MIME-Version: 1.0
References: <CAJowKg+OP92w+zHjy4T79tMDL5O0gboUEurhBAuWbp+npsv94A@mail.gmail.com>
 <8438F081-D085-4491-8C1C-4D83FFC7DE84@voskuil.org>
In-Reply-To: <8438F081-D085-4491-8C1C-4D83FFC7DE84@voskuil.org>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 7 Jul 2022 17:11:47 -0400
Message-ID: <CAJowKgJGfkdCjWUnUyWZ9rgnWFOVYg=aizBwC2wEbMxohRMvZg@mail.gmail.com>
To: Eric Voskuil <eric@voskuil.org>
Content-Type: multipart/alternative; boundary="000000000000338c4905e33d89fc"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
 John Carvalho <john@synonym.to>
Subject: Re: [bitcoin-dev] Bitcoin covenants are inevitable
Precedence: list

--000000000000338c4905e33d89fc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

The relationship between block size and fees is not remotely linear.   In a
restricted environment, the fee rewards are much higher.

**the ones moving more sats will win the top spots and will pay as much as
is reasonable**

Smaller blocks produce better security for the network both in validation,
and in fees.

Without a bidding war for space, everyone can post 1 SAT/byte

With a bidding war for space, larger transactions will pay much higher
rates.   There have been a number of papers written on this but you can
concoct a trivial example to prove it.


On Thu, Jul 7, 2022 at 3:58 PM Eric Voskuil <eric@voskuil.org> wrote:

