MIME-Version: 1.0
References: <Ysbp2QclWW7NzfrS@petertodd.org>
 <F6CAB95E-2EDD-42E5-8C80-1E3818D51574@voskuil.org>
In-Reply-To: <F6CAB95E-2EDD-42E5-8C80-1E3818D51574@voskuil.org>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 7 Jul 2022 13:37:39 -0400
Message-ID: <CAJowKg+OP92w+zHjy4T79tMDL5O0gboUEurhBAuWbp+npsv94A@mail.gmail.com>
To: Eric Voskuil <eric@voskuil.org>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000006cfc7d05e33a8b06"
Cc: John Carvalho <john@synonym.to>
Subject: Re: [bitcoin-dev] Bitcoin covenants are inevitable
Precedence: list

--0000000000006cfc7d05e33a8b06
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

> > We should not imbue real technology with magical qualities.

> Precisely. It is economic forces (people), not technology, that provide
security.

Yes, and these forces don't prevent double-spend / 51% attacks if the
amounts involved are greater than the incentives.

In addition to "utility", lowering the block size could help prevent this
issue as well... increasing fee pressure and double-spend security while
reducing the burden on node operators.

Changes to inflation are, very likely, off the table.



On Thu, Jul 7, 2022 at 12:24 PM Eric Voskuil via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
>
> > On Jul 7, 2022, at 07:13, Peter Todd via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> >
> > =EF=BB=BFOn Thu, Jul 07, 2022 at 02:24:39PM +0100, John Carvalho via bi=
tcoin-dev
> wrote:
> >> Billy,
> >>
> >> Proof of work and the difficulty adjustment function solve literally
> >> everything you are talking about already.
> >
> > Unfortunately you are quite wrong: the difficulty adjustment function
> merely
> > adjusts for changes in the amount of observable, non-51%-attacking,
> hashing
> > power. In the event of a chain split, the difficulty adjustment functio=
n
> does
> > nothing; against a 51% attacker, the difficulty adjustment does nothing=
;
> > against a censor, the difficulty adjustment does nothing.
>
> Consider falling hash rate due to a perpetual 51% attack. Difficulty
> falls, possibly to min difficulty if all non-censors stop mining and with
> all censors collaborating (one miner). Yet as difficulty falls, so does t=
he
> cost of countering the censor. At min difficulty everyone can CPU mine
> again.
>
> Given the presumption that fees rise on unconfirmed transactions, there i=
s
> inherent economic incentive to countering at any level of difficulty.
> Consequently the censor is compelled to subsidize the loss resulting from
> forgoing higher fee transactions that are incentivizing its competition.
>
> With falling difficulty this incentive is compounded.
>
> Comparisons of security in different scenarios presume a consistent level
> of demand. If that demand is insufficient to offset the censor=E2=80=99s =
subsidy,
> there is no security in any scenario.
>
> Given that the block subsidy (inflation) is paid equally to censoring and
> non-censoring miners, it offers no security against censorship whatsoever=
.
> Trading fee-based block reward for inflation-based is simply trading
> censorship resistance for the presumption of double-spend security. But o=
f
> course, a censor can double spend profitably in any scenario where the
> double spend value (to the censor) exceeds that of blocks orphaned (as th=
e
> censor earns 100% of all block rewards).
>
> Banks and state monies offer reasonable double spend security. Not sure
> that=E2=80=99s a trade worth making.
>
> It=E2=80=99s not clear to me that Satoshi understood this relation. I=E2=
=80=99ve seen no
> indication of it. However the decision to phase out subsidy, once a
> sufficient number of units (to assure divisibility) had been issued, is
> what transitions Bitcoin from a censorable to a censorship resistant mone=
y.
> If one does not believe there is sufficient demand for such a money, ther=
e
> is no way to reconcile that belief with a model of censorship resistance.
>
