Tuesday, August 11, 2020

"Good" News For Bitcoin!

David Gerard is fond of pointing out how adept Bitcoin cultists are at spinning every item of news as "good news for Bitcoin". His latest news post has two notable items suited to this spin cycle:
  • Two successive successful 51% attacks on Ethereum Classic.
  • A new, more realistic estimate of Bitcoin's energy usage; it is only as much as Belgium
Follow me below the fold for details and commentary.

Energy Consumption

Since Blockchain: What's Not To Like?, I've been working with Tim Swanson's 2018 estimate that the top 5 cryptocurrencies use as much energy as The Netherlands. Swanson's estimate covered Bitcoin, Bitcoin Cash, Ethereum, Litecoin and Monero. Swanson estimated that just powering the Bitcoin mining rigs used ~50TWh/year, but:
this estimate is probably a lower-bound because it doesn’t include the electricity consumed within the data centers to cool the systems, nor does it include the relatively older ASIC equipment that is still turned on because of local subsidies a farm might receive.
I regret not noticing a considerably more detailed 2019 estimate by Stoll, Klaaßen & Gallersdörfer, The Carbon Footprint of Bitcoin, which concluded that:
as of November 2018, the annual electricity consumption of Bitcoin had a magnitude of 45.8 TWh.
Swanson's Bitcoin analysis cited a 2018 estimate from Alex de Vries that Bitcoin alone used as much energy as Austria. Now, in Bitcoin’s energy consumption is underestimated: A market dynamics approach Alex de Vries shows that:
most of the currently used methods to estimate Bitcoin’s energy demand are still prone to providing optimistic estimates. This happens because they apply static assumptions in defining both market circumstances (e.g. the price of available electricity) as well as the subsequent behavior of market participants. In reality, market circumstances are dynamic, and this should be expected to affect the preferences of those participating in the Bitcoin mining industry. The various choices market participants make ultimately determines the amount of resources consumed by the Bitcoin network. It will be shown that, when starting to properly consider the previous dynamics, even a conservative estimate of the Bitcoin network’s energy consumption per September 30 (2019) would be around 87.1 TWh annually (comparable to a country like Belgium)
De Vries Fig. 1
de Vries' consideration of the dynamics starts by distinguishing between different epochs of mining:
To evaluate the accuracy of the estimates for Bitcoin’s energy demand and their respective assumptions, we propose dividing the developments in the Bitcoin mining market in three different stages based on the estimated network hashrate. These stages are growth, stability and decline (highlighted in Fig. 1). The growth stage is identified by observing the increasing amount of computational power (hashrate) in the network. Likewise, stability and decline can be identified by a relatively flat or decreasing amount of hashrate.

Declining Hashrate

de Vries shows that:
This shows that in a declining market real-world mining facility efficiency rapidly approaches the theoretic optimum, as suboptimal choices by market participants are increasingly punished. It also shows that during this phase a simple back-of-the-envelope approach (though corrected for market share) can provide a good sense of direction when estimating the electricity consumption of miners.

Unfortunately, we have to establish that most of the time the situation is a lot more complicated, as a declining market only occurs once (and only briefly) over a period of 33 months in total.
Stoll et al's estimate coincided with the sole period of declining hashrate, so their estimate of 5.23GW was close to one using Swanson's methodology, 4.36GW. Because the proportion of older, less efficient devices falls rapidly during periods of declining hashrate, basing estimates on the most recent, most efficient devices works well.

Growing Hashrate

Figure 1 shows that, except for four months in late 2018, the hashrate has been growing since September 2017. Thus it is most important to analyze energy usage during periods of increasing hashrate:
Here we can immediately notice that the link with miner earnings is not as obvious as for a declining market. In fact, the Bitcoin mining industry is booming for nine months after the crash of Bitcoin miner earnings early 2018 (also confirmed by record device production during the entire first half of 2018 [2]). The simplest explanation for this is that, while cutting losses in a declining market merely involves switching off devices, taking advantage of growth opportunities typically requires the acquisition of new devices. This takes time, and even more so if devices are only available in limited quantities due to production constraints.
Thus, because the proportion of older devices falls only slowly during periods of growing hashrate, basing estimates on state-of-the-art devices underestimates Bitcoin's energy demand during these periods. And because the hashrate is growing most of the time, this underestimate is significant.

