Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A6C6241C for ; Sun, 20 Oct 2019 19:46:07 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ua1-f50.google.com (mail-ua1-f50.google.com [209.85.222.50]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0502414D for ; Sun, 20 Oct 2019 19:46:05 +0000 (UTC) Received: by mail-ua1-f50.google.com with SMTP id r19so3187518uap.9 for ; Sun, 20 Oct 2019 12:46:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bXVb4vNFeRgX2xy6t8Un1czpK4cxjai99mleR6epkxc=; b=om46PuI1RZ+7Ln+m4wmx7FleU3HyHt6cyBzp4cocw1n4SrxgyLc0lw9tnVFKhLEnUB CiFU95d0fgx2IBFa5Lx5SkBwbvy+JOEwMkAsLtqZZIzgaXonGpOujs2uJC6tlvMxCoI/ m9ZoEkHS2eJEdsypgZ3A1nWxLBUXbjZujfdT3kj+nLdWdANES5u8Q0G/A0tDRP8Ubl9M zBy8VrfvwziHXWlHWokD/JE/OYS8kC+1ESKuRbXkIT98wNPB0wzBYR+NCXpkVZks8+D1 0f31Od0nv6Fr4bkUDbMnLdgSj3gWRgWpxjZNroDaRDLXYtH/2nKdImMJ3z0z59ULRyFi hbRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bXVb4vNFeRgX2xy6t8Un1czpK4cxjai99mleR6epkxc=; b=lH0FxfNmcNIgomEyQbxX7pkQ7GTzJE7j3QLpt4M9rzH0MZgKCw7ckpdcqWTzxIM8rq DaBJA3rs+sw8Rbjsm8YvkSaOqvrcOQjRCY8hZhik7Zks33wGUQP+o/0f2F2OnCNJzUDP 4T2GMWwsqAwUqXOFqwUvRbon1cOFO1wF/kBvhUcjZlSCRvkEg+P8gEo5L31x8YDC1NNu D+MagDquz648+py3KzhRjlRZWVW/paKIkYthyL9P6bY5Pgn5uBSqF1mEfA3reASJMEb/ 1ZWAl4o1aElGewsgIyUlN2epcn9eSOjVQv/CYZjtD2ze7kEjpdTh09y8FCrHJqCXjscm wghQ== X-Gm-Message-State: APjAAAUErGroGVtFD+EaidZWq7zvyNu4f7gUsB7Ipd3s+j6Fef7qORzy dacb5/Bvn3nFwL0E5JEE++NTcVYWHFwmn3lhaBs= X-Google-Smtp-Source: APXvYqx2H8pFvf64VXhZU66cSOkcVJFd+Pxiy+fMNYtVMD4bL+U8+PiXC/RKzsDK2pcLX7z8M7hwJydVJ5+QnEogibc= X-Received: by 2002:ab0:2250:: with SMTP id z16mr10726644uan.135.1571600764848; Sun, 20 Oct 2019 12:46:04 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Lucas H Date: Sun, 20 Oct 2019 12:45:49 -0700 Message-ID: To: Eric Voskuil Content-Type: multipart/alternative; boundary="000000000000514c9d05955cd138" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 21 Oct 2019 05:01:31 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Trustless hash-price insurance contracts X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2019 19:46:07 -0000 --000000000000514c9d05955cd138 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, guys. Thanks a lot for taking the time to read and discuss my post. I definitely wasn't clear enough about the problem statement -- so let me try to clarify my thinking. First, the main uncertainty the miner is trying to protect against isn't the inefficiency of his new equipment, but how much new mining equipment is being deployed world-wide, which he can't know in advance (as the system is permissionless). Second, there are two different metrics that can mean "profitable" that I think are getting confused (probably my fault for lack of using the right terms). - Let's call it "operational profitability", and use "P" to denote it, where P =3D [bitcoin earned]/time - [operational cost of running equipment]/time. Obviously if P < 0, the miner will just shut down his equipment. - Return on investment (ROI). A positive ROI requires not just that P > 0, but that it is enough to compensate for the initial investment of buying or building the equipment. As long as P > 0, a miner will keep his equipment running, even at a negative ROI, as the alternative would be an even worse negative ROI. Sure he can sell it, but however buys it will also keep it running, otherwise the equipment is worthless. The instrument I describe above protects against the scenario where P > 0, but ROI < 0. (it's possible it could be useful in some cases to protect against P < 0, but that's not my main motivator and isn't an assumption) If too many miners are deploying too much new equipment at the same time, it's possible that your ROI becomes negative, while nobody shuts down their equipment and the difficulty still keeps going up. In fact, it is possible for all miners to have negative ROI for a while without a reduction in difficulty. Difficulty would only go down in this case at the end of life of these equipment, if there isn't a new wave of even more efficient equipment being adopted before that. Let's see a