> It=E2=80=99s not clear how reducing block size changes the fee aspect of =
the block
> reward. Assuming half the space implies twice the fee per avg tx the
> reward remains constant.
>
> Any additional cost of processing more or less bytes would not matter,
> because of course this is just a cost that gets nulled out by difficulty =
=E2=80=94
> average profit (net income) is the cost of capital.
>
> The reason for smaller vs. larger blocks is to ensure that individuals ca=
n
> afford to validate. That=E2=80=99s a threshold criteria.
>
> Given unlimited size blocks, miners would still have to fix a point in
> time to mine, gathering as much fee as they can optimize in some time
> period presumably less than 10 minutes. The produces a limit to transacti=
on
> volume, yet neither reward nor profit would be affected given the above
> assumptions. The difference would be in a tradeoff of per tx fee against
> the threshold.
>
> Given Moore=E2=80=99s Law, that threshold is constantly decreasing, which=
 will
> make it  cheaper over time for more individuals to validate. But the
> difference for miners for smaller blocks is largely inconsequential
> relative to their other costs.
>
> Increasing demand is the only thing that increases double spend security
> (and censorship resistance assuming fee-based reward). With rising demand
> there is rising overall hash rate, despite block reward and profit
> remaining constant. This makes the cost of attempting to orphan a block
> higher, therefore lowering the depth/time requirement implied to secure a
> given tx amount.
>
> These are the two factors, demand and time. Less demand implies more time
> to secure a given amount against double spend, and also implies a lower
> cost to subsidize a censorship regime. But the latter requires a
> differential in reward between the censor and non-censoring miners. While
> this could be paid in side fees, that is a significant anonymity issue.
>
> e
>
> On Jul 7, 2022, at 10:37, Erik Aronesty <erik@q32.com> wrote:
>
> =EF=BB=BF
> > > We should not imbue real technology with magical qualities.
>
> > Precisely. It is economic forces (people), not technology, that provide
> security.
>
> Yes, and these forces don't prevent double-spend / 51% attacks if the
> amounts involved are greater than the incentives.
>
> In addition to "utility", lowering the block size could help prevent this
> issue as well... increasing fee pressure and double-spend security while
> reducing the burden on node operators.
>
> Changes to inflation are, very likely, off the table.
>
>
>
> On Thu, Jul 7, 2022 at 12:24 PM Eric Voskuil via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>>
>>
>> > On Jul 7, 2022, at 07:13, Peter Todd via bitcoin-dev <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>> >
>> > =EF=BB=BFOn Thu, Jul 07, 2022 at 02:24:39PM +0100, John Carvalho via
>> bitcoin-dev wrote:
>> >> Billy,
>> >>
>> >> Proof of work and the difficulty adjustment function solve literally
>> >> everything you are talking about already.
>> >
>> > Unfortunately you are quite wrong: the difficulty adjustment function
>> merely
>> > adjusts for changes in the amount of observable, non-51%-attacking,
>> hashing
>> > power. In the event of a chain split, the difficulty adjustment
>> function does
>> > nothing; against a 51% attacker, the difficulty adjustment does nothin=
g;
>> > against a censor, the difficulty adjustment does nothing.
>>
>> Consider falling hash rate due to a perpetual 51% attack. Difficulty
>> falls, possibly to min difficulty if all non-censors stop mining and wit=
h
>> all censors collaborating (one miner). Yet as difficulty falls, so does =
the
>> cost of countering the censor. At min difficulty everyone can CPU mine
>> again.
>>
>> Given the presumption that fees rise on unconfirmed transactions, there
>> is inherent economic incentive to countering at any level of difficulty.
>> Consequently the censor is compelled to subsidize the loss resulting fro=
m
>> forgoing higher fee transactions that are incentivizing its competition.
>>
>> With falling difficulty this incentive is compounded.
>>
>> Comparisons of security in different scenarios presume a consistent leve=
l
>> of demand. If that demand is insufficient to offset the censor=E2=80=99s=
 subsidy,
>> there is no security in any scenario.
>>
>> Given that the block subsidy (inflation) is paid equally to censoring an=
d
>> non-censoring miners, it offers no security against censorship whatsoeve=
r.
>> Trading fee-based block reward for inflation-based is simply trading
>> censorship resistance for the presumption of double-spend security. But =
of
>> course, a censor can double spend profitably in any scenario where the
>> double spend value (to the censor) exceeds that of blocks orphaned (as t=
he
>> censor earns 100% of all block rewards).
>>
>> Banks and state monies offer reasonable double spend security. Not sure
>> that=E2=80=99s a trade worth making.
>>
>> It=E2=80=99s not clear to me that Satoshi understood this relation. I=E2=
=80=99ve seen no
>> indication of it. However the decision to phase out subsidy, once a
>> sufficient number of units (to assure divisibility) had been issued, is
>> what transitions Bitcoin from a censorable to a censorship resistant mon=
ey.
>> If one does not believe there is sufficient demand for such a money, the=
re
>> is no way to reconcile that belief with a model of censorship resistance=
.
>>
>> > We should not imbue real technology with magical qualities.
>>
>> Precisely. It is economic forces (people), not technology, that provide
>> security.
>>
>> e
>>
>> >> Bitcoin does not need active economic governanance by devs or meddler=
s.
>> >
>> > Yes, active governance would definitely be an exploitable mechanism. O=
n
>> the
>> > other hand, the status quo of the block reward eventually going away
>> entirely
>> > is obviously a risky state change too.
>> >
>> >>>> There is also zero agreement on how much security would constitute
>> such
>> >>> an optimum.
>> >>>
>> >>> This is really step 1. We need to generate consensus on this long
>> before
>> >>> the block subsidy becomes too small. Probably in the next 10-15
>> years. I
>> >>> wrote a paper
>> >
>> > The fact of the matter is that the present amount of security is about
>> 1.7% of
>> > the total coin supply/year, and Bitcoin seems to be working fine. 1.7%
>> is also
>> > already an amount low enough that it's much smaller than economic
>> volatility.
>> >
>> > Obviously 0% is too small.
>> >
>> > There's zero reason to stress about finding an "optimal" amount. An
>> amount low
>> > enough to be easily affordable, but non-zero, is fine. 1% would be
>> fine; 0.5%
>> > would probably be fine; 0.1% would probably be fine.
>> >
>> > Over a lifetime - 75 years - 0.5% yearly inflation works out to be a
>> 31% tax on
>> > savings; 0.1% works out to be 7.2%
>> >
>> > These are all amounts that are likely to be dwarfed by economic shifts=
.
>> >
>> > --
>> > https://petertodd.org 'peter'[:-1]@petertodd.org
>> > _______________________________________________
>> > bitcoin-dev mailing list
>> > bitcoin-dev@lists.linuxfoundation.org
>> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>

