Bitcoin: Fee-Based Security Modeling
The ideal state for the Bitcoin network is to reach equilibrium in the free market where blocks are always full, mostly with large transactions. Fees are high in absolute terms, low in percentage-of-value terms.
Over the past decade, the Bitcoin network has been the most secure public blockchain.
This is because it has by far the highest market capitalization and hash rate in the asset class, along with customized hardware required to mine it, meaning that the cost for a potential attacker to try to control 51% of the hash rate for a lengthy period (which would allow for double-spending attacks and other security disruptions) is relatively high.
However, in the decade ahead, Bitcoin will gradually shift from paying miners primarily through Bitcoin block rewards to paying miners primarily through Bitcoin transaction fees. So it has to navigate a gradual change in its security model.
Some Bitcoin bears consider it inevitable that Bitcoin will fail in this transition and encounter security problems. Many Bitcoin bulls consider the risk to be a non-issue.
Like most things in life, in my analysis, I find the transition to be middling in terms of risk potential. It’s something to think about and monitor to see how it develops over time as one of Bitcoin’s final tests on its way to maturity, but not something that has insurmountable economic or technical issues.
This article dives into some of the nuances, where I analyze the topic mainly from an economic point of view rather than a technical point of view.
Bitcoin’s blockchain is a public and immutable ledger of past transactions stored by countless devices worldwide.
Every ten minutes on average, another block is added to the blockchain by a miner that solves a puzzle from the previous block. In doing so, it processes up to a few thousand bitcoin transactions and adds them to the blockchain, encased in that new block. Once several more blocks have been built on top of that block, the transactions in that block become effectively permanent. As of this writing, there are over 670,000 blocks on the Bitcoin blockchain since its genesis in 2009.
The primary reward for the miner who adds the block is a number of newly-generated Bitcoins. That’s the only way that new Bitcoins are created. During the first 210,000 blocks (approximately 4 years), the reward was 50 new Bitcoins per block to the successful miner. During the next 210,000 blocks, the reward was 25 new bitcoins per block. It keeps getting cut in half every 210,000 blocks and is currently 6.25 new bitcoins per block. This process asymptotically approaches a total number of 21 million coins in existence sometime after 2100, although by 2030, the vast majority will have been mined.
The secondary reward is transaction fees. Users can add fees to their transactions to incentivize miners, which during busy times (meaning too many transactions trying to clear vs. the amount of available block space) helps miners prioritize high-importance transactions. If you’re trying to settle a $10 million transaction, for example, you’ll be willing to pay a higher fee than someone trying to settle a $1,000 transaction. This dynamic helps get the most transaction value settled per block in a free market way. The fees are denominated in fractional bitcoins and paid by the sender as part of the transaction.
Here’s an annual history of block rewards and fees for miners, in terms of dollar value, from back in autumn 2020:
The numbers in this chart represent the annual security and processing budget for the store of value and payment settlement network.
As Bitcoin’s price has increased over time, miner revenue has increased, even though the block reward was cut in half every 4 years. In other words, miners receive fewer coins for their efforts but a higher dollar amount worth of coins and a small but growing amount of fees. Fees tend to spike during congested periods, in addition to having a structural growth trend.
Here in 2021, there will be about 330,000 bitcoins rewarded to miners as block rewards. At an average Bitcoin price of $40,000 as an example, the total amount of block rewards to miners would be approximately $13 billion. Fees would be added to that. We won’t know the total security budget until the end of the year, based on average prices and fees. Until then, we can monitor it over time.
Looking back over the past decade, this chart shows the average market capitalization of Bitcoin, the annual security spend, and the percent of market capitalization spent on security:
For the first two months of 2021, the average market capitalization was $740 billion, with an annualized security spend rate of $15.3 billion, representing 2.0% of the market capitalization. This continued the trend of higher absolute security with a smaller percentage of market capitalization spent on security.
Importantly, the market decided how much security there would be, rather than some central authority. As bitcoin followed its algorithm, including difficulty adjustments and supply flow halvings, users purchased or sold bitcoin based on the prices they wanted, and miners allocated capital to mining based on risk/reward assessments. Miners could have mined other blockchains, or they could have done something entirely different with their capital.
This chart shows what the average cost of transaction was since inception of the data, along with the fee portion of that cost:
If I take a snapshot of the full-year 2020, we can dig a little deeper and firm up the numbers of what a given year looked like.
307,439 transactions were settled per day on average:
Since a single transaction can send to multiple addresses, the total number of individual payments was higher, at over half a million.
The average cost per transaction was over $44, which includes fees and block rewards to miners:
With 366 days in the leap year, that gives us a total of well over 100 million transactions and over $5 billion in miner revenue.
The average market capitalization was $203.53 billion:
So, Bitcoin spent about 2.5% of its average market capitalization on security and processing that year.
However, the vast majority of the cost per transaction was in the form of block rewards, which is a form of inflation that doesn’t affect the sender directly, and instead affects the whole network. In terms of fees for the sender, the average transaction took just $2.86 in fees:
The mean transaction size was several thousand dollars, while the median transaction was much smaller.
Special thanks to Nic Carter for the Coin Metrics chart and his previous work on the subject of Bitcoin fees. He gave a talk at MIT in 2019 about this topic that remains relevant today.
Overall, nearly $1 trillion in USD value was settled on the Bitcoin blockchain during the 2020 year. That’s important to note; annual settlement value was much higher than Bitcoin’s average market capitalization, and that’s true for prior years as well.
If Bitcoin were running on a fee-driven model in 2020, with, say, $40 in fees per transaction, the average $8,000-sized transaction would have a relatively low fee (~0.5%). Still, many of the median-or-smaller transactions would no longer make sense. Most folks wouldn’t want more than, say, a 1 — 2% transaction fee, and so transactions under $4,000-$8,000 would be less attractive to do as a matter of normal operation.
Bitcoin, therefore, would be a base settlement layer rather than a frequent payment network. Payment networks can be built on top of it, as some applications are already done via the lightning network and other solutions. This should work well if Bitcoin’s adoption continues to increase in the decade ahead.
Small blockchains are often the victims of 51% attacks. With little hash power, few nodes, and small developer communities, they have limited resources to deal with an attack. A profit-driven entity can invest a manageable sum of money and perform a double-spend attack to steal millions of dollars worth of tokens.
Bitcoin, however, is extremely resistant to 51% attacks, because the amount of dedicated hardware and electricity that an entity must acquire to attempt one is massive.
In the early days, mining rigs believed to belong to Satoshi Nakamoto controlled over half of the bitcoin network, but he had no incentive to undermine his own creation, and as the network proliferated, these rigs became less important and eventually ceased. And in 2014, a mining pool came rather close to the 51% threshold, but seemingly without intent to attack it. As bitcoin has grown larger, there haven’t been any more instances of entities coming near the 51% threshold.
Besides the consensus node network, rational self-interest is basically the backup defense for a 51% attack. Miners invest a ton of capital into their rigs and generally own a lot of coins; if they were to achieve a successful 51% attack on bitcoin and threaten the security of the system, it would likely damage the market capitalization of the network, resulting in a reduction in their income and net worth, even if they were able to steal some coins in the attack. And the resulting pushback from the rest of the ecosystem in the wake of such an attack against them would be immense.
As the network has grown larger and larger, and the Bitcoin network consumes as much electricity as a small country, the cost for coming anywhere close to a 51% attack threshold and holding it persistently is out of the reach of most entities. Only an extremely well-capitalized attack, such as a consortium of state actors, could potentially be incentivized to attempt a credible attack of that magnitude.
For a sophisticated state entity to attempt an attack on Bitcoin in its current form (most likely for reasons other than profit, although they could also short the protocol to recoup costs and potentially make a profit), they’d have to do a bunch of things.
First, they’d have to acquire the majority of dedicated ASIC hardware for Bitcoin mining. These are often in short supply. If they tried to buy up a significant portion of new mining rigs from manufacturers and old mining rigs from the second-hand market, they’d likely be unable to, and the market would notice. As I write this, new mining rigs are sold out months in advance.