simplified scenario in which the insurance becomes useful. This is just one example, and other scenarios could also work. - Bitcoin price relatively constant, that is, it's not the main driver of P during this period. - Approximately constant block rewards. - New equipment comes to market with much higher efficiency than all old equipment. So the old stock of old equipment becomes irrelevant after a short while. - All miners decide to deploy new equipment, but none knows how much the others are deploying, or when, or at what price or P. - Let's just assume P>0 for all miners using the new equipment. - Let's assume every unit of the new equipment runs at the same maximum hashrate it's capable of. Let's say miner A buys Na units of the new equipment and the total number deployed by all miners is N. A's share of the block rewards will be Na / N. If N is much higher than A's initial estimate, his ROI might well become negative, and the insurance would help him prevent a loss. Hope this makes the problem a bit clearer. Thanks! @lucash-dev On Sun, Oct 20, 2019 at 9:16 AM Eric Voskuil wrote: > So we are talking about a miner insuring against his own inefficiency. > > Furthermore a disproportionate increase in hash rate is based on the > expectation of higher future return (investment leads returns). So the > insurance could end up paying out against realized profit. > > Generally speaking, insuring investment is a zero sum game. > > e > > > On Oct 20, 2019, at 12:10, JW Weatherman wrote: > > > > =EF=BB=BFOh, I see your point. > > > > However the insurance contract would protect the miner even in that > case. A miner with great confidence that he is running optimal hardware a= nd > has optimal electricity and labor costs probably wouldn't be interested i= n > purchasing insurance for a high price, but if it was cheap enough it woul= d > still be worth it. And any potential new entrants on the edge of jumping = in > would enter when they otherwise would not have because of the decreased > costs (decreased risk). > > > > An analogy would be car insurance. If you are an excellent driver you > wouldn't be willing to spend a ton of money to protect your car in the > event of an accident, but if it is cheap enough you would. And there may = be > people that are unwilling to take the risk of a damaged car that refrain > from becoming drivers until insurance allows them to lower the worst case > scenario of a damaged car. > > > > -JW > > > > > > > > > > =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Origina= l Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 > >> On Sunday, October 20, 2019 10:57 AM, Eric Voskuil > wrote: > >> > >> > >> > >>>> On Oct 20, 2019, at 10:10, JW Weatherman jw@mathbot.com wrote: > >>> I think the assumption is not that all miners are unprofitable, but > that a single miner could make an investment that becomes unprofitable if > the hash rate increases more than he expected. > >> > >> This is a restatement of the assumption I questioned. Hash rate > increase does not imply unprofitability. The new rig should be profitable= . > >> > >> What is being assumed is a hash rate increase without a proportional > block reward value increase. In this case if the newest equipment is > unprofitable, all miners are unprofitable. > >> > >>> Depending on the cost of the offered insurance it would be prudent fo= r > a miner to decrease his potential loss by buying insurance for this > possibility. > >>> And the existence of attractive insurance contracts would lower the > barrier to entry for new competitors in mining and this would increase > bitcoins security. > >>> -JW > >>> =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Origi= nal Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 > >>> > >>>> On Sunday, October 20, 2019 1:03 AM, Eric Voskuil via bitcoin-dev > bitcoin-dev@lists.linuxfoundation.org wrote: > >>>> Hi Lucas, > >>>> I would question the assumption inherent in the problem statement. > Setting aside variance discount, proximity premium, and questions of > relative efficiency, as these are presumably