where does the...
How does the block happen?
having the block reward having fit into this scenario.
Because that's sort of the amplifier that really makes it that much more interesting.
That's true.
Well, actually, let's talk first about the mining pool, right?
So, because one of the...
So you had this idea about what you call the Kamikaze mining.
Right. So the mining pool basically,
so the issue here is as an attacker, like buying 51% of the mining power,
you know, it's actually, it may be complicated, you may not have access to that, right?
So one way of dealing with this situation is that you try to bribe people to join your attack.
And so you create your own mining pool that pays people to mine with you and mine all these empty blocks.
So let's say I as an attacker only have 30% of the hashing power,
I can pay other people to join me and attack Bitcoin that way.
And the point is that I can pay way more than other mining pools,
because I'm making money on the short.
So I could say I pay each miner who mines with me 10 times as much
as if you mine with another pool.
So from sort of a game theoretic perspective,
where we've pulled up the situation,
like it looks like this.
As a miner, I now have the choice.
Do I mine with the Kamikaze pool
that's attacking Bitcoin,
or do I not mine with that?
If I not mine with that,
I just have my usual, you know,
my usual reward.
And then, you know, if the attack succeeds,
then I am pretty fucked, right?
So first of all,
my mining hardware has become worthless.
Second of all, I only have my minimal block reward.
Actually, not even, right?
Because if I mine a block,
it gets undone by the mining pool.
So I actually make zero.
This is slightly wrong.
And if the attack fails, well, then, okay,
I still have my mining hardware.
It's still worth something.
And I had the minimal reward during that time.
But if the attack succeeds and I mine with the pool,
okay, the mining hardware I own has become worthless,
but I have made, you know, 10 times as much money.
And another scenario would be that attacks fails,
but I mined during the time of the attack with that mining pool.
And the attractive thing there is that, on the one hand,
my mining hardware still has some value,
because now the attack is gone, the attack is gone, failed,
and I can still make money from mining bitcoins.
And I also got paid for participating in the attack because of course I can join or get out of the attack at any time.
So that's and of course what we do see here is that in either case, whether or not I believe as a minor,
let's say I'm a minor and I have 1% of the hashing power, I'm always better off joining this attack whether or not it succeeds or not.
Now, so the person of the party coordinating attack would need to pay those miners.
So we brought this up before when we were talking about it.
So how would they pay them?
The options they have, I guess, is to pay them with Bitcoin.
They also can pay them with Fiat through bank transfer.
They could pay them through PayPal, presumably.
But if they try to pay them through Bitcoin, the whole point of this attack is to get the
Bitcoin price down.
Yeah.
For the miner who's taking part in this kamikazic pool, there's no incentive there.
So they would have to pay them in some other, by some other means.
Yeah, no, this is a great point.
I mean, we mentioned perhaps paying them with an alt coin.
But one could imagine that if you undermine the whole security of Bitcoin as a system,
you could also, that would probably undermine.
Absolutely.
Cause the price of all coins to also go down.
So, no, it's a great point.
And that's, I think, not a trivial problem.
is like how would the attackers pay people to join because you're correct?
Like if you pay people with Bitcoin, you know, what's the point?
I mean, you could in theory imagine that they pay with Bitcoin because the attacker could
still put in transactions in the block.
So you could still pay them with Bitcoin.
You could even imagine that you pay them into their exchange address if they have an exchange
pay-in address.
But then maybe the exchange would block those.
so not so great, right?
So you'd want to pay them outside of the Bitcoin network.
That's true.
And presumably since this is all unregulated,
which you're pointing,
what you were saying, pointing out earlier is that this is actually legal currently.
I mean, it wouldn't be illegal to do this.
So using traditional financial payment systems like fiat or like bank transfers
or Western Union or PayPal or something else would feasibly,
like considerably feasible to be feasible.
Well, I was thinking about this before.
after you mention it, because you're certainly right,
it is something that would need to be done somehow.
