Is Bitcoin Security Doing Fine?
According to Maslow’s hierarchy of needs, security ranks pretty high (low on the pyramid) for humans. Yet, in crypto, we barely ever talk about security, except after a mega hack of yet another Certik-audited DeFi yield farm. Or at least, that’s the perception if you hang out anywhere but with Bitcoiners.
They’ll never shut up about how decentralized, secure, and elegant Bitcoin is as an alternative to our traditional financial system.
But is Bitcoin security really fine?
That’s a question worth asking, considering countless Layer-2s are betting on Bitcoin as the next big thing. In history, we, too, had such a phase of re-birthing the old. It was called the Renaissance and gave us buildings like St Peter’s Basilica, which is still admired today.
Whether Bitcoin L2s will share the faith of the Basilica or have a burn down like the Library of Alexandria also hinges on Bitcoin’s security model. After all, buildings on sand never last - as any avid sandcastle builder can attest to.
Bitcoin is the most secure blockchain
You’ll often hear that statement from people on Crypto Twitter without any further explanation on the topic. It’s assumed to be so because of the number of nodes running the Bitcoin client (decentralized) and the energy behind each new Bitcoin block.
Bitcoin is one of the few remaining Proof-of-Work blockchains. It relies on an algorithm that was initially created to avoid email spam. The logic is simple: if spam requires work, you’ll think twice before spamming.
Transactions are bundled into blocks and then need to be “mined” by miners. To do so, Miners have to guess a nonce (a number used once), which returns a hash with specific properties like ten leading 0s. There is nothing smart about Bitcoin mining; it’s just a guessing game. So the next time someone tells you that miners execute complex computations, they do not.
Let me illustrate. The hashing algorithm is SHA 256. You can simulate the activity online. For example, if I hash “hello” the below is the outcome:
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Changing the input to “Hello” and the outcome is:
185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969
You cannot deduce the initial input from a hash. Reverse engineering is impossible, which means miners will always focus on improving their guessing speed. This process not only means Bitcoin consumes more energy than Switzerland but also prevents malicious actors from messing with the data.
Considering the amount of mining hardware and electricity required to meaningfully attack Bitcoin in its current stage, the statement that Bitcoin is the safest seems true.
For now. Let’s not forget that it’s miners who maintain the security.
Miners are just humans, so they aren’t mining just out of the goodness of their hearts but to earn cold cash, enabling them to cover their needs (in priority of what the Maslow pyramid would suggest).
And this is the biggest kryptonite for Bitcoin security as critics will point out: its security budget.
Currently, miners earn 3.25 BTC for each mined block. This comes after more than ten years of block rewards being halved every four years until, in 2140, all Bitcoin will have been mined.
Even now, if you look at it in relative terms, 93% of Bitcoins have been issued, meaning very little of the overall budget is left.
If Bitcoin was a person sitting at the breakfast table, you might as well ask, “What’s wrong, babe? You have barely touched your security budget today.”
What will happen when no Bitcoin issuance is left to pay miners? Will they contribute out of the goodness of their heart because they’ll have become rich from that last Bitcoin? That’s too optimistic of an assumption on the state of affairs, and Satoshi Nakamoto wasn’t naive enough to go down there.
Fortunately, miners don’t have just one source of income. While block rewards are a big part of their revenue streams, transaction fees are another, especially with the Ordinals, Runes, [enter next Bitcoin token standard] craze.
Paying miners to front-run others is such a common practice in Ethereum that there are companies dedicated to optimizing software that allows validators to squeeze the most out of each block (MEV-Boost).
Fee Model
Eventually, Bitcoin will have to rely on transaction fees. Or it’ll cease.
As Satoshi Nakamoto wrote
“I’m sure that in 20 years, there will either be very large transaction volume or no volume.”
We’re pretty close to that 20-year timeframe but not that close to mass adoption, which would drastically increase transactions.
As you can see in the chart above, people aren’t transacting much on Bitcoin Layer-1, which isn’t surprising considering there’s a large crowd of avid Bitcoin holders. Yet, that poses a challenge for network security in the future.
At the moment, the security of Bitcoin is paid for by holders, as each newly mined Bitcoin inflates their bag. Once the shift to a fee model happens, security is paid through fees. This means fees spent determine security. As of now, fees aren’t high enough to maintain a similar level of security, except for a few times when there’s yet another hyped new token standard launching.
In a transaction-fee-based model, it’s reasonable to assume that people are less willing to interact on an insecure network—at the same time, low fees make the network less secure. What further complicates matters is that Bitcoin blocks aren’t mined in perfect intervals of 10 minutes. Sometimes, a miner might solve a block just seconds after the previous one - which can lead to low-value blocks containing very few transactions.
For miners sensitive to income volatility, this might be reason enough to quit the game altogether.
At the same time, if fees are too high, this hampers adoption. It seems like a catch-22.
“Ideally, the security spending rate should be large enough in absolute terms to deter most realistic attacks, and large enough as a percentage of the marketcap or annual settled value to make attacks uneconomic, while not so large as to make normal settlement transactions uneconomic due to needlessly high fees.” Lynn Alden
Adoption
Ultimately, it all comes down to adoption and how the blockspace will be used. If there was low velocity, one argument is that it’d kick off a self-correcting loop where entities are attracted back into using Bitcoin due to low fees.
Are all entities that rational? 🤷♀️
The good news is that we’re seeing additional products built on Bitcoin, from zk Rollups to protocols that store information in Bitcoin’s block space, such as Ordinals or, recently, Runes. After all, a blockchain is nothing but a store of information. The more demand there is, the better for miners and the better for security.
So, for now, everything is fine.
And, we have 100 years to figure out how Bitcoin can maintain its security amidst declining fees. That’s thousands of crypto market cycles.
100 years ago, the first radio signal was transmitted.
In between, we put the radio on the internet.
And now, we’ve evolved much further than that.
So there’s hope. After all, we can’t let magical internet money die, right?
Bitcoin L2s and rollups contribute to Bitcoin security in the future by increasing demand for its blockspace. With Subsquid, we’re already powering Bitcoin L2s with access to data.
If you’re working on a Bitcoin L2 and want to try our indexing solution head here.