The Economic Limits of the Blockchain
This is a guest post by professor Neil Gandal (Berglass school of economics, Tel Aviv University) and professor Joshua Gans (Rotman School of Management, University of Toronto), advisors to Orbs.
Eric Budish recently published a working paper entitled “The Economic Limits of the Blockchain.” The paper provides economic rigor in examining the use of “proof of work” schemes to support cryptocurrencies. In particular, the paper examines when Bitcoin and other cryptocurrencies using “proof of work” would be vulnerable to a “majority attack.”
The paper is welcome because much of the discussion of the Economics of the Bitcoin ecosystem has been through online forums without economic analysis.
The nice thing about the paper is that it is quite straightforward — and does not require a degree in Economics to understand it.
Budish starts with the supply side of mining. Approximately every 10 minutes, miners compete in a computational game for the right to add the next block of transactions to the blockchain. The winner earns a reward, denoted “Prize.”
The probability that a given miner will win is proportional to the amount of computing power that he/she has. For example, the probability that a miner with “n” computational units of computing power out of a total of “N” computing units of computing power will win the prize is n/N.
Assuming competition among miners, enter will take place until there are zero-profits. This is a standard free-entry condition used in many economic models.
Assuming that each unit of computing power costs “c” per period, the free entry condition is simply
(1) N* = Prize/c
Prize/N* =c,
Where N* is the equilibrium number of computing units. Equation (1) says that the probability of winning the award per unit of computing power (1/N) multiplied by the Prize is exactly equal to the cost of per unit of the computing power. It also shows that increases in the Prize or declines in the per unit computing cost will lead to more computing units.
This is the standard free-entry equation for a rent-seeking tournament, and of course, many about have written about this aspect of bitcoin mining.
As noted, a fall in “c” will lead to an increase in “N.” This means, among other things, that a drop in the price of electricity does not reduce energy use in the bitcoin ecosystem. For example, if the only cost was electricity, given a fixed prize, total electricity costs are the same regardless of whether the price of electricity rises or falls.
To this, Budish adds the demand side. The Prize must be attractive enough to insure that dishonest miners will not have an incentive to band together (forming a majority,) and attack the system and get control of the blockchain. Budish denotes this as “incentive compatibility” with respect to a majority attack.
Suppose an attacker wanted to obtain a majority of the computing power. Assuming that there are “N” units of honest mining power, then by paying cN + e (where e is a very small number,) the attacker would have a majority and could get control of the network.
However, in some cases, the “ecosystem” requires a super-majority to get control of the system. In such a case, the cost (per block) of taking control of the system would be AcN, where A>1.
Thus, in order to take control of the blockchain for “t” periods, the expected cost to the attacker would be
(2) AtcN — t*Prize,
since the attacker is taking control of the blockchain for “t” periods — and earns the “Prize” for t periods.
From (1), Prize=cN. Substituting (1) into (2) yields an expected cost of (A-1)*t*Prize for the cost of the attack.
In order to insure that such an event cannot happen, it must be the case that the cost of the attack exceeds the benefit from the attack, denoted B_attack, or
(3) Cost attack = (A-1)*t*Prize > B_attack
Incentive compatibility (no attack) requires that (3) must hold. Rewriting (3), incentive compatibility means that
(4) Prize > B_attack /(A-1)*t
In other words, the equilibrium per-block “Prize” to miners must be large relative to the benefits in order to prevent an attack.
Budish points out (and this is a very important insight,) that (3) and (4) are “flow returns,” since the computational power is fungible and can be taken out of the system.
Budish shows that Bitcoin is an institution whose long-term vulnerability depends on very short-term (flow) enforcement mechanisms. This is a bad sign.
In many other settings, the cost of cheating (to the firms that cheat) is a function of the “stock” value of the relationship, not the flow value.
During a double spending attack, the value of the attack (B_attack,) is positively related to the value of Bitcoin, which itself is positively related to the “Prize.”
Thus as Bitcoin becomes more valuable, the less likely it is that (4) will hold.
Budish then goes on to perform computational simulations based on the value of “A” and the expected duration of the attack. He shows that “for the system to be usable for large transactions requires fees that would make the system unusable for small transactions.” Hence, he concludes that Bitcoin would be majority attacked if it became sufficiently important, suggesting limits on how important Bitcoin could become. His analysis applies to all proof of work ecosystems.
Reference:
Budish, E., The Economic Limits of Bitcoin and the Blockchain,” working paper, available at: https://faculty.chicagobooth.edu/eric.budish/research/Economic-Limits-Bitcoin-Blockchain.pdf
Like what you read? Check out our GitHub projects and join the community:
Join the Orbs community:
- GitHub: https://github.com/orbs-network
- Telegram: https://t.me/orbs_network
- Twitter: https://twitter.com/orbs_network
- Reddit: https://www.reddit.com/r/ORBS_Network/
- Read the Orbs white papers: https://www.orbs.com/white-papers