One way, perhaps, to do it.
So if you mine on this Comic-Colicy blog,
of course, you will have some sort of cryptographic proof
that you've done, Zoe, right?
You could, like, this should be possible
to approve cryptographically
that you've provided a certain hashing power
for a certain time there.
So one thing you could do as an attacker,
let's say maybe some of you are aware
of a thing called codeo,
So it's basically some sort of Oracle things.
So you have a bunch of servers
that verify if something is true
and then it executes something.
We can think, or similar to an Ethereum contract.
Let's think as an attacker I would put up an Ethereum contract
where automatically if anyone puts in,
submits the proof
that they've mined on my attacking pool,
they get paid.
Now, I don't know if your theorem is going to be working,
etc.
But if not, Codius is a ripple project.
So maybe you could use Ripple for that.
There should be some way to do it.
At the extreme case, because this is legal,
I think,
you could, for example,
have a law firm make some sort of public
statement that anybody who submits proof that they've worked on the pool get paid and there could be
some sort of proof of that the money is there. It seems kind of unlikely though. Why not?
I mean that what law firm is going to participate? Oh, plenty. There's no problem to be any problem.
I mean, I think in Germany, one common thing is like these law firms who send letters to everyone
threatening them that they need to pay money because of,
of supposedly illegally downloading file.
I mean, there's all kind of,
you will not have any problem finding a law firm for this.
But the disadvantage of this would be that
ideally you have a totally trust list.
The advantage would be if you pay people joining your pool
in Bitcoin is that they immediately get the payment.
They see you're not lying.
They see you really are paying for that.
Whereas if I had some law firm make that declaration,
you need to have some trust that the law firm then will really pay.
So ideally you have this trustless so that anybody joins in the pool
knows that they're actually going to get paid for joining in that.
So having some sort of cryptographic thing would be better.
So I think code use might be one way.
So you have basically people submit the proof that they've joined the attack.
And then they get paid some money on the ripple network or in some other some any other
Crypto currency network would probably suffice and ideally you know if it's let's say
ripple network they could pick they're paid in in US dollars right or something like that
right okay well there's lots of components to this and there's definitely more to come
so we'll talk about the black reward having a part of it and just met before we do that
we'd like to talk about shapeshift.
Shapeshift, as you know, is the fast and easy way to convert your alt coins into Bitcoin
or vice versa.
So they support, well, they're adding new coins all the time.
I'm looking at their website now.
They have unobtanium now as a coin.
Unoptainium.
It sounds very hard to get.
It probably was unobtainable until Shapesh showed up.
Exactly.
So now you can trade your bitcoins for an obtanium.
Who would have thought?
Who'd have thought you could ever obtain an opinion?
Now they're going to have to rename it to obtainium.
Yeah.
So, ShapeShift is the Google Translate of Currency Conversion Tools.
So you just go to the website.
You choose the currency you want to convert,
and the currency you want to convert to.
You put the payment address, and you just send the payment.
And in a few seconds, you get whatever currency on your wallet.
And so last week, we talked about one of their tools, which is ShapeShift Lens.
Today, I want to talk about another tool that,
they've developed called the Shifty button.
So let me just share my screen here.
I love the name by the way.
All right, so if I'm looking here on the,
so I go to ShipShift.io, I click on Tools,
and I've got the generator here for the Shifty button.
So basically what this allows you to do
is to integrate Ship Ship Ship right into your website.
And I'm gonna show you how it works,
because I've added it on our donations page.
So here, if you've ever been to our donations page,
we used to have a light coin and,
Dogecoin address but we don't even need that now just because I can use this
this shapeshift button so what I've done is I've went on their site I've copied in
my destination address didn't specify an amount I generated the code and I'm gonna
grab my Bitcoin address put it here generate code and so it gives you this
this blob of HTML code JavaScript
you paste it into your website, in our case we're using WordPress,
and we get this pay with all coins button, which is really great.
