Privacy And Security

Research Dec 07, 2022


Key Take-aways

  • In a decade’s time, Bitcoin’s block subsidy will drop to less than a single Bitcoin and some crypto players are worried this represents an existential threat.
  • Concern arises from the fact that Bitcoin’s security budget has always been heavily reliant on the block subsidy (issuance) with fees typically accounting for less than 1%.
  • Such anxiety is misplaced. Geopolitical forces are pushing for a new use-case for Bitcoin, which historically has much larger fees than would be required to maintain the protocol’s security budget.
  • Mutually Assured Demand for hash power is looking increasingly likely and should ensure a robust blockspace market.

After my recent research note on Bitcoin[1] outlining how it could be deployed as the foundation for a crypto-based alternative to the USD-dominated fiat money system, one twitter user asked me why Bitcoin and not Monero, the largest privacy coin by market cap.

It’s a good question and one worth delving into in more detail.

What Is Monero?

As mentioned, Monero is a privacy coin, which as the name suggests allows its users to conduct transactions without having to provide personally identifiable information or disclose transaction details. Monero is cryptographically private by default, meaning its privacy features cannot be turned off by the user. This is unlike other privacy coins, such as Zcash (the second largest privacy coin by market cap), which allows users to toggle privacy on or off, meaning users are able to disclose transaction information if they choose to. In addition, Monero utilises stealth addresses, which are randomly created addresses for each transaction. Combined with output masking ring signatures, which group transactions together to avoid traceability, Monero’s structure ensures financial privacy is front-and-centre.

Given the catalyst for writing the research note was Russia’s announcement that it was planning to legalize cryptocurrencies for cross-border payments in light of the financial sanctions by the west, one can readily understand the motivation for asking the question. Surely, Monero’s robust privacy features, which ensures that it users are able to conduct transactions anonymously, would be a strong rationale for favouring Monero over Bitcoin, which is only pseudo-anonymous at best?

However, there are good reasons for favouring Bitcoin over Monero.

First, Bitcoin is the most mature of all cryptocurrencies; it has been around the longest. As a result, it has the best brand recognition (never underestimate the value of PR) and the most battle-tested infrastructure.

Importantly, it is also the most traded cryptocurrency with the highest market cap ($317bn versus Monero’s $2.5bn, which is the 24th most valued cryptocurrency[2]). These two metrics are intimately related because there is a network theory of money value as I explained in an early research note[3]. The US dollar is the world’s reserve currency of choice (at least for now) because it is the most widely used and accepted fiat currency in the world.

To demonstrate this relationship consider the following chart. It shows the top seven fiat currencies and the top seven cryptocurrencies ranked by transaction volumes compared with their share in global FX reserves for fiat and market cap for crypto[4]. The similarity is glaring. When it comes to money and its value, power laws rule[5].

Monetary Network Effects

Source: BIS, IMF and coinmarketcap

The set-up I proposed for a crypto-based alternative to the international monetary system was one where Bitcoin provided the bedrock, namely for it to be used as collateral backing newly issued stablecoins for international transactions[6] – a set-up very similar to MakerDAO’s stablecoin DAI[7]. For this system to be effective the collateral underpinning it must have both a large market cap (to support the amount of stablecoin issuance required for cross border payments) and for its price volatility to be as low as possible (to mitigate the risk of forced liquidations/extent of required over-collateralization). At present Monero is not big enough from a market cap perspective and its price is historically more volatile than Bitcoin[8] – see chart. The negatives don’t stop there.

30-day Annualized Historic Volatility

Source: Author calculations

Problematic Privacy

The reason why Bitcoin could work as the bedrock for a crypto-based alternative international money system is because it is an unbannable digital form of geographically-mobile outside money, well-suited for environments where geopolitical tensions are increasing and trust between nation-states is  in decline. Anonymity does not really factor into the necessary conditions required for such a system to operate. It is not only overkill, but detrimental overkill.

As mentioned, to be a viable replacement for Bitcoin in such a set-up Monero’s market cap would have to be orders of magnitude greater than is presently the case. Not only do network effects work against such an outcome, because they favour the incumbent market leaders, but it is also hindered by the very thing Monero specializes in – privacy.

Particularly in light of the FTX debacle[9], government regulators are imposing more stringent legislative burdens on crypto exchanges, such as KYC/AML and travel rules[10]. To mitigate the risk of breaching these rules, potentially resulting in them being excluded from the traditional banking system (often business critical) many choose not to list Monero[11]. On-off ramping of Monero is still possible, but it is nowhere near as quick or convenient as Bitcoin or other non-privacy coins. This impediment serves to discourage wider adoption of Monero by crypto users and hence, by extension, also limits its market cap potential[12].

Monetary Policy Differences

There is, however, one potential advantage Monero has over Bitcoin and it is not due to its privacy features, but something entirely different: its monetary policy. In crypto, monetary policy refers to the issuance schedule of the coin in question. Bitcoin’s monetary policy is perhaps the most famous.

According to the Bitcoin code, the maximum amount of Bitcoin that will ever be issued is 21 million – no more, no less[13]. This will be achieved around the year 2140, when the final halving event takes place. Between now and then Bitcoin issuance per block will decline by a factor two (hence halving) roughly every four years – see chart. The next halving event is due to occur in 2024 when the block reward will drop to 3.125 BTC.

Bitcoin Issuance Schedule

Source: coindesk

What this issuance schedule implies is that in 2140 the compensation paid to Bitcoin miners for running the computationally (and financially) expensive SHA-256 hashing algorithm that secures the network will have to come solely from transaction fees. This is a transition many crypto watchers have expressed serious concerns about[14]. Specifically, the worry is that absent the predictable income earned via block rewards, miners will be less inclined to mine, resulting in a lower global hash rate that weakens Bitcoin’s security and increases the probability of an attack, especially the infamous 51% attack[15].

Monero’s monetary policy is, like Bitcoin’s, predetermined but it is not capped. It adopted a tail emission model, which means that unlike Bitcoin its block rewards will never go to zero. Instead Monero implemented a fixed 0.6 XMR block reward issued to miners when every block is mined, which occurs approximately every 2 minutes. The implementation of the tail emission algorithm, which took place in June[16], ensures Monero miners have a steady source of income (albeit one that can still fluctuate in $ terms due to movement in Monero’s exchange rate to fiat). A block reward of this magnitude equates to an annual inflation rate of 0.9%, which the Monero community considers sufficient to incentivize miners to continue running its proof-of-work protocol[17] (and hence secure the network[18]) but without unduly jeopardizing its store-of-value (ie, the inflation rate is below that seen in the fiat world: 2% if the central banks deliver on their price stability mandates, considerably more when, like the present time, they are failing). It is a disinflationary rather than deflationary model[19].

Does Monero’s tail emissions mean that despite its other drawbacks it is better suited for the purposes I outlined in my earlier research note? Ultimately, it boils down to one thing. Are the increasing concerns about Bitcoin’s security following the withdrawal of the block rewards[20] valid or not? This is a complex and controversial topic[21].

Pushing Up Daisies

The first thing to note is that 2140 may seem a long way off. Indeed, it is a long way off and I will certainly be pushing up daises by then, but as the chart above demonstrates, by the end of the next decade the block reward will have already declined from the current rate of 6.25 Bitcoin to less than one Bitcoin. Therefore, this is not something that can be kicked into the long grass and forgotten about. Due to the logic of backward induction, if a significant number of Bitcoin owners believe the network will never be able to support itself purely on the basis of transaction fees then Bitcoin in its current set-up is doomed to fail and probably in the not-too-distant future. This is because no one wants to own Bitcoin when it does fail because failure means a zero Bitcoin price. The rational thing to do would be to sell Bitcoin in time period (t-1) before failure. But, if that happens, the price goes to zero in (t-1), so the rational thing to do is to sell it in (t-2). Wash and repeat a few times and you can see how the whole thing quickly unravels.

Security Budget

A necessary first step in gauging the vulnerability of Bitcoin to the asymptotic decline in issuance is to have some idea as to what is an appropriate security budget. Once this is established it becomes possible to determine what sort of transaction fees would be implied because unlike many other popular blockchains Bitcoin has a fixed maximum bandwidth.

The Bitcoin blockchain is calibrated to produce blocks on average every 10 minutes[22]. Moreover, the block size wars between 2015-17[23] were won by the so-called small blockers, which restricted the size of each block to 1MB. With the release of Segwit via BIP141, which introduced the related concept of blockweight[24], the Bitcoin block limit has effectively increased to a maximum of 4MB (although around 2MB is more typical).

As a direct consequence of these parameters, the Bitcoin blockchain can process a maximum of seven transactions per second, meaning the network has a upper processing limit of 600,000 transactions per day (7tps*60 seconds*60 minutes *24 hours). At present, Bitcoin processes around 250,000 transactions per day, although it has been near 400,000[25] during previous price spikes when demand for blockspace surged – see chart.

Confirmed Bitcoin Transactions Per Day

Source: Blockchain.com

For processing these transactions and securing the blockchain, Bitcoin miners collectively earn 900 Bitcoins from block rewards every day (6.25 block rewards * 144 blocks per day) - at least until the next halving event. They also earn transaction fees paid by Bitcoin users to incentivize miners to include their transactions in the block in a timely manner. The amount paid in transactions fees is typically dwarfed by block rewards. Currently, transaction fees average around 14 Bitcoins per day or around than 1% of total mining rewards[26] - see chart. The only times it has been substantially higher is during Bitcoin price spikes, when users are strongly motivated to get their transactions processed expeditiously and jack-up fees paid on their transactions to ensure this.

Bitcoin Transaction Fees (% of Miner Revenue)

Source: BuyBCTWW

We know, even after the 70% decline in the USD value of Bitcoin since last November’s ATH, these 914 Bitcoins (equating to roughly $15-20mn) is sufficient reward to incentivise miners. This is because the total hash rate for Bitcoin continues to trend higher (a record high of over 250 EH/s[27]  was recently achieved - see chart). If 914 Bitcoins were insufficient revenue for miners then the Bitcoin hash rate would be declining not rising[28].

Bitcoin Estimated Hash Rate

Source: Blockchain.com

From these two pieces of information, it is possible to calculate combinations of Bitcoin price and transaction fees required to sustain Bitcoin mining revenue at $20mn, thereby maintaining the current level of security, ie, global hash power.

For this exercise let’s assume Bitcoin transactions average 300,000 transactions per day[29]. If Bitcoin’s price is around $22,250 (approximately 30% higher than the price at the time of writing) then mining will break-even without any transaction fees by the time of the next halving event in 2024. However, by 2028 if fees per transaction remain close to zero then Bitcoin’s price will have to rise to more than $44,000 to provide sufficient financial incentive for miners to collectively maintain the 250 EH/s global hash rate[30]. After two further halvings, taking us to 2036 when Bitcoin’s block reward will be 0.4 Bitcoin, to secure the $20mn security budget without any meaningful increase in fees Bitcoin’s price will have to increase to more than $180,000, giving Bitcoin a total market cap just under $4tr – a maximalists wet dream – see table below.

BTC Price-Transaction Fees To Maintain $20M Daily Miner Revenue

Source: Author calculations

Given the price of Bitcoin went from $10 to more than $65,000 between 2011 and 2021 an increase of this magnitude over this timescale is not unprecedented. If, however, Bitcoin’s price does not increase 9X over the next fourteen years then maintaining the current security budget would require fees to rise to between $40-70 (in today’s money[31]) per transaction, which is substantially above the current transaction fee of around $1[32]. Indeed, once the block subsidy eventually ends and the transition to a full fee-paying model occurs transaction fees will have to be at the upper end of that range in perpetuity to sustain Bitcoin’s current hash rate.

Border Crossing

The sort of transaction fees that fall out of the above calculations are not dissimilar to those associated with large denomination bank wires (US banks charge around $25 to $30 fees for such transactions). Cross border transactions tend to be even more expensive. A report published by Oliver Wyman and JP Morgan in 2021[33] noted that global corporates, which account for around $23.5tr in cross border payments annually, spent $120bn on transaction charges to facilitate cross-border payments (excluding foreign exchange costs) in 2020. If such transactions were made using the Bitcoin blockchain then these fees would equate to a daily security budget of $338mn, orders of magnitude greater than Bitcoin’s current $20mn budget.

Bear in mind that these fees are for $23.5tr of cross border payments from corporates. Global figures for cross-border payments are not readily available[34] because of the availability of multilateral cross-border payment systems[35] but, according to a speech given by Victoria Cleland who is an Executive Director for Payments at the BoE, total cross-border payments are expected to be $250tr by 2027. The majority of these transactions are wholesale payments between financial institutions[36], which are typically high value interbank payments.

To give some idea of the numbers involved, in 2019 the UK’s high-value payment system (CHAPS) processed around £34 trillion in cross-border payments, compared to £41 trillion in domestic payments[37]. The CHAPS system settled an average of around 174,000 payments each day with an average payment value of £2.1mn[38]. This data suggests that the UK alone – which accounts for around 20% of global cross-border transactions – makes 87,000 high value cross border payments per day.

As I noted in the original research note[39], fiat cross-border payments are pretty expensive, inefficient and ripe for change. If, as I envisaged, Bitcoin becomes the foundation for a crypto-based alternative to the global fiat money system because of its ability to allow nation-states to make international payments reliably with minimal trust (a feature whose attractiveness rises in tandem with heightened geopolitical tensions) then the level of fees required to ensure the Bitcoin’s current £20mn daily security budget is met seems perfectly do-able. It would, in short, ensure a robust and reliable blockspace market for Bitcoin. This is a future scenario not fully appreciated by those concluding that Bitcoin is inevitably doomed when the block subsidy ends.

Still Pleb-Friendly

The estimated fee levels are certainly steep relative to what is being paid by Bitcoin users today and not at all compatible with Bitcoin as a micropayment network – one of Satoshi’s vision for how Bitcoin could evolve[40]. However, the Bitcoin ecosystem has developed a solution to low-value/high-volume payments and it goes by the name of the Lightning Network. Lightning Network[41], a Layer 2 network that sits on top of the Bitcoin blockchain, allows off-chain Bitcoin transactions that are only periodically settled on-chain enabling low cost transactions. (Recall, fees are only required for on-chain transactions.) Lightning capacity (red line) has been consistently rising since it was rolled out in 2018 and currently stands at 4,931 BTC (or $95mn) – see chart.

Lightning Network Capacity

Source: bitcoinvisuals.com

The Lightning Network has the ability to ensure that even if Bitcoin becomes the new crypto-based international reserve money used by nation-states to conduct cross-border transactions in a trust-minimizing way, it can still be used (and hence valued) by the general populace – we plebs – to conduct smaller value transactions. This is a rather important, but perhaps very subtle, point. For Bitcoin to be useful as collateral in such a system nation-states must be able to rely on it being valued by every other nation-state. Ultimately, nation-states are accountable to their populace, so it Bitcoin is not valued by the general populace the system will not function effectively. Indeed, this is one of the major reasons why gold has historically been used as a reserve asset by nation-states (albeit custodied by central banks) and why the SDR, which is essentially an IMF reserve accounting unit, is also backed by fiat currencies of individual nation-states.

Is $20mn Right?

Obviously, all this rests firmly on the assumption that a daily $20mn security budget is the right number. The question is whether this is true? Is it too high? Too low? This is not a straightforward question to answer.

A blockchain’s security budget is “right” when it is the minimum amount required to reward miners to keep the Bitcoin lights on by running the hashing algorithm and compiling blocks containing Bitcoin transactions at sufficient enough scale to stop a “bad actor” from being able to bring enough hash power under their control to mount a 51% attack.

According to crypto51.app, which estimates the cost of 51% attacks on various blockchains, the cost of attacking the Bitcoin network is $650,000 per hour[42]. This is clearly quite a lot of money (especially as attacks would have to be sustained to prevent “honest” miners from regaining 51% of the hash rate and thwarting the attack), but well within the reach of high net-worth individuals, corporates and certainly nation-states. However, just focusing on the $ amount is misleading.

As the crypto51.app makes clear, its cost estimates are based on renting network hashing power from a service provider, in their case Nicehash. Along with the $ amount the website also provides an estimate of how much hashing power is available to carry out such attacks. For Bitcoin and most other larger coins, the estimate is 0%. In other words, there isn’t enough hash power available to rent to conduct a 51% attack on Bitcoin, making the cost of doing so largely moot.

Physical Constraints

If virtual hash power is not available in sufficient size then the alternative is to purchase the actual hardware. As I indicated above, the Bitcoin hash rate currently stands at 250 EH/s, but what does that actually mean in terms of hardware? The most efficient mining rig currently available is the Antminer S19 XP, with each unit capable of 140 TH/s[43]. To simplify things, let’s assume every Bitcoin miner uses these ASIC rigs, then the total required to match Bitcoin’s current hash rate is 1,785,715 rigs running 24/7[44]. These rigs can currently be purchased in the resale market for $2,000[45], which translates into a total bill of $3.6bn give-or-take to match Bitcoin’s current hash rate. Now, I admit this is an assumption, but I am 99.999% confident that it is correct, there are not going to be 1.8mn mining rigs available to purchase in the secondary market,  so rather like virtual hash power the cost of such an attack is somewhat moot. Moreover, even if there were that many ASIC rigs available for purchase, their price would command a great deal more than $2,000 as the resale supply starts to get absorbed by the “bad actor”, meaning $3.6bn is the absolute lowest cost of a hardware based attack.

Alternatively, a “bad actor” could buy new mining rigs direct from the manufacturers. Here again, we come across supply constraints. According to an article in Forbes last year, Bitmain, which produces this particular Bitcoin mining rig and is one of the largest Bitcoin mining rig manufacturers globally, has a production schedule of 20,000 units per month. At this rate of production it would take approximately eight years worth of production to match the current Bitcoin network hash power[46]. Even if we incorporate other Bitcoin mining rig producers, we are looking in the region of four years – again with a cost running into the billions – to garner enough mining hardware to match Bitcoin’s current global hash power.

