Le monde post-subventions | Bitcoin 2026

Gentlemen, thank you for uh joining us here and thanks to a lovely audience for coming out for this talk. One of those things where it's a really kick the can down the road issue. A lot of people like to talk about it. Some bloate. Um you know, a lot of sophistry in the uh discussion of what's going to happen when Bitcoin's block subsidy runs out. Before we get into the meat of the discussion though, can you'all give some brief intros about who you are, the work you do in Bitcoin? >> Sure. My name is uh Paul Stoz. I'm the author of BIPS 300 and 301 and I'm the founder and CEO of Layer 2 Labs. >> I'm Mike Casey, most recently with MEA uh running the Enduro platform. Uh currently I'm an independent working on postquantum solutions. >> And my name is Nick Hansen. I'm the CEO of Luxer. We build mining software services um mining pool firmware financial services so like derivatives and things like that. So uh very interested in what happens in a uh posts subsidy world. >> Yeah. And to set the stage for this. So for those who if you're hearing word subsidy and it's jargon to you uh bitcoins block rewards have both a subsidy which are freshly minted coins and transaction fees. And so with each success of having that subsidy continues to diminish in bitcoin terms and eventually it will go away like what like 2,134 something like that. Um long before you know long after we're all gone. So, but there is this concern that eventually you're going to get to a point where you're going to rely only on transaction fees and if Bitcoin uh is not being used enough, if the transaction fees are not high enough, this could theoretically threaten Bitcoin's security budget uh because miners are not incentivized to mine. So, to to kind of start, I would just say on a scale of 1 to 10, gentlemen, we'll start with you, Paul, and then move down. How concerned are you for that? the idea that once uh the subsidy is diminished, there won't be enough transaction fees to furnish uh Bitcoin mining. >> Um I would say an eight. Now, are we allowed to explain or do we just Absolutely. >> Okay. So, first of all, even though it goes down 100% in the year 2140, it's already gone down in the first 16 years. It goes down 96% and then it goes down another 96%. So, it gets it goes down very very rapidly and it just kind of barely survives until the end. So it's it's going to be a concern long before the year 2140. And the reason to be concerned with the security budget is like there's several there's like four different overlapping things. So one of them is it's how much money the miners are paid which is how much proof of work the network this is how much money the miners will spend since they can't spend more than they're paid and that's how much proof of work the network has. And if the network doesn't have proof of work then all this blockchain stuff was just kind of a waste of time because it doesn't actually do anything. And I'm only going to explain the second reason out of four. But the second reason is that it's a clue that we have a lot of fee paying users. We actually have happy customers. So if the security budget is very high, it means we got a lot of users actually using the network. And that is why um we should really be focused, we should really be focused very much on how much revenue the miners are getting. We should care about that almost as much as we care about the exchange rate. Um to me uh yeah my answer uh right now it's probably about like a five but it edges up every year. I think within six years time it'll be an eight. Uh that's how long I think we have to fully assess the situation and take corrective action. Uh the reason being for this uh if you look at Monero Monero they have a tail emission and uh they put a lot of work into that tail emission and they're still regularly 51% attacked right now uh in six years time another two havingss as a percentage of the total amount of emission of the coin bitcoin emission rate uh through the subsidy will actually be less than Monero's tail emission as a rate over the total amount account being secured. So, we don't have much time left and it's not something anybody's thinking about. To me, mid to longer term, this is a more important issue than quantum itself. >> Yeah. So, I would say uh what my my concern level was like a eight or 10 back in 2024. Uh mostly because I was kind of thinking about the having of probably 2032. Uh we've seen all-time low hash price pretty consistently over this epoch. uh that probably isn't going away. Uh and Paul said it the best, we need users, we need customers, people to use this thing. At the end of the day, it's a service uh to move money around. Uh and people need to be paying to use that. And right now, nobody's really doing that. Uh the last cohort of people that did were uh ordinals and runes people um putting, you know, JPEGs on the blockchain, which is a pretty uh toxic topic, but um yeah, that was like the last time the chain really got any major usage. I mean, blocks are consistently and not full right now. Uh, and actually the last time they were full was because of a weird ordinal thing. Um, so we need users. We need people to actually move Bitcoin around, use it to pay for stuff. Um, or or the the subsidy is going to be a massive problem. I don't I do disagree though. I think quantum is the first thing we have to tackle and then uh the subsidy is going to be a problem. >> You think quantum you think we'll have a viable quantum computer that could threaten quantum vulnerable coins before the subsidy becomes an issue for minor revenue? >> Before the subsidy becomes a bigger issue. Yeah. What's your timeline