You just click on it, you get the shape-shift window that comes up,
and it allows you to send whatever, to send a donation to the Bitcoin address in whatever coin you want.
So in this case, you can say...
Unoptanian.
Unoptanium. You want to tip with Unitanium. You can do that.
You can give an email address.
I believe you have to plug in their API to get that information, but if you can just you can
just tip like this, you can submit, that will generate the QR code, which you will send
your unattainium to. And in just a few minutes, that will get converted back to Bitcoin and
send out our address. So this is a great way for you to diversify the types of coins that you
accept for payment, for example, an e-commerce website or just in our case, as we're doing,
for tips. So head up to shape.io, give it a try, and we'd like to thank Shapeshift for the support
the website of Bitcoin. And if you want to if you want to donate some of that on
obtainium that you've worked very hard to obtain, you can do that on our website
now, finally. Exactly. Yeah. Put that on obtaining it to good use. So let's
talk about the the last component to this attack scenario, which is what I guess
kind of tips the scales and makes this
all possible makes this all profitable at least possible from an economic sense well i i you know
the thing is i think this can be uh profitable from an economic sense in any case i think in any
case this is a very big danger but then i was i was running uh with jonathan levine through this
some of you may know jonathan uh jonathan he's been on the podcast before uh i think maybe twice or
something. And he was the CEO of coinometrics until recently. And so he's very, you know,
very smart guy and really understands a lot of this sort of economic issues from Bitcoin.
So when I was talking to him about it, he mentioned, oh, you know, but you know, the block
reward having would be the perfect time to do an attack like this. And I hadn't even photo
it in that context, but then yes, so that's, he's very much right, that this would be the perfect
time to execute an attack like this.
So, and it would be dangerous time for Bitcoin, I think,
when the block reward halving happens.
So as all of you will know, the Bitcoin block report
halves every four years, right?
It started off with 50 bitcoins originally.
Then after four years, so that was in 2012, I think.
I think, so it must have been the end of 2012 or something,
it dropped from 50 to 25 and currently for every block
a minor gets 25, and then in 2016,
it's gonna half again to 12 and a half.
And so it's gonna keep going like that,
basically until it's zero.
And so what are the consequences of that?
Of course, the consequences of that is that for a minor,
it dramatically decreases your revenues
from like one day to the next.
Because like, you know, let's say it's 2016,
the block reward, half things happens now.
So today, I'm making 25 bitcoins per block.
Tomorrow the same block being mined,
I only make half as much.
And this will immediately render a large portion
of the mining market unprofitable.
So I think today estimates are that miners spend about 80% of their revenues on electricity.
So if this happened today, a block we would have having, right?
So we would have, for every $100 a miners earned, he was spending 80 on electricity, and $20 was spent to like amortize the hardware and for profit.
So if you had the block we were having today, that $100,000.
would go down to $50, and each miner would lose $30.
You know, for every $100, they have revenue,
every $50 have revenue now, you know, they would lose $30.
Of course, what are the consequences of that?
It's not very hard to imagine.
People would turn off their hardware, right?
So a lot of people would turn off their hardware,
which would have two consequences.
The first one is that the difficulty,
or the hash rate would dramatically collapse, right?
So you may have from one day to the next,
maybe 30% of the hash rate would go away
or maybe even more.
And the other thing is that
now you have all this mining hardware
that has essentially become worthless.
Because as a miner, let's say I was making
a little bit of money with my mining hardware.
Now the block rewards collapsed.
I'm making zero.
like this is standing around here, you know, it's basically worthless.
So what are you going to do?
You're going to put it on eBay.
Yeah, put it on eBay.
Put it on eBay or put it on eBay or I could mine with it if some attacker comes in and says,
I pay you anyway.
I pay you 10 times as much, you know, like, so all of a sudden you may have the choice
between this being totally worthless and someone's still paying you for it, right,
paying you to join that attack.
