Scaling Bitcoin
The development teams working on Bitcoin Cash published their mid term plans recently and reading them fills me with hope. Over the next two years, Bitcoin will begin to envelop the world and we will understand its real potential. The block size will be decided by emergent consensus rather than central planning by the ‘experts’.
Bitcoin Unlimited published their development plan for Bitcoin Cash after the announcement. One of the priorities in their agenda is -
Increase the network capacity, ideally by decreasing the inter-block time to 1 min, 2 min, or 2.5 min to improve the user experience, focusing on faster and smaller blocks
The Bitcoin network has a block time of 10 minutes. Transactions are scooped from the mempool and placed into a block every 10 minutes. Businesses, merchants and exchanges wait for around 6 confirmations before crediting the amount into your wallet. The amount shows up as Pending as soon as the exchange sees the transaction in the mempool but you have to wait for 6 confirmations on average before the amount is credited.
BU’s proposal is to decrease the inter-block time so that you can see confirmations quickly and merchants need to wait only for 2 min for 1 confirmation. However, I do not believe this is a viable solution to the problem.
The reason that wallets don’t confirm your payment immediately is because you can double spend your bitcoin. A successful double spend attack involves:
- Attacker pays BTC to a merchant. The merchant sees this transaction and let’s say he waits for 1 confirmation before accepting the payment.
- The attacker can spend the same Bitcoin at another merchant and try to propagate his transaction so that the double spend transaction is first seen by miners. He can increase the probability of the double spend being mined by paying a higher fee.
- If he colludes with a miner, the probability of a successful double spend depends on the ‘dishonest’ mining hashpower involved in the double spend.
- It is estimated that the cost of mining one block is around $12,500. Once the merchant sees 1 confirmation, he validates the payment and hands over the goods to the customer. The attacker walks out and then tries to double spend the same bitcoin. He should spend at least $12,500 to find a block which includes the double spend and rejects the transaction made to the merchant. Attempting to double spend comes at a cost. The attacker should continue to mine and find more blocks than the remaining network which is building over the ‘honest’ block until his version becomes the longest chain. If his version doesn’t become the longest chain, he loses all the money in mining blocks that are not valid as he will not receive a block reward for any of those blocks.
- The more blocks the merchant waits for, the higher the probability that his payment cannot be reversed. Multiple researchers have worked on different solutions of calculating the probabilities of successful double spends.
Economic security of Bitcoin
Bitcoin’s PoW algorithm converts energy that has been spent in mining a block into security of the block. Miners spend resources in order to find the block and they include only ‘honest’ transactions so that they obtain the block reward. Anyone who wants to change history will have to burn more resources than the remaining network.
Econ 101: Marginal Cost = Marginal Revenue. If a block releases X dollars worth of coins to the creator, X dollars will be spent creating it.
The cost of mining a block depends on the block reward. If we decrease the blocktime to 1 min from 10 min, we make the block reward 1/10th the current block reward so that we don’t change the total coin issuance. The variable cost of mining a block will also automatically decrease and the cost of mining a 1 min block will become 1/10th the cost of mining a 10 min block.
Bitcoin’s security comes from dedicating real world resources to mining. These real world resources have a cost and miners will only spend resources that cost less than the block reward to find a block. The PoW backing a 1 min block is 1/10th the PoW backing a 10 min block. Attempting to find a 1 min block with an alternate history will be 1/10th the cost of finding a 10 min block. Hence, decreasing the block time is not an immediate answer to more security.
In a simplistic scenario, if the cost of mining one 10 minute block is $12500, then the cost of mining 1 minute block will be around $1250 . With lower block times, the economic security of each block reduces. Any merchant who is accepting a transaction with 1 confirmation should understand that an amount above $1250 shouldn’t be accepted with just 1 confirmation. This is because if the merchant has accepted a payment of $5000, the attacker can spend upto $5000 to collude with other miners and mine an alternate block.
