Friday, September 29, 2017

The Bitcoin apocalypse is coming in mid-November to a block chain near you

[UPDATE: This post was originally said that the SegWit2X fork will happen on November 1.  In fact it is scheduled to occur on block 494,764 .  It is impossible to predict exactly when this will happen, but at current hash rates it will probably be some time in mid-to-late November.  The post has been edited to reflect this.]

Back in 2004 someone launched a web site called dedicated entirely to predicting the imminent demise of what is now the world's second biggest company by market capitalization.  Needless to say, that site is no longer around (though the URL is still in use by a Japanese site) but you can go back and revel in the schadenfreude of one of the worst predictions ever made courtesy of the Internet Archive.

I mention this because I want you to know, dear reader, that I am fully cognizant of the perils of making bearish predictions about new technology.  But, to quote another well-worn and wholly unreliable aphorism, this time it's different.  It really is.

Some time in mid-November, barring some truly miraculous reconciliation, a group of Bitcoin companies are going to launch a new version of the Bitcoin protocol that will split the block chain into two parts.  This has been a topic of much debate and hand-wringing within the Bitcoin community for the last several months, but has been largely ignored by the rest of the tech world because this is not the first time this has happened.  The bitcoin chain has been hard-forked at least five times, most recently last August when Bitcoin Cash (BCC) launched, an event that was preceded by a great deal of wailing and gnashing of teeth.  Like FuckedGoogle (and, I might add at this point, the apocalyptic prognostications prior to December 31, 1999) the naysayers were proven resoundingly wrong.  Since BCC launched, the value of both chains has risen dramatically, at least when measured in US dollars.

But, as they say, this time it's different.

The new split, scheduled to take place in mid-November, is called SegWit2X.  The SegWit part, which stands for Segregated Witness, refers to a new way of specifying transactions within a Bitcoin block to allow more transactions to fit within a single block, thus increasing the capacity of the network.  SegWit is already up and running, having launched on August 24.  The launch was so smooth that no one outside the Bitcoin community even noticed.

But the 2X part will almost certainly not be so smooth.  To understand why requires getting a bit into the weeds of both the technology and the politics of Bitcoin.  But the TL;DR is that the 2X fork is going to launch with an intentionally omitted feature that all previous forks have had, called replay protection.  Without replay protection, the blockchain will not divide itself cleanly into two chains the way all previous hard-forks have.  Instead, it will be a fight to the death between the 2X chain and the original chain, from which only one victor can emerge.  So there are three possibilities: either 2X will win, or the original blockchain will win, or Bitcoin will descend into chaos from which it will likely not recover.  The chances of the third outcome are high enough that if you own Bitcoin in any significant amounts it would behoove you to take it very seriously.

So I'm now going to try to explain some of the details, but I want to preface this with some very strong disclaimers.  First, I am not an expert in Bitcoin.  I have a pretty good grasp on the underlying technology, but there's a lot more to Bitcoin than just technology.  Bitcoin is a new way of conducting human affairs, fundamentally different in deep and interesting ways from anything that humanity has ever tried before.  As such, it involves politics and psychology as much as it does technology.  I am an interested observer of Bitcoin, and I'm rooting for it to succeed (because I think the world will be a better place if it does) but I am not an active participant.  I don't own any Bitcoin.  I am not invested in any Bitcoin companies.  This is partly out of general laziness and risk aversion, but partly because I believe that the Bitcoin experiment has some fundamental structural flaws, and the present situation is one of them.  I wanted to be up-front about all that because some of what I am about to say is necessarily biased, and I believe that the best countermeasure to bias is full disclosure.  Some of what I am about to say is fact and some is my opinion, and I myself am not quite sure where the boundary is.  To wit:

One of the reasons that the SegWit2X issue is both seemingly intractable and difficult to explain is that it is rooted in a fundamental difference of opinion about what Bitcoin is, or at least what it should be.  On one side are those who believe that Bitcoin is (or should be) money, currency, a medium of exchange, a competitor to the U.S. dollar and the Euro.  On the other side are those who believe that it is a commodity, a store of value, more similar to gold (or oil or pork bellies) than to shekels.

The reason this is not just an academic debate is that the design requirements on currencies and commodities are different.  Currencies provide liquidity and short-term price stability.  The reason people agree to accept salaries of more-or-less fixed amounts paid in U.S. dollars is because they have confidence that in the time that passes between when they agree to work for $X and when they go to spend that money it will be reliably and conveniently exchangeable for a particular number of gallons of milk or gasoline, and that the exchange rate between dollars and milk won't change very much, at least in the short term (weeks to months).  Commodities, on the other hand, have some intrinsic value against with the value of currencies are measured.  A gallon of milk has value not only because you can sell it for money, but also because you can drink it or make cheese out of it.  In general, the value of commodities is closely tied to their intrinsic value coupled to the law of supply and demand, but there are some exceptions.  Gold, for example, is priced far above its intrinsic value.  There are vast stores of gold in the world sitting in vaults for which people are willing to pay very good money despite -- indeed because of -- the absolute certainty that nothing useful will ever be done with it.

