contrarian notes on software engineering, Open Source hacking, cryptocurrencies etc.

AMT (AMF?) as an elegant solution to ensuring long-term Bitcoin security

Talking about changing consensus rules is the best way to get a lot of hate, but the idea seems promising to me, and I'd like to get some feedback and have more people think about it.

Problem

There's a long-running debate in the Bitcoin community if having low (and eventually none) miner subsidy is a problem in the long term.

Transactions in Bitcoin are considered irreversible because they are “buried behind a PoW (proof of work)”. Finding a block requires burning some amount of energy by the miners, which is easily verifiable. Trying to change the history to revert transactions (steal) would require redoing all that PoW.

But why do miners burn that energy? Because the network pays them to. The payment comes from two sources: block subsidy (new coins printed) and transaction fees.

Every 4 years the subsidy is halved and eventually, it will simply disappear (0 sats), leaving the transaction fees as the only payment for the miners to provide the PoW (making reverting transactions costly).

How irreversible a transaction is can be thought of in terms of a ratio of: “how much money is there to steal by reverting it” divided by “how much would it cost to redo all the PoW to revert it”.

If you are waiting to accept a $100 payment, and it costs $100k to revert the last block in which it was confirmed, you can have high confidence no one is planning to revert the block. At least not for that one payment. If you are accepting a $1B, depending on the circumstances you might want to wait for more than just 1 block to ensure the ratio is more favorable. After enough blocks have been mined, and enough PoW produced, one has to make a judgment and declare the transaction reached transaction finality.

The exact calculation for a single transaction would have to be much more complex because one can't just “redo a PoW for a single transaction”. An attacker has to revert a whole block with ~2k transactions at once but also potentially revert (steal) multiple payments at once. There are a bunch of other considerations, like capital cost, blah blah. So it's all just a very simplified model.

While the details for a single tx are hairy, it's fair and easier to think about the whole thing in aggregates. Every day, week, and year, the network as a whole pays a certain amount of Bitcoin to miners in exchange for burning as much electricity as is economical to prevent anyone from messing with the network. These payments have to cover: electricity, know-how, infrastructure, operation costs, bribes to local politicians, relocation equipment in case of a mining ban, and whatever else.

That amount being paid is often called the security budget. The more valuable Bitcoin becomes the proportionally more security the given security budget buys.

It's hard to say how much security is enough. The more is kind of the better, but it is a subject of the law of diminishing returns.

Right now the subsidy for each block is 6.25BTC, while the fees paid in the random block 762944 I checked were 0.13BTC . As you can see, without the subsidy the security budget would have been about 50 times lower.

The question is – is this going to be enough in the long future? The generally accepted view is that it will. The increase in the Bitcoin value and competition to use the scarce resource of blockchain space should be enough to make sure there's a steady stream of fees to pay miners for making transactions hard to reverse.

However, it's impossible to tell because we can't predict the future. First, even if fee market ensuring fees case is generally true, we could imagine situations in which large-scale economical or political issues could lead to temporary very low demand for blockchain space. Second – with each advancement in scalability, the Bitcoin community is making not having to use L1 block space more viable. So ... unintuitively ... the better we make Bitcoin, the less we potentially have to pay in fees, and the more insecure it becomes, which suggests that something is fishy here.

There have been multiple solutions proposed to address this “uncertainty”, but for the sake of brevity, I'm not going to talk about them. I had to write all of the stuff above, just to get to talk about the solution I like best so far: AMF.

Alternative Minimum Fee

The name (and concept) is based on the Alternative Minimum Tax – a tax solution to a somewhat similar problem the US government faces: citizens being too good at avoiding getting their money stolen taken away to pay for the “necessary” shared spending.

If a soft fork including AMF was introduced to Bitcoin consensus, a transaction would require a certain minimum fee, proportional to the value transferred in it (sum of outputs).

Right off the bat: I don't have a strong opinion on the exact value, but the AMF would be very tiny. Its goal is not to replace normal fees, but only to put a certain floor under the fees being paid, based on the value being transferred.

Let's say the AMF is 0.001%. That means a transaction of 1BTC (100M sats) would have to pay at least 1000sats in total fees. Assuming a tx of 300vB, this corresponds to a minimum fee rate of 3sat/vB. A 100BTC tx would have a 300sat/vB, and that assumes a very, very small tx byte-wise for this amount transferred. Looking at the same block 762944 which transferred around 8000BTC an AMF of this rate would guarantee a minimum of 0.08BTC total fees (vs the 0.13BTC actually paid).

The way I think about it – the Bitcoin community only pays attention to the market of users paying for the scarce block space. However, they ignore another thing that users (should) pay for – the finality times. We used to assume that payments for block space guarantee payments for finality times/security, but if this turns out not to be the case, this new rule aligns the consensus rules with the real-world costs.

Benefits

Economically conservative: What I particularly like about AMF is that it only makes a difference in times when there's not enough block space demand, and thus fees high enough to render it almost irrelevant.

Fair: It puts the cost of assuring network security on the actors who benefit from it most. It might sound like socialist nonsense of taxing the rich, but I honestly believe that an actor sending very high-value payments is exactly the one benefiting from the lower finality times due to higher network security. An AMF guarantees a stead PoW buildup. Yes, as a high-value actor you have to pay extra, but also other high-value actors will have to pay extra and thanks to this everyone's high-value payments will be secured faster. A higher fee makes the transaction very competitive in the existing fee market, so it's not just an extra tax with no benefit.

Palpable: Almost all payment and settlement methods or businesses, in general, would charge users a % of the value transferred. It's a proposition that is easy to understand and accept.

Simple: Technically it seems rather simple. The rules should be (hopefully, I might be missing something) easy to check, both when building/verifying transactions locally or in consensus rules.

Lasting and stable: Unlike some other solutions proposed this change, if effective, actually fixes the problem indefinitely, guaranteeing a certain security budget as a % of volume transferred over the network forever.

Response to some criticism I've already heard

It might discourage coinjoins / optimizing UTXO sets

Yes, but only really high-value ones, and not by a lot.

For smaller UTXO values AMT doesn't matter in relation to normal fee market.

But it does encourage splitting 1000BTC UTXO into sizes proportional to the value actually being transmitted. Not very strongly (% is small), but it does.

IMO, from the perspective of privacy very large UTXOs are not great anyway, and it would be better if they were split into moderately-sized ones, which AMF would encourage.

Compare imaginary UTXO sets: [1BTC, 1BTC , 100BTC] vs 102 times 1BTC. For people owning these 1 BTC UTXOs it is better to blend it with 100 extra similarly-sized UTXOs.

The same principle applies in personal UTXO management. Consolidating all your UTXOs into one large UTXO is good for UTXO set size, but bad for your own privacy.

In other words: for smaller UTXO values normal fee market encourages consolidation, while for larger UTXO values AMT encourages splitting, incentivizing having a more uniform (not too big, but not too small) UTXOs overall, helping overall privacy without blowing up UTXO set too much.

It's unfair

I just don't think it is. See above.

Summary

I have a sense, that there might be a twist to this idea, where a velocity of funds is considered as well.

That's it. Feel free to send me feedback (especially non-trivial criticism). I'm not personally attached to this idea. It's just my current favorite.