If they were to build their own mining rigs in some covert way, down to custom chips via their own foundry (and very few countries have sizable foundries), it would be a long and challenging process and require avoiding information leaks. This would be a multi-billion dollar long-term effort in secret.
If over half of the mining capacity exists within a single country, the government could theoretically confiscate enough mining rigs to reach a 51% attack threshold without buying new rigs.
The only country where this is a possibility is China due to their large hash rate exposure, although it’s only an estimate that China has over half of the hash rate. However, miners often keep their locations relatively secret because finding cheap sources of electricity is a key business advantage over competitors.
In addition, many miners are mobile; they move around to wet seasons where hydroelectric overcapacity exists or to stranded shale energy. And if miners start getting confiscated systemically, the remaining miners would disappear. It would be exceedingly difficult for the Chinese government to locate and simultaneously seize the vast majority of mining that occurs in its jurisdiction. And over time, if mining becomes more diversified across geographies, it would take that unlikely mass-confiscation option off the table entirely.
That’s the hardest part of doing a 51% attack on Bitcoin; getting the dedicated hardware. Folks often calculate the cost of a hypothetical attack based on electricity or per-hour rates, but the sheer amount of hardware that would have to be acquired is immense. This is unlike GPU-based blockchains where a user could conceivably rent cloud GPU time (a use-case of generalized hardware rather than dedicated hardware) to perform an attack.
Second, once they have this in place somehow, either through buying it, building it, or confiscating it, the state actor (s) have to concentrate more electricity than Singapore consumes and channel it at the Bitcoin blockchain through their dedicated ASIC hardware to try to do a constant series of double-spend attacks or other disruptive efforts. With their massive covert investment, they could very well be successful at messing up a few blocks and performing double-spend attacks or similar disruptions.
They could, for example, send an entity some bitcoins in exchange for money and then use their majority hash power to reverse that transaction and keep the Bitcoins. They’d have to sustain this multiple blocks deep for it to have a sizable impact on transactions that were thought to be fully confirmed.
At that point, it would become a battle between nodes and the majority miner, with the possibility of nodes changing to another algorithm or taking other major steps to avoid the ongoing assault. A 51% attack does not undo the full blockchain; it reorganizes a few blocks deep or disrupts the process of ongoing blocks added to the blockchain, which gives time for countermeasures. It would be one of the biggest tests that Bitcoin has ever faced.
The difficulty and cost for this type of attack are why so far it has not occurred for Bitcoin and why only a large state actor, or collection of state actors, who are particularly hostile to bitcoin’s existence and not concerned with the potentially unprofitable nature of the attack, could conceivably attempt it.
The more broadly that Bitcoin spreads, including to a state’s own citizens, the more self-destructive such an effort would be even if successful, which deters this “James Bond villain” secretive level of capital and effort the state would have to go through to attempt it.
However, if it’s going to remain as successful as it has been, Bitcoin does have to grow a sustainable fee market to keep those attacks very expensive.
As Bitcoin’s market capitalization has grown, the absolute amount spent on security has grown as well, but the percentage of the market capitalization spent on security has diminished.
Indeed, that’s what we should expect to occur over time. Paying a huge percentage of the market capitalization in security each year made sense in the beginning when the protocol was small, vulnerable, and highly inflationary, but in the long run, from a large market size and low issuance rate, something more like 0.5% to 1.5% of market capitalization spent on security would probably be appropriate.
And remember, bitcoin’s annual settlement value is a few times larger than its market capitalization. Relatively small fees on transactions can potentially result in a sizable percentage of Bitcoin’s market capitalization.
Ideally, the security spending rate should be large enough in absolute terms to deter most realistic attacks and large enough as a percentage of the market cap or annual settled value to make attacks uneconomic while not so large as to make normal settlement transactions uneconomic due to needlessly high fees.
The challenging thing is that there’s no firm number on what level would be appropriate; it’s all an approximation.
In practice, Bitcoin doesn’t optimize itself for security, but rather security is a natural byproduct of the incentive mechanism for mining, which means there could conceivably be times where security is quite high or relatively low compared to credible threats. Bitcoin’s network is not doing a qualitative or quantitative assessment of the threat landscape and adjusting fees accordingly.