for that? >> I would say uh right now I think the conservative estimate is about six years. An aggressive would be shorter than that. And then I think um or sorry the consensus is about 6 years. An aggressive estimate would be more like four. Uh and then if you were you know really conservative but you think that you know quantum is further out would be more like nine. So between four and nine years is kind of the timeline. >> You can't escape from the quantum discussion even when it's just uh panel about subsidy. It >> nope it never ends. Well, >> quantum fixes the subsidy problem for a while, but >> you're you're you're getting ahead of my questions, Nick. But, you know, we so we opened two cans of worms there. I'll start with that one second, but I want to first zoom in on one thing that you said about the last time we saw a meaningful spike in fees was the ordinal craze in 2023, 2024, and it was significant. There were times where you know you had 30 40 50% sometimes 100% even of the block subsidy as fees because of this ordinal trading and that when all of that was going off it was obviously very contentious. A lot of people don't like the blockchain being used for non-monetary use cases but there was dial it did spark a dialogue over well eventually we're going to need use cases that feed the fee market or else mining will die. And so for my next question, we'll start with you this time, Nick, and then move down. Um, people have been talking about different L2s on Bitcoin and unlocking, you know, DeFi use cases on Bitcoin for a long time. During the ordinal craze, there was gobs of fundraising into some of these budding L2s. And just frankly speaking, a lot of them have failed to deliver any sort of market share that would mirror what we've seen on Ethereum. So, what do you think is the reason why we haven't seen that adoption? Do you think that L2s and alternative or additional financial uses of Bitcoin that would drive fees are something that's just not sticky for this asset? And if that's so, why why is that? Nick, we'll start with you. >> So, yeah, at the at the end of the day, you need a fork to really have usable L2s to get what's called uh unilateral exit, meaning you can exit from the L2 without having to have any validators in between. You need a fork to make that possible. And they've determined that a fork is not going to happen. So that's uh that's kind of you know I mean when I say they I mean the community has pretty much rejected all of those proposals. So it's CTV checks from stack opcat you've probably heard of these. Um they're really not going anywhere as far as I can tell. So you need a fork for them to happen and I don't think that that's going to happen. Uh at least not in this generation of Bitcoiners. Um I think tap routt was probably the last real fork that we'll get. Uh the next one we would really need to do is bit 360. So we're not going to get like any new op codes to allow real L2 activity. So, at the end of the day, I don't think there's going to be much DeFi activity on uh on Bitcoin, unfortunately, which is good. We we want DeFi activity on Bitcoin. It drives a lot of fees. So, I agree with you on the outcome, but I disagree on the reason. I don't think it's necessarily because of these proposals. Uh the reason I think that we're not seeing any kind of appreciable free market develop, and we'll see something like ordinals pop every now and again. uh we saw the lightning network and lots of usage on that for a while. Uh and the same is true of Arc or anything else. Uh it all kind of boils down to the fact that we have a a static cap on the amount of block space and it's in no way adaptive. So the problem with this, I know this is a very controversial take, but the problem with this is somebody develops a killer app use case to use Bitcoin for other than just sending transactions and they try to do it. They build up a model, they have something like runes or ordinals and they do it and it is wildly successful, but eventually that use case will price itself out of the market because the supply of block space does not increase ever. So because of that it becomes far too expensive to support that use case. This is true for any thing you want to do as a meta protocol on Bitcoin including bridging mechanisms to a D5 protocol on ML2. So this is a problem for lightning. This is a problem for ordinals. This is a problem for uh Arc or any other system that requires Bitcoin transactions for it to use. Eventually its own weight will crush it under the current weight. Okay, we could easily have a huge ecosystem that pays miners an enormous amount of fees and um you know much much more 10 10,000 or 100,000 times what they they earn today. But for some reason, you know, like the the Bitcoin community has chosen not to do anything controversial. And so even the ordinals is a very it's a perfect example because the ordinals is a case where people are kind of using Bitcoin to have fun, but caused the as exactly as Mike was saying, it caused the fee rates to go up in 2023 and that interfered with like uh some lightning technology and some other stuff. So, it's just very hard to get anything done because if you do anything at all, it's bound to make some people um sort of confused or uh upset. And so, basically, every single decision you could possibly make is controversial. And we've decided that we're not going to do anything controversial. So, that we could have, for example, unlimited extra block space on these merge mind L2s. And that's what the side chain's idea was. And that's what BIP 300 is. Um, I agree with Nick that we're not going to have BIP 300 on BTC anytime soon. We're not going