Clearly the physical logistics of attacking the Bitcoin network are challenging, especially in a world where chip supply is being increasingly tightly controlled[47]. Indeed, as the following tweet correctly notes, Bitcoin security is really secured by the combination of energy (electricity costs) and, importantly, chip production.

Source: twitter

Where the tweet is wrong though is regards Bitcoin losing to a nation-state.

Nation-State Attacks

As should be clear from the above section, barring some unknown zero-day hack being found[48] (unlikely given Bitcoin’s near 14 year track record but never say never) realistically the only viable actors with the resources available to attack Bitcoin in the medium-to-long-term are nation-states[49].

I have come across various online posts and articles looking at nation-state attacks[50] and for the most part the conclusion is that a nation-state attack against Bitcoin could be successful[51].

Code Law is Law

One of the primary reasons nation-state attacks on Bitcoin are considered likely to be successful is because although they face similar constraints bringing in new hash power to the Bitcoin network as private profit-maximising miners (chip production primarily) they have one big advantage: the law. They could, for instance, compel miners operating within their jurisdiction, or more widely within their sphere of influence, to bring their hash power under government control citing national economic security concerns.

What such analysis does not consider though is the situation whereby one of the users and beneficiaries of Bitcoin is itself a nation-state - the very scenario I am proposing. This considerably changes the dynamics for the simple reason that other nation-states (certainly those I consider likely candidates to embrace Bitcoin for cross-border transactions) also have considerable resources at hand to defend the network, including the ability to source chips/hardware/electricity or compel miners operating in their jurisdiction, to ensure their ability to conduct unbannable cross-border financial transactions.

In such circumstances, Bitcoin security becomes not only a function of cost – as we have seen the cost of an attack is well within the means of most nation-states[52] – but geographic dispersion of hash power. Critically, how the hash power is distributed amongst countries based on their political ideologies and geopolitical goals ie, West vs. The Rest in simplistic terms[53].

Analysis from the University of Cambridge[54] suggests that Chinese mining rebounded sharply after the 2021 ban and on the latest available data accounts for more than 20% of the total. On this basis, it would seem reasonable to conclude that Bitcoin mining is quite geographically dispersed with no single nation likely able to command 51% of more of the global hash power currently securing Bitcoin.

In addition, the nodes in the Bitcoin network[55], which play an important role in securing the network by independently verifying the state of the Bitcoin blockchain and checking to see if a transaction complies with the Bitcoin protocol, also need to be geographically distributed to stop a single attacker being able to censor transactions to be included in the blockchain. Below shows real-time estimates of the geographic distribution of reachable Bitcoin nodes. While it suggests that western countries have considerable share of Bitcoin nodes, more than half (56%) cannot be geographically tagged because they use the TOR network making it difficult to perform IP analysis. Nevertheless, it seems fair to assume that like miners, full nodes are also reasonably widely distributed geographically.

Reachable Bitcoin Nodes

Source: bitnodes.io

Mutually Assured Demand (For Hash)

In the event nation-states decide to adopt Bitcoin and use it in the manner I have described, the incentives for nation-states with competing or contrarian geopolitical goals to attack the network clearly increases. For example, it is hard to imagine the US would be entirely happy with the likes of Russia and/or China circumventing the USD-dominated monetary system which it uses as a key lever to exert soft political/economic power. The question is how would it likely respond?

As noted already, attacking Bitcoin in the short-term seems unfeasible even for the most powerful economy in the world due to the amount and geographic dispersion of the Bitcoin’s hash power. A better approach, that ironically is only possible because Bitcoin miners are largely paid out of block rewards, is if the US, anticipating Bitcoin adoption by an unfriendly nation-state, uses financial derivatives (short-selling Bitcoin it doesn’t own) to push down Bitcoin’s price in the hope that this undermines mining profitability and, over time, hash power to such a degree it discourages adoption by another nation-state.

Machiavellian for sure, but also incredibly risky. Imagine the optics of the US government having to write a cheque (and to Bitcoin maxis worst of all) to cover a massive short Bitcoin futures position in the event the attack failed. It would be the absolutely best PR win for Bitcoin…. in history…. ever. Also, if word ever got out that such an attack were occurring it would make the Gamestop saga[56] of a few years back (or, more recently, Avi Steinberg’s apparent attack on CRV [57]) look like small potatoes.

