Why “Security Budget” doesn’t represent Bitcoin’s security

Published in

Membran Labs

9 min readSep 27, 2018

Introduction

Bitcoin security has been an interesting topic of late. Particular the thoughts around how miners provide that security and how we need to ensure they are incentivized to continue mining.

Jordan McKinney recently wrote a few articles (1) (2) on this topic. Specifically he and others are skeptical about the sustainability of miner incentives given the negative exponential returns to mining from block rewards.

I agree with this general concern, but felt that it was more nuanced than the “Security Budget” arguments make it out to be.

Security Budget

The skeptics’ argument goes something like this;

Bitcoin network security, and that of other POW chain, is generated by miners who put in work in the form of hashing power. These miners are profit seeking, therefore they are also cost conscious and will not mine if there are no profits to be made. Miners will exit if they are losing money, increasing the profit of all remaining miners. New ones will enter if there is money to be made, thus decreasing profits to all other existing miners.

Therefore, over time, we can assume that mining profits will tend toward zero as the market reaches equilibrium.

This implies that the cost of mining tends toward a state equal to total revenue. In other words, the total revenue generated by the network is a proxy for the cost required to generate the same hashrate and therefore be able to launch a 51% attack. They refer to the network revenue as the “Security Budget”.

Furthermore, since transaction fees form a tiny portion of the revenue to miners and cannot be rationally expected to increase significantly, especially due to scalability solutions like lightning coming online, and since block rewards programmatically halve approximately every four years, it is reasonable to infer that revenue to miners will decrease over time. If that happens, miners have less incentive to continue mining and total hashpower, and thus total security, on the network will decrease over the long term. So as network revenue decreases so does the budget for security.

Briefly

Ok, the TLDR on this post is;

Security Budget confounds different kinds of costs like ongoing operating cost with one-time and fixed costs. Differentiating these is important as we want to accurately represent the incentives of existing miners considering an exit versus those of a new entrant considering an attack.

I personally believe that Security Budget does not effectively represent actual incentives of either attackers or defenders (existing miners), but rather just creates a false sense of vulnerability for all those relying on it.

Microeconomics

In microeconomics we look at competition theory and the incentives of existing firms as well as potential new entrants. We want to understand the circumstances under which a firm will stop producing or under what circumstances a new firm might choose to enter and compete.

Some of the arguments I make here pull from basic economic theory and the concept of “perfect competition” which makes the following assumptions;

All firms have access to all relevant information (“perfect information”)
All firms are producing a homogenous product (output product is identical across firms)
There are no barriers to entry (it’s relatively easy for competitors to start up)
Firms are price takers (The market sets the price, not the sellers)

These assumptions are actually not that far off from the POW mining market in Bitcoin. Information about mining revenue and costs are freely available, it’s relatively simple for someone to start mining, and the revenues generated to miners are set by the market — the block reward is set by the network, and the transaction fees are set by the users.

Long-run Production & Profit

In general it’s pretty simple to define profit.

Profit = (P x Q) — (AC x Q)

Where P = Price per unit, Q = Quantity produced, AC = Average Cost to produce per unit

In a perfectly competitive market, as in bitcoin, all units [hashpower] produced are sold. This is why Q produced and Q sold don’t need to be different. Remember, this is a long-run assumption, if a firm produces too much, they won’t be able to sell everything and therefore will generate a loss. Next time they will produce less. So in the long run, all firms will tend to the equilibrium quantity of production.

This generally holds for Bitcoin as well. No matter how much hashrate is generated, it is all used. Since revenues are, over time, distributed evenly relative to hashrate, a miner that is losing money will exit, and if there is profit to be had, new hashrate will come online. So again, total hashrate will tend toward an equilibrium where costs are equal to revenues.

Therefore in the long-run profit tends toward zero. If profit is zero, then price (P) is equal to the average cost per unit (AC) of production, in this case; hashrate. So;

P = AC

Long- and Short-run Costs

We said P = AC, but what is AC?

Average Cost is the Total Cost (TC) incurred divided by the Quantity (Q)

AC = TC / Q

Total Cost is made up of two parts, Fixed Costs (FC) and Variable Cost (VC);

TC = FC + VC

So we can now expand our Average Cost equation;

AC = FC/Q + VC/Q

Fixed Costs are those that cannot be quickly changed, while Variable Costs can.

For example, if I have a large mining farm I can immediately reduce my electricity cost by turning everything off, so electricity is a variable cost. On the other hand, even if I turn everything off, I still have to pay the lease on the building and there’s a lot of money already invested in hardware that can’t easily be recovered. These are fixed costs.