to have Opcat. We're not going to have OPCTV. Um, we used to do two soft forks on average every year. We did 14 in the first seven years, but now we don't do any at all. And Tap Routt took 46 months from when it was first proposed to when it finally activated. So we um um we could easily um change all this around, but the the Bitcoin culture and the Bitcoin just the way things we do things here, we just don't prioritize users and we just don't prioritize the the fees. So we could do it, but there's in one sense nothing is stopping us from from doing that, but in another sense it's just we kind of collectively decided as a culture that we're just not going to do it, which is a big mistake. But I have one final thing to say, which is see you're running a pool. Nick is running one of the pools, you know, one of the big pools. It's not that big, but it's on the pie chart. So, it's one of So, uh, so you could like, you know, you guys are the responsible party in a way like you guys are the specialists. You guys run the block template. You guys can orphan blocks. So, you could, you know, call up your other pool friends and you could activate all these soft forks tomorrow. I'm just saying partially this is the mining pool's decision to just fire a gun into their own skull and end their own lives. So, uh, that is one weird weird aspect. >> That's akin to like a coup though in a way. I mean, that's where it's a coup to sur it's a coup to to basically keep themselves alive and keep the Bitcoin network growing and obtaining more users, I think. But this is I agree with he's right because this is the element in the culture that it's for anyone to just do anything unilaterally is seen as a kind of betrayal of the I don't know the peace and tranquility that we've all enjoyed for the last >> if if I can jump in the problem I think is is because of the havingings it's basically we're a frog in a boiling pot of water and the temperature is going up really slowly really slowly really slowly and so nobody's concerned about the fee market right now because there's a subsidy and everybody assumes oh okay well if if the price doubles uh and uh the the Bitcoin subsidy halves well that's net net everything's even >> a lot of people believe that but I think all four of us know that that's not true >> that's not the way it works take our word for it or take out a piece of paper and start multiplying and you'll see it doesn't that doesn't work so >> so the security budget in actuality needs to be one Satoshi more than the attack budget Bitcoin always must be profitable to mine with your hash. If you can acquire hash, it has to be more profitable to mine with it than it is to try to attack Bitcoin. The more expensive Bitcoin gets, the more value it has, the more attractive target it is for attack. So, it actually does not help the number to go up does not help the problem. Oh, I thought you were going to say something, Paul. This is a kind of a tough panel, guys, because y'all have said something just now that I could latch on to for a follow-up conversation. Like, for instance, Mike, you you kind of hinted at this catch22 with Bitcoin's block space. This idea that there's not actually big enough to furnish the the use cases that would drive fees in a way that doesn't hamper other use cases. is like Paul was saying, for instance, when the ordinals craze was popping off, people would be running Lightning routing nodes and they would close channels or have channels force closed and all of their revenue from that routing node was gone because fees were crazy. Right. Um anyway, that that kind of struck me >> if you build anything with the assumption that fees will eventually be cheap enough, then you're going to lose all your money. >> Right. Right. Anyway, I I that that kind of struck me as sisfi and I just wanted to to point it out and I would like to get back to the developer discussion in a second in terms of thinking about what quantum means for threatening any other op code being added that would actually improve functionality. But first, I do want to return to quantum in a different element with you Mike uh specifically this hourglass proposal that you co-authored. Can you explain to people what this is and also how it might um as a side effect solve this problem? >> Yeah. Uh sure. Taking time. I'll try to be brief. Um so I'm sure most people are familiar with Satoshi's coins, this vast trove, and most people aren't worried about them. They've been written off so thoroughly because they haven't moved since 2011 or earlier, 2010. Uh so this represents uh it's a whole class of coins. It's P2PK noticeably not P2PKH. It's not protected by that hash element which means these coins exist on chain with a public key exposed and they are 100% quantum vulnerable to a cryptographically relevant quantum computer. That means somebody could with any amount of time if they had you know they they can crack them with a sufficient quantum computer running Shor's algorithm. So, um, these coins are exposed. They're presumed dead. So, nobody's going to move them and migrate them over. So, let's say we activate BIP 360. Let's say we have postquantum photography. Great. It's all safe. Nobody's going to move those coins. They're going to be there presumably forever until a quantum attacker steals it. So, we did the math looking into this. Uh, and it would take, this is 1.7 million Bitcoin, not dollars. 1.7 million bitcoins are in this class. The original ones 50 BTC per pop mining rewards, right? Um these coins, right, could be moved by a single entity if they pre-racked the entire set in 3 hours time. That's how long it would take a quantum attacker to actually mine all of those into an address they control outright under whatever. and presumably they could even flood them onto the market and sell crash the entire market. So that is the the problem statement. Um there are factions who say well we can't allow this. Those coins are supposed to be dormant. They're they're supposed to be dead. That's not what I bought into. So we should freeze or burn these coins, right? And that that would mean freezing or burning Satoshi's coins amongst others. And I think that's kind of an anathema to what Bitcoin represents and uh property rights. Um so you have the one side which are the liquidationists and the liquidationists say not your keys not your coin. If they get the keys it's theirs this is freedom and the other side says no we have to protect you know and what hourglass is is it's a compromised solution between these two camps. uh the original hourglass proposal uh one output one P2PK output was allowable per block. So that means 50 BTC could be released uh per per block which means it would take about 8 months to run through that supply as opposed to 3 hours. And then uh the most recent version, Hourglass V2, that actually stretches it out because it only allows one BTC to be released from one of these addresses per block. And that actually stretches it out over 32 years. And getting back to your original point, because I know this took a long time to get there, but getting back to your original point, how does this how does this affect the security budget? Right. Well, if everything the stars aligned and everything went right and there actually was a credible quantum threat in the near-term future and hourglass was activated and they did attack these coins as a salvage right and you know because they're unclaimed property at this point and it was legitimized so they weren't incentivized to steal other sets of unprotected coins and everybody else moved those over. Well, then if there's one attacker, then they get all those coins. They get one BTC per block or 144 bitcoins a day, which is not that bad. But the second, and this is over the course of 32 years, if Satoshi doesn't move his coins, the second attacker now has to bid against the first one. And this creates an incentive to uh uh it's a race condition because they have to pay the miners. they have to pay the mining pools >> and and just to be uh for context they would be doing like a an RBF or a place by fee few or were >> no not an RBF because it's not the same transaction right there's only one allowable transaction the minor picks which one they're only allowed to pick one and that one can be at max one Bitcoin out the rest has to be refunded to the address >> so it's not necessarily an RBF but >> it would be a fee bidding war for those >> a fee bidding war yes >> and then those fees would go to the minor ers and it would be a way to increase their revenue. >> Yes, >> you would effectively guarantee that there's, excuse me, one Bitcoin worth of fees paid in each block. >> Yeah, provided you have enough parties bidding against each other for this. >> This is my question because this assumes that they don't one of them just doesn't give up at one point, right? >> Well, it depends. If you already have the keys cracked, it's a sunk cost. If you get one, you know, percent of a Bitcoin, that's better than getting nothing, right? So, if you've already spent the effort to crack the key, would you rather get nothing for it or get something for it? >> Right, Nick. >> Welcome to Predict. The world is a market. Everything is a market. Every headline moves the line. Every moment is your market. Call the moves. Bet on your instinct, your prediction, your edge. dual bits predict where everything is a market. >> You presented on this at OP next uh block spaces conference in New York last week or two weeks ago. Um what are your thoughts on this as a minor and then Paul will go to you for your thoughts? >> Yeah, I mean I'm going to be advocating pretty heavily for it. Um yeah, the Opnext conference presented by Blockspace was a great conference. Thank you Colin. Uh, and so when I was at Op next presented by Blockspace, uh, yeah, we talked a lot about Hourglass and I think that, um, you know, it was actually wellreceived. I actually thought that I was going to get a lot of booze, uh, from the crowd cuz that's like a hardcore Bitcoiner, like Bitcoin core kind of dev conference. And, uh, I expected that the majority of the folks there would really not like it, but it seemed like it was wellreceived. So, I was pretty excited. I mean, it feels like there's actually real possibility that we could get an hourglass fork. Some would say it's better than 361 and >> Oh yeah. So 361 is the proposal to freeze any of the coins that are quantum susceptible after some date. Um which which is you know basically the seizure. Uh I I don't advocate for that. I think that's and an antithetical to Bitcoin. I don't think that's the the way that we should go. Um I'm also I'm very I am very concerned about uh you know option one which is do nothing because it will demolish the market and it'll be who knows how long until the market reforms. it could take decades. Uh, and the problem is, um, I want to be around to see Bitcoin hyper Bitcoinization. Um, and if if they demolish the market and, you know, all these coins, you know, there there's actually 6.7 million coins. It's a whole thing, but um, that are susceptible to being stolen, if that hits the market, like it's never coming back. Probably not in my lifetime. Institutions are just out. They're like, I don't know really what happened here. Bitcoin went down by 90% in two days. I'm out. I just am out. Um, so I don't know what to do about that. And so I think that hourglass is really a great solution to slow that trickle uh and potentially you know have the majority of those coins which are inevitably going to be stolen anyway flow to miners who are most asset aligned. Uh hourglass is I think a pretty good idea. It does have two drawbacks with respect to the security budget. One is it requires that the quantum computer actually be built which is not a foregone conclusion. Um it may not actually be built. You don't think so? You don't think it's a foregoing prediction? >> I think that um a lot of people are weighing in but very few people know. So I would be in favor of a prediction market or something that would say like on will it be built by this date or something so that the insiders can can tell us. >> I actually take that as another argument for hourglass. Sorry to cut you off Paul. Uh because if it is I'll let you do your second point but uh versus a confiscation. If a confiscation if you implement it early you have to time it right before a quantum attack otherwise it's worthless. and you you've wasted everything. Hourglass, if it's enacted early and there is no quantum computer, it's minimal harm because anybody who wants to recover those keys still can. >> Yeah, you can still spend one BTC per week, which is kind of a lot of money. >> Sorry to interrupt. Your second point, >> it's still very good idea. Um, it does require that the quantum computer be built and crack all the keys and that they be like, you know, posted on a website or just anyone can do it with a cheap quantum computer. Uh the other problem is that when all those coins have been spent now we've kicked the can down the road we have this artificial one BTC per week subsidy and then it will just fall off a cliff to zero at the end of the third. So it's >> well there's nothing prohibiting a future soft fork to >> just do more of that maybe or some other >> to smooth it later but I don't I don't get that initially. >> I just like to quickly say that I'm in favor of merge mind L2s and that's what BIP 300 301 are. we we could uh have an unlimited number of L2 blockchains and the miners could automatically collect the transaction fees from all of them without doing any extra work and that would enable them to collect again huge amounts of of money. Um for example, there used to be this site there still is called a cryptofe.info. You can look up all the transaction fees paid basically the security budget more or less uh paid by each blockchain and you'll see that Ethereum the number is always higher than a BTC. Sometimes it's 10 times as much. So that's just something to think about that we could have those if with Merge Mind L2s. >> All righty, gentlemen. We got 2 minutes 45 seconds left. Quick lightning round. One of these solutions outside of transaction fees getting juiced up to this problem has been the idea of extending Bitcoin's emission schedule. Tail emissions basically extending the block subsidy in perpetuity. Do what do y'all think of this proposal and why do you think it is or isn't a good solution? >> I think it's a bad idea. Um, I mean, you'll get two forks anyway. You'll get two bitcoins at the end of that anyway. And I'm pretty sure that everybody will just go with the one that doesn't add a tail subsidy and then maybe in like 20 years they'll come back and realize that was a prop mistake. But I don't think you'll ever get any support for it. But um, and I think it's because like when you bought Bitcoin 15 years ago, you were sold the idea of 21 million. Like you'll you look around, you see 21 million all over the signage here. Uh, that's a big selling point of Bitcoin and you kind of destroy that. So I don't think it will ever happen and I would push against it. >> I agree. Hey, I'm I'm I don't think a a tail mission is something that's part of the contract people signed up for when they bought Bitcoin. Everybody was sold on a 21 million hard cap, you know, forever. That's the entire premise of it. It is sound money, hard money, unchangeable. That's the bill we were all sold. If if that changes, that could undermine the entire value proposition of Bitcoin itself as a hard money. Um not not to say like if we don't do something, it may be inevitable. I don't know at what point it would be, but I mean really we're going to have to start taking some really hard looks like I said within the next six years because Monero's tail emission is at the rate that we will be for the subsidy in 10 years. So even if we freeze it there, it will be less than Monero and Monero is regularly 51% attacked. So obviously the tail mission is not enough for Monero >> and this is good timing for the because we just had a Litecoin attack also. So that all that is related to so for years everyone has said oh don't worry about the security budget but now uh where all of us are being vindicated who brought it up uh about tail emission I think you know we just did a year of bike shedding over the optional configurable op return standardness bite parameter or something. So, I completely agree with Nick that there would just be endless bike shedding and we that would never no one would ever be able to agree on that. I think and I also agree with Mike that it wouldn't even solve the problem really. I think so. >> Gentlemen, thank you very much. Let's give it up for our panelist y'all. >> Thank you guys. >> Thank you. Every year this community comes together to celebrate, to debate, to build what comes next. And every year the stage gets bigger. Sound money center stage. So, where do you go to celebrate the next chapter in Bitcoin history? You come home. Nashville, July 2027.