The Cost Of Self Custody: TANSTAAFL
Last week I touched on the nuances and complexities of “Trustodial” systems, systems that can’t be fully categorized as non-custodial or custodial, and how this causes issues when it relates to us categorizing different tools in this space. This is not the only issue being oversimplified in general conversation as it relates to categorizing ways of using Bitcoin.
Another major factor, with its own bag of complexity and nuances, is the cost of self custody.
I laid out these two core requirements for something to be considered self-custodial in the last article:
A user has unilateral control over their funds, or the ability to regain it.
No other party (or parties) has the ability to prevent the user from spending their funds, or regaining their ability to, or to spend them without the involvement of the user.
Let’s add another core requirement:
A user must be able to cost effectively exert their control over their funds, i.e. it must not cost an inordinate percentage of the funds under their control to actually transact with or enforce their ownership over them.
If a user has claim to some funds through some enforcement mechanism, but it would cost 95% of those funds to actually exercise that enforcement mechanism, does he actually have self custody of those funds?
The Core Problem
This is one of the chief scaling limitations of existing Layer 2 designs, such as Lightning, Statechains, Ark, etc. Any Layer 2 that makes use of pre-signed transactions to function is subject to this problem. Bitcoin has a blocksize limit, and whenever the pending transaction demand in the mempool is greater than the throughput capacity of the blockchain, fees go up. We have no mechanism, despite what some big blockers might say, to maintain a constant low fee level for users. Blockchains don’t scale without destroying their core value propositions.
This leaves us with no option but to construct off-chain scaling mechanisms, and so far the only viable trustless and self custodial solution is to use pre-signed transactions to facilitate this. That means that if a user ever has to actually make use of those pre-signed transactions, they have to pay the fees for them.
Because of this, the structure, size, and number of transactions that are necessary to enforce ownership are the deciding factors when it comes to the cost to enforce ownership claims on-chain. The more complex the script, the larger the transactions, the higher the number of transactions necessary, the more expensive it becomes to enforce ownership. All of these factors ultimately add up to create a minimum viable value to self custody with these systems.
If it is going to cost 10,000 satoshis to enforce ownership on-chain, then the idea of holding less than 10,000 satoshis in that system is just economically irrational. You would pay more in fees than the value you have a claim to is worth. Even 10,000 satoshis is too small in practice, would you want to pay 100% of the value you have in order to actually enforce ownership?
To be realistically cost effectively self-custodied, the value being secured must be some comfortable multiple of the cost to enforce it, say 3-5x. If it isn’t, then that value cannot actually be enforced on-chain, it will be eaten by fees if someone tries.
But It’s Not Custodial Either
Just like Trustodial systems, this introduces an ambiguous gray area. After considering the new third requirement to be considered self-custodial, a small value below the fees required to enforce it on-chain is clearly not self-custodial, but it’s not custodial either. While the rightful owner might not be able to cost effectively enforce their ownership on-chain, whatever party they are interacting with in a Layer 2 protocol cannot cost effectively steal it either.
This creates a sort of Mexican stand off when it comes to lower values secured on what would otherwise be unambiguously self-custodial Layer 2s. The rightful owner cannot cost effectively enforce their ownership on-chain, but because any other users participating in the Layer 2 cannot as well, they have no positive incentive to try to steal it by using old off-chain state transactions or refusing to cooperate to update balances off-chain. They can burn the rightful owner’s money by forcing them to submit transactions on-chain, but they gain nothing themselves in doing so.
This creates a dynamic where as long as the involved parties continue cooperating, these small values can be utilized and exchanged off-chain, but in the event that cooperation breaks down these small value balances essentially evaporate when they cannot be cost effectively enforced on-chain.
It Gets Worse
This problem is exacerbated in two ways. The first is fees going up. The bigger the transactional demand is for blockspace, the higher the feerates go, making the minimum viable self-custodial value higher. This is an unavoidable consequence of demand for Bitcoin increasing (as long as that demand is for bitcoin itself and not custodial balances with some service).
The second is actually a result of the current solutions for the first problem. The higher feerates get, the more expensive on boarding and off boarding from Layer 2s gets, necessitating coming up with designs that allow more people to share an individual UTXO, allowing on-chain fees (at least in the cooperative situation) to be spread between more people. This requires using either larger transactions, or more transactions, generally structured as trees that split up funds until eventually distributing them to individual users, to account for more users.
This means that not only has the baseline fee for a single transaction gone up, but users need to pay fees for either larger than average transactions or more than one transaction to enforce their ownership in non-cooperative situations!
So What Do We Do?
To tell a harsh truth, this might be a fundamentally unsolvable problem, at least in the scope of maintaining a security model that is more or less the same as Layer 1. The crux of the problem comes down to this: in higher fee environments the cost to enforce ownership on-chain goes up, necessitating finding ways for more and more people to share a single UTXO. While reducing the fees to utilize funds in the cooperative case, this increases the cost (magnified by whatever the higher feerate is) in the noncooperative case. However, the ability to exercise the noncooperative case is what actually enforces ownership.
As of right now, the best we can do is find more blockspace efficient ways to enforce ownership noncooperatively. This would mean new opcodes, specifically covenants, that would allow a single user to withdraw their share of funds from a shared UTXO while at the same time guaranteeing that the rest of the funds go back into the covenant to ensure other users can do the same.
This could prevent creating the problem of more users requiring more transactions to enforce ownership, but it still doesn’t deal with the fundamental problem of feerates going up themselves. Even in the theoretical best case a user would still need to make a single transaction to enforce their ownership over funds, and in higher feerate environments that will be more expensive. This is the aspect that might be fundamentally unsolvable.
Whether solvable, insolvable, or somewhere in between, this is a dynamic that is critical for users to understand. It is a gray area in which things can go wrong, and when things go wrong it can result in users losing their funds.
This post The Cost Of Self Custody: TANSTAAFL first appeared on Bitcoin Magazine and is written by Shinobi.