already considered by the > miner upon the purchase of new equipment, it=E2=80=99s not clear why a lo= ss is > assumed in the case of subsequently increasing hash rate. > >>>> The assumption of increasing hash rate implies an expectation of > increasing return on investment. There are certainly speculative errors, > but a loss on new equipment implies all miners are operating at a loss, > which is not a sustainable situation. > >>>> If any miner is profitable it is the miner with the new equipment, > and if he is not, hash rate will drop until he is. This drop is most like= ly > to be precipitated by older equipment going offline. > >>>> Best, > >>>> Eric > >>>> > >>>>>> On Oct 20, 2019, at 00:31, Lucas H via bitcoin-dev > bitcoin-dev@lists.linuxfoundation.org wrote: > >>>>>> Hi, > >>>>>> This is my first post to this list -- even though I did some tiny > contributions to bitcoin core I feel quite a beginner -- so if my idea is > stupid, already known, or too off-topic, just let me know. > >>>>>> TL;DR: a trustless contract that guarantees minimum profitability > of a mining operation -- in case Bitcoin/hash price goes too low. It can = be > trustless bc we can use the assumption that the price of hashing is low t= o > unlock funds. > >>>>>> The problem: > >>>>>> A miner invests in new mining equipment, but if the hash-rate goes > up too much (the price he is paid for a hash goes down by too much) he wi= ll > have a loss. > >>>>>> Solution: trustless hash-price insurance contract (or can we call > it an option to sell hashes at a given price?) > >>>>>> An insurer who believes that it's unlikely the price of a hash wil= l > go down a lot negotiates a contract with the miner implemented as a Bitco= in > transaction: > >>>>>> Inputs: a deposit from the insurer and a premium payment by the > miner > >>>>>> Output1: simply the premium payment to the insurer > >>>>>> Output2 -- that's the actual insurance > >>>>>> There are three OR'ed conditions for paying it: > >>>>>> A. After expiry date (in blocks) insurer can spend > >>>>>> B. Both miner and insurer can spend at any time by mutual agreemen= t > >>>>>> C. Before expiry, miner can spend by providing a pre-image that > produces a hash within certain difficulty constraints > >>>>>> The thing that makes it a hash-price insurance (or option, pardon > my lack of precise financial jargon), is that if hashing becomes cheap > enough, it becomes profitable to spend resources finding a suitable > pre-image, rather than mining Bitcoin. > >>>>>> Of course, both parties can reach an agreement that doesn't requir= e > actually spending these resources -- so the miner can still mine Bitcoin > and compensate for the lower-than-expected reward with part of the > insurance deposit. > >>>>>> If the price doesn't go down enough, the miner just mines Bitcoin > and the insurer gets his deposit back. > >>>>>> It's basically an instrument for guaranteeing a minimum > profitability of the mining operation. > >>>>>> Implementation issues: unfortunately we can't do arithmetic > comparison with long integers >32bit in the script, so implementation of > the difficulty requirement needs to be hacky. I think we can use the hash= es > of one or more pre-images with a given short length, and the miner has to > provide the exact pre-images. The pre-images are chosen by the insurer, a= nd > we would need a "honesty" deposit or other mechanism to punish the insure= r > if he chooses a hash that doesn't correspond to any short-length pre-imag= e. > I'm not sure about this implementation though, maybe we actually need new > opcodes. > >>>>>> What do you guys think? > >>>>>> Thanks for reading it all! Hope it was worth your time! > >>>>> > >>>>> bitcoin-dev mailing list > >>>>> bitcoin-dev@lists.linuxfoundation.org > >>>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >>>> > >>>> bitcoin-dev mailing list > >>>> bitcoin-dev@lists.linuxfoundation.org > >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > > > --000000000000514c9d05955cd138 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi, guys.

Thanks a lot for t= aking the time to read and discuss my post.

I defi= nitely wasn't clear enough about the problem statement -- so let me try= to clarify my thinking.

First, the main uncertain= ty the miner is trying to protect against isn't the inefficiency of his= new equipment, but how much new mining equipment is being deployed world-w= ide, which he can't know in advance (as the system is permissionless).<= /div>

Second, there are two different metrics that can m= ean "profitable" that I think are getting confused (probably my f= ault for lack of using the right terms).

- Let'= ;s call it "operational profitability", and use "P" to = denote it, where P =3D [bitcoin earned]/time - [operational cost of running= equipment]/time.
=C2=A0=C2=A0 Obviously if P < 0, the miner w= ill just shut down his equipment.
- Return on investment (ROI). A= positive ROI requires not just that P > 0, but that it is enough to com= pensate for the initial investment of buying or building the equipment. As = long as P > 0, a miner will keep his equipment running, even at a negati= ve ROI, as the alternative would be an even worse negative ROI. Sure he can= sell it, but however buys it will also keep it running, otherwise the equi= pment is worthless.

The instrument I describe abov= e protects against the scenario where P > 0, but ROI < 0.
(= it's possible it could be useful in some cases to protect against P <= ; 0, but that's not my main motivator and isn't an assumption)
<= /div>

If too many miners are deploying too much new equi= pment at the same time, it's possible that your ROI becomes negative, w= hile nobody shuts down their equipment and the difficulty still keeps going= up. In fact, it is possible for all miners to have negative ROI for a whil= e without a reduction in difficulty. Difficulty would only go down in this = case at the end of life of these equipment, if there isn't a new wave o= f even more efficient equipment
being adopted before that.

Let's see a simplified scenario in which the ins= urance becomes useful. This is just one example, and other scenarios could = also work.

- Bitcoin price relatively constant, th= at is, it's not the main driver of P during this period.
- Ap= proximately constant block rewards.
- New equipment comes to = market with much higher efficiency than all old equipment. So the old stock= of old equipment becomes irrelevant after a short while.
- = All miners decide to deploy new equipment, but none knows how much the othe= rs are deploying, or when, or at what price or P.
- Let'= s just assume P>0 for all miners using the new equipment.
- Le= t's assume every unit of the new equipment runs at the same maximum has= hrate it's capable of.

Let's say miner= A buys Na units of the new equipment and the total number deployed by all = miners is N.

A's share of the block rewards wi= ll be Na / N.

If N is much higher than A's initial e= stimate, his ROI might well become negative, and the insurance would help h= im prevent a loss.

Hope this makes the problem a b= it clearer.

Thanks!

On Sun, Oct 20, 20= 19 at 9:16 AM Eric Voskuil <eric@vos= kuil.org> wrote:
So we are talking about a miner insuring against his own inefficien= cy.

Furthermore a disproportionate increase in hash rate is based on the expect= ation of higher future return (investment leads returns). So the insurance = could end up paying out against realized profit.

Generally speaking, insuring investment is a zero sum game.