So, so that's, so those are the,
two components that are going to make this very dangerous time is that one is the hash rate is going to collapse
and two is that a lot of cheap mining hardware and cheap hashing power will be up for sale and
of course it's not like everybody's going to stop mining right because some people have different cough structures
right like some people will get free electricity if you if you're like the son of some governor in china and like
you can get like the government to pay for your electricity, you will keep mining because like
your marginal costs or maybe zero or very close to zero.
So but but for others it would be different right like anyone in
Anyone with a higher electricity cost will probably have to stop mining
Today's magic word is security S-E-C-U-R-I-T-Y head over the let's-talk bitcoin.com to sign in
enter the magic word and claim you're part of the listener reward.
Now, this incentive to stop mining when the block reward has,
does the Bitcoin price have any influence in that at all?
Like, is it different if the Bitcoin prices at $1,000 or $10,000 or is it completely independent?
Well, it's kind of independent, right?
Like, I mean, what matters is, what really matters is what percentage
of your revenues you spend on cost.
Like, you know, how much margin do you have?
Because let's say for $1,000 revenues you make with your miners,
like your costs are only $100.
Now, if those thousands go down to 500, well, that's bad,
but you're still gonna keep mining, right?
Like, it's not like, I mean, you may be less happy about it,
but it's not gonna change so much.
But it's very different if your costs are a large percentage of your revenues.
And we should also mention, of course, what matters here is how much money are managed making from transaction fees?
Because today it's basically nothing.
Like today, it's a very, very small percentage.
I don't remember how much it was, but it's definitely much less than 5%.
I think maybe 2% or even less.
So if this happened today, miners would basically lose almost 50% of their revenues.
Now, in 2016, maybe it's going to be different, right?
Maybe miners make 30% of their revenues.
Or let's say miners made 40% of their revenues from transaction fees.
Then this wouldn't be quite so terrible.
right so let's say for a hundred dollars
before the block reward half in 2016
they make $60 from the block reward
and $40 from transaction fees now the $60 get halved
right so even minus would lose 30% of their revenues
so it may be something like that I don't know
so it will probably won't be quite 50%
at least if transaction fee revenues increases
but it will be very very substantial
So I don't think there's, you know, I don't think transaction fees are going to be like 10 times the size of the block report.
There's absolutely no sign for something like that happening.
Okay.
So if we just bring that all around.
So you've got all the components.
So one is the shorting.
So you short Bitcoin.
You short the Bitcoin price going to go down.
Second component is controlling all.
large part of the network and that becomes possible when a lot of the miners are turning off
their hardware so the hash rate goes way way down it becomes a lot more easy for anybody to get 51
or more and on top of that you've got all these miners with with hardware that's sort of no
purpose that they can rent or sell to a potential attacker and those are sort of three pillars
that make this whole attack exactly and I think the interesting thing about
the value of the mining hardware dropping and the block reward dropping. The point is that
even if you still can profitably mine after the block reward having, your hardware
has still lost a lot of its value, right? So even if even if I would still keep on
mining, I would still be willing to sell it for much, much cheaper because I'm making
a lot less money. Now, to be honest, there is sort of one thing a friend of mine has mentioned
is that to some extent miners will anticipate this, right? To some extent, minus will know
the block reward is going to go down, so I'm going to invest less in hardware. So we may see
some decline in investment, we will see some decline in investment, you know, in the six
months or something like that before the block reward halves. So that will, you know, mitigate this
a little bit. So it may not be quite as bad. You know, maybe then the drop in the hash rate will be
30% instead of 40% or something like that. But there's going to be a significant drop. I don't think
there's any way sort of around that. So one thing that comes to mind when talking about the
block reward having is that, well, this happened before. We had a block reward half in 2012.
you mentioned, why didn't it happen then? What are the differences? How is the Bitcoin network
and ecosystem different now than then? Why wouldn't we have seen that scenario a couple years ago?
