My friend asked ChatGPT to summarize the paper. This is the result:
"Satoshi Nakamoto (2008) introduced a new economic system that operates without government support or legal enforcement. Instead, trust and security come from cryptography and financial incentives, all within an anonymous, decentralized network. This paper argues that while Nakamoto’s approach to trust is clever, it has significant economic limitations. The main idea is based on three equations:
1. The cost of maintaining honest participation (like mining or staking) must be high.
2. The system needs to be secure against majority attacks (the main weakness of decentralized systems).
Together, these factors mean that the ongoing cost of securing the blockchain is always high compared to the potential rewards for attacking it. This makes it much more expensive than traditional trust systems and, if scaled globally, could cost more than the entire world's GDP. Nakamoto’s system would be more viable if attackers also lost their initial investment, but this would either require the system to collapse or rely on outside legal support. The key difference between Nakamoto's system and traditional trust is that traditional systems can scale more efficiently, spreading the cost of trust over many transactions, while Nakamoto’s system has high ongoing costs."
Well, yes. That is the problem of "proof of work".
POW is based on the idea that it would be computationally infeasible for an attacker to calculate more hashes than the rest of the network combined can calculate. It's horribly inefficient and it's mostly fair to say the inefficiency is the point. They're hoping to make it so horribly inefficient that no attacker could ever pay the cost.
Of course, like you say, for enough money, you absolutely can pay the costs.
There is some interesting game theory at work on both sides. You can imagine you are a super hacker with a magic computer that can instantly crack the blockchain challenges. So you hack it and give yourself all the bitcoin. Now what? Who accept bitcoin from you knowing you could do it again any time?
A successful attack makes what you are stealing worthless. A (not really) paradox that will send philosophy majors into an infinite loop.
Proof-of-Stake solves all this in a much tidier form, although the current algorithms implementing it leave a lot to be desired. Stakeholders can easily "steal" all the money, but they have a game-theory interest in not doing that, because it would render their own stake worthless.
The beauty of the free market. In the Adam Smith sense (" is not from the benevolence of the butcher, the brewer, or the baker, that we expect our dinner, but from their regard to their own interest"). And the Milton Friedman one ("the important thing is to establish a political climate of opinion which will make it politically profitable for the wrong people to do the right thing. ")
Economics, at it's best, is a study all about aligning incentives.
This is the kind of serious, deep-thinking paper that should make all Substack writers proud to be working on and supporting this wonderful platform. Well done Mr. Carter!!
interesting. I look forward to reading the paper more closely. note the first footnote, however: "∗This paper originally circulated in June 2018 in a shorter form."
I've long wondered about the crypto trust model. What does the crypto algorithm do when the percentage of "bad nodes" reaches critical level? What happens when "bad nodes" become the majority?
My gut tells me the only answer for BTC and other serious cryptos is the network is segregated and a portion is identified as more trustworthy. This will allow the crypto network to operate even when the "bad nodes" far outnumber the good nodes.
But once the crypto network is segregated it is no longer truly democratic. This matters because there will be great economic and political interest in owning the trusted portion of the crypto network. Would this be good or bad? I think the better question is what is the point of crypto if the network must be proprietary?
He talks about that in the paper. You could have an on chain network for very large transactions, and an off chain network for everything else. He shows the math necessary for a rogue operator to attack the chain as well.
Also, please educate me on this, because I've never seen, although I haven't done a great deal of research into it, a cost-effectiveness study that published the true costs of creating paper dollars and metal coins, including raw materials, transportation, mining, electricity and labor compared to the cost of exorbitant electricity use to generate crypto? What am I missing here?
So, how is the threat from a digital attack on crypto any riskier or more probable than an attack on the coffers of a nation's central bank or corporation's holdings? Fraud has existed, and will continue to exist, forever.