Decreasing the block time changes the economic incentives
At a block time less than 10 minutes, the distribution is highly skewed towards lower block times. If the block time is 1 min, blocks will usually be found in under a minute. The probability that competing miners will find a block around the same time increases. If miner A finds a block in 25 sec and a Miner C finds a block in 28 sec, both competing miners will attempt to propagate their own blocks to earn the block reward. The network will receive both these blocks around the same time due to propagation delay and half of the network might accept Block A while half of the network accepts Block C. This increases orphan rate as the network will have to discard one block.
This system incentivizes larger miners to mine atop their own blocks as the larger miner knows that even if a competing miner finds a block at let’s say T sec, he has to mine for ~T+5s to find his own block. He can then use the network’s propagation delay to transmit his block quicker so that the network receives his block first. The larger miner can keep mining upon his own blocks ensuring that his chain becomes the longest chain because with a high hash rate, the probability is highly skewed towards finding a block around the same time as the network. With a 10 min block time, this is tough to execute as miners will have to waste resources mining for at least a few minutes before finding a block so they would rather accept a valid block that they receive from the network. Even if a large miner attempts to ignore other valid blocks, the remaining miners will accept the valid block and the large miner cannot make use of the propagation delay to propagate his block as there is a large time differential.
Decreasing the blocktime comes at a cost of high orphaning rate and with a blocktime of less than 1 min, the probability of miners finding competing blocks increases, increasing the orphan rate.
This is the reason Ethereum with a block time of 15s has a high orphaning rate and they even though Ethereum rewards uncles(orphaned blocks), it is an economic loss to the system as the work of this uncle doesn’t get added to the system. Ethereum pays out of the protocol even though this work doesn’t help secure the blockchain. It is energy that has been spent and dissipated while the most economic and efficient way would be to minimize orphaning and ensure that every block found would be added to the blockchain. This means that more energy can be spent in securing the blockchain rather than waste it.
10 mins is a really low settlement time
Bitcoin can be considered as a system that settles in 10 mins. This is more efficient than all fiat systems. For example, Indian banks use Unified Payment Interface to enable immediate payments between users bank accounts.
The banks involved in the transactions actually settle once in every 8 hours. If A transfers to B’s bank account, B’s bank gets the instruction to credits B’s account immediately which makes it appear that the payment happened instantly. However B’s bank has to wait for around 8 hours for the actual settlement. Every 8 hours, A and B do a net settlement of all inter-bank transactions during that period. All banks agree to this system of settlement as it enables them to process payments quickly. Users do not care how settlement happens for banks and in a similar fashion, they will not care how Bitcoin’s settlement is dependent on block time.
0-conf is a UI issue
Customers who are purchasing their coffee will not wait for 2 minutes at the merchant until the merchant sees a confirmation. Users will not want to wait. And when the alternative is tapping Apple Pay at the counter, they are not going to shift to using Bitcoin. If we want them to shift to using Bitcoin, 0-conf is the only way. For most daily purchases, 0-conf has to be really good and for higher purchases in the order of millions of dollars, users have to wait for a few confirmations anyways.
Bitcoin wallets should work better than Banking apps. Payments should happen in seconds. In fact, the real competition for Bitcoin wallets is fintech companies such as Apple Pay and Paypal. We shouldn’t expect that the world around us will change to understand our form of money and learn about confirmations and double spend attacks. Users shouldn’t know what a node is or how mining secures the network. Businesses have to develop solutions that enable people to process Bitcoin faster than existing alternatives. Using Bitcoin should be easier, not harder than all existing alternatives.
I am encouraged that different teams on Bitcoin Cash are pursuing various goals and are trying to research different ways to scale Bitcoin for global adoption. Bitcoin Unlimited’s research could potentially show that a blocktime of 5 mins is more efficient and we could end up changing blocktimes. However, we still need to recognize that 0-conf is what will actually help increase payment adoption.
