By Hasu, James Prestwich, and Brandon Curtis
An application or protocol is secure if it realizes its goal in an adversarial environment. In the case of Bitcoin, the goal is to establish a payment system where anyone can participate, only the rightful owner can spend a coin, and all valid transactions make it into the ledger eventually.
For the first ten years of its existence, Bitcoin has successfully held these security properties. At the same time, academia has largely failed to replicate Bitcoin’s empirical soundness in their models, giving birth to the meme that “Bitcoin is secure in practice, but not in theory.” With this paper, we want to bridge the gap between theory and practice by introducing our model of Bitcoin’s security.
We show that Bitcoin can currently tolerate a very high incentive to attack, formalizing the intuition that the incentives of miners are long-term aligned with the system. The key insight is that mining requires a large upfront investment (typically a full year of mining rewards) whose value is tied to the health of the network. Any behavior that hurts the value of these coins before they have been delivered is highly destructive, showing why many of the attacks feared by academics are indeed irrational in practice.
In the second half, we show that, more than any external attacker, the biggest threat to Bitcoin’s security is baked into the protocol itself. The block subsidy schedule, which declines as part of Bitcoin’s fixed emission schedule, will lead to lower commitment from miners over time. If a robust blockspace market doesn’t develop, we explain why a decline in block rewards poses a substantial risk for the future. Contrary to popular belief, users can’t compensate for this by simply waiting for more confirmations. Finally, we present general ways to think about the problem, including several possible improvement proposals for the community to discuss.