e

> On Oct 20, 2019, at 12:10, JW Weatherman <jw@mathbot.com> wrote:
>
> =EF=BB=BFOh, I see your point.
>
> However the insurance contract would protect the miner even in that ca= se. A miner with great confidence that he is running optimal hardware and h= as optimal electricity and labor costs probably wouldn't be interested = in purchasing insurance for a high price, but if it was cheap enough it wou= ld still be worth it. And any potential new entrants on the edge of jumping= in would enter when they otherwise would not have because of the decreased= costs (decreased risk).
>
> An analogy would be car insurance. If you are an excellent driver you = wouldn't be willing to spend a ton of money to protect your car in the = event of an accident, but if it is cheap enough you would. And there may be= people that are unwilling to take the risk of a damaged car that refrain f= rom becoming drivers until insurance allows them to lower the worst case sc= enario of a damaged car.
>
> -JW
>
>
>
>
> =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Origin= al Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90<= br> >> On Sunday, October 20, 2019 10:57 AM, Eric Voskuil <eric@voskuil.org> wrote:<= br> >>
>>
>>
>>>> On Oct 20, 2019, at 10:10, JW Weatherman jw@mathbot.com wrote:
>>> I think the assumption is not that all miners are unprofitable= , but that a single miner could make an investment that becomes unprofitabl= e if the hash rate increases more than he expected.
>>
>> This is a restatement of the assumption I questioned. Hash rate in= crease does not imply unprofitability. The new rig should be profitable. >>
>> What is being assumed is a hash rate increase without a proportion= al block reward value increase. In this case if the newest equipment is unp= rofitable, all miners are unprofitable.
>>
>>> Depending on the cost of the offered insurance it would be pru= dent for a miner to decrease his potential loss by buying insurance for thi= s possibility.
>>> And the existence of attractive insurance contracts would lowe= r the barrier to entry for new competitors in mining and this would increas= e bitcoins security.
>>> -JW
>>> =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80= =90 Original Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90= =E2=80=90
>>>
>>>> On Sunday, October 20, 2019 1:03 AM, Eric Voskuil via bitc= oin-dev bitcoin-dev@lists.linuxfoundation.org wrote:
>>>> Hi Lucas,
>>>> I would question the assumption inherent in the problem st= atement. Setting aside variance discount, proximity premium, and questions = of relative efficiency, as these are presumably already considered by the m= iner upon the purchase of new equipment, it=E2=80=99s not clear why a loss = is assumed in the case of subsequently increasing hash rate.
>>>> The assumption of increasing hash rate implies an expectat= ion of increasing return on investment. There are certainly speculative err= ors, but a loss on new equipment implies all miners are operating at a loss= , which is not a sustainable situation.
>>>> If any miner is profitable it is the miner with the new eq= uipment, and if he is not, hash rate will drop until he is. This drop is mo= st likely to be precipitated by older equipment going offline.
>>>> Best,
>>>> Eric
>>>>
>>>>>> On Oct 20, 2019, at 00:31, Lucas H via bitcoin-dev= bitcoin-dev@lists.linuxfoundation.org wrote:
>>>>>> Hi,
>>>>>> This is my first post to this list -- even though = I did some tiny contributions to bitcoin core I feel quite a beginner -- so= if my idea is stupid, already known, or too off-topic, just let me know. >>>>>> TL;DR: a trustless contract that guarantees minimu= m profitability of a mining operation -- in case Bitcoin/hash price goes to= o low. It can be trustless bc we can use the assumption that the price of h= ashing is low to unlock funds.
>>>>>> The problem:
>>>>>> A miner invests in new mining equipment, but if th= e hash-rate goes up too much (the price he is paid for a hash goes down by = too much) he will have a loss.
>>>>>> Solution: trustless hash-price insurance contract = (or can we call it an option to sell hashes at a given price?)
>>>>>> An insurer who believes that it's unlikely the= price of a hash will go down a lot negotiates a contract with the miner im= plemented as a Bitcoin transaction:
>>>>>> Inputs: a deposit from the insurer and a premium p= ayment by the miner
>>>>>> Output1: simply the premium payment to the insurer=
>>>>>> Output2 -- that's the actual insurance
>>>>>> There are three OR'ed conditions for paying it= :
>>>>>> A. After expiry date (in blocks) insurer can spend=
>>>>>> B. Both miner and insurer can spend at any time by= mutual agreement
>>>>>> C. Before expiry, miner can spend by providing a p= re-image that produces a hash within certain difficulty constraints
>>>>>> The thing that makes it a hash-price insurance (or= option, pardon my lack of precise financial jargon), is that if hashing be= comes cheap enough, it becomes profitable to spend resources finding a suit= able pre-image, rather than mining Bitcoin.
>>>>>> Of course, both parties can reach an agreement tha= t doesn't require actually spending these resources -- so the miner can= still mine Bitcoin and compensate for the lower-than-expected reward with = part of the insurance deposit.
>>>>>> If the price doesn't go down enough, the miner= just mines Bitcoin and the insurer gets his deposit back.
>>>>>> It's basically an instrument for guaranteeing = a minimum profitability of the mining operation.
>>>>>> Implementation issues: unfortunately we can't = do arithmetic comparison with long integers >32bit in the script, so imp= lementation of the difficulty requirement needs to be hacky. I think we can= use the hashes of one or more pre-images with a given short length, and th= e miner has to provide the exact pre-images. The pre-images are chosen by t= he insurer, and we would need a "honesty" deposit or other mechan= ism to punish the insurer if he chooses a hash that doesn't correspond = to any short-length pre-image. I'm not sure about this implementation t= hough, maybe we actually need new opcodes.
>>>>>> What do you guys think?
>>>>>> Thanks for reading it all! Hope it was worth your = time!
>>>>>
>>>>> bitcoin-dev mailing list
>>>>> bitcoin-dev@lists.linuxfoundation.org
>>>>> https://lists.lin= uxfoundation.org/mailman/listinfo/bitcoin-dev
>>>>
>>>> bitcoin-dev mailing list
>>>> bitcoin-dev@lists.linuxfoundation.org
>>>> https://lists.linuxfo= undation.org/mailman/listinfo/bitcoin-dev
>
>
--000000000000514c9d05955cd138--