Why Bitcoin and Blockchain May Stumble

This process was a significant computer-science innovation, but how does it work economically speaking? In thinking that through, Budish crafts a worrying argument about the future of Bitcoin. In three equations, he gives theoretical grounding for his concern.

He starts by asking how much computational power miners are buying and putting toward Bitcoin tournaments. The answer is somewhat circular: it depends on how much miners are paid. Miners compete for a raffle-like prize of roughly $100,000 in bitcoins (at recent prices) that gets awarded every 10 minutes. The more computational power each miner devotes to the competition, the better her odds—but the less likely it is that each unit of power will essentially produce the winning raffle ticket. Nevertheless, the more money miners can make from mining, the more they will mine. Budish compares this to the “high-frequency trading arms race,” where trading firms invest hundreds of millions of dollars in hopes of beating rivals to an exchange’s matching engine by a millisecond.

He then asks how much users are paying to keep this system secure. Security, he says, is the cost of keeping miners honest—they need to be able to make more from mining than from manipulating the chain and attacking the system. On the flip side, the costs of attacking need to be higher than the benefits.

These costs are directly related to how much mining is happening. Until recently, Bitcoin has been mostly used for relatively small, often illegal, transactions—to buy drugs, fake IDs, or computer parts, for example. But if Bitcoin were to become a meaningful part of the global financial system, transactions would be much larger, and the temptation to attack would grow.

Attackers would spend more on power and equipment if they could make $1 billion from a fraud rather than $1,000. But when the amount to be made through fraud goes up, the cost of warding off a fraud goes up too. This increase is linear, which is not the case in other types of security. Say a $1,000 painting hangs on the wall of a home and is protected by a locked door. If that $1,000 painting is replaced by a $1 million painting, the homeowner might buy a security system, or even hire a guard, but it’s unlikely that the homeowner will pay 1,000 times more for security. In Bitcoin, it costs 1,000 times more to secure $1 million in transactions than $1,000.

These two equations lead Budish to a third equation, and a realization that securing Bitcoin’s blockchain is expensive. To keep a blockchain secure, miners have to be convinced essentially every 10 minutes to stay honest—and the more they can make through attacking, the more it costs to convince them not to attack. Budish compares this security system to that at global payments company Visa, where Visa users implicitly pay for security through credit-card fees. The cost is relatively small, as Visa’s security also relies on traditional cryptography and the rule of law.

By contrast, if Visa’s security were run like Bitcoin’s, Visa credit-card users would instead have to pay a fluctuating fee every 10 minutes, and the fee could be big, as it would be based on the amount a hacker could make by attacking Visa. This, says Budish, is the price of a system based on the anonymous, decentralized trust invented by Nakamoto.

Budish considers some possible attack strategies and calculates how much it would cost to fend them off. In a 51 percent attack, a coalition of dishonest miners could gain a majority of computing power and reliably solve the tournament puzzles fastest. This would allow the attackers to control which transactions are added to or even removed from the blockchain. This in turn could enable a “double spending attack,” in which the attackers could pay for real goods using Bitcoin, and then remove those transactions from the verified chain, cheating the counterparty out of bitcoins. A “sabotage attack” could intentionally cause the market to collapse.

Some observers think that such attacks are unlikely, arguing that while smaller markets may be vulnerable, the Bitcoin market is big enough to be safe. Budish is less sanguine and considers some reasons why it hasn’t been attacked. Right now, he says, there are significant costs to attacking. When it comes to electricity, the Bitcoin network is already consuming as much energy as the population of Ireland. Meanwhile, Bitcoin miners invest in specialized chips in order to participate in tournaments, and those chips are expensive. Miners have invested around $2 billion in these specialized chips.

But what if chips got cheaper or miners were able to rent chips rather than buy them? The cost of mining, and of attacking, would fall. And while people trying to break into Fort Knox would need an army to do so, attackers seeking to manipulate the Bitcoin chain would just need enough computer power to attack the system for a brief amount of time.

Even now, there’s enough money at stake to tempt some would-be attackers, and much more if Bitcoin were to become an economically important currency. Budish calculates that a sabotage attack on Bitcoin’s blockchain—which could be mounted if someone drove down the Bitcoin futures market to profit from a large short position—could have secured at least $160 million as of March 2018. Meanwhile, “the market capitalization of Bitcoin—which perhaps gives another sense of magnitudes for the amount of economic harm a bad actor could cause by sabotaging the system—is presently on the order of $100 billion–$200 billion. The market capitalization of the gold stock is on the order of $7.5 trillion,” he writes.

The vulnerability of the system to attack could restrict Bitcoin’s growth. Nakamoto’s innovation was to create a trust in this system, but people who follow Budish’s train of thought may lose trust in it. If they do, the value of Bitcoin could fall, and the currency wouldn’t become the store of value its champions claim.

Budish suggests that there should be a healthy amount of skepticism and caution placed on the potential of Bitcoin and any systems that similarly rely on distributed, anonymous trust. “Most businesses and governments presumably have access to cheaper forms of data security,” he writes.