Another possible attack would be one where the US ramps up domestic Bitcoin mining in an attempt to try to control 51% of the hash power. This could be done either by incentivizing private sector miners and/or by buying up hash power directly (virtual or hardware). Of the two, the former seems to me likelier as it is more politically expedient. That said, it would be difficult to do covertly, especially as nation-states using Bitcoin will be keeping a very close eye on hash power (particularly its geographic dispersion) and are incentivized to increase their own hash power to stop other nation-states achieving a 51% share[58].

Making the attack overt has been suggested as a more plausible strategy. This is premised on the notion that if a nation-state with a greater ability to marshal resources for an attack “signalled” its intentions the rational thing for Bitcoin miners to do would be to stop mining a blockchain doomed to fail, thereby making the actual attack easier. The problem with this argument is that when it involves nation-states against nation-states it is often extremely difficult to determine ex ante which side has the advantage. If this sounds familiar it should, it is analogous to the nuclear arms race, hence my description of it as mutually assured demand for hash. Extending the analogy the end-result would be stalemate (hopefully still a valid end-result from the nuclear arms race), albeit one with a more beneficial outcome because mutually-assured demand for hash would secure the Bitcoin blockchain for all users not just nation-states.

The added advantage of this alternative attack strategy is the downside is extremely limited. At worst, if the attack is successful and they manage to “kill” Bitcoin, the US ends up with a load of useless ASIC “electronic bricks” - a very small price to pay for ensuring that the USD remains front and centre of a fiat global monetary system. Conversely, if it fails – as I would anticipate - and other nation-states embrace Bitcoin in support of cross-border transactions then the US would have a (not inconsiderable) stake in securing the crypto-based alternative monetary system, providing them with the ability to conduct cross-border transactions with other nation-states with minimal trust. Sure, they would not be in prime position, but they would not be left behind financially or technologically, or worse, excluded. This is important because the simple truth is for the global economy to function in anything like its current manner nation-states need to be able to trade goods and services (including Russian natural resources and Chinese manufactured goods) irrespective of their geopolitical differences. Autarky is simply impossible for nation-states if they seek to maintain present living standards, at least not over any reasonable time-frame.

Heavens Above

I appreciate that the idea of nation-states deciding to adopt Bitcoin in the manner described might seem fanciful to many, especially the naysayers who no doubt feel the nice warm cosy feeling of validation during this crypto-winter, but arguably it is already underway.

Consider the following recent statement by Russian President Putin. To wit:

“The technology of digital currencies and blockchains can be used to create a new system of international settlements that will be much more convenient, absolutely safe for its users and, most importantly, will not depend on banks or interference by third countries. I am confident that something like this will certainly be created…”[59]

In addition, Bitcoin as a strategically important asset for nation-states is a hypothesis championed by Jason Lowery, a US National Defense Fellow and former Director of Operations within the US Space Force. As per a recent tweet, it looks like his view has been gaining traction with those higher up in the US political food chain.

Source: twitter

Believe it or not, like it or not, but the stars are aligning with the scenario where nation-states adopt Bitcoin to facilitate trust-minimizing cross-border transactions. Such an outcome would, by creating a robust market for Bitcoin blockspace, facilitate the transition of Bitcoin’s security model from one reliant on block subsidies to one based on transaction fees, thereby removing a potential existential threat to the seminal Proof-of-Work[60] cryptocurrency.

Until next time.

Ryan Shea, crypto economist


[1]    See: https://blog.trakx.io/crypto-reserve-ations/

[2]    See: https://coinmarketcap.com/

[3]    See: https://blog.trakx.io/networktheoryofmoney/

[4]    I excluded stablecoins such as Tether and USDC from the calculations because they are really crypto appendages to the traditional banking system and as such perform a function in crypto that has no direct analogy in fiat.

[5]    See: https://en.wikipedia.org/wiki/Power_law

[6]    The use of Bitcoin as collateral in support of international payments is important, nay critical, because such usage would not undermine monetary sovereignty of nation-states, something they attach a great deal of importance to.

[7]    See: https://makerdao.com/en/

[8]    Bitcoin volatility has declined markedly since the early summer sell-off, which is in marked contrast to fiat currencies where volatility has been rising. In fact, Bitcoin historic volatility is now close to the historic volatility of GBP – so much for the argument that crypto’s price volatility is too high for them to function as money!

[9]    See: https://blog.trakx.io/winter-extended/

[10]  According to media reports, the EU Council signed off on the full legal text of its MiCA legislation and id due to be puiblished early next year ahead of implementation in 2024 – see: https://www.coindesk.com/policy/2022/10/05/eu-seals-text-of-landmark-crypto-law-mica-fund-transfer-rules/

[11]  This includes Trakx, which does not include Monero in its Crypto Traded Indices.