Yeah, no, it's a great question. I mean, actually, I should give also some credit here
to a guy named Alex Misra, something like that, because there was a, there's an interesting
threat on the Bitcoin Dev mailing list on this.
on the block we wrote halting.
And that was one of the answers
of Gavin Andreessen. It's like, well, didn't we see that in 2012?
Nothing happened.
And I don't think the situation is comparable at all
for a few reasons.
So number one is there were no ASICs in 2012, right?
So it was a very different mining environment.
You know, people were mining on having GPUs probably.
I'm not even sure, but like,
so it was a different environment.
Mining was also less profit.
oriented, right? I mean, this was still a time when people were like mining at home and all that stuff.
Mining with their own like self-constructed hardware and a lot of Bitcoin enthusiasts were mining.
This has already been changing dramatically, right? I mean, today mining is sort of a for-profit
business. I don't think there are a lot of sort of Bitcoin enthusiasts left to mine just for
the fun of it. It just doesn't make sense financially. Also, I think the profit
margins are different. You know, back then, I guess it's hard to know. I'm not sure how it was back
then with the graphic cards and all. But, you know, today, what we are seeing is that the cost
of mining are becoming higher versus revenue. So it's getting very tight, right? It's a very competitive
market. And I think that's going to increase even more until 2016. So people will have a tight
margin, tight profit margin that makes this more vulnerable. And then the last point, which is very
important is that in 2012, there was no weight of short Bitcoin. You couldn't take a short,
a large short position on Bitcoin. And I guess that's one more thing. I don't think there was a way
to rent mining hardware remotely, right? Because what is going to happen is you're going to have
data centers that have mining hardware in it and anybody can sort of rent the mining hardware,
the hashing power and directed through the pool they want to,
whatever they want,
without actually being there and getting the hardware shipped
and all of that stuff, right?
So you wouldn't have to do that.
In 2012, there wasn't a way to do that.
So I think on many, many levels,
it will be a very different situation from 2012.
And just because nothing happened in 2012,
I don't think that in any way
proofs or indicates that nothing will happen in 2016.
So I'm reading through this, I read through it.
It's very interesting.
And so this is very polarizing.
It's one of those issues that is very idealistically charged.
In a sense, like many issues, I guess, in Bitcoin.
So we'll put the link to this thread
the show notes. I recommend anybody who wants to learn more about this read it. So Jeff Garzik responds
with the argument that the hash rate market is becoming, is maturing into the direction of
financial instruments where the owner of the hash power is not necessarily one receiving the
income. They're becoming tradable instruments. So there's a complexity of, so mining is not
just this sort of simple like one person mine, one person gets the revenue model. It's
becoming some much more complex than that as we add more layers to hedge risk.
What do you think?
How do you think that plays in this scenario?
I think that answer doesn't make a lot of sense, to be honest.
I mean, if anything, if mining becomes more tradable and all that, it increases the scenario
for this, right?
So that makes it much more likely because then you're able to, like, acquire all this
hashing power without actually having to physically own it and physically move it and everything.
So I don't think this is a deals with the issue at all.
I mean, of course there are some things.
We said, I think something Adam Back brought up in the podcast we did on side chains
was that, you know, in the future, let's say we have big banks getting into Bitcoin.
Then they could operate or they could buy some hashing power and say,
you know, we operate that just to keep Bitcoin secure.
So they're not trying to make money with that, but maybe they're trying not to lose money,
but not so important for a big bank to say like...
It becomes an operating expense.
Yeah, it's just like, it's sort of like a donation, I guess, to the Bitcoin network
that you say like, oh, we put in some money to keep Bitcoin secure and we're okay
with losing money and that or not making money.
And of course, that is very much true, right?
So if we have miners who aren't profit-oriented,
So the same may be true for some people who just love Bitcoin, right?