Why are people willing to overpay so much for gold?  It's because gold is reliably scarce.  The world's supply of gold is limited by physics, and so the price of gold can be relied on not to drop in response to a suddenly overabundant supply.  Because of this, gold serves as a reliable hedge against currency inflation, and that provides value over and above the fact that you can use gold to make jewelry and microchips.  The vast majority of the value of gold can be ascribed to the fact that its supply is limited and (mostly) not subject to the vagaries of government fiat or the weather.  There are other commodities with this property (platinum, silver, land).  Gold is not special in this regard.  It just happens to be the thing that is used for this purpose more than the alternatives because of history and social fashion.

One of Bitcoin's central value propositions is that it is reliably scarce just like gold is.  The total number of Bitcoins is capped at 21 million, an arbitrary number that Satoshi Nakamoto pulled out of his hat.  This limit is enforced not by physics, but by mathematics.  The Bitcoin algorithm has this number hard-coded into it, and that is what is supposed to guarantee that the supply is limited, or at least not subject to the whims of a small cabal.

As a competitor to gold, then, Bitcoin has a number of attractive features.  The problem with gold as a store of value is that it's actually physical stuff.  It's heavy, so it's difficult to move around, and it can be stolen.  Bitcoin is "pure scarcity", almost completely divorced from the physical world.  The control of a Bitcoin wallet boils down to the knowledge of a few hundred bits of data, the secret key, which you can write down on a piece of paper and put in your pocket (or, more commonly, store in a specialized electronic device, which also fits in your pocket).  You don't need an armored truck to move Bitcoins, all you need is an internet connection.  As a value proposition, Bitcoin-as-commodity is quite compelling, and it is the reason that the Bitcoin market cap is approaching 100 billion dollars.

But there is another school of thought, which is that Bitcoin is (or should be) a currency rather than a commodity, primarily a medium of exchange rather than a store of value.  These are the folks who want you to be able to buy a cup of coffee at Starbucks with Bitcoins.

The technical demands on a currency are very different from those of a commodity.  Currencies have to be a lot more efficient than commodities.  This is the reason that civilization switched from barter to currency in the first place: settling transactions is a lot faster and cheaper with a currency.  Small retail transactions in particular have to be very fast and efficient in order to be competitive.  You don't want to have to pay a $10 transaction fee on a $5 purchase, and you don't want to have to wait hours for transactions to settle.

Unfortunately the design of Bitcoin has some limitations that mitigate its usefulness as a currency.  In particular, the rate at which transactions can be processed is limited.  A new block can be mined only about every ten minutes or so, and the size of the block is also limited.  Thus Bitcoin has a hard limit not only on its supply, but also on the rate at which transactions can be processed.  And that limit is currently much, much too low for Bitcoin to be a practical alternative to fiat currency.

This problem has been recognized by the Bitcoin community for a very long time.  The problem is that making any changes to Bitcoin is really, really hard, and this too is by design.  At root, Bitcoin is a process for achieving distributed consensus, in particular, a consensus about who owns what.  But before you can use this process you have to achieve consensus about the process itself.  And you can't use the blockchain to achieve that consensus.  The whole thing can only be bootstrapped by the messy process of politics and human interaction.  That is one of the reasons that it is remarkable that Bitcoin has gotten as far as it has.

Note that it is not actually necessary for everyone to agree in order to make progress.  The myriad alt-coins out there are a result of groups of people disagreeing with some aspect of Bitcoin's design and launching alternatives.  All of this is the free market operating as it should.  It works because the lines between Bitcoin and alt-coins are clear.  There is a Bitcoin blockchain and there is an Ethereum blockchain and there is a Litecoin blockchain, each with its own community of miners, and they don't interfere with each other.  And the reason that they don't interfere with each other is that they are designed in such a way that a transaction on one chain is only valid on that chain and cannot be replayed into any other chain.  That is what "replay protection" does: it cleanly separates one chain from another by formatting all transactions in such a way that they are only valid on one chain or the other.

All that is going to change in November.

The seeds of the impending crisis were planted last August when some members of the Bitcoin community endorsed a plan called the New York Agreement (NYA) for increasing the capacity of the Bitcoin blockchain.  The NYA was a two-step plan.  The first step was to rearrange how data inside a block was represented so that more transactions could fit in a block (this is the "segregated witness" or SegWit scheme mentioned earlier).  The second step was to double the size of a block.  That is the 2X part of SegWit2X.

All this sounds perfectly reasonable and innocuous, and the first step -- adopting SegWit -- went off without a hitch in August.  One of the reasons it went off without a hitch is that SegWit is a backwards-compatible change so it didn't require updates to Bitcoin wallets.  Retail Bitcoin users were therefore mostly unaware that this change was even happening.

But 2X is different.  It is not a backwards-compatible change.  A block that is too large is invalid under the current rules, and so current code will reject such blocks.  In order to maintain consensus after the adoption of 2X, everyone has to update their code, otherwise consensus will diverge.  There will be one chain that includes 2X blocks, and another chain with doesn't, and no obvious way to tell which is the One True Chain.

In the past month or two there have been frantic attempts by prominent members of the Bitcoin community to convince 2X advocates to add replay protection, thus making a clean break between the 2X chain and the original chain, the same way that the Bitcoin Cash fork did.  The 2X advocates have refused, citing the NYA, and secure (at least apparently) in their belief that enough people will update their code that there will be no doubt that 2X is the One True Chain.  The anti-2Xers (or, if you prefer, the pro-replay-protectioners) counter that if the 2Xers are wrong it could completely destroy faith in Bitcoin.  It's a game of chicken with literally billions of dollars on the line.

The irony here is that everyone agrees that the capacity of the Blockchain needs to be increased.  The disagreement is over when and how.  The 2Xers argue that Bitcoin is already straining under the current demand, something needs to be done sooner rather than later, and reneging on the NYA would be a betrayal that would cause more problems than it solves.  The anti-2Xers argue that the NYA should not be binding because it was negotiated behind closed doors, and that a change of this magnitude needs to be more carefully considered before it is adopted.

The elephant in the room is what many see as Bitcoin's core value proposition, the supply limit of 21 million coins.  This limit is often advertised as being inviolable because it is mathematically enforced, but that is only true as long as everyone is running the code that enforces that limit.  The 21-million coin limit is enforced by exactly the same mechanism that currently enforces the block size limit.  If the one can change, so can the other.  So far that argument has not seemed to dissuade the 2X advocates from proceeding.

As I said, I don't have a dog in this fight so I don't have a personal preference which side wins.  I do hope that one side or the other wins because the only other alternative is chaos, and probably the end of the whole Bitcoin experiment.  I think that would be a tragedy.

All this is going to play out one way or another some time in mid-November.  Just thought you'd like to know.


Marc Bevand said...

Your main claim, that Segwit2x has no replay protection, is false. RP was added 3 days ago:

Ron OHara said...

That 21 million limit was not a number that Satoshi pulled out of a hat. It flows from a technical limit as a result of the size (width) of one of the fields in a data structure.

From the FAQL

"The total number of bitcoins, as mentioned earlier, has an asymptote at 21 million, due to a technical limitation in the data structure of the blockchain - specifically the integer storage type of the transaction output, this exact value would have been 20,999,999.9769 bitcoin. Should this technical limitation be adjusted by changing the width of the field, the total number will still only approach or be a maximum of 21 million."

This means that aside from the consensus requirements, there would be a very difficult technical issue if you try to increase the 21Million limit.

Itai Raz said...

Disregarding your predictions of the BTC apocalipse (not claiming they're wrong either), i think that this is one of the most brilliant reviews of some BTC fundamentals that I have ever read.

Thank you!

Marcos Alcantara said...

That was a great article about he fundamentals of Bitcoin. Thank you.

Van Fisk said...

Could you make a post going into the other "structural flaws" of btc that you? Would love to read some more of your thoughts on the matter. Thanks.

Charles Hett said...

Great Article - thank you

Ron said...


> RP was added 3 days ago

Yes, but this piece was written seven days ago :-) HN is a little behind the times. Also, I've not looked into the details, but I am given to understand that what was added was not full RP, but only one-way RP, so it doesn't really solve the problem.

@Ron OHara:

The link you reference says:

"Satoshi has never really justified or explained many of these constants."

So yes, it's true he didn't pull the 21M number directly out of his hat, but it is derived from numbers that he (apparently) pulled out of his hat. IMHO that amounts to the same thing.

@Itai, Marcos & Charles:

Thanks for the kind words!


> Could you make a post going into the other "structural flaws" of btc?

I'll see what I can do. Nowadays I only have time to write a new blog post every few weeks. But the TL;DR is that I believe that the Right Way to do a digital currency is to use a trusted third party, but to structure things in such a way that the TTP can be easily audited. That way you get the best of both worlds: the efficiency of a TTP but without the power of current banks to screw you at will. Digital currency is really a service, a utility, that should be provided by the government just like roads and electricity.

I also believe that zero inflation is a bad idea. You don't want too much inflation, but zero is bad because it encourages hoarding. Hoarding is great in a commodity because it produces upward pressure on prices, but in a currency you should have an inflation rate that tracks or very slightly exceeds the growth in the economy because that gives you price stability.