[12]  This lack of public adoption turns out to be quite problematic for reasons I will outline towards the end of this research note.

[13]  Of course, Bitcoin code could be changed so this number is not set in stone. For any change to be effected it would have to be adopted by the Bitcoin community, which is notoriously intransigent when it comes to code changes. That said, changes can an do happen depending upon the prevailing circumstances. At the risk of jumping the gun, at least for those few who bother to read footnotes, even in the scenario where nation-states do not embrace Bitcoin as I described, I still think Bitcoin is not destined to fail for one simple reason. Bitcoiners could adopt Monero’s tail emission model. Sure this would be problematic from a PR perspective as it would mean the 21 million cap would be blown out of the water and that has undoubtedly been a key recruiting narrative for Bitcoin. However, if the only alternative is annihilation then guess what – it will be done and in pretty short order. Fighting block size wars is one thing, an imminent existential threat is quite another and no Bitcoiner I know wants to own 1/21 millionth of nothing.

[14]  See: https://unchainedpodcast.com/can-bitcoin-be-secured-only-by-transaction-fees-two-researchers-sound-off/ , https://unchainedpodcast.com/is-bitcoin-doomed-to-fail-eric-wall-and-justin-bons-face-off-ep-398/ and https://uncommoncore.co/wp-content/uploads/2019/10/A-model-for-Bitcoins-security-and-the-declining-block-subsidy-v1.02.pdf

[15]  See: https://www.coindesk.com/learn/what-is-a-51-attack/

[16]  See: https://twitter.com/monero/status/1534550423843098624

[17]  Monero doesn’t run the SHA-256 hashing algorithm it uses randomx an ASIC-resistant algorithm that is designed to give CPUs the edge (notably AMD Threadrippers) even over GPUs – see: https://github.com/tevador/randomx. It also doesn’t have a maximum block size but has a dynamic block size.

[18]  One potential issue for Monero is that the hash power of its network is orders of magnitude lower than for Bitcoin at 3.42 GH/s – see: https://2miners.com/xmr-network-hashrate . However, because it uses the randomx algorithm it would require the CPU processing power equivalent of over 53,000 PCs to implement a 51% attack, which is a large but potentially achievable target especially if mining software can be delivered via a computer virus aka cryptojacking.

[19]  Bitcoin’s issuance schedule can be considered deflationary because effective circulating supply is lowered whenever anyone loses access to their private keys like this unfortunate chap who claims to have lost 7,500 Bitcoin when he throw away an old hard drive – see: https://www.walesonline.co.uk/news/man-who-binned-bitcoin-worth-24648033

[20]  Block subsidy, block reward and issuance all refer to the same thing and are used interchangeably.

[21]  See: https://danhedl.medium.com/bitcoins-security-is-fine-93391d9b61a8 and https://uncommoncore.co/wp-content/uploads/2019/10/A-model-for-Bitcoins-security-and-the-declining-block-subsidy-v1.02.pdf

[22]  Every two weeks the difficulty of solving the hashing function is adjusted to compensate for changes in the total hash power of miners. The more hash power, the higher the difficulty, and vice versa – see:  https://www.cnbc.com/2022/10/17/bitcoin-mining-difficulty-hit-an-all-time-high-even-with-depressed-prices.html

[23]  See: https://www.amazon.co.uk/Blocksize-War-controls-Bitcoins-protocol/dp/B08YQMC2WM

[24]  See: https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki

[25]  Assuming, of course, there are no further changes to the Bitcoin code in relation to blockweight or blocksize.

[26]  See: https://www.blockchain.com/charts/transaction-fees

[27]  That is 258,000,000,000,000,000,000 h/s - see: https://cointelegraph.com/news/bitcoin-price-plummets-while-miner-hash-rate-soars-to-all-time-highs

[28]  Obviously, this assumes that miners are operating as profit-maximising entities. This may not hold in the future.

[29]  This is slightly higher than the current rate to take into account the depressing effect the crypto-winter has had on trading volumes. It implies an annual number of transactions totalling 100mn (at the maximum processing limit Bitcoin can handle 200mn transactions per year).

[30]  This assumes that the increased efficiency of mining rigs is largely negated by a rising difficulty adjustment.

[31]  NB: To get rid of the impact of inflation all prices are expressed in 2022 equivalents, meaning that if annual inflation is 10% then the transaction fees must also increase 10%. This does not matter as long as electricity prices remain stable in real or inflation-adjusted terms ie, there is no shift in their relative price.