de Vries analyzes the market during 2019 in Section 2.2.2. The first half of the year saw the introduction of new, more efficient devices from Bitmain (Antminer S17 with ~40% of the power draw of the S9) and Caanan (A10 with ~70% of the power draw of their A9). But supplies of the chips were very constrained, so the prices for the new devices were very high:
With an average selling price of 7038 RMB per unit (compared to 1008
RMB and 1526 RMB for the A8 and A9 series respectively) the [A10] was sold only 490 times during the first half of 2019.
Thus the older devices continued to dominate newly introduced hashrate. Caanan:
sold 252,862 units of its older A8 and A9 series ... in the first half of 2019, as compared to 292,826 units in the second half of 2018. These sales (representing 22 percent of all computational power sold in the first half of 2019) reflect a steady demand for older device types in 2019
These large lags in responding to the introduction of new devices are very significant:
From the total increase in the Bitcoin network hashrate of around 30 EH/s during the third quarter of 2019, about 25 EH/s can be attributed to the sale of newly produced devices. ... During the first half of 2019 we observe an increase of around 20 EH/s in the total network hashrate, of which almost 18 EH/s can be attributed to the total computational power sold during this period. That means that, out of the average estimated network hashrate of 92.5 EH/s per September 30 (+/− 4 days), at least 49.5 EH/s of computational power must be generated by devices produced prior to 2019.
In other words, despite the introduction of new devices, over half the hashrate is due to devices more than 9 months old.

Conclusion

de Vries concludes:
By analyzing sales and market shares data instead, we conclude a conservative weighted average power efficiency of all mining units in the network amounts to 0.0917 J/GH per September 30, 2019 (assuming only the most power-efficient devices produced prior to 2019 are still active). This translates to an annual power consumption 85.8 TWh after performance 5 and PUE corrections ... This number increases to 87.1 TWh annually if we consider a small delay (of one week) before delivered mining machines become active, as this primarily affects the most efficient devices being considered during the third quarter of 2019. ...
To put this number into perspective, it represents close to half of the current global data centre electricity use (200 TWh [31]), while equaling the electricity use a country like Belgium (87.9 TWh) [5].
The one-week delay is due to the time it takes a miner from receiving new devices to having them in production.

The bottom line is that a major country's electricity supply is devoted to supporting pure speculation, massive fraud, rampant theft, money laundering and other crimes.

51% Attacks

As I wrote in Proof-of-Stake In Practice:
At the most abstract level, the work of Eric Budish, Raphael Auer, Joshua Gans and Neil Gandal is obvious. A blockchain is secure only if the value to be gained by an attack is less than the cost of mounting it.
Back in January last year, this observation was made obvious. First, Dan Goodin reported that:
Attackers have stolen almost $500,000 worth of the Ethereum Classic digital currency by carrying out a compute-intensive hack that rewrote its blockchain, officials with Coinbase, one of the leading crypto currency exchanges, said on Monday.

According to coinmarketcap.com, ETC is the 18th biggest cryptocurrency, with a "market cap" of $523,350,707. But that's not enough to keep it secure. Only a few of the biggest altcoins have enough mining power relative to their "price" to deter 51% attacks.
Then Catalin Cimpanu reported that attacking ETC cost $4903/hr and thus:
Coinbase also updated its original report with details on another 12 double-spend attacks, bringing the total of stolen funds to 219,500 ETC (~$1.1 million)."
In Why the Ethereum Classic hack is a bad omen for the blockchain, Russell Brandom explained the rash of 51% attacks and quoted Nicholas Weaver:
As Weaver puts it, it’s “a nice illustration of how proof-of-waste schemes cannot be both efficient and secure.” The more it costs to mine a block, the more expensive it is to outspend the honest miners for long to reverse a transaction. Electricity prices vary from miner to miner, but Weaver estimates that the Bitcoin network currently runs through about $300,000 in electricity each hour, while the smaller Ethereum network runs at roughly $100,000 per hour. For Weaver, any coin much smaller than that is at risk of a 51 percent attack. Ethereum Classic clocks in at roughly $5,000 per hour.
But, as always, the answer to "is our children learning?" is no. 18 months later, ETC is still not wasting enough electricity to be secure. David Gerard reports that:
There’s still nobody who cares about Ethereum Classic, leaving the blockchain open to a 51% attack on 31 July — in which someone spent $192,000 on hashpower to mount a double-spending attack that netted them 807,260 ETC, notionally worth $5.6 million. And another attack on 6 August. [Bitquery; CoinDesk]
Alexsey Studnev reports on the first attack:
Attacker double-spent 807,260 ETC ($5.6 million) during this attack and spent 17.5 BTC ($192K) to acquire the hash power for the attack. The attacker also got 13K ETC as a block mining reward, which we are not including in our double-spent calculation.
So an investment of $192K returned around $5.7M, almost 30x. That is a return even the "vampire squid" would not turn up their nose at.