They may say, I'm not joining this attack because, you know, because I care about Bitcoin
and I just don't do that for moral reasons or for reasons of altruism.
And that can offer some protection, right?
So I think that that would be one way to protect it.
And I guess in 2012 also that was much more the case.
So the Kamikaze scenario, the only thing protecting us from the government,
common-kazi scenario is people loving the Bitcoin ecosystem, not wanting it to fail.
If they have any economical incentives, then they would definitely go for...
Well, and there's, I guess, another thing.
I think, I don't know, we talked about it briefly before, is to some extent,
centralization is a protection against this, right?
Because let's say in the extreme case...
That's a bold statement.
Please explain.
Well, I mean, I'm not saying it's positive for Bitcoin, right?
Of course, we don't want Bitcoin to be decentralized.
But in this case, centralization would actually offer some protection.
Because let's say a Bitfury owns the majority of hatching power.
Like, they completely control Bitcoin mining.
And now I'm going to try to attack Bitcoin that way.
Well, of course, it's not possible to do it unless Bitfury joins the attack.
But would Bitfury join the attack?
No, of course not, right?
because their whole business is like the Bitcoin thing,
and they're not going to destroy your own business.
And, you know, I mean, that's the extreme case
if there's one party, but let's say three different companies
control the Bitcoin network.
And they all sort of cooperate with each other,
know each other.
Then as well, if these three companies talk with you just like,
yeah, no, we're not going to do that.
you know, so that can also be protection, right?
So if there's a small circle of companies controlling Bitcoin mining,
you know, the chance of this succeeding is definitely lower.
Well, which is the case now, I would say, no?
Now, yeah, I don't know how it would be now.
It might, yeah, you might be right.
I'm not sure.
I think it may be somewhere in the middle, right?
And actually, then you get sort of tricky, right?
Because there's, at the extreme end, if it's very centralized,
it would probably protect from an attack like this.
If it's very decentralized, let's say if Bitcoin users themselves own the hardware,
it may also protect from it.
But then if it's somewhere in the middle, you know,
if there's a lot of like sort of, if there's some sort of oligopoly of 20 companies
who all sort of distrust each other and like, then again,
maybe it's more possible, right?
Because you can directly bribe people.
There's a few people to talk to beforehand, maybe.
So, yeah, and of course, the point is more,
we don't want Bitcoin security to depend on centralization, right?
Like, that wasn't the point, right?
The whole point was decentralization.
So if Bitcoin security relies on it being more centralized,
you know, that's not what we want it.
I mean, then it's like ripple, right,
where ripple controls, you know, all the nodes.
That, of course, is also secure against an attack.
Like somebody can't just go take over the ripple network
because ripple controls the ripple network.
But then that's one of the criticism always for ripple is that,
well, it's centralized.
So you have another topic here in the rundown.
I don't know how this ties into,
but security versus security state at-stake ratio.
Can you explain?
Yeah, I don't know if that's always a well-phrased term, but I guess one way also to think about the security of Bitcoin, right, is that you sort of have this ratio of what does it cost to attack?
What does it cost to take over the majority of the hatching power versus how much could one potentially gain?
So how much is like secured by the blockchain?
So the sort of, of course, most obvious thing is Bitcoin itself, right?
So the value of the market cap of Bitcoin.
So we would want for Bitcoin to be secure, we would want the cost of attacking be as
as large a proportion as possible of the market cap of Bitcoin.
I mean, ideally, you know, if it cost you $3 billion to attack Bitcoin and Bitcoin
itself is only worth $3 billion, you know, that would be pretty high to.
of security. But especially with some the way some people see Bitcoin evolving, we would have Bitcoin
not only secure the currency itself, but secure all kinds of other things. And to some extent
we have that already, right, like a counterparty, master coin assets, those things are all secured
by the Bitcoin blockchain as well. So those things could also increase.
the incentive to attack Bitcoin.
And there was a nice episode recently of Beyond Bitcoin's with Meja Roy.