[32]  See: https://www.blockchain.com/explorer/charts/fees-usd-per-transaction

[33]  See: https://www.oliverwyman.com/content/dam/oliver-wyman/v2/publications/2021/nov/unlocking-120-billion-value-in-cross-border-payments.pdf

[34]  Trust me I tried. If any reader has a readily accessible data set I would very much like to hear from you.

[35]  See: https://www.fsb.org/wp-content/uploads/P090420-2.pdf

[36]  See: https://www.fsb.org/wp-content/uploads/P131021-2.pdf

[37]  See: https://www.bankofengland.co.uk/speech/2021/november/victoria-cleland-keynote-presentation-the-cbpc-international-payments-on-the-move

[38]  See: https://www.bankofengland.co.uk/-/media/boe/files/payments/rtgs-chaps-brief-intro.pdf

[39]  See: https://blog.trakx.io/crypto-reserve-ations/

[40]  See: https://blog.trakx.io/bitcoin-the-inside-out-narrative/

[41]  See: https://lightning.network/

[42]  See: https://www.crypto51.app/

[43]  See: https://www.asicminervalue.com/miners/bitmain/antminer-s19-xp-140th

[44]  These rigs pull 3010W, which equates to 72.25kWh per rig per day. Assuming electricity costs around 12 cents per kWh (US average) the running cost is roughly $8.66 per day per machine giving a grand total of $15.5m. If we include the amortization costs of these rigs ($3-5,000 over, say, 1,000 days or just under 3 years) then Bitcoin mining breaks even around $20mn, corroborating from a bottom-up approach that $20mn is sufficient reward to sustain the current hash rate.

[45]  See: https://data.hashrateindex.com/chart/asic-prices-per-model

[46]  See: https://www.forbes.com/sites/colinharper/2021/11/12/bitmain-escalates-bitcoin-mining-arms-race-with-most-powerful-hardware-in-history/?sh=4ec65e1d4b39

[47]  See: https://www.bloomberg.com/news/articles/2022-10-03/us-to-announce-new-limits-on-chip-technology-exports-to-china

[48]  I dismiss the threat from quantum computing breaking the hashing algorithm. In a world where that is possible, privacy would cease to exist and Bitcoin’s security (or lack of) would be the least of anyone’s worries.

[49]  I say over the medium-to-long-term because even with the resources available to nation-states, chip and electricity constraints serves as short-term impediments.

[50]  Including some from the twitter author’s brother, which is presumably which he holds the view he does – see: https://joekelly100.medium.com/on-bitcoins-fee-based-security-model-part-3-bitcoin-vs-the-state-60243a4d4437

[51]  See: https://podcasts.apple.com/us/podcast/motion-nation-state-attack-on-bitcoin-is-an/id1493609456?i=1000480188996

[52]  Bitcoin’s current security budget equates to less than 0.1% of US federal spending – see: https://fiscaldata.treasury.gov/americas-finance-guide/federal-spending/

[53]  UK PM Sunak recently said the “golden era” of UK-China relations was over and that China poses a “systemic challenge to our values and interests”. Sunak may have stopped short of labelling China a threat but the direction of travel in UK political rhetoric regards China is clear – see: https://www.bloomberg.com/news/articles/2022-11-28/uk-s-sunak-rejects-simplistic-cold-war-rhetoric-on-china

[54]  See: https://ccaf.io/cbeci/mining_map

[55] Miners typically run full nodes in order to communicate their blocks to the Bitcoin network (full nodes being different from light nodes in that they have the entire history of the blockchain downloaded) but not vice versa. NB: Running full nodes is much less energy-intensive than mining – see: https://decrypt.co/resources/what-are-the-different-types-of-bitcoin-nodes-how-the-bitcoin-network-is-maintained

[56]  See: https://en.wikipedia.org/wiki/GameStop_short_squeeze

[57]  See: https://decrypt.co/115596/aave-feeling-the-squeeze-even-after-failed-attempt-by-mango-hacker

[58] Of course, nation-states could attempt to set-up their own version of Bitcoin, but it would necessarily have to have very similar features to that of Bitcoin. For this reason, not to mention the others I outlined in the earlier research note, it makes more sense just to use Bitcoin.

[59] Ursa Minor or Little Bear (my assessment as to the Bitcoin outlook).

[60]  That Bitcoin uses the Proof-of-Work protocol, as opposed to increasingly popular alternative such as Proof-of-Stake is absolutely crucial because it means the Bitcoin blockchain is permissionless. Post Merge Ethereum, for example, is totally unsuited for nation-state because it is not permissionless.

Carole Laizet

Senior marketing manager with 15+ years of experience in the Financial Industry (traditional Banking as well as Crypto Assets). Responsible for market research @trakx.io