Bitcoin is Broken

There are plenty of neckbeards who will tell you differently, but you should consider what incentives they have in place. I know many people who have plenty of wealth tied up in Bitcoin, and even know people who have become millionaires at the hand of Bitcoin and/or other cryptocurrencies. Good for them. Many of them are technologists who took on considerable risk because they believed in this particular version of the future. But they are pot committed at this point, and I wouldn’t expect them to say much more than don’t worry about it nothing to see here when confronted with some of Bitcoin’s most troubling weaknesses.

I won’t bury the lede here: Bitcoin is broken largely because mining centralization has threatened the key tenants of Bitcoin – to be both trustless and decentralized.

But first, a little history. In 2008 a person or group of people or organization published a whitepaper and reference implementation of the Bitcoin protocol under the pseudonym Satoshi Nakamoto. People toyed with virtual currency implementations previously, but Satoshi’s implementation was the first that could provide a currency that was completely decentralized, lacking the lynchpin of trust. This is significant. It is the invention of a monetary system that can stand on it’s own without the meddling of incorruptible folks like bankers and politicians. Whereas traditional currency balances are maintained on centralized servers owned by banks and governments, Bitcoin’s ledger is entirely public and owned by everyone. The protocol enforces consensus and prevents cheating.

So how does it work ? Here is where you probably get insulted if you understand Bitcoin because I am going to gloss over tons of details, but hopefully if cryptocurrencies are alien talk to you this will be a high enough level overview to get you started. But first, some terminology:

Transaction: A transfer of ownership of a coin, or fraction of a coin. e.g., Alice sends 5.2 Bitcoins to Bob.

Block: A group of transactions.

Blockchain: The distributed public ledger that serves as the database, consisting of a chain of blocks that has been growing since the very first block created, known as the genesis block. You can trace any bitcoin’s ownership all the way back to its creation by following the transaction history in the blocks in the blockchain.

When someone running a Bitcoin client initiates a transaction, it broadcasts it to all other bitcoin clients. These transactions get bundled until the next block is created. But generating a block has to be prohibitively difficult because if you could generate one whenever you wanted, you could easily publish a block that says you gave 1 Bitcoin to Bob, receive what you paid for, and then quickly publish a new block on a fork of the blockchain that pretends that you never sent the 1 Bitcoin to Bob, and instead sends it to Cindy. This is called double-spending, and preventing it is Bitcoin’s biggest innovation.

Enter Mining. To make it difficult to publish a block, the Bitcoin protocol enforces the rule that to create a block, you must first solve a mathematical puzzle. The only way to solve the puzzle is to input random guesses into an algorithm that produces hashes, and hope that the resulting hash satisfies a certain criteria. The difficulty of this puzzle resets every 2016 blocks (roughly two weeks) based on how many total guesses are being made on the network, with the goal of keeping block creation time at roughly 1 block every 10 minutes. If you can find an input that produces a hash that meets the criteria, you publish the block and the input you used to solve the puzzle with to the network. Each client on the network will then verify that your solution works, and that all the transactions in the block are valid (e.g., the sender has sufficient funds, the transactions match those that their client has collected, etc). Once a client sees that the block has been solved, they will give up work on it and start working to create the next block.

To incentivize people to participate, miners are given a reward if their computer is the one that solved the puzzle first. This reward started at 50 Bitcoins and halves every 4 years. That means it is currently at 25, will be at 12.5 in 2017, 6.25 in 2021, etc, with the total supply of Bitcoins eventually ending up at roughly 21 million.

Working together. So we’ve seen that mining is crucial to securing Bitcoin because it makes creating blocks prohibitively difficult, controls the rate of coin creation, provides a means of transaction validation, and incentivizes people to secure the network. But what a miner really wants is that block reward. Initially, you could have success mining alone on a standard CPU. Shortly after, people realized they could get more hash/s using a GPU. Then it was programmable FPGAs that vastly outperformed GPUs. Now, companies are making custom silicon for the sole purpose of computing hashes, and it’s big business.

Sure you could mine by yourself, but the amount of hashpower on the network is so huge that your chance of solving a block is very small. Instead, miners join a mining pool to decrease their variance and receive more regular payouts. There are plenty of payment schemes, but they all work roughly like you would expect – everyone in the pool contributes their hashing power, and if the pool solves a block the reward is distributed proportionally to the amount of hashing you contributed.