After the next supply halving in 2024, bitcoin’s inflation rate will be less than 1% per year. It will continue dropping every 4 years from there asymptotically toward zero, so to maintain something like a 0.5%-1.5% ongoing security rate as a percentage of market capitalization, it’ll need to develop a sizable and persistent fee market.
This chart shows the amount of fees per year and the percentage of the average market capitalization that the fees made up each year:
For the first two months of 2021, the average market capitalization was $740 billion, with an annualized fee spend rate of $1.85 billion, representing 0.25% of the market capitalization.
If security is paid for primarily through block rewards, then the holders of the coins are the ones primarily paying for it in the form of inflation.
If security is paid for primarily through fees, then the senders of the coins are the ones primarily paying for it, in the form of the miner taking a cut from their transactions.
So, over time, Bitcoin’s security model is programmed to shift primarily from charging the holders to those who transact.
If, in some alternative design, bitcoin eventually reached a point after a certain number of halvings where it had a constant issuance, like, say, 0.5% per year perpetually, then along with fees that senders pay, it would have a situation where both holders and senders continue to pay for a base level of security. But as it was designed, bitcoin shifted over time to put all of the emphasis on sender fees for security, with holders paying virtually nothing.
Whether that’s good or bad is up for debate. On the one hand, it’s sensible to argue that both holders and senders should contribute to security since they both benefit from it.
On the other hand, the hard supply limit has been a main selling point for people to buy system units. It likely increased its adoption rate and attractiveness as a store of value. A shift from a hard cap to low perpetual issuance would be the last resort among the community, so navigating to a fee model will be important for the ongoing success of the protocol.
This table shows the amount of money that would need to be spent on security to achieve a certain percentage of market capitalization for various market capitalizations:
Bitcoin, in its current form, can settle 120+ million transactions per year on the base layer. Let’s call it 100 million as a round number since we’re talking orders of magnitude here. And importantly, a transaction can send Bitcoin to multiple addresses, so you can batch multiple payments into a transaction. So, the number of payments is realistically up to a few hundred million per year.
If Bitcoin reaches a state where the average transaction fee is about $10, it will translate into $1+ billion per year for miners. If we add a zero, and the average transaction fee gets to about $100, it would translate into $10+ billion per year towards miners. For reference, as of the first couple months of 2021, the fee has been up to $20+.
For payments of $10,000 or more, $100 or less in fees translates into 1% or less of the transaction value. So, the base layer would remain attractive for large settlement transactions but would be unattractive for small payments. Bitcoin, in that sense, becomes something like a decentralized and permissionless Fedwire system, relying on secondary layers to improve transaction throughput for smaller users.
We can also compare it to gold as a store of value. If you buy physical bullion, you would expect to pay a 2 — 10% or more markup over the spot price for your transaction, depending on whether you’re buying coins or bars, and sometimes more during supply shortages. And then you have to protect it yourself or pay a vault to store it safely.
If we look at the current financial system, it consists of layers.
There are deep settlement layers like Fedwire at the base, which process relatively low numbers of irreversible seven-figure transactions between banks.
On top of those deep layers, some layers optimize for more frequent and smaller consumer transactions, which are reversible. When you spend with your Visa card, for example, that’s not a final settlement irreversible payment in and of itself; that’s merely a transaction that the bank will later batch into a larger Fedwire payment with another bank.
This is why the “Bitcoin doesn’t scale; it processes only a fraction of what Visa can do” argument is like comparing apples to oranges. Or, more specifically, it’s like comparing a wholesale distributor of apples to a retail apple-selling stand.
The Bitcoin network has a transaction count throughput capacity similar to Fedwire; when and if more and cheaper transactions than that are needed, that’s what secondary layers are for.
The various Bitcoin forks that attempted to increase transaction throughput on the base layer didn’t work out well so far; they split the community, still didn’t achieve throughput anywhere near that of Visa, and sacrificed too much (accessibility and decentralization of node operation).