We call the time horizon where we can only change the Variable Costs the short-run, while the time horizon where all costs, both Variable and Fixed Costs, can be adjusted is the long-run.

For purposes of this discussion, we can consider the mining hardware refresh cycle as a kind of proxy for the long-run, because that is when an existing miner has the important decision to replace their hardware or stop mining.

The differentiation between these time horizons will be important as we start to look at the motivations of attackers to attack and existing miners to keep mining.

Entry Decisions

A potential miner will need to consider all upfront costs of capital (purchasing equipment and setting up facilities), operating costs (rent, staff, electricity, etc), and of course the revenue they expect to generate. All these factors together will inform their decision to start a mining operation or not.

Importantly the “entry decision” is based on total costs.

In the case of a potential attacker, they will not necessarily consider the potential revenue from mining, but will still want to consider the value of a successful attack as compared to the total cost, as well as any other opportunities they are giving up in order to launch an attack.

Exit Decisions

On the other hand, an existing miner has already spent the upfront costs and may already have committed to some long-term expenses such as rent. Therefore they actually have a different decision to make. Keeping in mind that if their revenue decreases, they cannot simply cut their costs to zero, only a portion of their costs are variable.

We previously stated that in long-run equilibrium Price is equal to Average Cost, therefore;

P = FC/Q + VC/Q

Since Fixed Costs will be incurred whether or not the miner is mining, a rational miner should continue mining in the short-run as long as the revenue they generate is greater than their variable costs. Their “exit decision” in the short-run is therefore;

If P > (VC / Q) = Exit.
If P < (VC / Q) = Don’t Exit.

This has important implications under a network attack situation, because implies a massive discrepancy between attack cost and willingness to defend. Specifically, the difference is equal to Fixed Cost.

To reiterate, fixed cost is not just the ongoing cost of rent, but also the amortized cost of equipment. That is, the cost the miner associates on an ongoing basis with their initial investment in mining equipment.

Implications for Security Budget

Until now, Security Budget has been a proxy for how secure the network is. It assumes that since Mining profits eventually balance out at zero, the total network revenue is equal to the total cost of maintain the current hashrate, and is therefore also equal to the total cost required for a potential attacker to attack.

But as we have seen, Security Budget makes at least one crucial mistake, it assumes a long-run time horizon. But it takes time for existing and potential miners to react to market conditions or decide whether to enter or exit. At any given point in time, the network revenue could both overstate and understate the actual cost to attack.

This means that in the short-run when revenues are decreasing (or have decreased) it could in fact be the case that total network revenue is only equal to total network variable cost. This has massive implications for security budget, as the “Security Budget” is then ignoring all the costs required to start mining (mainly hardware and equipment) as well as all the fixed ongoing costs of running the miners (facility rent and other long term agreements).

This needs to be emphasized.

Due to the incentive structures of existing miners, at any given time the total network revenue may not equal the total cost of the network, but could in fact be as low as total variable cost.

On Hardware Costs

We have established that Fixed Costs may or may not actually be covered by network revenue.

On the other hand, whatever the motivations of a potential attacker, their goal will surely be to launch an attack and take down the network as quickly as possible, any longer and they face ever growing operating costs. No matter how much they are able to minimize attack time, or how quickly they can take down the network, they will always have an absolute requirement to incur 100% of the hardware cost.

This is in contrast to a good-faith miner who will amortize the hardware cost over time. It is true they still have to incur the full cost, but they are slowly paying it off as of the first day they begin mining and have calculated it for purpose of their required revenue, over time. Thus even if Security Budget does account for hardware, it accounts for it only over a relatively long period of time, which does not reflect the time required to attack the network.

Conclusion

At the end of the day, I agree that we should be concerned about declining bitcoin miner rewards and incentives to mine. And of course agree that if revenue to miners decreases relative to their costs, it is unlikely they will continue mining, and therefore it is also likely that security on the network will decrease.

Security Budget is fine for conveying a surface level idea about miner incentives, but is insufficient for understanding the nuances inherent in the existence of both fixed and variable costs. Without accurately representing the cost of an attack in relation to the incentives of both existing miners and potential attackers, we are just tricking ourselves.

— — —

Twitter: @dinocelotti

Thanks to Jordan McKinney for the inspiration and feedback on this post. You can also hear Jordan and I discuss this topic on MembranLabs podcast on Anchor and anywhere Podcasts are found.

Thanks also to my dad, Mauro Celotti for providing the images.