I think we're going to have here as well sometime with the Internet of Money.
And he mentioned something.
He talked about this as well.
So there's the idea, for example, let's say people start having a stock exchange that
is traded with the Bitcoin blockchain or something like that.
And then Apple stock is secured by the Bitcoin blockchain.
Well, but Apple's worth $600 billion, right?
Like, how much of an incentive does that create to attack Bitcoin if, like, you know,
you can attack Apple stock somehow or like, I don't know, double spend Apple stock or like,
you know, you could add those things on top.
So one of the issues with, I guess some of the ideas that the sidechains guys have of, like,
the Bitcoin blockchain security.
a really wide range of things is that that also increases the incentive to attack Bitcoin, right?
So how can you keep Bitcoin secure if you go in that direction?
It's not clear to me, really.
So this is all very comforting news, Brian.
Is there any other scenario than this like doomsday scenario where Bitcoin just disappears
because it's not secure?
what are some other scenarios that we can that we could postulate when this block having
block or having happened well i mean one thing i was thinking about and and maybe some people
who know this better can correct me here but to me it just seemed like this is a little bit of a
design mistake like why why every four years like why isn't it not continually decreasing why is it
not every week.
Why doesn't the block reward
increase every week, but I don't know, half a percent
or whatever it works out to?
I'm not sure.
Maybe there's some thinking behind every four years.
Would that change anything?
That wouldn't change the fact that you're,
at some point, the cost of running mining hardware
is going to be below what it costs you to,
what you're receiving it in terms of rewards.
It would change things because you don't have to,
from one day to the next, like dramatically, this huge transition where from one day to the next,
mining hardware loses a lot of value and becomes the hash rate drops, all of that.
You wouldn't have that, right?
It would be much more gradual.
So this, this like sort of perfect storm of now it becomes really cheap to attack Bitcoin
and the difficulty, you know, the hash rate collapses.
Like that's something that you wouldn't have then.
So, I mean, one thing that I was thinking about is like, well, maybe one could change that.
It also doesn't seem like that controversial change, right?
Because it's, it can still keep the 21 million.
You can still have that sort of decrease.
Like for miners, it should actually, I don't see why it would be a big disadvantage for miners.
I don't think it would be a disadvantage to all, actually, and it would somewhat increase Bitcoin security.
Now, it wouldn't be like a.
complete solution right i mean i did think of this attack scenario actually before i thought of the
the block halving situation but but it would definitely i would definitely lessen the chance of this
happening has anybody else that you know suggested something like that i think someone mentioned in
that bitcoin dev uh thread someone mentioned that idea but you see i think that's one of the
problem with things like that like we can talk about this now sort of theoretically
And I'm sure some people will give us reasons why this is not likely, right?
I'm sure some people will say, but no, it will be different.
And like people will, some people will disagree with me.
Some people will say I was wrong here.
And maybe I am, you know, like we don't know.
So, and I think the danger always with things like that is that we don't do anything until something happens, right?
because like it's just an abstract scenario right now and then if something happens it is you know it's too late
so that's that's one thing i've been thinking about is that you know maybe one should have a more
proactive way of thinking some of the some of these issues and maybe one should not view them as so like
set in stone right like bitcoin was defined like that with sotoshi and it's going to stay like that
like those fundamental design periods.
Maybe one would say like, oh, we re-examine that
and maybe make some changes.
Well, one thing is for sure is that now that you've
sort of laid out this attack vector,
this attack scenario,
I mean,
now somebody could seemingly try to do that.
Well, I mean...
So talking about it, something makes it possible.
I don't think this was like,
this is like a creative enough idea
that somebody wouldn't, like people wouldn't think of it anyway.
like most of these things are not original right the block halving i don't know if this mining pool
it's not it's not an unusual idea so yeah i don't think i don't take the credit of having come up
with something very original here you're going to take responsibility for bitcoin failing right
yeah because it's episode 16 episode of bitcoin yeah yeah no so i don't think it will be that you know
this is this will be obvious but you know
So in the end, you know, there's George Soros, no, made, made like a billion pounds or something
in the 70s by shorting the British pound.