--000000000000338c4905e33d89fc
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">The relationship between block size and fees is not remote=
ly linear.=C2=A0 =C2=A0In a restricted environment, the fee rewards are muc=
h higher.<div><div><div><div><br></div></div><div>**the ones moving=C2=A0mo=
re sats will win the top spots and will pay as much as is reasonable**</div=
></div><div><br></div></div><div>Smaller blocks produce better security for=
 the network both in validation, and in fees.</div><div><br></div><div>With=
out=C2=A0a bidding war for space, everyone can post 1 SAT/byte</div><div><b=
r></div><div>With a bidding war for space, larger transactions will pay muc=
h higher rates.=C2=A0 =C2=A0There have been a number of papers written on t=
his but you can concoct a trivial example to prove it.</div><div><br></div>=
</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=
On Thu, Jul 7, 2022 at 3:58 PM Eric Voskuil &lt;<a href=3D"mailto:eric@vosk=
uil.org">eric@voskuil.org</a>&gt; wrote:<br></div><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex"><div dir=3D"auto"><div dir=3D"ltr"></div><div dir=
=3D"ltr">It=E2=80=99s not clear how reducing block size changes the fee asp=
ect of the block reward. Assuming=C2=A0<span style=3D"color:rgb(0,0,0)">hal=
f the space implies twice the fee per avg tx the reward remains constant.</=
span></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Any additional cost =
of processing more or less bytes would not matter, because of course this i=
s just a cost that gets nulled out by difficulty =E2=80=94 average profit (=
net income) is the cost of capital.</div><div dir=3D"ltr"><br></div><div di=
r=3D"ltr">The reason for smaller vs. larger blocks is to ensure that indivi=
duals can afford to validate. That=E2=80=99s a threshold criteria.</div><di=
v dir=3D"ltr"><br></div><div dir=3D"ltr">Given unlimited size blocks, miner=
s would still have to fix a point in time to mine, gathering as much fee as=
 they can optimize in some time period presumably less than 10 minutes. The=
 produces a limit to transaction volume, yet neither reward nor profit woul=
d be affected given the above assumptions. The difference would be in a tra=
deoff of per tx fee against the threshold.</div><div dir=3D"ltr"><br></div>=
<div dir=3D"ltr">Given Moore=E2=80=99s Law, that threshold is constantly de=
creasing, which will make it =C2=A0cheaper over time for more individuals t=
o validate. But the difference for miners for smaller blocks is largely inc=
onsequential relative to their other costs.</div><div dir=3D"ltr"><br></div=
><div dir=3D"ltr">Increasing demand is the only thing that increases double=
 spend security (and censorship resistance assuming fee-based reward). With=
 rising demand there is rising overall hash rate, despite block reward and =
profit remaining constant. This makes the cost of attempting to orphan a bl=
ock higher, therefore lowering the depth/time requirement implied to secure=
 a given tx amount.</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">These =
are the two factors, demand and time. Less demand implies more time to secu=
re a given amount against double spend, and also implies a lower cost to su=
bsidize a censorship regime. But the latter requires a differential in rewa=
rd between the censor and non-censoring miners. While this could be paid in=
 side fees, that is a significant anonymity issue.</div><div dir=3D"ltr"><b=
r></div><div dir=3D"ltr">e</div><div dir=3D"ltr"><br><blockquote type=3D"ci=
te">On Jul 7, 2022, at 10:37, Erik Aronesty &lt;<a href=3D"mailto:erik@q32.=
com" target=3D"_blank">erik@q32.com</a>&gt; wrote:<br><br></blockquote></di=
v><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<div dir=3D"ltr"><div=
><span style=3D"color:rgb(80,0,80)">&gt; &gt; We should not imbue real tech=
nology with magical qualities.</span><br></div><div><span style=3D"color:rg=
b(80,0,80)"><br></span>&gt; Precisely. It is economic forces (people), not =
technology, that provide security.<font color=3D"#888888"><br></font></div>=
<div><br></div><div>Yes, and these forces don&#39;t prevent double-spend / =
51% attacks if the amounts involved are greater than the incentives.</div><=
div><br></div><div>In addition to &quot;utility&quot;, lowering the block s=
ize could help prevent this issue as well... increasing fee pressure and do=
uble-spend security while reducing the burden on node operators.</div><div>=
<br></div><div>Changes to inflation are, very likely, off the table.</div><=
div><br></div><div>=C2=A0</div></div><br><div class=3D"gmail_quote"><div di=
r=3D"ltr" class=3D"gmail_attr">On Thu, Jul 7, 2022 at 12:24 PM Eric Voskuil=
 via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.or=
g" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
&gt; On Jul 7, 2022, at 07:13, Peter Todd via bitcoin-dev &lt;<a href=3D"ma=
ilto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@l=
ists.linuxfoundation.org</a>&gt; wrote:<br>
&gt; <br>