My friend asked ChatGPT to summarize the paper. This is the result:
"Satoshi Nakamoto (2008) introduced a new economic system that operates without government support or legal enforcement. Instead, trust and security come from cryptography and financial incentives, all within an anonymous, decentralized network. This paper argues that while Nakamoto’s approach to trust is clever, it has significant economic limitations. The main idea is based on three equations:
1. The cost of maintaining honest participation (like mining or staking) must be high.
2. The system needs to be secure against majority attacks (the main weakness of decentralized systems).
Together, these factors mean that the ongoing cost of securing the blockchain is always high compared to the potential rewards for attacking it. This makes it much more expensive than traditional trust systems and, if scaled globally, could cost more than the entire world's GDP. Nakamoto’s system would be more viable if attackers also lost their initial investment, but this would either require the system to collapse or rely on outside legal support. The key difference between Nakamoto's system and traditional trust is that traditional systems can scale more efficiently, spreading the cost of trust over many transactions, while Nakamoto’s system has high ongoing costs."
Well, yes. That is the problem of "proof of work".
POW is based on the idea that it would be computationally infeasible for an attacker to calculate more hashes than the rest of the network combined can calculate. It's horribly inefficient and it's mostly fair to say the inefficiency is the point. They're hoping to make it so horribly inefficient that no attacker could ever pay the cost.
Of course, like you say, for enough money, you absolutely can pay the costs.
There is some interesting game theory at work on both sides. You can imagine you are a super hacker with a magic computer that can instantly crack the blockchain challenges. So you hack it and give yourself all the bitcoin. Now what? Who accept bitcoin from you knowing you could do it again any time?
A successful attack makes what you are stealing worthless. A (not really) paradox that will send philosophy majors into an infinite loop.
Proof-of-Stake solves all this in a much tidier form, although the current algorithms implementing it leave a lot to be desired. Stakeholders can easily "steal" all the money, but they have a game-theory interest in not doing that, because it would render their own stake worthless.
The beauty of the free market. In the Adam Smith sense (" is not from the benevolence of the butcher, the brewer, or the baker, that we expect our dinner, but from their regard to their own interest"). And the Milton Friedman one ("the important thing is to establish a political climate of opinion which will make it politically profitable for the wrong people to do the right thing. ")
Economics, at it's best, is a study all about aligning incentives.
Exactly, he talks about the differences between Bitcoin and Ethereum in the paper and why both do not scale.
This is the kind of serious, deep-thinking paper that should make all Substack writers proud to be working on and supporting this wonderful platform. Well done Mr. Carter!!
Thanks for posting this. Will be good to exercise the GSB portion of my brain on this.
superb piece
interesting. I look forward to reading the paper more closely. note the first footnote, however: "∗This paper originally circulated in June 2018 in a shorter form."
I've long wondered about the crypto trust model. What does the crypto algorithm do when the percentage of "bad nodes" reaches critical level? What happens when "bad nodes" become the majority?
My gut tells me the only answer for BTC and other serious cryptos is the network is segregated and a portion is identified as more trustworthy. This will allow the crypto network to operate even when the "bad nodes" far outnumber the good nodes.
But once the crypto network is segregated it is no longer truly democratic. This matters because there will be great economic and political interest in owning the trusted portion of the crypto network. Would this be good or bad? I think the better question is what is the point of crypto if the network must be proprietary?
He talks about that in the paper. You could have an on chain network for very large transactions, and an off chain network for everything else. He shows the math necessary for a rogue operator to attack the chain as well.
Thanks. Always good to learn something new.
Well done. You ae educating us.
Budish and others are educating us. It's up to us to learn and listen.
Sorry both of those were supposed to be addressed to Jeff but it is the middle of the night here
Also, please educate me on this, because I've never seen, although I haven't done a great deal of research into it, a cost-effectiveness study that published the true costs of creating paper dollars and metal coins, including raw materials, transportation, mining, electricity and labor compared to the cost of exorbitant electricity use to generate crypto? What am I missing here?
So, how is the threat from a digital attack on crypto any riskier or more probable than an attack on the coffers of a nation's central bank or corporation's holdings? Fraud has existed, and will continue to exist, forever.