Trending Assets
Top investors this month
Trending Assets
Top investors this month
Part 2 of 4: Why ETH is More Secure than BTC
I recently wrote an essay on why $ETH.X will win store of value. It consists of deep-dives into the four primary drivers of my thesis:

  1. More Scarce
  2. More Secure
  3. Organic Demand
  4. Real Yield

This memo will be part 2 of a 4-part series and explains why I believe ETH will be more secure than BTC in the long-run (read part 1 here if you missed it). Please feel free to leave feedback in the comments if something is unclear or doesn't make sense, and I'll do my best to clarify!

More Secure
Security is a crucial factor for a store of value. Just as gold is immune to rot, corrosion, and other types of deterioration, a cryptocurrency must be built to last through proper incentive engineering. After all, an asset that's not around in a few decades wouldn't be much of a value store.

With gold, you get security free. The laws of physics handle everything from no forgeability to no double spend. With cryptocurrencies, however, you have to continually pay to keep the network secure.

With Bitcoin, specifically, a new block is created every 10 minutes. This block contains newly minted bitcoins (the "block subsidy") plus transaction fees, which together comprise the "block reward". Per Bitcoin's hard-coded monetary policy, the amount of newly minted coins per block decreases over time, eventually reaching 0% in the year 2140. When this happens and there is no new BTC issuance, the sole compensation for miners will be transaction fees.

Post media

Many Bitcoiners don't believe this will be an issue because the dollar value of transaction fees will be so high when the block reward runs out that security spend will be sufficient. In his essay "Bitcoin's Security is Fine", Dan Held writes:

"I hypothesize several hundred billion, in present value USD, would be an adequate security budget since it would be very difficult for a government to justify such a waste of an expense to just 51% attack the tip of the Bitcoin blockchain. They would also have to respond publicly for such an attack as their citizens (taxpayers), businesses, and banks will all be invested in Bitcoin."

He then goes on to tackle a bunch of concerns people often raise with respect to solely relying on transaction fees for network security. I agree with many of Held's arguments and understand why Satoshi designed Bitcoin this way. With proof-of-work, there is always a tradeoff between inflation (block subsidy) and security. Bitcoin has made the specific tradeoff where it will keep paying its consensus engine less and less so that it can maintain scarcity and cap the number of Bitcoins that will ever exist at 21 million.

However, I disagree that the USD-denominated security spend is what matters and side with what Vitalik Buterin wrote, in a recent reddit post:

"the security needs of a thing have to be proportional to the size of that thing, because as a thing gets bigger, its enemies become bigger and more well-motivated. If BTC were 100x as big as it is today, the value from destroying it would be 100x higher, and the kinds of actors that would want to care about destroying it would be much bigger and scarier. This is also why countries of all sizes have roughly similarly sized militaries as a percentage of GDP. Hence, cost of attack divided by market cap really is the correct statistic to measure, and in the long run issuance-free PoW really does look not that good."

So let's look at Held's most optimistic scenario where Bitcoin "survives, thrives, and continues to grow in market share exponentially, as it has done the last 10 years". In this scenario, Bitcoin has a $100 trillion market cap in the year 2140 and transactional demand for Bitcoin's block space results in $365 billion of annual miner revenue (i.e. security spend).

Post media

Is $365 billion enough security spend to protect the Bitcoin network against attackers? Maybe. I'm really not sure and have no idea what the world will look like in 2140. However I'm pretty sure we can do better. The above scenario for Bitcoin's proof-of-work consensus mechanism would result in a value-to-security ratio of about 273-to-1. With Ethereum's proof-of-stake consensus mechanism, we can get to a value-to-security ratio of about 10-to-1. At the same market cap as Held projects for Bitcoin, this would equate to a roughly $10 trillion cost to 51% attack the Ethereum network (more than 27x better than the $365 billion Held projects for Bitcoin). And the only thing this really assumes is that roughly 10% of all ETH is staked, which seems pretty reasonable. Meanwhile, Held's projection assumes a 500% increase in block size and a 40% increase in efficiency, as well as significant transactional demand for Bitcoin's block space.

In addition to a much lower value-to-security ratio, Ethereum also has a major advantage in terms of how it can respond to an attack. After a 51% attack, the Bitcoin network's only option is to move from Double SHA-256 ASICs to a new proof-of-work system. This new system would have to be based on commodity hardware, such as GPUs or CPUs, because there wouldn't be enough time to manufacture the hardware for another ASIC proof-of-work system. The attacker would then have to just do the same 51% attack with commodity hardware. Vitalik has called this a "spawn camping attack", where a 51% miner cartel keeps attacking over and over again, rendering the chain useless. With a proof-of-work system, there is no way to destroy the mining power (or otherwise penalize) an attacker.

Ethereum (and proof-of-stake more broadly) are less susceptible to this kind of attack. This is because the Ethereum network can "slash" or penalize attackers. If an attacker does something bad, the network will penalize the attacker by seizing their staked ETH. This would be the Bitcoin equivalent of destroying an attacker's mining equipment, which obviously is something that can't be done by the protocol.

Ethereum actually has two types of slashing mechanisms. The first one, which can be called "layer one" slashing, is triggered if you do something clearly wrong within the protocol itself (e.g. two conflicting attestations), in which case the Ethereum network will automatically slash at least one third of your ETH stake. This deals with most potential attacks and redistributes ETH from dishonest nodes to honest nodes, making the system antifrigile in a way. The system gets stronger each time it gets attacked if you look at it through the lens of what's referred to as an "iterated game" in game theory. So let's say the attacker wants to attack again. He would have to go out, acquire even more ETH, do the attack again, and then get slashed again. With each attack, the amount of ETH in circulation is reduced and you can actually put a cap on the number of times the system can be attacked. Let's say, for example, that there's 100 million ETH outstanding and 10% of that is being staked. For each attack, the attacker would have to buy at least 10 million ETH, and every time they get slashed, they would have to go out and reacquire another 10 million ETH. In the worst case scenario, an attacker could only attack the system nine times. Furthermore, each attack will get increasingly costly as the price of ETH on the open market would likely rise with the the drop in supply.

Similarly, this antifragility also exists at the single-game level. If you want to attack the Ethereum network, you must acquire 10 million ETH (using the simplified numbers from above). And due to simple supply-demand dynamics, the more Ether you want to buy, the more expensive it will be as ETH available for sale decreases, resulting in diseconomies of scale (e.g. the second 1% of ETH supply you acquire, will cost more than the first because there's less ETH available for sale after you first bought 1% of all ETH outstanding).

A common argument that gets made to assuage fears of a miner or pool getting 51% hashpower is: even if they do, why would they attack? That would destroy the golden goose that lays their eggs; it's not in their interests. But in reality, we cannot assume this; not only does it assume rationality, it assumes lack of outside incentives. The whole point of having high levels of security is to protect against attackers with outside incentives to break the chain. This is why Vitalik's approach to thinking about PoS security is "if they have $X billion, how many times can they break the chain before all their money gets slashed?". It's not about assuming rationality; it's only assuming limits on bad actors' economic resources.

Perhaps the best argument I have heard in favor of proof-of-work's security is that the physical hardware-driven nature of it adds friction to even very well-capitalized attackers: you need to wait a year for the hardware to get manufactured, the process necessarily involves many people, and there's a high risk that it gets detected while you're doing it. This is a genuine advantage of PoW. That said, there is also a crucial downside to physical hardware: it's very hard to mine at significant scale without being detected, whereas PoS is much more censorship-resistant.

The lack of footprint required to stake Ethereum is a huge advantage when it comes to security. To become an Ethereum validator, all you really need is Ether, a raspberry pi, an SSD, and an internet connection. This is in stark contrast to Bitcoin where being a miner requires a massive footprint in the form of tremendous energy usage and huge warehouses to house the mining equipment. This footprint makes it relatively easy for governments to detect and shut down mining activity. Whereas with Ethereum, you could be anywhere in the world (perhaps behind a Tor network so you don't even have to leak your IP address). And even if a nation state were able to find and confiscate the physical Ethereum validating equipment, that's not where the staked ETH exists. Ether exists solely in the digital world and can only be confiscated by somehow getting the owner to hand over their private keys.

People sometimes forget that when Satoshi Nakamoto created Bitcoin over a decade ago, it was the world's first successful attempt at creating digital scarcity and incentive engineering for a proof-of-work consensus system. While clearly brilliant, the person or group operating under the Nakamoto pseudonym was in fact human and could not reasonably be expected to anticipate all of the potential issues that arise with incentive engineering. Since then there has been more than 12 years of research and development in the blockchain space working on network security and scalability. Bitcoin's issuance schedule was heavily influenced by that of gold because that was the best that the physical world could provide. But, for reasons detailed above, the design space increased dramatically when money moved to the digital world.

In my view, it seems like a pretty good bet that Ethereum will be the more secure network in the long run.
en.wikipedia.org
Repeated game - Wikipedia

Related
Already have an account?