> > We should not imbue real technology with magical qualities.
>
> Precisely. It is economic forces (people), not technology, that provide
> security.
>
> e
>
> >> Bitcoin does not need active economic governanance by devs or meddlers=
.
> >
> > Yes, active governance would definitely be an exploitable mechanism. On
> the
> > other hand, the status quo of the block reward eventually going away
> entirely
> > is obviously a risky state change too.
> >
> >>>> There is also zero agreement on how much security would constitute
> such
> >>> an optimum.
> >>>
> >>> This is really step 1. We need to generate consensus on this long
> before
> >>> the block subsidy becomes too small. Probably in the next 10-15 years=
.
> I
> >>> wrote a paper
> >
> > The fact of the matter is that the present amount of security is about
> 1.7% of
> > the total coin supply/year, and Bitcoin seems to be working fine. 1.7%
> is also
> > already an amount low enough that it's much smaller than economic
> volatility.
> >
> > Obviously 0% is too small.
> >
> > There's zero reason to stress about finding an "optimal" amount. An
> amount low
> > enough to be easily affordable, but non-zero, is fine. 1% would be fine=
;
> 0.5%
> > would probably be fine; 0.1% would probably be fine.
> >
> > Over a lifetime - 75 years - 0.5% yearly inflation works out to be a 31=
%
> tax on
> > savings; 0.1% works out to be 7.2%
> >
> > These are all amounts that are likely to be dwarfed by economic shifts.
> >
> > --
> > https://petertodd.org 'peter'[:-1]@petertodd.org
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--0000000000006cfc7d05e33a8b06
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><span style=3D"color:rgb(80,0,80)">&gt; &gt; We shoul=
d not imbue real technology with magical qualities.</span><br></div><div><s=
pan class=3D"gmail-im" style=3D"color:rgb(80,0,80)"><br></span>&gt; Precise=
ly. It is economic forces (people), not technology, that provide security.<=
font color=3D"#888888"><br></font></div><div><br></div><div>Yes, and these =
forces don&#39;t prevent double-spend / 51% attacks if the amounts involved=
 are greater than the incentives.</div><div><br></div><div>In addition to &=
quot;utility&quot;, lowering the block size could help prevent this issue a=
s well... increasing fee pressure and double-spend security while reducing =
the burden on node operators.</div><div><br></div><div>Changes to inflation=
 are, very likely, off the table.</div><div><br></div><div>=C2=A0</div></di=
v><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On T=
hu, Jul 7, 2022 at 12:24 PM Eric Voskuil via bitcoin-dev &lt;<a href=3D"mai=
lto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundatio=
n.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:=
1ex"><br>
<br>
&gt; On Jul 7, 2022, at 07:13, Peter Todd via bitcoin-dev &lt;<a href=3D"ma=
ilto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@l=
ists.linuxfoundation.org</a>&gt; wrote:<br>
&gt; <br>
&gt; =EF=BB=BFOn Thu, Jul 07, 2022 at 02:24:39PM +0100, John Carvalho via b=
itcoin-dev wrote:<br>
&gt;&gt; Billy,<br>
&gt;&gt; <br>
&gt;&gt; Proof of work and the difficulty adjustment function solve literal=
ly<br>
&gt;&gt; everything you are talking about already.<br>
&gt; <br>
&gt; Unfortunately you are quite wrong: the difficulty adjustment function =
merely<br>
&gt; adjusts for changes in the amount of observable, non-51%-attacking, ha=
shing<br>
&gt; power. In the event of a chain split, the difficulty adjustment functi=
on does<br>
&gt; nothing; against a 51% attacker, the difficulty adjustment does nothin=
g;<br>
&gt; against a censor, the difficulty adjustment does nothing.<br>
<br>
Consider falling hash rate due to a perpetual 51% attack. Difficulty falls,=
 possibly to min difficulty if all non-censors stop mining and with all cen=
sors collaborating (one miner). Yet as difficulty falls, so does the cost o=
f countering the censor. At min difficulty everyone can CPU mine again.<br>
<br>