&gt; =EF=BB=BFOn Thu, Jul 07, 2022 at 02:24:39PM +0100, John Carvalho via b=
itcoin-dev wrote:<br>
&gt;&gt; Billy,<br>
&gt;&gt; <br>
&gt;&gt; Proof of work and the difficulty adjustment function solve literal=
ly<br>
&gt;&gt; everything you are talking about already.<br>
&gt; <br>
&gt; Unfortunately you are quite wrong: the difficulty adjustment function =
merely<br>
&gt; adjusts for changes in the amount of observable, non-51%-attacking, ha=
shing<br>
&gt; power. In the event of a chain split, the difficulty adjustment functi=
on does<br>
&gt; nothing; against a 51% attacker, the difficulty adjustment does nothin=
g;<br>
&gt; against a censor, the difficulty adjustment does nothing.<br>
<br>
Consider falling hash rate due to a perpetual 51% attack. Difficulty falls,=
 possibly to min difficulty if all non-censors stop mining and with all cen=
sors collaborating (one miner). Yet as difficulty falls, so does the cost o=
f countering the censor. At min difficulty everyone can CPU mine again.<br>
<br>
Given the presumption that fees rise on unconfirmed transactions, there is =
inherent economic incentive to countering at any level of difficulty. Conse=
quently the censor is compelled to subsidize the loss resulting from forgoi=
ng higher fee transactions that are incentivizing its competition.<br>
<br>
With falling difficulty this incentive is compounded.<br>
<br>
Comparisons of security in different scenarios presume a consistent level o=
f demand. If that demand is insufficient to offset the censor=E2=80=99s sub=
sidy, there is no security in any scenario.<br>
<br>
Given that the block subsidy (inflation) is paid equally to censoring and n=
on-censoring miners, it offers no security against censorship whatsoever. T=
rading fee-based block reward for inflation-based is simply trading censors=
hip resistance for the presumption of double-spend security. But of course,=
 a censor can double spend profitably in any scenario where the double spen=
d value (to the censor) exceeds that of blocks orphaned (as the censor earn=
s 100% of all block rewards).<br>
<br>
Banks and state monies offer reasonable double spend security. Not sure tha=
t=E2=80=99s a trade worth making.<br>
<br>
It=E2=80=99s not clear to me that Satoshi understood this relation. I=E2=80=
=99ve seen no indication of it. However the decision to phase out subsidy, =
once a sufficient number of units (to assure divisibility) had been issued,=
 is what transitions Bitcoin from a censorable to a censorship resistant mo=
ney. If one does not believe there is sufficient demand for such a money, t=
here is no way to reconcile that belief with a model of censorship resistan=
ce.<br>
<br>
&gt; We should not imbue real technology with magical qualities.<br>
<br>
Precisely. It is economic forces (people), not technology, that provide sec=
urity.<br>
<br>
e<br>
<br>
&gt;&gt; Bitcoin does not need active economic governanance by devs or medd=
lers.<br>
&gt; <br>
&gt; Yes, active governance would definitely be an exploitable mechanism. O=
n the<br>
&gt; other hand, the status quo of the block reward eventually going away e=
ntirely<br>
&gt; is obviously a risky state change too.<br>
&gt; <br>
&gt;&gt;&gt;&gt; There is also zero agreement on how much security would co=
nstitute such<br>
&gt;&gt;&gt; an optimum.<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; This is really step 1. We need to generate consensus on this l=
ong before<br>
&gt;&gt;&gt; the block subsidy becomes too small. Probably in the next 10-1=
5 years. I<br>
&gt;&gt;&gt; wrote a paper<br>
&gt; <br>
&gt; The fact of the matter is that the present amount of security is about=
 1.7% of<br>
&gt; the total coin supply/year, and Bitcoin seems to be working fine. 1.7%=
 is also<br>
&gt; already an amount low enough that it&#39;s much smaller than economic =
volatility.<br>
&gt; <br>
&gt; Obviously 0% is too small.<br>
&gt; <br>
&gt; There&#39;s zero reason to stress about finding an &quot;optimal&quot;=
 amount. An amount low<br>
&gt; enough to be easily affordable, but non-zero, is fine. 1% would be fin=
e; 0.5%<br>
&gt; would probably be fine; 0.1% would probably be fine.<br>
&gt; <br>
&gt; Over a lifetime - 75 years - 0.5% yearly inflation works out to be a 3=
1% tax on<br>
&gt; savings; 0.1% works out to be 7.2%<br>
&gt; <br>
&gt; These are all amounts that are likely to be dwarfed by economic shifts=
.<br>
&gt; <br>
&gt; -- <br>
&gt; <a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank"=
>https://petertodd.org</a> &#39;peter&#39;[:-1]@<a href=3D"http://petertodd=
.org" rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
&gt; _______________________________________________<br>
&gt; bitcoin-dev mailing list<br>
&gt; <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bl=
ank">bitcoin-dev@lists.linuxfoundation.org</a><br>
&gt; <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org=
/mailman/listinfo/bitcoin-dev</a><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
</div></blockquote></div></blockquote></div>

--000000000000338c4905e33d89fc--