Sebastian Sinclair reports on the second attack:
Ethereum Classic has suffered its second 51% attack in a week after more than 4,000 blocks were reorganized Thursday morning.

Mining pool Ethermine’s parent entity Bitfly and crypto exchange Binance reported the reorganization, announcing all Ethereum Classic payouts, withdrawals and deposits had been suspended due to the attack.
Bitcoin mining pools 8/7/20
The "good" news for Bitcoin is that it is wasting enough energy to deter 51% attacks. Alas, more than 50% of that energy waste occurs in the 4 biggest mining pools. Adem Efe Gencer et al write in Decentralization in Bitcoin and Ethereum:
Both Bitcoin and Ethereum mining are very centralized, with the top four miners in Bitcoin and the top three miners in Ethereum controlling more than 50% of the hash rate.
It is impossible to know whether or not these pools are conspiring together. For more discussion of this problem, see the update to Cryptographers on Blockchains: Part 2.

13 comments:

David. said...

In Ethereum Classic Labs seeks criminal charges after 51% attacks Liam Frost reports that:

"Ethereum Classic Labs has enlisted the help of law firm Kobre & Kim LLP and crypto intelligence company CipherTrace to pursue the individuals responsible for the two recent 51% attacks on Ethereum Classic’s blockchain—both technically and legally.

“We’ve engaged Kobre & Kim and CipherTrace to assist in the investigation and pursuit of criminal charges against the perpetrators of the recent attacks on ETC,” said Terry Culver, the CEO of ETC Labs, adding, “Together we will cooperate with stakeholders and agencies in the United States and wherever else the investigation leads to analyze the transactions and to identify the responsible parties.”

Culver said that the company wants to ensure that “there are severe consequences for manipulating a public blockchain to steal” and is determined to safeguard its ecosystem."

This is ironic because, as David Gerard points out:

“Code is Law” was also the founding principle of Ethereum Classic — so that the DAO disaster of 2016 would be preserved forever on the Ethereum (Classic) blockchain. But the code for the proof-of-work consensus mechanism apparently isn’t law in quite the same sense"

David. said...

In Advertising Is A Bubble I commented on Jesse Frederik and Maurits Martijn's must-read, laugh-out-loud The new dot com bubble is here: it’s called online advertising. Now, Frederik is back with Blockchain, the amazing solution for almost nothing:

"I’ve never seen so much incomprehensible jargon to describe so little. I’ve never seen so much bloated bombast fall so flat on closer inspection. And I’ve never seen so many people searching so hard for a problem to go with their solution."

And:

"Councillors and managers think that problems – however large and fundamental they are – evaporate instantaneously thanks to technology they’ve heard about in a fancy PowerPoint presentation. How will it work? Who cares! Don’t try to understand it, just reap the benefits!

This is the market for magic, and that market is big. Whether it’s about blockchain, big data, cloud computing, AI or other buzzwords."

David. said...

JP Konig's 18 things about Tether stablecoins os suitably skeptical, e.g:

"5. Does anyone know who regulates Tether? (Yes, Tether Limited is regulated by the U.S's FinCEN. But who regulates Tether International Limited? Its terms of service says that it is based in the British Virgin Islands. But a search of the BVI's Financial Services Commission doesn't indicate that Tether International Limited has been registered as a money services business.)

David. said...

Izabella Kaminska draws some intersting paralles in From bitcoin to QAnon: bits to qbits.

David. said...

Anyone who thinks "smart contracts" are a good idea needs to read Ethereum is a Dark Forest by Dan Robinson and Georgios Konstantopoulos. It is a horror story:

"It’s no secret that the Ethereum blockchain is a highly adversarial environment. If a smart contract can be exploited for profit, it eventually will be. The frequency of new hacks indicates that some very smart people spend a lot of time examining contracts for vulnerabilities.

But this unforgiving environment pales in comparison to the mempool (the set of pending, unconfirmed transactions). If the chain itself is a battleground, the mempool is something worse: a dark forest."

The TL;DR is that the mempool, the pool of transactions waiting to be included in a block, allows bots to front-run any transaction that is worth front-running. So either:

- You're a miner and thus can include transactions in a block that never appear in the mempool.

- Or your transactions have to be elaborately obfuscated so the bots don't think they're worth front-running.

What could possibly go wrong? Read the post to find out some things that definitely can.

