The difference is that Bitcoin creates strong incentives for people to burn through electricity. Worse still, for Bitcoin to be secure it has to be the case that no attacker can control more than half the total computing power of the entire Bitcoin network, which means that the network can only be secure if people keep devoting more and more computer power to it; doubling the attacker's work means doubling everyone's work. Compare that to Chaum's digital cash systems -- where tokens were issued at low computational cost by a bank, transactions were peer to peer and did not require connecting to a global network of any kind, and where the attacker's work was exponential while the users work was polynomial in an arbitrarily-scalable security parameter. Bitcoin is exceptionally wasteful of computing resources; if it were a mainstream currency, we would eventually have to commit half the world's total computing power to it just to keep it secure.
If the cost of electricity is more than the value of the awarded coins, miners will drop off because they're losing money, and the difficulty will decrease.
Therefore the total electricity usage per ten minutes cannot sustainably be worth more than the value of the new coins generated in that ten minutes. Meanwhile the number of coins awarded each time is cut in half every four years. If, in 20 years, bitcoins are worth 32 times as much as they are right now, the total electricity usage will be the same as it is now.
The amount of electricity used is surprisingly low; for details see my comment above.
Edit: with further thought, I wonder whether this is a long-term security flaw. Previously I calculated that if bitcoin were to reach the market cap of the dollar in 20 years, it would consume a gigawatt of power. An attacker with a nuclear reactor could conceivably control a blockchain with over a trillion dollars of market value.
Transaction fees would make it more expensive (by increasing the power usage sustainable by honest miners) but the hope is to keep fees fairly low.
However, a 51% attack still doesn't allow the attacker to steal all the money, only to double spend. So the attack may not be worthwhile, unless you already have very large bitcoin holdings...in which case, you may be more interested in maintaining the soundness of the currency.
>>If the cost of electricity is more than the value of the awarded coins, miners will drop off because they're losing money, and the difficulty will decrease.
Is that assumption correct? I am not as knowledgeable as you are, but I would reason differently. As the size of the BC economy expands, vested parties will have increasingly strong motivation to secure their investments; likewise for attackers. A mining arms race will ensue, whose costs in power usage will have little to do with the ROI from mining. Costs will have to scale roughly with the value of the economy. Today, the miners went out of their way to save the network for the general good - thank you. Tomorrow we might have to incent them to continue do so.
True, and as the value of those potentially doubly-spent coins increases, so does the cost of preventing such an infraction. This is necessary to protect the at-risk merchants whose presence on the network is vital if BC is to succeed.
Also, massive loss of confidence resulting in destruction of the value of my assets would have the same net effect to my wallet as theft.
So, it is in our general interest that BC transactions by required to pay into a commonwealth of miners who will burn GPU for us. This should be taken out of the now-optional transaction fee. Satoshi apparently had anticipated this. Under such circumstances, I believe your models of power consumption are heavily understated.
Given that there's nobody who can force any particular action, it'd be interesting to think through the game theory and whether that's actually likely to happen.
An assumption I have made is that most merchants in the "normals" category would demand near-as-dammit watertight protection from theoretical yet systemic risks. FUD from competing systems would drive this requirement. I cannot imagine a lab experiment to test my assumption; it would need to be demonstrated in the marketplace. The cost of providing a very strong defence is entirely disproportionate to cost of offence, so we are looking at an asymmetric arms race.
Many Game Theory experiments are concerned with discerning underlying morality in economic exchanges. An interesting perspective here is that there should be no room for morality when Bitcoin gets up to scale. (But thanks again for the good guys who saved the day this week). No black/white hats; only those who have been paid to protect and those whose interests lie in exploitation. Eventually no actor will have the resources to do the right thing, unless it is also explicitly in their short term material interests. That ethos seems to be prevalent in the Bitcoin and one of the reasons that I find it interesting to watch.
This line of reasoning reminds me of an anecdote about the German cryptographers' reaction to the Enigma code-breaking program. They were not shocked by the fact that the machine had a weakness; what they were shocked by was the fact that anyone would be willing to bear the cost of exploiting that weakness.
You might be surprised by the attacker's motive or by their willingness to invest in the resources needed to attack the system.
I might not be all that surprised, given that I just dreamed up this potential weakness in the first place. It's entertaining to speculate on who might be willing to spend billions of dollars and lose additional billions in market value, for the sake of damaging the network. But I think it would be difficult to directly profit by doing it.
