The inflation rate drops off to essentially zero much faster than that. Sure, the last sat will be mined in 100 years or something. But that last sat is irrelevant. Getting below 0.1% inflation will happen in something like 10 years; we're at about 1.5% already.
Anyway, if you really want your 21 million meme we can always do demurrage instead. That can be done in a soft-fork.
...and what you said is precisely what memes are: an idea, behavior, or style that spreads by means of imitation from person to person within a culture and often carries symbolic meaning representing a particular phenomenon or theme.
Absolute scarcity. No compromises.
That's a totally symbolic statement. We don't even have absolute scarcity on any human time frame: the last sat will be mined after we're all dead.
In the context you used "meme", it could be seen as derogatory. Whether that was your intention or not probably doesn't matter. the "meme" usage is not my main point.
My main point is that many people in Bitcoin believe that a change to the supply in any way is heresy worth fighting over. If you can change something as fundamental as the overall supply on the fear of some possible bad outcome for the miners, then the integrity of the project is in question. A contentious fork is in the offering be default on this file.
As for your last point on my apparently symbolic statement. it's a semantic one.
If you can change something as fundamental as the overall supply on the fear of some possible bad outcome for the miners, then the integrity of the project is in question.
Miners are who keep Bitcoin secure. A "bad outcome for miners" is in this case a bad outcome for everyone.
We want mining to be reasonably profitable, and something anyone can usefully do with a minimal amount of capital and expertise. Setting up a new pool should be easy to do with a minimal % of total hashing power; you shouldn't need fancy MEV optimization or cleverness to be profitable.
For example, if OFAC tries to get Bitcoin blocks censored, we're in a much better position if it's easy for people to setup new pools that ignore OFAC. That won't be true if miners have to scramble to extract value from transaction fees in complex ways. It also won't be true if reorg attacks make pools under a certain size unprofitable.
Even the 1.5%/year we're currently paying in inflation is tiny compared to the overall value of Bitcoin. I'd be happy to pay that forever to ensure my savings were safe.
My impression is that miners are hired security guards who get to order the transactions. Nodes are ultimately what secure the network. Though i suspect it's a shared responsibility among many elements.
If the problem you describe is accurate, which I don't believe it is, would not a less harmful solution be to reset the hashing algorithm to a different scheme instead of playing central banker like games with the supply?
Once you open up this door, there's no going back. Before you know it, Bitcoin will have it's own FMOC meetings for adjusting tail emission rates! (I'm being cheeky here, but also not.)
See to me, the scenarios you describe are theoretical and all just smells like using a hammer for situations where a scalpel is required. This top down, oh let's adjust this radioactive lever that should never be touched to address possible scenarios seems premature.
Which is maybe putting words in your mouth. I think you've always said this is probably a potential problem to look out for. Not a problem that needs to be fixed now or in the near future?
My impression is that miners are hired security guards who get to order the transactions. Nodes are ultimately what secure the network.
Nah, you need both. One or the other isn't enough by itself, especially when you're talking about external attackers.
Anyway, if you think changing the 21 million limit is so radioactive, what do you think about demurrage? We can do essentially the exact same thing, economically speaking, with a soft-fork that keeps the 21 million limit.
Doesn't the difficulty adjustment help here? If it's not profitable and miners drop out of the network, the difficulty will decrease until it gets profitable enough such that miners are willing to mine again?
I thought there is a similar equilibrium here as you described with inflation rate and the rate of coin loss?
I am more afraid in too many miners dropping out too fast such that the difficulty adjustment won't happen for a very long time.
I may not totally understand tail emissions. If I choose not to move my coins for 20 years because they are perfectly fine where they are, and I’m passing them down, does that mean my coins could become tail emissions and be stolen from me?
No. Some % of the value of them would be "stolen" in the sense that the currency had been inflated. But the coins themselves wouldn't be stolen.
Equally, in demurrage, you'd have to pay some % of the coin to spend it. With 0.1%/year, that'd be 7.5% if you moved your coins after 75 years. Much lower than inheritance tax!
Isn't the moment when we will see first "destructive halving" - i.e. network difficulty was not able to recover during long four years after given halving - a perfect moment to switch-off halvings completely?
Because things destructive to the Bitcoin - should be eliminated (no matter from where they are)
In other case I'm pretty sure we will have textbook example of "Let Microstrategy Run Antminers" prisoner's dilemma here...
As Bitcoin wouldn't survive many years with huge annual inflation rate (because everyone want to dump such money) - the same is valid for zero (or: almost zero) inflation rate (everyone want to hoard such money). That's why I'm very pesimistic regarding: "it's also possible that fees could just spike"...
The root of problem is that we have no interconnector between two separate worlds, digital Bitcoin and the real one.
I know such mechanism is rather not possible in Bitcoin, but in LTE radio network there is something called "open loop and closed loop", to quickly react and regulate radio power parameters in the air channel.
and the similar idea is to swap:
difficulty adjustment towards constant coin supply (i.e. regulating difficulty to keep a block time preconfigured by developer)
for:
block reward adjustment towards constant security behind the network, in terms of purchasing power (i.e. regulating a block reward to keep difficulty configured let say once per year by developers)
i.e.
setting (i.e. keeping) constant security behind the network, in terms of purchasing power (in cross-sectional prices of gold, Big Mac, recent iPhone, etc) - this is an open loop
algorithmic mechanism with negative feedback loop executes that order from developers by constant (smooth) regulation of block reward - this is an closed loop
This way you could have stable, transactional money, with stable security behind, with stable equilibrium between two groups of opposite interests (miners and stakeholders), and with embedded option to smoothly correct the overall direction the network goes (also in case of emergency situations/unexpected events like disruptive hashing hardware appearance, global economic turmoil etc)
Perfect, but even less probable than swapping halvings for Milton Friedman's k-percent rule :)
The argument for miner revenue death-spiral totally ignores the future appreciation of btc value driven by adoption curve. Probably no need to revisit in 100 years, as hyperbitcoinization will have changed everything.
Probably. Or at least you can learn while you're doing it. I haven't looked at that code for awhile. But I don't recall it being especially tricky or anything.
What are your thoughts on raising up and trusting pseudonymous developers for bitcoin core?
You have warranted respect with your name and face. Could you have done all that you have if you were a nym?
I actually thought carefully whether or not I would get involved in Bitcoin under my real identity; at the time whether or not it was even legal to be involved was a lot less certain. I decided to be public ultimately because I realized that I'm good at things like public speaking, I enjoyed it, and someone needed to take on those kinds of roles.
In general having a mix of public and pseudonymous devs is probably ideal. Each category has advantages and disadvantages. Public devs can interact with the public in a way that's much more difficult if you're trying to hide your identity. Public devs have a lot more to lose if they try to defraud people. But pseudonymous devs are less vulnerable to many kinds of legal attacks. Though as CobraBitcoin found in the UK, that's not always true either: in the UK you can't defend yourself in a lawsuit without doxing yourself.
I'm still being sued by Craig Wright along with a bunch of other devs. So this win directly affects me. Best case is some prosecutor finally does their job and arrests Craig Wright for perjury.
I love listening to your interviews, I wish you'd do more. I see your concern about lack of inflation to be short-sighted and ignores certain incentives. First, there's already a large amount of people, including myself, who would run small farms at a loss to support Bitcoin if it was clear that the hashrate was dropping significantly due to lack of inflation. Second, I can foresee contracts being developed, which people could contribute to voluntarily, which would pool funds which would be distributed to the coinbase address of those who find blocks. Third, businesses who are profitable and depend on Bitcoin/lightning for revenue would absolutely contribute hashpower to the network and consider it an operational expense. Your arguments assume that the previous three points wouldn't exist, or wouldn't be effective, which I'm very dubious of. Thanks for doing this.
Bitcoin has many desirable properties that helps bootstrap it to mass adoption, one of the most important ones is the 21 million limit.
Do you agree or disagree that the 21 million limit can only be removed after mass adoption? Because removing it before will kill a big reason for people to buy it.
The exact number doesn't matter much beyond memes. What matters is how much the value of Bitcoin changes. And that's dwarfed by economic shifts - in the past 5 days the BTC/CAD rate has dropped 2% - in the past month it's risen 5.4%.
A 0.1% inflation rate or something is utterly irrelevant in the face of those economic shifts. Over an entire lifetime - 75 years - 0.1% compounded annually is just 8%. That won't make the slightest difference to anything other than Twitter memes.
I'm pretty sure I have a different take on that than most devs... I got called a "Bitcoin Core developer" not for writing a bunch of code - I hate C++ and try to avoid writing it whenever possible. But because I was active in peer review of ideas.
I also incorrectly got credit for being a "Bitcoin Core developer" for being involved in a lot of public discussions, etc. which are ultimately political in nature. And that's exactly why I decided to quit my "day job" and get into Bitcoin: I realized that Bitcoin would be inherently political because as a consensus system with limits, there would inevitably be political fights over the parameters of the system. In particular, blocksize, a debate I got involved with very early on. I personally like getting involved in politics and really like talking to people about tech, including less-technical people.
And of course, the people involved in Bitcoin Core are definitely a "best thing" about it. You get to hang out with very smart people doing very interesting software for very good reasons.
Now, as for worst things... Maybe the top of the list for me is having to write C++. :D It's a very complex, not memory safe language. Writing security critical code in it suchs. I much prefer writing Rust code, and that definitely has kept me away from contributing actual code to Bitcoin Core in a big way.
I think I might even rate that higher than getting sued by Craig Wright... We've been lucky to have a well-funded legal team. So that honestly hasn't been such a bad process.
I want to get into Rust. What would you recommend to someone like me? My goto choice to learn a new programming language is to get something done with it.
But I don't know what would be the best project for learning rust? Something low level like sockets/networking? Or something totally different?
Bootstrapping a new proof-of-work currency, after the biggest one has failed, may simply be impossible. Small PoW currencies are very susceptible to 51% attacks. So if Bitcoin ever fails we may find that the bad actors of the world use force to prevent a replacement from ever having a chance.
We've probably got one shot at creating a decentralized currency for the world.
We've probably got one shot at creating a decentralized currency for the world.
What about a consensus protocol that requires both 51% of mining hardware as well as 51% of stake to attack the network and doesn’t rely on validators?
I am almost dumbfounded to hear a dev say something like this haha. The biggest selling point for people is 21 million. That's the ENTIRE idea haha. Tail emissions.... WTF?
In general, clever tech details are probably the things that surprised me the most.
A really ridiculous example is that the whitepaper - and v0.1.0! - got the basic consensus algorithm fundamentally wrong. Satoshi originally thought chain selection should pick the chain with the most blocks. But that's completely busted, as that chain doesn't necessarily have the most work. So Satoshi had to actually change that to the current most work rule, after v0.1.0 was released!
To this day this mistake still causes problems when academics read the whitepaper and don't realize that it's incorrect.
Not meaningfully. What's important with blocksize is that we have a social consensus that prioritizes innovation rather than blindly increasing it.
But the exact value isn't very important, and reducing it isn't likely to change much. In fact, I suspect we're seeing exactly that right now: Bitcoin probably has very few use-cases where people are willing to wait long amounts of time for a confirmation. So rather than develop big backlogs of mempool demand, people have just changed how they use Bitcoin to the point where there's rarely a backlog. Reducing the blocksize even further wouldn't increase fees significantly.
Better to pay for security by taxing a small % of all wealth, so we're all contributing equally.
Easy: it'll require a highly disruptive hard fork that could easily be more harmful than the problem.
Fortunately, we can achieve that exact same goal with a demurrage soft-fork. Basically, you'd create a pool of funds that all miners pay into in their coinbase transactions, with miners also allowed to withdraw from this pool slowly over time. You'd make the contribution per block be the sum of each txin * blocks in existence * some tax rate, eg 0.1% per year worth of blocks. Just like the inflationary subsidy, that'll result in miners always having an incentive to mine and build on top of other blocks. It's a bit more technically complex, and the accounting isn't as nice. But economically it's the exact same thing, and it just needs a soft fork. It's also compatible with existing wallets, as it just shows up as fees being higher.
Your tail emission and demurrage proposals is an example of why bitcoin could never be written by just a programmer. Bitcoin solves an economic problem that has existed since the beginning of money; It brings into existence something that cannot be confiscated, counterfeited or inflated. What you propose are solutions to a problem that we don't even know will exist. To impose such a new 'legislation' is to change the terms of the contract, and it quickly transforms your proposed system into something other than bitcoin.
Tail emission solves two problems that are not proven to be problems; one that bitcoin can be lost, and two that there will not be sufficient incentive to mine with only fees.
Granted bitcoin can be lost, but this is a feature not a problem. Everyone that buys bitcoin signs up under this assumption and for once (unlike out present system of elastic and inflationary currency) everyone that holds bitcoin benefits directly from the mistakes of others no matter how much political influence they hold.
To keep mining the reward high with a wealth tax, or demurrage as you call it, is to ignore the purpose of bitcoin in the first place: to be an immutable store of wealth. With a demurrage, your wallet becomes a negative interest rate bearing account, and under hyperbitcoinization the function of unit of account will stabilize deflation and turn mining into an effective license to steal.
I haven't seen you make a full throated argument, or a demonstrable model, proving that your stated problems are unsolvable by simple market forces without changes to Bitcoin's algorithm. You presume everyone agree these problems exist and require your proposed solutions.
Thank you for having a discussion like this here @petertodd. You have a lot of experience and contextual insight you bring.
I think that most people would agree that the bitcoin protocol needs to, ad infinitum, provide incentive to contribute work to the network.
As a first step towards that, one way to ensure that there is always a non-zero block reward, while retaining the property of finite total supply, would be to:
keep the same subsidy reduction schedule (halving every 4 years) and "simply" increase the numerical precision with which the protocol tracks sats.1
Are there particular economic reasons why you would consider the above not a viable path, or at least a natural step in the right direction?
This continuation of the subsidy halving schedule seems more "natural" in that it does not arbitrarily pick some target inflation tax or demurrage tax and add it to the protocol. Rather, it simply continues the existing inflation tax which is passively and pro-rata paid by all utxos.
Ultimately I suppose one way we could look at the block subsidy, not just tail emmission, but any subsidy at all, is that it is a technically "simple" way for all utxos to passively, and pro-rata pay for block creation.
Yet, when we transition to a post-subsidy (and hope there is a robust fee market by then!), it also means it is also a transition to only some utxos actively paying for block creation (via fees). So we have a freerider problem. And it is ironic, because the freeriders in the post-subsidy scenario are the hodlers, yet the hodlers are a large part of why bitcoin works at all!
Footnotes
let us set technical details aside for a moment as to whether such a thing is even possible via a soft fork ↩
My 16-year-old daughter fell down the bitcoin rabbit hole and is completely obsessed. She’s a smart kid and enjoys computer science, economics and physics. I am non-technical, not sure how to advise her on future education. Help a dumb guy out
Studying comp-sci and physics are definitely worth it; economics is a much fuzzier discipline. It's common enough for universities to offer dual comp-sci/physics programs; I'd suggest she do exactly that.
It's really worth it to build a good base of math/comp-sci/physics understanding. Pretty much everything links back to it. I personally did part of a physics degree before dropping out to do Bitcoin full time, and I definitely think all that math was worthwhile.
Honestly nothing really comes to mind. Outside of Bitcoin I've done quite a lot of dangerous - and dangerous-looking - sports like caving, climbing, etc. Being alone on a cliff, 800m above the ground, climbing a via feratta in Switzerland last summer was humbling in a very visceral way that far exceeds anything Bitcoin related. That was actually perfectly safe, as climbing gear works really well and intellectually I certainly knew that. But it sure as heck felt humbling...
