Proposal to assert United States Control over the Bitcoin blockchain by 2037
Bitcoin was created in 2009 as a peer-to-peer payment network. To date, the network has never been disrupted. No powerful entity has been able to censor transactions or co-opt the network’s function in any way.
Today, Bitcoin remains unstoppable. The desire for a global censorship-resistant deflationary currency is will not wane in the near future.
However, as mining profitability decreases according to Bitcoin’s fee schedule, there will be an opportunity for a powerful entity to arrogate control over the entire network. The game theory behind such an attack has been discussed by many academics. If the United States and our allies fail to perform this attack first we put ourselves at the mercy of whichever organization performs this attack. This could damage our national interests and any sectors of our economy that will have come to rely on the Bitcoin network.
We propose to fund the Cybersecurity and Infrastructure Security Agency to procure an arsenal of ASIC miners that will be sufficient to perform a full takeover of the Bitcoin network on or around 2037.
51% controls the network
Bitcoin is governed by Nakamoto consensus. The distributed ledger is a series of blocks that record all payments, each block referring to the block before it. Essentially each block is produced by a sort of lottery; The winner is chosen from quadrillions of computations performed around the world every minute. The miner that wins the block wins a reward: Today that reward is over $300,000. This happens about once every ten minutes.
If two blocks are both built referring to a previous block, a fork occurs. The network must decide which block is correct, as there can be only one. Nakamoto consensus follows a simple rule: The longest chain of blocks is the correct one. If both chains are the same length, miners can mine on one, or the other, until one emerges as the longest. Several important points:
- For any miner who has less than 50% of the hashrate, it is always best to mine a block on the longest chain. Attempts to mine a block on a fork chain will usually result in the block being orphaned, that is, forgotten forever as not part of the main chain. Orphaned blocks are worthless, they give the miners no reward.
- If a miner or pool miners control over 50% of the hashrate, they can expect to win over 50% of the blocks. This means they can perform what’s called a 51% attack: By deliberately causing a fork and building on the fork until it is longer than the original chain, they can create an alternate block chain that must be accepted as the correct chain, according to the rule.
- The “longest-chain” rule is indispensable. Bitcoin would not exist if there was not a single simple rule for determining the correct chain. This is why Bitcoin consumes the quantity of electricity that it does. This elegantly simple innovation is what has allowed Bitcoin to be a global decentralized payment network in the last 12 years.
- if a miner or pool of miners controls 50% of the hashrate, they can control the network if they choose to do so. By mining only their own blocks they can deliberately orphan all other blocks. This means the pool gets to keep all block rewards and all fees associated with the network. Once such a pool has established control, they may reduce their costs as their competition attrits.
Why do 51% attacks not happen?
One may ask, why has such an attack not happened yet in 2021? The most obvious reason is that no entity controls 51% of the hashrate: The competition for hashrate is fierce and global. It’s nearly impossible for any single entity to procure this much hashrate on their own.
However, this does not preclude the possibility that several entities could form a syndicated attack, each benefitting from lower costs and high profits split among the syndicate. Why has this not happened yet?
There are two primary reasons for this:
- Bitcoin exists on the promise of censorship-resistant payments but has not been adopted on a wide scale. Miners have a clear incentive to foster the illusion that such an attack is not possible, while Bitcoin grows exponentially in scope and more economic trust is put in Bitcoin. Any syndicated attack would destroy this promise.
- Mining is incredibly profitable today. Approximately $300,000 is produced every ten minutes. The market is still immature because Bitcoin is new and the price is volatile. Capital investment in mining equipment involves significant risk, so there are still significant profit margins to be had.
What changes in the next 15 years?
There are several forces at play that will create a serious reduction in miner profits.
- The block reward (the fee paid to miners) is cut in half every four years. So at some point in late 2035 or early 2036, the block reward will be reduced to a mere 6.25% of what it is today. Mining revenue will dwindle and the slack will be picked up by increased transaction fees.
- If the price of Bitcoin stabilizes, transaction fees (which are even less sensitive to the volatility of the asset) will also stabilize: Thus the equivalent USD denominated revenue obtained by mining will stabilize. This will incentivize capital investment, attracted to profit margins that will have become less risky. Necessarily, the profit margins will be subsequently diminished.
- Eventually, Bitcoin will no longer enjoy absurd exponential growth in price. Thus capital gains on acquired bitcoins will no longer be a major source of revenue: Bitcoins acquired in 2035 cannot be expected to appreciate at the same rate as Bitcoins acquired in 2020.
In addition, as the mining revenue source pivots to fees from block-rewards, selfish mining becomes easier. Selfish mining is a strategy that a larger (but not 51%) pool may use to reduce the rewards to other miners, which will increase their own rewards via the difficulty adjustment mechanism. Essentially, a selfish miner will mine a block but no publish it until other miners have published a block. This means some miners will be mining blocks that will be immediately orphaned and can force such miners out of the pool. This attack was first discussed in a paper “Majority is not Enough: Bitcoin Mining is Vulnerable” by Ittay Eyal and Emin Gün Sirer in 2014, who show that this tactic can be profitable even with only 33% of the hashrate. A 2016 paper by Miles Carlsten, Harry Kalodner, Matt Weinberg, and Arvind Narayanan “On the instability of Bitcoin without the block reward” shows that fee-based rewards will increase the profitability of selfish mining, and simultaneously reduce the profitability of miners not involved in the selfish mining syndicate. A profitable attack can be launched with even less than 33% of the hashrate.
Further academic work discussing how dwindling rewards will increase the vulnerability can be found in the 2018 paper “The Economic Limits of Bitcoin and the Blockchain” by Eric Budish.
So in 2036, profit margins available to Bitcoin miners will not only be smaller and will be more vulnerable to manipulation by those with larger shares. This will make an attack possible, but what will make it likely?
By 2037, Bitcoin if Bitcoin has survived it will have become “too big to fail.”
Bitcoin was launched in 2009 and is still in its early, forward-looking days, full of promise. Lightning Network is a fascinating second-layer protocol that may allow nearly instantaneous transactions without adding transactions to the blockchain. Time will tell if this becomes commonplace. Institutions are using Bitcoin as a reserve; This is a recent development. Time will tell if this will continue. Similarly, nations have adopted Bitcoin as a currency, this trend may continue or it may not. In 15 years, if Bitcoin is still around, one will expect that there will be significant economic entanglement in all sectors of the economy. Having enjoyed 25 years of uninterrupted uptime, Bitcoin will have formed a crucial part of the global financial infrastructure, having proved useful, efficient, and indispensable. Short of this, Bitcoin will have been discarded as clunky and useless.
As more businesses intertwine BItcoin into common use, the majority of the transactions will not require censorship resistance. Most transactions will be between law-abiding global citizens.
If a syndicate of mining pools was to perform a hostile takeover of the network, what would happen?
The answer: very little.
While the attack is happening, more blocks would be orphaned, so the frequency of blocks would decrease for a short (two-three week) period of time. The difficulty adjustment, which compensates for fluctuations in the block production rate, will correct this, and blocks will continue to be produced at the same rate. After this time period, most Bitcoin users will not be affected. Businesses can continue to transact. The Lightning Network will still be intact. Corporations that hold Bitcoin in their treasury will still hold Bitcoin in their treasury. The only difference will be that all Bitcoin transactions will be mined by a centralized mining cartel.
Bitcoin users have two options; abandon it for ideological reasons, or continue to use it as they have been. If all parties continue to use it, the network effects will remain, the asset will continue to be in demand. This will be the preferable option for almost the entirety of the network.
The takeaway: in 2037, a takeover by a mining cartel should not affect the price or function of Bitcoin. Bitcoin, if it exists, will have proven indispensable, so will not disappear simply because a centralized pool is mining the transactions.
What advantages does monopoly mining bring?
There are two reasons that stand out as to why an entity would want to perform such a takeover:
- Lower costs and large profit margins. By eliminating competition, the costs of mining will drop significantly. The fees will still be determined by a shortage of block space, so the revenue will remain high will the costs plummet.
- Ability to censor bad actors. If a benevolent entity like the United States were to take control, they could stop ransomware from occurring on the Bitcoin network. Similarly, the United States or our allies could shut down transactions to or from know terrorist organizations, making it impossible for terrorists to run global crowd-funding operations.
How and when would the attack occur?
The block reward is cut in half roughly every four years, but this runs slightly ahead of schedule. The last having date was May of 2020. The previous was July 2016. Extrapolating this suggests that there will be a halving around the end of 2035, following halvings in 2024, 2028, and 2032. By this time the mining reward will have dropped by a factor of 16 from today. We propose performing the attack a year into the halving, allowing competing miners to sunset their activities when the block reward drops.
The attack may begin slowly and can be bootstrapped from a hashrate much less than 50%. First, performing selfish mining will increase the cost to smaller pools, which will increase the rate of attrition. At this point, it will be clear that the only way for pools to stay viable is to join forces with the syndicate. Once this game of prisoner’s dilemma is initiated, the rate of syndication will accelerate quickly until a majority is obtained. Section 5 of the paper of Eyal and Sirer describes how this selfish mining accelerates this process at a nonlinear rate towards a single monopoly.
Won’t other miners be resistant to this?
The smaller pools that will be forced out of business will be unhappy. However, a majority must necessarily be included in the monopoly. The profit will remain high among this majority. If a large pool decides to resist, they are making a decision to reject greater profit margins. which is not in their rational best interests.
Bitcoin mining is accomplished by repeating the SHA-256 hashing algorithm trillions of times per second around the world. Originally, these computations were done on personal computers, but as mining became enormously profitable when the price of Bitcoin grew, dedicated circuits were constructed with the only purpose of performing these calculations many orders of magnitude faster than personal computers. The hash output rate grows roughly according to Moore’s law. The number of hashes that can be performed grows exponentially over time, so the most recent machines are best for mining.
However, older machines can still produce significant output. While they are less efficient with electricity can still be employed en masse if necessary to perform an attack. While these machines may be less than profitable because of energy expenses, they can be stockpiled and deployed during an attack.