Given the presumption that fees rise on unconfirmed transactions, there is =
inherent economic incentive to countering at any level of difficulty. Conse=
quently the censor is compelled to subsidize the loss resulting from forgoi=
ng higher fee transactions that are incentivizing its competition.<br>
<br>
With falling difficulty this incentive is compounded.<br>
<br>
Comparisons of security in different scenarios presume a consistent level o=
f demand. If that demand is insufficient to offset the censor=E2=80=99s sub=
sidy, there is no security in any scenario.<br>
<br>
Given that the block subsidy (inflation) is paid equally to censoring and n=
on-censoring miners, it offers no security against censorship whatsoever. T=
rading fee-based block reward for inflation-based is simply trading censors=
hip resistance for the presumption of double-spend security. But of course,=
 a censor can double spend profitably in any scenario where the double spen=
d value (to the censor) exceeds that of blocks orphaned (as the censor earn=
s 100% of all block rewards).<br>
<br>
Banks and state monies offer reasonable double spend security. Not sure tha=
t=E2=80=99s a trade worth making.<br>
<br>
It=E2=80=99s not clear to me that Satoshi understood this relation. I=E2=80=
=99ve seen no indication of it. However the decision to phase out subsidy, =
once a sufficient number of units (to assure divisibility) had been issued,=
 is what transitions Bitcoin from a censorable to a censorship resistant mo=
ney. If one does not believe there is sufficient demand for such a money, t=
here is no way to reconcile that belief with a model of censorship resistan=
ce.<br>
<br>
&gt; We should not imbue real technology with magical qualities.<br>
<br>
Precisely. It is economic forces (people), not technology, that provide sec=
urity.<br>
<br>
e<br>
<br>
&gt;&gt; Bitcoin does not need active economic governanance by devs or medd=
lers.<br>
&gt; <br>
&gt; Yes, active governance would definitely be an exploitable mechanism. O=
n the<br>
&gt; other hand, the status quo of the block reward eventually going away e=
ntirely<br>
&gt; is obviously a risky state change too.<br>
&gt; <br>
&gt;&gt;&gt;&gt; There is also zero agreement on how much security would co=
nstitute such<br>
&gt;&gt;&gt; an optimum.<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; This is really step 1. We need to generate consensus on this l=
ong before<br>
&gt;&gt;&gt; the block subsidy becomes too small. Probably in the next 10-1=
5 years. I<br>
&gt;&gt;&gt; wrote a paper<br>
&gt; <br>
&gt; The fact of the matter is that the present amount of security is about=
 1.7% of<br>
&gt; the total coin supply/year, and Bitcoin seems to be working fine. 1.7%=
 is also<br>
&gt; already an amount low enough that it&#39;s much smaller than economic =
volatility.<br>
&gt; <br>
&gt; Obviously 0% is too small.<br>
&gt; <br>
&gt; There&#39;s zero reason to stress about finding an &quot;optimal&quot;=
 amount. An amount low<br>
&gt; enough to be easily affordable, but non-zero, is fine. 1% would be fin=
e; 0.5%<br>
&gt; would probably be fine; 0.1% would probably be fine.<br>
&gt; <br>
&gt; Over a lifetime - 75 years - 0.5% yearly inflation works out to be a 3=
1% tax on<br>
&gt; savings; 0.1% works out to be 7.2%<br>
&gt; <br>
&gt; These are all amounts that are likely to be dwarfed by economic shifts=
.<br>
&gt; <br>
&gt; -- <br>
&gt; <a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank"=
>https://petertodd.org</a> &#39;peter&#39;[:-1]@<a href=3D"http://petertodd=
.org" rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
&gt; _______________________________________________<br>
&gt; bitcoin-dev mailing list<br>
&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bl=
ank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt; <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org=
/mailman/listinfo/bitcoin-dev</a><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--0000000000006cfc7d05e33a8b06--