The former isn't really sci-fi... the latter is. Though I actually prefer the TV series to the books - the authors really did improve their story the second time around.
I've seen a lot o talk about bitcoin devs facing legal threats relating to their work on bitcoin and deciding to go anon or just outright quit.
Besides faketoshi related stuff, have you face any such threats?
Can OpenTimestamps be paired with geographic tracking or maps? (I briefly skimmed the info at the OpenTimestamps link above but did read everything so please excuse if I missed the answer to my question. OpenTimestamps looks amazing!)
Basically no. Proving things about geographical location in a decentralized way is incredibly challenging, probably impossible. Even with centralized services the best you can do without trusted hardware is really rough location via speed-of-light/ping times from centralized servers at known locations.
Can you help me understand?
When miners are no longer receiving enough block rewards to cover their costs they will need to depend on transaction fees. But transactions fees are set by the senders. So if the senders aren't setting the transaction fees high enough, miners will just turn off their machines. Is that correct?
Yes. That itself is a big disruption to mining protocols: none of the existing pool schemes take transaction fees into account in how they value a share.
What will need to happen is pools need to tell miners what the reward per share is on a moment to moment basis, based on transaction fees, so they can turn on and off miners. Which of course is a real mess...
Many more issues beyond that too, like how it can make sense to reorge blocks to get more fees if you are a big miner. We do not want that to become common as it'll ruin the profitability of anyone but large, centralized, pools.
Wouldn't whales wanting to protect their wealth mine at a loss, or form some kind of manipulative coalition sending coin to themselves & raising the fee for everyone else?
Counter argument I have heard before is: why would miners be more incentivized by a tiny security fee? The fee is "so small it won't significantly increase the supply", but then how would it increase the incentive to mine if it's so small that it doesn't really make a big difference.
Because even just 0.1%/year of $1 trillion is still $1 billion, or $20k/block. That's a lot more than you could easily raise by donations. And if it's consistent (which tx fees are not), it's probably enough incentive to keep mining moving forwards consistently.
...and that's a key point: sufficent tail emission or demurrage can fix the reorg problem where big miners frequently have incentives to play games reorganizing blocks. Fees alone simply can't do that all the time, as they'll inevitably be inconsistent.
Many people that has been in Bitcoin for very long end up with Bitcoin derangement syndrome, meaning they think the protocol or community has "changed" beyond the original mission and go altcoining or quitting.
How have you handled the change in Bitcoin culture and still manage to stick around even attending every conference out there?
The spirit of that post - the culture leading to it - was to create a decentralized currency that anyone could participate in fully. Our #1 goal is still to do exactly that.
Well... When I was 15 I was trying to invent Bitcoin, and wound up talking to Hal Finney and Adam Back on the Bluesky forum about everyones' efforts to try to invent Bitcoin. And I got there because I got interested in the Freenet Project - a DHT scheme for censorship resistant data publication. I realized pretty quickly that freedom of speech wasn't very useful without freedom of exchange: every political movement needs money to function.
So when I heard about Bitcoin in 2009 or so, I knew I had to get involved. Though it took a few more years after that because I was simultaneously working at a geophysics startup doing analog electronics design, and trying to finish a physics degree... I didn't have a lot of free time.
Imagine a bitcoin whale with too many coins to spend. What would be the best way to support or invest in the ecosystem to increase the chance of Bitcoin succeeding at this point?
The problem is to donate effectively, you need to understand what you're donating too or people will rip you off. Chaincode is a wonderful example of donations done right by technically competent people: the guys who founded Chaincode are themselves good Bitcoin Core devs and because of that have good insights into where their money should be spent.
I don't use hardware wallets. I suspect over a clean laptop they add supply chain risk unless you use them with multisig. But that tradeoff will be different for different people: eg I know how to install Linux and use it.
Given that continuing the miner subsidy is a hard fork proposal, can a hard fork of Bitcoin, ever be Bitcoin? It hasn't worked for Bitcoin cash or Bitcoin Satoshi's Vision or any number of hard forks of Bitcoin, so why would this time be different?
...and it has worked for the endless hard forks in ETH, XMR, ZEC, etc.
It also has to work for Bitcoin at some point: we need a hard fork to fix the Year 2106 problem. Though that hard fork will be particularly easy, as the old Bitcoin will simply stop mining blocks and cease to function when the 32-bit time field overflows.
Hard forking is a social problem. A hard one. But almost certainly not impossible.
No I think you misunderstood the question. You mention ETH, XMR, ZEC, but none of those are Bitcoin. I asked if a hard fork could ever be Bitcoin.
I suppose I could interpret your answer to mean that we're talking about intentionally creating an altcoin, but it wouldn't get to take the Bitcoin name with it.
As for the 2106 problem, that sounds like maybe you're saying "A hard fork works if all previous version of core that the new version would be incompatible with, are inoperable and broken", but this second interpretation of your answer would hard fork with the first interpretation.
You mention ETH, XMR, ZEC, but none of those are Bitcoin.
But they are cryptocurrencies that have hard forked repeatedly. Not a situation identical to Bitcoin. But they show it's possible technically. So it's plausible Bitcoin could create a social consensus for a hard fork. Difficult. But plausible.
The 2106 problem is precisely the type of case where creating that social consensus should be easy: the alternative to a hard fork to fix it is Bitcoin stops working entirely.
I don't know how too much about XMR and ZEC in regards to their improvement process, but I do know the reason ETH gets away with it is because ETH doesn't have social consensus at all. Vitalik implemented the difficulty bomb from the very beginning and anyone against Vitalik had to hard fork (Ethereum Classic). So I don't think that one was a very good example.
From the examples of hard forking altcoins, what is in their social consensus that you foresee Bitcoin adopting, or otherwise what unique version of hard forking social consensus do you foresee Bitcoin using?
XMR simply has a clear social consensus that they do hard forks frequently.
Look, obviously exactly how we might reach that point with Bitcoin is unclear until it happens. But the fact is it's technically possible. Just need the right situation to do it.
Definitely. Most people who learn about Bitcoin seem to hear about it, and think "That'll never work."
I meanwhile had been trying to invent Bitcoin since I was a teenager. So my first response was "Dammit! I should have thought of that!". Pretty much immediately I thought it was a great idea that would work. It was only after thinking about it more that I realized it had serious technical problems, like the need for the blocksize limit, instant payments, etc. And of course, I devoted a lot of time to trying to help fix those issues. And we have done a great job fixing them, esp with the Lightning network. But there are still more issues out there, like replacing the miner subsidy. And of course wider political things like attempts to ban PoW.
So overall, my belief in the future success of Bitcoin has shifted up and down multiple times. And probably will continue to do so.
Hard to estimate. But I think failing to consistently reward miners somehow - be it with tail emission, demurrage, or something else entirely - probably would increase the overall risk of Bitcoin failing by something like 25%. Moving to tx fees dominating is a huge state change that no other PoW currency has undergone.
ETH is actually kinda close with how MEV games are dominating block creation... and that's one of the reasons why the supermajority of ETH blocks are now OFAC compliant. It's too hard to profitably get involved in ETH block generation without a lot of highly specialized expertise, controlled by relatively few companies, mostly with US ties. Not good.
Do you think there is a chance SHA-2 could have an NSA backdoor like SHA-1 and if it did would that pose a threat to the chain or would there just be a consensus to upgrade?
SHA-1 doesn't have an NSA backdoor. It's just insecure.
There's a good chance SHA-256 remains secure for the rest of our lives. We have gotten better at cryptography, and SHA-256 has lasted much longer than SHA-1 did.
Not going to happen. The only type of grid stabilization that miners can provide is when electricity prices go negative. While that does happen, it's very rare and the total amount of energy involved in those situations is small. Installing miners just for those rare cases will never be profitable due to much higher capital costs than other ways of absorbing excess energy (eg dumping it into load resistors).
Also, the instances where overproduction happens are likely to be fixed in the future with better supply-side regulation of renewable power.
Footnotes