Not all or even most bitcoin transactions have to settle on the base layer of the protocol. The base layer is ideal for final settlement for large transactions, especially as transaction fees grow as a percentage of the security budget.
Above the base layer are various scaling solutions for higher-frequency transactions, and they can be either trusted or trustless or somewhere in the middle.
For a trusted example, every centralized exchange is basically a scaling mechanism. When you trade Bitcoin or various altcoins on an exchange, those aren’t on-chain transactions. Those are transactions within the internal ledger of that exchange. In other words, many transactions occur back and forth, and some of the value is settled on-chain eventually when entities withdraw or deposit coins. The custodian acts as a way to increase significantly transaction volume since those intra-exchange transactions are settling off-chain with occasional batching into bigger transactions to actually move coins.
For a trustless example, there’s the Lightning network. The Lightning network lets users open multi-signature channels with each other, and from there, they can send fractions of bitcoins back and forth without the cost of an on-chain settlement. If one of them wants to settle at any point, they can close the channel and settle back on the base layer with an on-chain transaction. Therefore, you can fit many transactions, for a nearly free cost, into one fee-driven large settlement. Importantly, you don’t need a channel open with the person you’re trying to transact with. You only need to have a path from node to node to node that eventually links to that person.
The limitation of the Lightning network is liquidity. If you don’t want to open a private channel with someone, you have to send fractional Bitcoins around from node to node to node to reach the target, and that means there has to be a sizable amount of channels between you and the target to make that possible, and there have to be sufficient tools to automate it. Public node operators can place some Bitcoins on their channels and sell access to those channels for a tiny fee, thus earning a small ongoing yield on their Bitcoins.
Lightning Labs and other developers continue to build tools to help apps and users enhance liquidity and usability on the network. The Lightning network itself, like the underlying base layer of Bitcoin, is owned by no one. If it continues to grow larger and larger, liquidity becomes less of a constraint, and usability increases.
And then there are mixed solutions.
Some trusted protocols can use a set of private channels in the Lightning network to provide fiat-to-BTC-to-fiat payment solutions to customers that don’t necessarily even know that they are using the Lightning network, like with the Strike and Bottlepay apps. The total addressable market for that, particularly concerning small domestic and international payments, is enormous.
Micropayments on the internet, such as through Sphinx Chat (which uses the Lightning network), open up all sorts of revenue models for online businesses, as well as anti-spam measures in chat interfaces (via a tiny but nonzero cost to post a message).
Block space in Bitcoin’s blockchain is just information; it doesn’t all have to be used purely for payment transactions. Messages can be and have been included in various transactions within blocks, including by Satoshi Nakamoto in the Genesis block.
A given block on the Bitcoin blockchain, as an immutable distributed public ledger, can be considered virtual real estate, and only 144 blocks are available daily on average. Most uses are for settling Bitcoin payments, but the space within a transaction can be used for other purposes, too, because any information you put there becomes permanent and publicly available.
There’s potentially a use-case for that because you can put something there as a matter of public record, as an arbiter of truth stored on countless devices around the world that can never be changed once it’s buried under more blocks.
Over time, various services have been willing to pay transaction fees to secure messages inside the Bitcoin blockchain. Veriblock, for example, has a service that allows weaker blockchains to “inherit” Bitcoin’s security using the OP Return operator. Veriblock and similar solutions accounted for a double-digit percentage of Bitcoin’s ongoing transactions for a couple years, although in recent years, this practice has tapered off.
Overall, non-transactional messages are no longer a big portion of Bitcoin’s block space usage, but in the future, this could conceivably pop up again if new use cases are identified. Many of the previous use cases have migrated to become Ethereum tokens, trading around in that space instead.
Sign up to start saving Bitcoin
Buy automatically every day, week, or month, starting with as little as $10.
Lyn is an investment strategist at Lyn Alden Investment Strategy. She holds bachelor’s degree in electrical engineering and a master’s degree in engineering management, with a focus on engineering economics and financial modeling. Lyn has been performing investment research for over fifteen years in various public and private capacities.
More from Swan Signal Blog
Thoughts on Bitcoin from the Swan team and friends.