David. said...

David Gerard points out that front-running was among the dangers outlined in 2017's The Cost of Decentralization in 0x and EtherDelta by Iddo Bentov et al of Cornell:

"Vulnerability to miner frontrunning: Order cancellations are a common feature of decentralized exchanges (after all, an exchange with no cancellation ability may not be useful in a volatile market), and their on-chain nature renders these cancellations particularly vulnerable to miner frontrunning; the miner of the next block will always have the option to execute cancelled orders with themselves as the counterparty, potentially profiting from such an order. To add injury to insult, the miner even collects gas costs from a user’s failed cancellation."

David. said...

Zack Voell reports that:

"The Ethereum Classic blockchain suffered a 51% attack Saturday evening, its third such attack this month, noticed by mining company Bitfly, which also spotted the first attack on Aug. 1.

The attack reorganized over 7,000 blocks, or two days' worth of mining, according to a tweet shared by Bitfly. The first two attacks reorganized 3,693 and 4,000 blocks respectively."

David. said...

Jemima Kelly's There’s very little evidence for blockchain, it turns out is "pleasantly surprised" by the honesty of the Centre for Evidence Based Blockchain. Their Global Study of Blockchain Projects and Start-up Companies concluded that:

"almost half of the blockchain firms show no explicit evidence of the problem to be solved. Approximately one-third fail to cite a comparison and intervention analysis, and less than 2 per cent demonstrate evidence of outcomes backed by filtered (critically appraised, peer reviewed) information."

David. said...

Brian Krebs' Two Russians Charged in $17M Cryptocurrency Phishing Spree reports that:

"U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges."

David. said...

There's more good news for Bitcoin. The IRS is making it easier to remember to declare every cryptocurrency transaction by putting the question right at the top of the 1040 form.

David. said...

The sequel to Ethereum is a Dark Forest (see above) is Escaping the Dark Forest and it is a must-read:

"On September 15, 2020, a small group of people worked through the night to rescue over 9.6MM USD from a vulnerable smart contract. This is our story."

It shows the incredible efforts needed to rescue "smart contract" developers from their own mistakes, and how doing so requires miners to "cheat" on behalf of white-hats.

David. said...

The corruption of defi in 2020 is a wonderful jeremiad about DeFi:

"I decided to publish this anonymously so that the message would not be dismissed as virtue signaling. Anyone who communicates this message would be rejected by the decentralized finance (“defi”) community.

There is an unspoken agreement between defi insiders and the bad actors that they protect. The insiders do not challenge malfeasance, and for their leniency they are rewarded with privileged information. If an outsider draws attention to the corruption, the insiders dutifully defend the bad actors by saying it only looks bad from the outside. The rationalization goes like this — it’s really hard to understand how legitimate everything is unless you contribute to the space. Non-contributors who feel victimized by insiders should blame themselves. They volunteered for abuse. It is a permissionless system.
...
“Crypto” is full of charismatic bad guys and apathetic sycophants. The good actors are few and far between, and even then, they have a powerful disincentive to fussing over unethical behavior. There is quite literally nothing to be gained from virtue."

David. said...

Izabella Kaminska's When crypto exchanges decentralise takes off from this:

"Earlier this month, the Department of Justice brought criminal charges against the founders of the Seychelles-based crypto exchange BitMEX.

The Commodity Futures Trading Commission also brought civil charges against the founders and five other entities behind BitMEX for failing to register with the agency and for not implementing AML procedures. The founders were also accused of running an internal trading desk on a conflicted basis."

to speculate about the cryptocurrency world's response:

"In industry eyes, matching-software that can be downloaded and used to bring counterparties together constitutes a tool rather than a service. Accordingly, the same requirements about financial disclosure, KYC and AML do not apply, not least because there is no central body governing or intermediating the sums of cash that pass through a system."

and point out that:

"A decentralised system, in theory, eliminates that problem. But the flipside of that reality is that there is no guaranteed liquidity on any such system and no protection against flaking counterparties or worse. There are simply no guarantees at all. And while reputation scoring can help, over time it becomes an expense in its own right, since it becomes entirely impossible to verify all counterparties at any significant scale or pace independently. All of which knocks liquidity and increases the theoretical discount that needs to be applied to any cryptocurrency that cannot be cashed-out in the realms of the regulated system.

In the long run, customers (even fraudulent ones) will realise that all the structure really does is outsource the job of KYC and AML screening to users directly. If crypto users are smart, they will realise this will never be as cost efficient as institutions doing KYC on users’ behalf. "