And, you know, he got this reputation.
It's like, you know, the man who broke the pound.
Once we start having this being really traded as a financial instrument, I mean, hedge funds
constantly try to, like, short markets and break them and, like, rig them and et cetera, et cetera.
You know, like, and this is, this would just be another thing like that, you know.
I mean, I think we are sort of protected at the moment because Bitcoin is like isolated from the rest, right?
It's isolated from the financial system.
But it won't be forever, at least not if Bitcoin actually lives up to its promise and becomes more successful.
But I think that at least having this discussion is very valuable.
I mean, a lot of people, like when you read these mailing lists or when you read Reddit and people bring up topics like this,
It just gets so polarized into like, you know, the people that sort of are ideologically charged, their discourse is ideology charged, and others were, you know, sort of having more realist view of things.
And there's an officer there saying, we shouldn't even talk about this because it's pointless, but no, it's not pointless.
These are real problems that we need to get through.
Yeah, and you're right.
And the other thing, I guess, is there are so many things to work on with Bitcoin, right?
There's like so many, so many construction sites going on, so many things that need to be improved.
And so the question is like, do you now prioritize trying to prevent some potential disaster scenario a few years down the line versus like working on these immediate problems right here?
And that's a very difficult tradeoff to make.
And I think people always favor that thing that's right here in front of them.
And we tend to, I think we as human beings tend to sort of ignore and put off the
thing, the threatening thing that maybe is further down the line and isn't immediately visible
or urgent right now.
So I think that is a challenge here.
Yeah, absolutely.
Well, it's a very interesting topic.
And I look forward to seeing your talk in Berlin.
Yeah, yeah, absolutely.
And yeah, if you come to the conference, listen to this show, and then get in touch, we'd love to meet up.
Yeah.
So there'll be a meetup on Wednesday night.
Right.
There's a meetup on Wednesday night.
You're going to give a talk.
I'm going to give a talk on Bitcoin in France.
It's going to be very short.
No, I'm kidding.
No, I'll be giving you a talk on what's happened in the past year in terms of Bitcoin, startups, you know, what's happening in France.
There are some things happening.
I've found some things to talk about.
Good, yes.
So, yeah, is you then Flavien Chalon, who we've also had a home from Coin Prism?
He's going to give it talk.
He was also French.
Also French, yes.
Yeah.
Yeah, so we are getting touched.
Also, if you want to meet up at the conference, you know, you can't make you meet up or something for coffee.
Like totally.
Yeah, definitely.
I can't wait to leave tomorrow.
I'm like, so excited to be going to go into Berlin for a week.
you know just kind of changing
um changing
environments and uh being at the bitcoin center
and meeting everybody there it's going to be
a very interesting week and very
I think it's going to be very inspiring
I hope so yes
I hope we'll come out with lots of good ideas
and how to how to improve the show
and what kind of things we can do in the future
absolutely yeah
yeah also um
look forward to that
look forward also being back next week with another episode and thanks so much for listening to the show.
You know, there was one thing in my talk, I have just like disclaimers.
Like, oh, I'm going to talk about something.
But by the way, I need to make some statements here first.
Like, I still believe in cryptocurrencies.
This is still going to be great.
Like, so I'd like to say those things too.
I haven't even bought.
I haven't even sold any bitcoins.
Yeah, so thanks so much for listening.
You know, we'll be back next week.
If you want to follow us on Twitter, we're at Epic Center BTC.
You can also give us a tip in unobtainium, light coin, dark coin or whatever other currency using the shifty thing.
Or the episode of Bitcoin.com slash tips.
And, you know, you can subscribe to a newsletter, episode of the Bitcoin.com slash newsletter.
See you then.