So what’s the problem? In a picture, this:

51%

In June 2014, the mining pool GHash.IO grew to the point of receiving 51% of the entire Bitcoin network’s hashing power, which is significant because it means that it had control over the Bitcoin network. Here are just a few of the privileges having such power can afford you:

  • Double spending
  • Blocking transactions from any address you want
  • Ignoring block formation from anyone else, effectively bringing the Bitcoin network to a halt.

I remember reading the response of Bitcoin’s chief scientist, Gavin Andresen when this happened. He’s a smart guy, and I generally like him. But this response seemed disingenuous. The crux of his argument was that sure, a pool with 51% could double spend, or shut down the network all-together, but it is not in their economic interest to do so, and even if it was we could probably fix it somehow. Ignoring the fact that those are not the only attacks a pool with 51% could carry out 1) I have seen no such changes to the protocol to prevent these attacks and 2) It doesn’t take much imagination to invent a scenario in which they were incentivized to abuse their power. Here are a few off the top of my head:

  1. A mining pool takes out a massive short position on Bitcoin, flipping their economic incentives
  2. The mining pool itself is hacked by people with malicious intent.
  3. State based coercion

So I don’t take his response very seriously. As an ambassador and holder of Bitcoin he took it upon himself to quell panic, and it worked. But implicit in his message was assurance that we could trust GHash.IO to behave while simultaneously acknowledging an attack vector that was no longer theoretical. For their part, GHash.IO’s official response essentially amounted to ¯\_(ツ)_/¯. If Bitcoin is no longer trustless, then Bitcoin is neither relevant nor interesting.

And the brokenness remains. The hash distribution currently looks a little better, but nothing has really changed. The state of mining remains vulnerable to pools amassing 51%. While 51% is the worst news, there are various other attacks that can be carried out with as little as 25% of the hashing power, which both Discuss Fish and GHash.IO have at the time of writing this.

Mining has become so consolidated that instead of a handful of nerds MacGyvering rigs in their basement, you have this:  

mining

There are tons of warehouses just like this one, mindlessly chugging away computing insane numbers of hashes per second, consuming enormous amounts of electricity. These calculations being performed are in-and-of themselves entirely useless, unless one of them happens to unlock the block reward. And even if a million mining facilities like the one above came online, the retargeting nature of the algorithm means that there will still be, on average, 1 block created every 10 minutes. The only advantage to insaneness like this is that it makes it that much harder for any one actor to amass enough hashing power to gain a meaningful percentage of the network 1)Current estimates are that a 51% attack could be achieved with just over a half of a billion dollars. Chump change for governments or large entities who see Bitcoin as a threat.. Pooled mining has made this point moot, however.

Burn it all down. Well, not yet. To my eyes, Bitcoin is in this weird spot. It currently has all the momentum, and VCs are dumping millions of dollars into startups based around this alternative economy. But you can appreciate the genius of Bitcoin while still thinking, “hmm, maybe there is a better way”. In fact, lots of people are exploring alternative consensus algorithms that are resistant to mining centralization and aren’t stupidly inefficient. I will talk more about some of these in a future post.

The Bitcoin protocol itself is innovating at a snail’s pace, and I get it. There is considerable value to protect and the developers tread lightly when it comes to adding features that could put that at risk, but I can’t help but feel that in terms of technology it’s getting left behind. A currency is a great place to start your experiment to see if the blockchain can be a secure store of value. It has largely worked. But limiting the blockchain to currency is unimaginative and selling it short. The most exciting things in this space are applications and features that are being built on top of blockchains to enable decentralized applications, autonomous corporations, and distributed asset exchanges. The blockchain as a currency is far less interesting than the blockchain as a platform, and that is hopefully where we are going.

Ultimately, I don’t want Bitcoin to fail because that would be bad for crypto in general. But if some serious concerns aren’t addressed, I ultimately hope it gets phased out, replaced by improved protocols. The incandescent was brilliant, but I hope you aren’t still using them in your home.

   [ + ]

1. Current estimates are that a 51% attack could be achieved with just over a half of a billion dollars. Chump change for governments or large entities who see Bitcoin as a threat.

4 Responses to “Bitcoin is Broken”

  1. Really interesting. I would be honoured if I could translate this article into French – do you have an issue with that?

  2. kday says:

    Absolutely, feel free to translate this! Shoot me a link once you get it done, if you will.

  3. […] of my interest in this space has been related to cryptocurrencies/platforms (like Bitcoin, though Bitcoin is broken), but more generally in decentralized architectures. I’m working on a few things in this […]

  4. […] still not really excited about Bitcoin. I’m certainly no sage, but I wrote two years ago that Bitcoin is Broken. It seemed obvious at the time. I certainly wasn’t the only one with that opinion, but a […]

%d bloggers like this: