BTC block rewards are about to be halved, will its security rate also be halved?

Safety rate

There are several different ways to quantify security. The first (and most basic) technique is to calculate the network's security budget. Assuming that existing miners are honest and that miner costs asymptotically equal miner revenues, we can state that the cost of obtaining a majority of hash power is equal to existing miner revenues. The security budget gives us a notional value for security: for BTC, this equates to roughly $13 million per day, or $5.2 billion per year.

Another way to calculate network security is through the relationship between miner revenue and “miner extractable value” (MEV). MEV refers to all the value that miners can extract from attacks both on-chain and off-chain. Front-running a MakerDAO CDP liquidation or a Uniswap trade are two examples of this. If the benefits of MEV opportunities exceed the income miners receive from block rewards and fees, then rational miners should be incentivized to continuously develop blocks in order to seize these opportunities themselves. The end result is an unstable consensus layer and disruptions to ledger history and transaction processing. Currently, MEV opportunities in the BTC space are largely limited, but Professor Narayanan believes that MEV may become more and more common as fee income accounts for the majority of miner income.

Finally, we calculate the security ratio by finding the ratio between miner revenue and network value. In other words, the security ratio describes the value of wealth secured by the security value. As we will discuss, a decrease in this ratio results in more and more value being secured by less and less security value, opening up the possibility of deliberate attacks.

Attack Form

The first, and most feared, form of attack is the double spend attack. The term “double spend” can be misleading, as it implies that funds can only be spent twice. In reality, the requested funds can be re-spent any number of times. A double spend requires that the attacker controls a majority of hash power. Once this hash power is combined, the attacker can then “spend” their tokens in exchange for some tangible item, either a fiat asset or a non-monetary asset such as a car. Once this exchange has occurred, and the item has been received, the attacker proceeds to fork the network, constructing a longer chain that excludes their earlier transaction. By excluding their initial transaction, the ledger indicates that the attacker retains custody of the digital currency used to purchase the item: at the same time, they also retain custody of the item in exchange. Assuming a sufficiently large number of counterparties, this process can be repeated indefinitely. The payoff is a function of the size of the “double spend” and implies a reward over time, while the cost is derived from the value spent to obtain a majority of the hash power. However, double spend attacks appear increasingly unlikely, due to the proliferation of blockchain analysis firms and the threat of account freezes on exchanges that support fiat currencies.

Unlike double spends, sabotage attacks are not necessarily motivated by obvious profits. Forms of sabotage include arbitrary censorship of accounts, publishing empty blocks, and causing disruptions in activity through successive forks. Like double spends, sabotage attacks require a large amount of hashing power to execute. However, sabotage attacks are easier to execute than double spends because they do not require the presence of a willing counterparty to succeed. The ultimate goal is simply to undermine the utility of the blockchain network. Countries that are concerned that digital currencies may undermine fiat hegemony or support blockchain activities (money laundering, unregulated financial services) are the most likely actors. Here, the benefits cannot be calculated in terms of clear dollar benefits. Instead, the benefits are a function of limiting the expected harm to the active network.

Speculative attacks involve shorting a digital currency through spot or derivatives and disrupting the network in the manner described above. In theory, market participants should react negatively to a deliberate attack because it reveals the network's inability to act as a reliable neutral platform for economic activity. While not exactly similar, there are many historical precedents for deliberate attacks, including the "Black Wednesday" attack launched by George Soros in 1992 and the recent manipulation of hedge fund credit default swaps. Here, the payoff is a function of the profit from the short position minus the cost of combining the majority hash power. Activist hedge funds may be participants.

As with any investment, the key decision factor is risk-reward. In other words, what is the relationship between the probability of success and the potential payout? If there is a 10% chance of success, then the return must be at least 10 times the invested capital to have a chance of a positive expected value. Another way to frame the risk-reward is to seek any investment opportunity with a positively skewed expected value. This is where the security ratio comes into play: when the ratio between the cost of an attack and the value of the network decreases, the attack becomes proportionally more profitable. Conversely, when the security ratio of the network increases, speculative attacks become proportionally less attractive.

Cross-network security rate

Data source: The Block, Coinmetrics

Ethereum’s safety rate takes on a different shape due to the uncertainty surrounding its launch time. However, just like BTC, we see a general trend of a worsening safety rate over time due to the reduction in block rewards. Starting in early 2020, block recovery times have averaged 12-13 seconds due to the Miur network upgrade. However, the safety rate is much less relevant for Ethereum compared to BTC due to the former’s upcoming transition to a proof-of-stake consensus algorithm, which requires a transformation of the network’s security model.

Data source: The Block, Coinmetrics

The following graph illustrates the comparative safety rate:

Data source: The Block, Coinmetrics

Assuming that BTC’s existing security rate is high enough to prevent speculative attacks, we can benchmark alternative networks against BTC to understand which platforms have too high or too low security costs.

Data source: The Block, Coinmetrics

As of January 6, based on the 7-day moving average, we see that Ethereum (7.83%) and Litecoin (7.89%) are slightly overvalued relative to BTC. Meanwhile, Ethereum Classic (113.85%) and Tezos (38.90%) have been overvalued, while Bitcoin Cash is undervalued (-9.98%). Tezos’ overvalued performance may be explained by issuing bonds as a form of development funding.

What are the actual impacts?

Speculators are also limited in organizing the necessary hash power, geographically constrained in low-cost energy prices and a largely illiquid secondary market for mining hardware. There are three opposing viewpoints here:Joseph Bonneau raises the possibility of leasing or purchasing via bribery attacks. Selfish-mining suggests that controlling 51% of hash power is not necessary to perform malicious acts, and that bringing large amounts of potential hash power online will drive low-profit operations, meaning that the cost of an attack could be lower than existing miners' revenues. However, given that we have yet to see Selfish-mining and bribery attacks, it is reasonable to conclude that they are largely impractical and unattractive at this time.

Finally, potential speculative attackers must note that cryptocurrency markets often ignore fundamentals-driven events: Ethereum Classic transaction volume fell by only 2% after the double spend in January last year. Since the cost of an attack scales linearly with time, the uncertainty around market latency to account for this information will directly affect returns.

However, the decline in BTC’s security rate over the next decade raises concerns. As Bryan Ford writes, “Systems become temporarily more secure only when they become large enough to be consumed by their own success.” If BTC ‘succeeds’ — success is defined very broadly, but can probably be measured by sustained growth in network value or at least sustained growth in activity — we should naturally expect the growth of derivatives liquidity to flourish, opening up the possibility for such attacks. The increasing liquidity of “decentralized exchanges” could enable such attacks, as their pseudonymous assets allow for unlimited contract caps, which limits the possibility of launching similar attacks in traditional capital markets.

Miner concentration is a double-edged sword in itself. In the short term, the concentration of hash power may help prevent speculative attacks, as miners may collude to implement the anti-bribery strategy described by Bonneau. However, this concentration also makes it possible for miners to collude as attackers. Of course, as owners of capital assets, their return structure must take into account the write-down of the value of mining hardware.

The only natural solution to the deteriorating BTC security rate is the rapid rise of a healthy fee market. If we assume that the existing security rate is in equilibrium — anything higher is overpaid, anything lower is unsafe — fee revenue per block must rise to 6.25 BTC after the halving event. At existing fee revenue levels, this would require a 4,300% increase in fees per block.

MATTEO LEIBOWITZ Writer