Discover more from Stack Stats
Bitcoin KPIs: Security
Tracking the important metrics for Bitcoin's security
Why Bitcoin KPIs?
In my day job I help define KPIs (key performance indicators) to track the health of the business I work for. These metrics are strongly correlated with the health and long term success of the business and we watch them closely to make sure we are on the right track.
Bitcoin KPIs is my attempt to build a similar dashboard for Bitcoin. I wanted a 10,000 foot view of all the trends I think are important to track and likely to lead to the long term success of the Bitcoin network. While many excellent resources exist for Bitcoin data, I thought there was a gap in the existing offerings where no one data source had all the things I wanted:
Focus on Bitcoin
Data from multiple sources: on-chain, lightning, coinjoin, mempool, node count
Distilled to only the most important factors for network and ecosystem success, rather than focusing on trading and NumberGoUp
So I decided to build the dashboard I wanted for myself and share it with the community. I defined the metrics and trends I believe are most important to track and ended up with a five category taxonomy:
📈 Block Space Economics
💰 Value & Uptake
😎 Privacy & Fungibility
⚡ Layer 2
I’ll be writing a series of posts on Stack Stats about why I chose each category and the metrics I track within them. This is first post in that series, where I’ll be going into Security.
Subscribe below so you don’t miss out on this series of posts and the research I regularly post on the site:
I started with Security, it’s an easy one and I think most people can agree that secure money is better than insecure money.
A few things contribute to Bitcoin’s security:
Public key cryptography ensures no one can spend a UTXO without the private key
Miners do work to extend the blockchain, making it very costly to rewrite history
Full nodes cheaply verify the work done by miners and enforce the consensus rules run by their owners
If individuals self-custody funds there is no easy locus of vulnerability for expropriation
Covered more eloquently in the Bitcoin Whitepaper:
Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers.
This article by Lopp is a great overview of Bitcoin’s security model for those interested in a deeper dive.
I chose four KPI metrics to track for Security: Hash Rate, Bitcoin Node Count, Chain Rewrite Days and Hash Price. Below I’ll explain why I think these are important and go over the long term trend for each. There are other metrics that would be useful to track if there were easily available, but we are limited by what is easily observable and available.
You can find live charts with the metrics discussed in this post at BitcoinKPIs.
Definition: Hash Rate is measured in ExaHashes per second (EH/s). It is the aggregate rate at which miners are competing to find a valid block.
Why is this important: When hash rate increases, it means more energy (which is costly) or more ASIC chips (where are costly) are being dedicated to securing the network. It is this unforgable costliness that creates the right incentives for miners to not rewrite the chain’s history and allows the network to come to distributed consensus on the right ledger state. Increasing hash rate is healthy, unless a majority (or large chunk in some cases) of the hash is adversarial.
Trend: Hash rate has increased 60x over the past four years, from 2 EH/s in Nov 2016 to a current level of 122 EH/s. While there are some short term decreases due to exogenous factors like weather and price fluctuations, the long term trend is up and to the right.
Bitcoin Node Count
Definition: Node count is the count of Bitcoin full nodes participating in the network.
Why is this important: Node count is not sybil resistant, so some people claim it’s not helpful to track. What I’m really interested in measuring is “number of Bitcoiners with a nontrivial economic stake in the network who choose to interact with Bitcoin through their own node”, but that is not feasible to measure so node count must suffice as a proxy. Bitcoiners interacting with the network through their own node is important for a few reasons:
more people validating the ledger and serving blocks
provides individual exit rights via hard fork if the shit hits the fan
easier to self-custody, coinjoin and run Lightning
Caveats: “Tallying the number of Bitcoin nodes typically relies on estimates instead of concrete data, and opinions on the best methodology for deriving these estimates differ. Dashjr’s estimate relies on a tedious and undisclosed proprietary methodology that could compromise the reliability of the data if it was released, according to its creator.” See this article.
Estimates differ depending on sources. Clark Moody’s dashboard currently lists 11k reachable Bitcoin nodes, for example.
Trend: Node count is flat (at 35k nodes) from when our data starts in April 2017 to now, but it shot up to an ATH of 175k in January 2018 (probably due to price increase and SegWit2x) and has been decreasing steadily ever since. This decline is very concerning but also perplexing. From my point of view it has never been easier to run a full node with many great projects like RaspiBlitz, MyNode and RoninDojo making it easy for people to run a powerful node (plus apps) on commodity hardware. Some possible explanations:
Advanced Bitcoiners are running nodes but others do not
The number of advanced Bitcoiners would need to be flat or declining since 2016 for this to fully explain the decline. I find this unlikely based on my own experience.
The surge in node count around SegWit2x was inflated by astroturfing from various parties
Probably some combination of both, plus other factors I’m not considering. Either way this downtrend is negative.
Chain ReWrite Days at Period Hash Rate
Definition: Chain Rewrite days is the number of days it would take to rewrite the entire Bitcoin blockchain using the current level of hashpower. It is calculated by dividing the cumulative hash by the current rate.
Why is this important: It’s astounding to see the magnitude of the accumulated work done by miners on the bitcoin blockchain. This metric quantifies how long it would take an adversarial actor with 100% of current hashpower to mine an alternative chain that could supersede the existing chain. Spoiler: it’s a very long time.
Trend: Chain Rewrite days stood at 340 in November 2016 before falling to a low of 191 days in Feb 2018 as the growth in current hashpower outpaced the accumulated hashpower. Since then it’s shot up to a current ATH of 635 days shortly after hitting ATHs in hash this fall. Very healthy.
Hash price: $USD per Yottahash
Definition: Hash price is calculated as the total $USD mining rewards over the period divided by the total Yottahash over the period. It is the $USD amount the network is compensating miners for their hashing work.
Why is this important: Falling hash price over the long run is indicative of increased competition in the mining industry which is essential for Bitcoin’s security model. It represents more investment in ASICs and more efficient energy usage. I think of the falling price of hash similar to the falling price of transistors in Moore’s law.
Caveats: This metric can be sensitive to short term fluctuations in BTC price and blockspace demand as miners can’t bring capacity online fast enough to meet demand surges from bull markets (see 2018 peak).
Trend: Hash price decreased ~5x from $8.30/YH in Nov 2016 to $1.50/YH today. This is a healthy decline that represents exponential progress in mining efficiency from improved ASICs and better energy usage. Falling price suggests healthy competition among miners.
Security metrics I want but don’t have
Percent of Bitcoin self custodied: this one requires address classification (to identify addresses owned by exchanges and custodians) which is tricky and frankly unreliable in my experience. Some data providers have charts for number of coins on exchanges, but this doesn’t cover centralized custody providers which could be larger.
Percent of Bitcoin secured using multisig: txstats.com has a chart showing the breakdown of P2SH addresses by type, but the type is only revealed after an output is spent so a majority of coins are unclassified (or P2WPKH) as of now and will likely continue to be. The chart does not cover P2WSH.
Number of Tor Nodes: Clark Moody has this on his dashboard, but I don’t have a time series I can plot myself.
Thanks for reading my rundown of the Security KPIs for the Bitcoin network!
Please subscribe to this newsletter for more Bitcoin data content:
And consider following me on twitter for more lightweight updates: