A gift card economy: breaking down BitPay’s numbers

Two days ago BitPay, the largest payment processor in the cryptocurrency space, published a new infographic filled with a number of new stats.

BitPay claims that in 2014:

  • $158,800,000 total value processed (an increase from $107 million in 2013)
  • 563,568 total number of transactions (an increase from 209,420 in 2013)
  • $281 average order value (a decline from $513 in 2013)

They also state that there is a reason for the decline in average order value:

This number is dropping as adoption increases and Bitcoin moves from an investment commodity to a payment method.

At best that is just a guess.  While it is neat that BitPay is one of a very few companies in this space willing to publicly release some numbers, we cannot determine what the actual cause for this trend with the available information.  Correlation (drop in prices or average order value) does not mean the real cause is payment adoption.

correlation

Source: XKCD

According to Jonathan Levin, head of business development at Chainalysis:

The fall in the average order value seems likely to be attributed to the increase in difficulty and the fall in the number of home miners.

Unless they publish weekly or monthly bar charts (which they used to), or what merchants are their largest by volume each week, it is unclear what could be skewing that number (e.g., large block sales from miners in 2013 and 2014?).

For instance, in December 2013, the chart below was published on the official BitPay blog (it has since been removed):

bitpay 2013The spike in transactions during November 2013 is probably related to two things:

  1. the Bitcoin Black Friday marketing event
  2. simultaneous run-up in prices during the contemporary bubble that early adopters / miners were likely able to capitalize off of by exiting positions

Are there any other numbers?

bitpay 2014Above is the last known public chart of BitPay transaction volume.  The dates on the chart corresponds with April 2013 – March 2014 and the image comes from the Cryptolina conference held in August 2014.

Although the quality is a little fuzzy, transaction volume appears to have reached around 70,000 in March 2014.  Token prices during March ranged from approximately $450 – $650 which they likely weighted and multiplied by the total amount of bitcoins received each day to come up with a figure of $1 million processed each day (note: at the end of May 2014, BitPay announced it was processing $1 million in bitcoins a day).

Yet as we shall see, in terms of fiat transaction equivalent, there is less than half as much today as there was last year.

bitpay chartThe chart above is part of the original BitPay infographic released on Wednesday.

In terms of transaction volume, bitcoin mining alone accounts for the next 4 largest segments combined.  For those who believe this will change in the future, recall that if mining somehow becomes cheaper then it is also cheaper to attack the network.  So as long as there are rents to be extracted, miners will continue to fight for and bid up the slivers of seigniorage up to where the marginal cost eventually reaches the marginal value of the token; and that translates into continuous streams of mining revenue (not necessarily economic profit) that are converted into fiat to pay for land, labor, taxes and electricity.

Furthemore, because bitcoin mining is not on the top 5 list of in terms of number of transactions this likely means that the miners that do use BitPay likely sell large blocks and are therefore large manufacturers or farms or both (and of those miners, most probably come from large entities such as BFL and KnC paying their utility bills).

The second chart to the right states that gift cards as a class represent the lion share for number of transactions processed.  This is actually kind of humorous and unhumorous.  What this means is that the majority of BitPay users (and probably bitcoin users in general) are not doing economic calculation in BTC (the unit of account) but instead some kind of fiat.  And to do so, they are going through a Rube Goldberg-like process to convert bitcoins into fiat-based utility.

This is mostly borne out through a roundabout process such as bitcoins sent to Gyft -> Gamestop -> ShellCard (the gas company).  Or Gyft->Amazon->Purse.io.

What are other motivations?  Some users, based on social media posts, claim to do this in order to reduce identification (KYC) paper trails so taxes will not have to be declared and sometimes to take part in illicit trade (e.g., sell these gift cards at a discount for actual cash for illicit wares).

Based on their chart, roughly $345,000 of merchant activity is processed on a daily basis.  Of that, $277,000 comes from precious metals and bitcoin mining.  The remaining  $68,000 is for unidentified e-commerce, IT services and travel.  Or in other words, nearly 80% of bitcoins processed by BitPay in 2014 went to paying for security (mining) and buying (or selling) gold and silver.

As I have written about previously, that for roughly every $1 spent on security (via mining), there was roughly $1 spent on actual retail commerce which translates into a quantitatively (not qualitatively) oversecured network.1 But based on this new data: more capital is probably being spent securing the network than retail commerce by a factor of at least 2x.2

Recall that bitcoin mining represents just under half of all transaction volume processed by BitPay, and BitPay itself has about 1/3 to 1/2 of the global market share for payment processing, so it is probably a good sample size of world wide non-darkmarket “activity.”

What about others?

The second largest payment processor is Coinbase.  And based on their self-reported transaction volume (below), the “off-chain” trend over the past year is similar to what BitPay processed:

coinbase chartAs described in Wallet Growth, approximately six months ago, in October 2014, Brian Armstrong and Fred Ehrsam, co-founders of Coinbase, did a reddit AMA.  At the 31:56 minute mark (video), Ehrsam discussed merchant flows:

One other thing I’ve had some people ask me IRL and I’ve seen on reddit occasionally too, is this concept of more merchants coming on board in bitcoin and that causing selling pressure, or the price to go down. [Coinbase is] one of the largest merchant processors, I really don’t think that is true.  Well one, the volumes that merchants are processing aren’t negligible but they’re not super high especially when compared to people who are kind of buying and selling bitcoin.  Like the trend is going in the right direction there but in absolute terms that’s still true.  So I think that is largely a myth.

Perhaps those volumes will change, but according to the chart above, that does not appear to be the case.

And as discussed in Slicing Data, the noticeable pattern of higher activity on weekdays versus the weekend is apparent irrespective of holidays with Coinbase too. Consequently, on most days these self-reported numbers comprise between 3-5% of the total transactions on the Bitcoin blockchain.  However, as Jonathan Levin, has pointed out, it is not clear from these numbers alone are or what they refer to: Coinbase user to user, user to merchant, and possible user wallet to user vault?

What does this mean for BitPay?

BitPay has three tiers of customer pricing.  The first plan is free, the second charges $300 for the first month and the third is for enterprise clients.  They claim that there are no transaction fees at all.

While they probably do sign up customers on their 2nd and 3rd tier, it is unclear how much.  Speculatively it may not be very much due to the low transaction volumes overall (e.g., why would Microsoft pay more in customer service than they generate in actual revenue?).  Thus their margins may be razor thin at ~1% which translates to roughly $1.5 million in annual revenue (it has to be below 2-3% otherwise merchants would not perceive an advantage for using their service).  BitPay also charges (collects) a spread through a process called the BitPay Best Bid (BBB) rate.

Based on the current head count of between 70-100 people (9 were probably laid off after the “Bitbowl“), it may be the case that the revenue generated annually covers the labor costs for just one or two months.  Perhaps this will change if prices rebound and/or if volume increases (recall that payment processors sometimes have to put coins on their books if they cannot find a counterparty to sell to in the time frame so in the likely event that BitPay holds coins on their books, they can gain or lose through forex movements).

bitpay twitterOn this point, four months ago I was involved in a mini-twitter debate with Jeff Garzik (a developer with BitPay) and Antonis Polemitis (an investor with Ledra Capital).  It partially centered around some of the findings that Jorge Stolfi (a computer science professor in Brazil) posted the previous month regarding BitPay’s transaction volume.

As discussed on Twitter, their burn rate on labor — as in almost all startups — is most certainly higher than the revenue they generate.  This should not be seen as “picking on BitPay” (because virtually every US-based VC-backed Bitcoin-related startup is in the same boat, see Buttercoin and probably ChangeTip) but they probably are not generating much additional revenue from “monthly SaaS subscriptions and payroll API customers.”

How do we know this?  Again, why would Demandware pay more for a SaaS subscription than they generate via revenue?  Altruism?  Perhaps a few do (like NewEgg or TigerDirect) but even if 1,000 customers paid $300 a month, that is still just $300,000 a month far less than the $1 million (speculatively) needed to cover labor alone.

Clustering

I contacted Fabio Federici, co-founder of Coinalytics which specializes in building data intelligence tools to analyze activities on the blockchain.  Using data from WalletExplorer.com (which identifies reused addresses of payment processors, pools, gambling services and such), his team was able to create visual aides covering BitPay.

It bears mentioning that there is a ~10% discrepancy between the WalletExplorer numbers and BitPay and this is likely a result of the clustering heuristic (by WalletExplorer) which will not give 100% coverage and is not dishonesty from BitPay (e.g., WalletExplorer data set identifies just over 600,000 transactions last year whereas BitPay cites roughly 650,000 transactions).

bitpay daily number of transactionsThe time frame for the chart above takes place between July 2, 2011 and April 13, 2015.  The chart visualizes the Daily Number of Transactions.  The green line is the important line as it represents the incoming transaction amount that BitPay receives each day.  It shows that aside from a brief outlier in the winter of 2014, volume has remained relatively flat at around 1,200 – 1,500 transactions per day for the past 15 months.Daily Volume Btc (2013-2015) [Log] xThe time frame for the log chart above is slightly shorter, between January 1, 2013 and February 28, 2015 (there is a strange drop starting in March that is likely a problem with the clustering heuristic, so it was removed).  The chart visualizes the Daily Volume of bitcoin that BitPay receives.  The green line is the important line as it represents the aggregate of how many bitcoins BitPay received each day.  While there are some days where the total reaches to 8,000 or even 9,000 bitcoins, these are outliers.  Conversely some slower days reach around 500 bitcoins per day.  On average, between January 1, 2013 and February 28, 2015, the daily amount is 1,138 bitcoins.

Other specific ranges:

  • Average February 2013 – February 2015 = 1,209 bitcoins daily
  • Average February 2014 – February 2015 = 850 bitcoins daily

One explanation for the discrepancy is that there is a large incoming transaction of 28,790 bitcoins on March 25, 2013 which skews the average in the first date range.  It the same day that the Cyprus international bailout was announced.  While this coincides with the ‘bull run’ in the spring of 2013, it is unclear from public data what this one sale may have been.  Looking at some other charts, at around that date roughly 52,694,515 bitcoin days were destroyed (BDD) and total output volume (TOV) was around 4 million (which is about 4x higher than today).  During this time frame fees to miners were also about 3x-4x higher than they are today.  And on this specific day, 159 bitcoins in fees were sent to miners, the fifth highest total ever.  While speculative it could have been an “early adopter” or even a company overseas cashing out (market price was around $73.60 per bitcoin on March 25, 2013).

Daily Number of Transactions (2013-2015) [Log] xThe log chart above visualizes the daily number of transactions for BitPay between January 1, 2013 and February 28, 2015.  The interesting phenomenon is the flip that occurred in the fall of 2014.  Whereas previously the number of outgoing transactions exceeded the internally held coins, in late September this appears to have changed.  It is unclear what the reason(s) for this is.  Perhaps more merchants decided to keep coins instead of exchanging for fiat.  Or perhaps due to the continued price decline, BitPay had to hold more coins on their balance sheet due to the inability to liquidate merchant requests fast enough (e.g., between August 1 – November 1, market prices declined from around $558 to $336 per bitcoin).

Other noticeable phenomenon on the green line above include a rapid run-up during the collapse of Mt. Gox in February 2014 and then later Bitcoin Black Friday followed by Cyber Monday in November 2014.

Why are there recognizable patterns for the green line in all of the charts?  Again, since the bulk of payments are related to mining, it is likely that miners sell blocks on a regular basis.  Denominated in USD, when paired up with bitcoin volume between February 2013 and February 2015, the plot would likely look like a left-modal bell curve.

Perspectives and conclusions

On average BitPay processed 1,544 transactions worth $435,068 per day in 2014.  Once mining and precious metals are removed, the BitPay “economy” involves $57.5 million per year.  Even if the full amount, $158 million, were classified as actual economic activity, it is less money than what Harvard Business School generates from selling case studies each year (~$200 million) or roughly the same amount that the University of Texas athletic department generates each year.

If Coinbase and the rest of the bitcoin-to-fiat merchant economy sees similar patterns of activity, that would mean that above-board economic “activity” may currently hover around $350 million a year.  This is just slightly more than venture capital was invested in the Bitcoin space last year (~$315 million) and roughly equivalent to the fund that Lux Capital raised last month for funding science-related startups.  For comparison, Guatemalan’s working abroad remitted more than $500 million back to their families in one month alone last year.

In terms of payments the competitive landscape for Bitcoinland is not just other cryptocurrencies but also incumbent payment providers and tech companies such as Google, Apple, Facebook and Microsoft (the latter has been collecting money transmitter licenses), each of which has launched or is planning to launch an integrated payments system.  Startups such as Venmo and Square, both of which were launched the same year as Bitcoin, have seen some actual traction.  For instance, in the forth quarter of 2014 Venmo payment volume came in just over $900 million, up from $700 million processed in the third quarter (Square Cash claims to have an annualized volume run rate of $1 billion).

And although it is not a completely fair comparison, Second Life from Linden Lab is still around “with 900,000 active users a month, who get payouts of $60 million in real-world money every year” (note: there is some debate over specific user numbers).

When mining payments are removed, Bitcoin, as an above-board economy, appears to generate less in return than the venture capital funds have gone into it (so far).  Perhaps this will change as more of the capital is deployed but it may be the case that Bitcoinland cannot securely grow exponentially (as the bullish narrative envisions) while maintaining a fixed amount of outputs.

In his recent conversation with International Business Times, Wouter Vonk, BitPay’s European marketing manager, described the trends from the infographic, stating:

As bitcoin becomes a more established technology, we expect to see more consumers using it. The investors are usually the first ones to hop on new technology, but as bitcoin circulates more, and as the amount of transactions increases, we should see bitcoin being used by more and more average consumers. We see bitcoin being used in emerging markets as a supplement to the current banking and monetary systems.  Bitcoin breaks down the barriers to financial tools that many people in emerging countries are facing.

Empirically, regarding “more consumer using it,” this does not seem to be true.  Nor is there evidence that bitcoin is circulating “more” — in fact, based on age of last use, more than 70% of coins have not moved in more than 6 months (slightly older figure).  And while cryptocurrencies may play a role in developing countries, so far there is little evidence this is actually occurring beyond talk at conferences.  Again, perhaps this will change as new data could reinforce Vonk’s narrative, but so far that is not the case.

For perspective I contacted Dave Hudson, proprietor of HashingIt, a leading network analysis site.  According to him:

One thing that I did notice is that their earlier “incoming” graphs all look highly correlated to the transaction volume in the Bitcoin network after long chains are removed.  This gets back to the usual Bitcoin transaction volume question of what’s really in a transaction and what’s change?  It seems their transaction volumes have really only crept up in the last 12 months, much slower than the rate of growth in transactions (or non-long-chain transactions) on the main network (increased competition?).

What does this look like?  The chart below measures Number of Transactions Excluding Chains Longer Than 10 between April 2013 – April 2015.

blockchain long chainsWhat are long chains again?  Rather than rehashing the entire paper, recall that in Slicing Data, it was observed that a significant fraction of total transaction volume on any given day was likely inflated through a variety of sources such as faucets, coin mixing and gambling.

As we can see above, while there is indeed an upward trend line over the past two years, it is clearly not growing exponentially but rather linearly, and particularly in spurts around “macro” events (e.g., bubble in late 2013 and collapse of Mt. Gox).

Based on the public data from address clustering, consumer adoption is empirically not growing near the same level as merchant adoption.  In fact, consumer adoption in terms of actual non-mining, retail-usage, has basically plateaued over the past year.  We know this is the case since merchants accepting bitcoin for payments has roughly quintupled over the same time frame (20,000 to 100,000) and includes several large marquis (such as Microsoft) yet without any surge in usage by bitcoin owners in aggregate.

Other companies that have actively promoted bitcoin for payments have likely also been impacted by sluggish sales.

For instance, in February 2015, Overstock.com (which has been using Coinbase as a payment processor for over a year) tried to obfuscate weak traction by using a strange method: measuring orders per 1 million residents.

overstock bitcoinThe top 3 were:

  • New Hampshire has a population of 1,326,813 and according to the chart above Overstock received 131 bitcoin orders per million residents.  This comes out to roughly 175 orders in 2014.
  • Utah has a population of 2,949,902 and according to the chart, Overstock received 89 bitcoin orders per million residents.  This comes out to roughly 270 orders in 2014.
  • Washington D.C. has a population of 658,893 and according tot he chart above Overstock received 85 bitcoin orders per million residents.  This comes out to roughly 56 orders in 2014 (although if the greater D.C. metro population was used, the order number would be about 9x larger).
  • Fighting for last place: Puerto Rico trounced Mississippi, which came in dead last.  Puerto Rico has a population of 3,667,084 and according to the report, Overstock received 12 bitcoin orders per million residents.  This comes out to about 44 orders in 2014.   In comparison, Mississippi, with a population of 2,994,079 had 8 order per million residents.  This comes to about 24 orders.

According to Overstock, in 2014 approximately 11,100 customers paid with bitcoin at both its US and international websites.  Altogether this represented roughly $3 million in sales which when coupled with low margin products (based on the top 10 list of things sold on Overstock) is an initiative that Stone Street Advisors labeled “distracting” (see slides 21, 32, 33, 37, 58).

In addition, since gift cards represent about 16% of all transactions processed by BitPay, they can be added to the list of non-negligible reasons for fluctuation in blockchain transaction volume.  That is to say, on any given day there are roughly 242 gift card related transactions through BitPay which should appears on the blockchain.  This is about the same amount of Counterparty transactions that may take place on a slow day.

Thus, as discussed in Slicing Data, the daily components of blockchain transactions are likely: faucet outputs (which may be “long chains”), mining rewards, some retail activity, coin mixing, gambling, watermarked assets (e.g., Counterparty, Mastercoin), P2SH, movement to ‘change’ addresses, wallet shuffling and now gift cards.

While their new infographic does not come to any direct conclusions as to macro growth of Bitcoinland it is likely that there are still only a few profitable businesses and projects in the ecosystem and most are unrelated to Bitcoin itself:

  • Fabrication plants such as TSMC and designers like Alchip
  • Utility companies (hydroelectric dams in Washington, coal power plants in Inner Mongolia)
  • Large mining farms with access to the newest ASIC batches reducing overall operating costs relative to marginal players (Bitfury in the Republic of Georgia)
  • Some mining pools (Organ sometimes has a break down of block makers)
  • Law firms (such as Perkins Coie)
  • Conference organizers such as Inside Bitcoins (but not The Bitcoin Foundation)
  • A handful of bitcoin-to-fiat exchanges (BTC-e, Bitfinex and a few others)
  • Scams (Moolah from Alex Green/Ryan Kennedy, GAW/PayCoin from Josh Garza, BFL, MyCoin and at least 42 others, more likely hundreds)
  • Botnet operators (botnet mining still exists, externalizing operating costs with “other people’s electricity”)
  • Ransomeware (CryptoLocker, KEYHolder, CryptoWall and a few dozen others)
  • Darknet Markets (Evolution “exit,” Sheep Marketplace “hack“; some low-hanging fruit exists for academics studying operators and providers that transitioned from Liberty Reserve to other DNMs, after it was shut down 2 years ago)

Perhaps all of this will change and this snapshot is “too early” as the bullish narrative claims.  Trends may change, no one has a crystal ball.

[Special thanks to CukeKing, Fabio Federici, Dave Hudson, Jonathan Levin and Pete Rizzo for their feedback and info]

  1. See Are there changes in the volume of retail transactions through Bitpay this past year?, Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? and A brief history of Bitcoin “wallet” growth []
  2. In Chapter 14 in The Anatomy: “If the labor force of bitcoin is spending $10 million on protecting the network yet real commerce is only $30 million, this would be equivalent to a mall issuing 1 out of 3 customers a personal security detail to go shopping.  Or in other words it is, arguably, quantitatively oversecure (it is not qualitatively trustless as shown by the trifecta of DeepBit, BTC Guild and GHash.io).” []
Send to Kindle

Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems

I have spent the past month compiling research that took place between August and the present day.  This was much more of a collaborative process than my previous publications as I had to talk with not just 8 geographically dispersed teams to find out what their approach was in this nascent field but also find out who is working on ideas that are closely related to these projects (as seen in Appendix A).

The culmination of this process can be found in this report: Permissioned distributed ledgers

Fortunately I had the help of not just astute practitioners in the industry who did the intellectual heavy lifting, but the resources and experience of the R3 CEV team where I am an advisor.

I think the three strongest areas are:

  • Richard Brown’s and Jo Lang’s description and visualization of smart contracts.  I loathe the term smart contracts (I prefer “banana” and Preston Byrne prefers “marmot”) and fortunately they distilled it to a level where many professionals can probably begin to understand it
  • Meher Roy’s excellent OSI-model for an “internet of money”
  • Robert Sams mental model of the core attributes of a permissioned distributed ledger

I think the weakest part is in the beginning of Section 8 regarding TCP/IP.  That is reflective of the fact that there is no perfect analogy because Bitcoin was designed to do many things that no other system does right now so there probably is no single apple’s to apple’s comparison.

While you do not need special internetcoins or fun buxx to use the internet (as it were), there is still a cost to someone to connect to the net.  So perhaps, the frictional differences between obtaining and securing an internet connection versus obtaining and securing a bitcoin at this time is probably something that should be highlighted more if the report is updated.

Wither Bitcoin?

For cryptocurrencies such as Bitcoin to do what it does best on its own terms, its competitive advantage lays with the native token and not representing real-world assets: its community needs to come to terms about what it is and is not good for.  Because of its inability to control off-chain assets its developers should stop promising that bitcoins — or metacoins and watermarked-coins that use Bitcoin as a transportation layer — as a panacea for managing off-chain assets, assets the network cannot control.  At most Bitcoin’s code base and node network operates as its own legal system for non-watermarked bitcoins.

Consequently, the advantage a cryptocurrency system has is endogenous enforcement of contractual terms — or as Taulant Ramabaja calls it: “fully blockchain endogenous state transition without any external dependencies.”  Or on-chain, dry code to dry code.

I wonder if someone in the future will call themselves a full “dry code” stack developer?

Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems

Send to Kindle

Interview with deBitcoin

Earlier today I was interviewed by Paul Buitink and Jop Hartog, co-hosts of a weekly show at deBitcoin, based in the Netherlands.  The other two guests were Roeland Creve and Andreas Wauters, co-founders of Gent Bitcoincity, based in Belgium.

All views are my own and they do not necessarily represent the views of the companies and organizations I am affiliated with.

Send to Kindle

Panel from Blockchain University Demo Day

A couple weeks ago I moderated a panel at Blockchain University, wrapping up the inaugural cohort.

Panelists included Atif Nazir (co-founder of Block.io), Matthieu Riou (co-founder of BlockCypher) and Greg Slepak (co-founder of okTurtles Foundation).  All three were instructors for the course this past winter.

Send to Kindle

Distributed Oversight: Custodians and Intermediaries

[Note: This past weekend I took part of a working group at Stanford University as part of the “Blockchain Global Impact”  conference — and we discussed some of the legal issues surrounding digital bearer assets.  Below is my written submission provided beforehand; I am not a lawyer but I did consult with several attorneys familiar with the Bitcoin ecosystem who provided feedback, some of which was incorporated.]

The prevailing view in the bitcoin community is that control, by virtue of knowledge of a private key, is synonymous with ownership of the contents of the associated address. In other words, bitcoin is often touted as a form bearer instrument. With the advent of “exchanges” and “hosted wallets,” the ecosystem birthed facilitators (custodians) and intermediaries (depositories) where an individual no longer controls the applicable access credentials.

As Professor Shawn Bayern noted, the nature of the rights one has with respect to directly-held bitcoin differs significantly from the indirect interest in bitcoin in an account held by a third party: “[As] a matter of law, the [user of an exchange or wallet] probably does not ‘own’ any bitcoins, at least not in the sense of having title to personal property corresponding directly to bitcoins. What the [party] has is simply a contract right against the operator of the website—what was classically, at common law, called a chose (i.e., thing) in action.”

What is the nature of this right? Does the user still own the bitcoins held at an exchange or wallet? Or, instead, has title passed to the wallet/exchange? If title remains with the user, the user might be termed a bailor and the exchange/wallet a bailee. On the other hand, if title has passed to the exchange/wallet, the user would likely be a creditor and the exchange/wallet a debtor. Of course, the user agreements are far from clear on this point. As it turns out, the first question you ask to determine whether a transfer of title has occurred is: does the transferor receive the same exact thing or merely equivalent things that was put in? If the former is true, a bailment may be possible (this is often referred to as safekeeping or custody). If the latter is true, the transaction would not be a bailment except in three specific cases discussed later below.

In terms of both funding and development, the two largest VC-backed verticals in the Bitcoin ecosystem are “exchanges” and hosted wallets – both of which often offer “vaults” called “cold storage” and sometimes some type of insurance for customers. The precise legalities of providing other services such as “tipping” is beyond the scope of this brief article. Suffice to say that at this time, there is probably no US-based VC-backed startup that is fully compliant with all deposit taking laws, money transmission laws, insurance laws and so forth.

Yet irrespective of personal views as to whether or not additional regulatory compliance should be expected of these nuvo financial intermediaries and custodians, one aspect that all startups can and would agree on is the need for “best practices” in financial controls. But this then circles back to legal compliance.

For instance, every funded exchange as of this writing pools their clients deposits into a shared hot wallet which is then dispersed into a cold wallet (which sometimes is further broken into “ice cold” or “glacier” wallets). Yet despite this element of security – or at least security theater – deposits can and have been expropriated by knowledgeable insiders including exchange operators themselves.   Commingling customer bitcoin effectively forecloses the possibility of bailment/custody because, once commingled, the user is unlikely to get the “same thing” bank that they put in.

How can the technology being developed in the larger Bitcoin ecosystem be used to mitigate or prevent his from happening? And more importantly, how can entrepreneurs structure their startups to be in compliance with the law?

In its BitLicense proposal to the New York State Department of Financial Service, the Crypto-Economy Working Group outlined several technology solutions including multisig, escrow, proof of reserves, proof of solvency, keyless wallets and continuous real-time auditing. Empirically we have seen the rapid growth in the use of multisig via a technique called pay-to-script-hash (P2SH) – a method which at the start of 2014 represented roughly 0% of all bitcoins yet now at the time of this writing encompasses about 8% of all bitcoins. That is to say, possessors of those direct and indirect interests have moved 8% of the bitcoin money supply into a multisig schema.

BitReserve is a VC-funded startup that has spearheaded the proof-of-reserve initiative, providing near real-time data of the assets in their “reserve” (cold wallet) and the liabilities or obligations to its depositors. Several other companies have attempted to position themselves as “keyless wallet” providers, most notably Blockchain.info. They claim to be a software company that has no access to user funds, keys or information – solely providing a website that generates a “wallet” based on a multi-word mnemonic that users must memorize or store as it is the sole access credential to “direct interests.” This type of segregation not only prevents maleficence from internal administrators but may also prevent Blockchain.info from being legally defined as a depository or custodian in some, if not all, jurisdictions.

But what happens if Bob loses this mnemonic? Then Bob loses control of the property, the bitcoin becomes inaccessible, ownerless (in our eyes) yet still exists as an entry on the blockchain.

Who does it belong to then? Did the network “steal” it? Its last legal owner was Bob, but to the Bitcoin network there is no distinction between ownership and possession. For instance, stealing is a legal term – not a physical phenomenon – thus whether it is rightfully transferred or not is the subject for legal scholars to debate.

Recall that the job of property systems is to associate the who(s) with the what(s). There is no infallible magic bullet. It is merely a question of best evidence. While possession and control is a pretty crude form of evidence but often nobody has better evidence of ownership. Registration is pretty good evidence but it can still be overcome. Think about a piece of artwork that Bob consigns to a gallery or that he registers. Or a title to his house. No matter what the title search says, Bob can never really know somebody won’t come out of the woodwork with better evidence of ownership. The question is really: how much protection does the law provide to an innocent purchaser for a particular type of property in a particular situation? This is still an open question with bitcoin.

What of bailments then? Does this distributed technology change the legal relationship between a bailor and bailee?

The term custody is reserved for bailments. After some consultation it appears you can only have a bailment when you get the same thing back that you put in and with “pooled” bitcoins, a depositor does not receive the same unspent transaction output (UTXO) as they originally deposited. Exceptions include: (1) fungible goods in warehouse; (2) currency in a particular type of bank account (special deposit); and (3) security entitlements (immobilized securities or pieces of a securitized pie). Bitcoin is not a good. Furthermore, hosted wallets are not warehouses. Bitcoin is not currently a legally defined currency and hosted wallets are not banks. A third idea is the trust company/broker dealer. While an entrepreneur may be able to secure a trust company charter, it has yet to be seen in the wild. And it is probably only scalable for a limited subset of uses and actors.

So, if we don’t have a bailment. We have something else. Again, after consulting with experts, we likely have a transfer of title and a corresponding debt owed to the depositor. If that is “checkable” or repayable upon request of depositor, then certain startups may have a problem under 12 USC 378(a)(2).

This seems to be the model that most startups has assumed is legally allowed. In fact, as of this writing, several VC-backed hosted wallets grant a “security interest” only on bitcoins they own. Alice’s hosted wallet startup may claim that “our bitcoins are insured.” Thus, if we were talking bailment, they would not be Alice’s startup’s bitcoin as the title would remain with the bailor (not Alice’s hosted wallet – who would be known as the bailee).

Now that organizations such as the Consumer Financial Protection Bureau (CFPB) have taken an interest in the Bitcoin ecosystem, how then, can Alice explain this to a consumer in a way that is not unfair, deceptive, or abusive? Is there anything in the technology that can help provide transparency and mitigate abuse?

In practice Alice will need to at least explain the effect on title in a manner that is consistent with reality. And she will likely have to be licensed, regulated and supervised to the same degree as others who operate in the same manner. While laws may change, it does not appear that a hosted wallet company falls within a loophole (currently).

In essence, there is a distinction between a facilitator and an intermediary.

And again, an intermediary is an institution that invests primarily in financial assets and that issues liabilities on itself (e.g., deposits). And a facilitator facilitate the financial transactions between intermediaries and their counterparties. They may hold some financial assets but their holdings are incidental to their facilitating roles. Custodians and money transmitters are the latter. Depositories are the former.

The questions for this working group should take these definitions into consideration and brainstorm how the technology being developed can not only help reduce the compliance requirements (if there is any leeway for that) but also fulfill financial controls “best practices” with respect to existing consumer protection laws.

A special focus should also highlight how exchanges operate in practice, that is to say, since they know the trading history, margin positions, when futures contracts will expire and other customer information – there is potential vectors of abuse such as front running and naked short selling by insiders. How can this be prevented, reduced and stopped?

Send to Kindle

Understanding value transfers to and from China

A couple days ago, on Monday, I was on a panel hosted at Stanford University as part of the “Blockchain Global Impact” conference.  The panel covered remittances, unbanked residents and financial inclusion.

Below is a presentation I put together based on research for Melotic, for SKBI in Singapore and in preparation for the panel.

Send to Kindle

Air pollution and the environment in China

About two weeks ago an in-depth investigative report covering the impact of pollution on the environment in China was uploaded and published on a number of Chinese video streaming sites.  It is called “Under the Dome” (based on the TV show).  It was an instant hit and reached over 200 million views within its first week — thereupon it was removed, scrubbed from the Chinese internet by censors.

I lived in three different cities during my five-year stay in China and the pollution varied from location to location.  Fortunately I spent the vast majority of the time in the south — which has its own issues — but the air was almost always better than the type found in the north and specifically in the Beijing metro.

This is not to say there were not very bad air pollution days too.  I recall my last week in Shanghai, in December 2013 (prior to moving to California), that in the twilight hours the smog was so thick that I couldn’t see the flashing red lights atop of the apartment I lived in.

It was bad enough that it earned its own Wikipedia entry and a number of news outlets wrote a few stories on it:

Below is the full version with English subtitles:

Send to Kindle

Questions for knowledge markets

I am often asked to provide content to community-driven question-and-answer sites like Quora, Stack Exchange and now Zapchain.  Here are a few I recently proposed:

  • “Why does the community tolerate and patronize altcoin exchanges that are fully anonymous, and allow illicit funds to go through?”
  • “What do the large venture funded companies do to promote transparency, financial controls and account segregation?”
  • “Is it possible for insiders at VC funded exchanges to trade against customer flows and futures contracts?”
  • “What can be done to bring assurance to those who have lost coins due to thefts/scams/hacks?”‘
  • “When will the industry begin to self-regulate?”
  • “How to proactively remove or prevent bad apples from tarnishing the community?”
  • “Bitcoin companies talk a lot about transparency of the blockchain, but very few have actual public data, is there ways to incentivize more openness?”

It will be interesting to see what, if any are answered.

Send to Kindle

What is the “real” price of bitcoin?

Even before Bitcoin was part of the zeitgeist for the digerati, people have been guessing what the price of a bitcoin should and should not be.

For instance, a couple days after version 0.1 was announced on the Metzdowd mailing list (back in January 2009), Hal Finney posted a possible scenario:

As an amusing thought experiment, imagine that Bitcoin is successful and becomes the dominant payment system in use throughout the world. Then the total value of the currency should be equal to the total value of all the wealth in the world. Current estimates of total worldwide household wealth that I have found range from $100 trillion to $300 trillion. With 20 million coins, that gives each coin a value of about $10 million.

So the possibility of generating coins today with a few cents of compute time may be quite a good bet, with a payoff of something like 100 million to 1! Even if the odds of Bitcoin succeeding to this degree are slim, are they really 100 million to one against? Something to think about…

Hal Finney, brilliant engineer and the world’s first Bitcoin price divinator.

Over the subsequent weeks, months and years there has been no shortage of guesstimates and “technical modeling” that gauge what the price will be.

For instance, a year ago (in February 2014), Founders Grid asked 50 Bitcoin “experts” what their bitcoin price predictions were over the next year.  The end result — all but a couple were completely, very wrong (see this spreadsheet for a line-by-line itemization).

Later, in May 2014, CoinTelegraph asked (video above) more than 30 Bitcoin “experts” as to what their bitcoin predictions were for the end of 2014.  Once again, all but a couple were completely, very wrong.

How could passionate enthusiasts who pay attention to Bitcoin-related news be so wildly off on what some consider a “sure-bet” moon shot?

The short answer: just because you are domain expert in one area does not mean you are a price modeling expert.  (Disclosure: I try not to give price predictions because I know I am not a price modeling expert)

Let’s look at a few examples.

Is there a “fair” price?

A couple days ago CoinDesk interviewed Denis Hertz, a project manager at ALFAquotes who has created the “Fair Bitcoin Price indicator.”  And that according to its calculations, the current fair price is $518.

How has he calculated it?

First, it calculates the changes in the cost of mining equipment and its performance. Next, it attempts to assess the change in difficulty of production, factoring in the electricity costs faced by miners on the network.

In particular, Hertz indicated that the fair value tool should be embraced by miners, as the price today is lower than the fair price – a factor he attributes to the recent string of bankruptcies and closures in the sector.

There are a few mid-to-late 19th century German economists that would be happy to see — what is effectively — the Labor Theory of Value as back en vogue.  But it is disingenuous to attribute value based on inputs because it wholly ignores the subjective valuation of the demand side of the equation.

It is not a valid way to measure value of a widget (or virtual commodity in this instance) for the same reason that the value of a Renoir or Matisse painting is not based on the value of the inputs (oil paint, canvas, brush, frame, etc.).

Speaking of art: David Andolfatto, a marbleized personification of Marcus Aurelius, also disagreed:david andolfatto bitcoin price

Reservation Demand

It is unclear where this theory first started in relation to bitcoin, perhaps it was from Curtis Yarvin, who writes at Unqualified Offerings as Mencius Moldbug (he briefly discussed this idea four years ago).

The main thrust of this idea is that because some market participants buy and perma-hold an asset, it removes supply from the market, thereby ceteris paribus – assuming the same quantity demanded — it should eventually push market prices higher because less supply is available.  Or in short, if people hoard bitcoins, their price will somehow rise.

Their are multiple problems with this theory:

1) Financial history is littered with corpses of people, organizations and countries that try to corner supply to artificially boost an asset price.  And in bitcoin, the hoarders are collectively trying to do what the Hunt brothers tried to do with silver, what Malaysia tried to do with tin and what China tries to do with rare earth elements.  It doesn’t work because cornering supply has never guaranteed long-term price rises and if everyone hoarded, it would make bitcoin have zero economic value because there would be no circular flow of income (see also the coordination problem below in #4).

I spoke with George Samman, co-founder of BTC.sx and frequent writer on Bitcoin-related topics.  In his view:

Hoarding does not help the bitcoin economy at all, in fact it stifles its growth as its clamoring for traction and mass acceptance. It locks up bitcoin in a place where its not being cycled back and forth making it scarce and therefore making it economically unviable as a currency and as a means of transaction. Hoarding in no way makes bitcoin a viable solution in the medium to long term. Not to mention if hoarding is done to manipulate price, it may work short-term, but cornering supply has never been a great wealth strategy especially as people and/or governments sniff out manipulation and “change the rules of the game.” Its more of a going bust strategy.

2) It does not account for and seems to ignore both transactional demand and speculative demand.  Because price discovery currently takes place in relation to national currencies on exchanges, it is the liquidity at exchanges and the changing demand of this liquidity which directly impacts prices.  Perma-holding (“hodling”) likely makes it more difficult to get into and out of positions (due to slippage).1

And what impacts the demand on exchanges?

The volatility in demand (changes in demand) likely comes from the fact that the “fair value” of bitcoin is constantly fluctuating.  For instance, every time a new “big adopter” rumor is posted on reddit, a professional exchange opens, an exchange gets robbed, a new central bank paper is released, or a regulator gives a speech — the expected future value of bitcoin changes.

For instance, last February, when the market learned up to 850,000 bitcoins may have been permanently removed from circulation (simply did not exist), knowledge that became public due to the bankruptcy of Mt. Gox, prices rose but then fell a couple weeks later when it was announced that perhaps 200,000 coins may have been located in a disused wallet.  The market was incorporating changes in supply relative to existing speculative demand.

Robert Sams, co-founder of Clearmatics and a former interest rate trader, has a good explanation (pdf) of this phenomenon:

If a cryptocurrency system aims to be a general medium-of-exchange, deterministic coin supply is a bug rather than a feature. This is because changes in coin demand get translated into changes in coin price, making price volatility proportional to demand volatility. But that is only a first order e ffect, for expectations of future levels of coin demand give rise to speculation. If the expectations of the long-term rate of coin adoption are signi cantly greater than the rate of coin supply growth, people will buy and hold coin in anticipation of future adoption, driving up the current price of coin.

It is the nature of markets to push expectations about the future into current prices. Deterministic money supply combined with uncertain future money demand conspire to make the market price of a coin a sort of prediction market on its own future adoption. Since rates of future adoption are highly uncertain, high volatility is inevitable, as expectations wax and wane with coin-related news, and the coin market rationalises high expected returns with high volatility (no free lunch).

Or in another example: if Satoshi’s alleged 1 million coins started moving around, it would also likely drive down the price as this supply has largely been considered removed from circulation, specifically at exchanges.2

3) While bitcoin’s creation rate is fixed, perma-holding is equivalent to buying a fleet of airplanes and then locking them in warehouses with the belief that merely removing them from the supply chain, that it will increase the overall value of the airplane and/or airline industry. Sure those planes may one day appreciate in value to become highly assessed museum pieces, but this ignores the utility of flying entirely.

nyc tokenThis is a similar problem with most tokens in the “Bitcoin 2.0″ world which purportedly give you access to networks (e.g., pre-paid gift cards).  In this case it would be akin to going to the New York subway in the 1980s, removing a handful of subway tokens and storing them in a lock box with the belief that their value will rapidly appreciate.

They may eventually become a valuable collectible or antique, but all that happens in the latter situation is that the subway token minter will just create more to replace those removed from circulation; the intended utility is riding the subway, not perma-storing value in the token itself (in December 2014, residents of St. Petersburg “hoarded” subway tokens for a different reason).

4) It likely runs into a coordination problem.  Each individual has different time preferences and horizons for how and when they will sell their assets at (in this case, bitcoins).  Empirically we have seen this story before with OPEC, in which participants “cheat” and do not follow their internal “Honors Program” — producing more oil than their quotas.  And as a consequence, it increases downside pressure on the price.

Organizing individuals and jawboning them into selling or holding as frequently occurs on social media with relation to bitcoin and other altcoins.  This is what Josh Garza has tried to do with Paycoin, who has promised a variety of price floors (notably $20).  Yet because the market is decentralized, he has ended up resorting to tactics such as an ad hoc “Honors Program” in which he (and his employees) try to convince other holders/traders not to all sell at once because this drives down the price below the promised price floor (due to a lack of additional demand).  In fact, despite these hopes and dreams, as of this writing Paycoin is roughly at an all-time low hovering around $0.60 per coin.  Maybe that will change, but then again, that could be wishful thinking (note: Garza’s GAW mining is likely some type of fraud).

In order for bitcoin to reach and maintain a stratospheric price level (greater than $2,000 a coin) in the face of similar coordinated and uncoordinated sell-side pressure, at least an equal amount of speculative (and/or transactional) demand would need to be brought on board to absorb a similar sell off of bitcoins.3

What happens if such demand does not materialize to absorb it?  Prices drop.

For example, last September I provided some comments to CoinDesk about why prices fluctuate which touch on the demand side on exchanges and OTC facilitators:

And in other cases, an OTC buyer can affect exchange via “buy pressure.”  If he begins buying directly from an OTC provider, avoiding an exchange, the exchange loses its buy wall thus affecting price.  The sell pressure forces the price down and once a large buyer goes “off-market,” he is weakening the buy pressure.  If all the buyers and sellers are “off-market,” we can say that exchange price and price discovery is distorted.  As my friend Raffael Danielli recently said, “Information is never off-chain and ultimately information makes the price.”  Consequently today information spreads very quickly and if a broker can make money because he facilitates “off-chain” transaction and knows “better” what the real price is then game theory dictates he should take advantage off this (investment banks do the same with OTC).

So in addition to partnership agreements, they probably also sell somewhere else to mitigate exposure to this volatility.  In addition, many miners have to finance their operations and at current prices of $410, roughly $1.6 million is created every day via block rewards and it has to go somewhere.  Fewer people buying?  Down we go.

Merchant acceptance

On almost a daily basis there is a discussion on reddit or Twitter about merchant acceptance and how the increase in adoption of bitcoins for payments by merchants should eventually be reflected in higher market prices of bitcoin itself.  This reasoning is problematic for a variety of reasons but most importantly: empirically it has not happened because it doesn’t account for any changes in consumer demand for the token.

Why haven’t consumers increased their demand of cryptocurrencies for retail transactions?

In August last year, Wedbush, an equity research firm, made the claim that:

Volatility in the price of bitcoin should not impede retailer acceptance of bitcoin, in our opinion, as merchants and payment processors are entirely shielded, and we expect consumers will be shielded in the future.

This is a bit of wishful thinking.  While there are an increasing amount of products and services that can hedge against volatility (such as Hedgy or Tera Exchange), in each instance, this costs a customer both time and money — which the average consumer probably is not interested in becoming experts at (e.g., airline fuel hedging strategies).  Consumers want stable currencies, not friction-full hobbies they have to fiddle around and hedge against every day.4

Why does this matter?

In its February 2015 analysis (pdf), the European Banking Commission looked at a variety of opportunities and challenges of “virtual currency schemes.”  One area that it looked at was:

Is Bitcoin establishing itself as a successful payment method?

In general, a buyer and a seller can agree on anything to be used as money (both regulated and unregulated payment methods) in a specific transaction. Consequently, virtual currencies may also be used as a payment method if both sides agree. The basic problem for every two-sided market is, however, that it needs “critical mass” on both sides for it to function. For payment cards and other payment instruments, reaching critical mass requires having enough merchants who accept the payment instrument and enough users who want to use the payment instrument so that it becomes attractive for other merchants and other users to join, thereby accelerating the network effects.

There are now over 100,000 merchants that now accept bitcoin for payments, up from ~20k last January.  At this rate, by the end of next year, there will probably be more merchants that accept bitcoins than actual on-chain users of bitcoin.

While any number of reasons are stated for why merchants could and should continue supporting bitcoin, unless consumers use it on a regular basis, continuing to train employees on how to accept it at point-of-sale consumes is an opportunity cost for merchants as those resources could be used for other purposes (there have been several recent threads on reddit from Wholly Hemp on this issue).

Why is that?  Recall that there has likely been no change in aggregate retail usage by consumers this past year.  That is to say, while nominal on-chain transaction volume may have increased, the aggregate, the total amount of bitcoins used altogether for retail commerce has stayed roughly the same (the rest is apparently superfluous activity).  If you are a merchant, why should you continue to support a foreign currency that costs more to support than you save by accepting it?  Again, maybe this will change in the future and more merchant adoption does, for some reason, spur consumer usage.

Percent of precious metals and transaction volumes

The basic idea of this argument, from among many organizations such as Pantera Capital (a fund dedicated to Bitcoin-related investments), is that if bitcoin is the digital equivalent to gold or silver — or is even in fact superior to gold and silver — then should it not follow that its market cap should absorb some percentage of these metals?

For instance, last October, Pantera provided an assessment (pdf) related to the price per bitcoin relative to the market capitalization of a variety of assets (including gold, remittances, payments and global money supply (as measured by M2) itself:

pantera bitcoin prices

From Pantera Capital

While some of their 2014 predictions haven’t panned out (recall “interest” versus “adoption”), perhaps future events will swing their way and change with the advent of new investment vehicles like GBTC or ETFs.

Again, that chart above states that if bitcoin absorbed the market cap of gold, each bitcoin would be worth as much as $550,954.  And what would happen if bitcoin somehow absorbed the market cap of the world money supply (and payments, remittances, gold, etc.)?  It would purportedly reach as high as $4,291,060 a piece.

However, under such a scenario, not only does this run into the logistical exergetic issues of the “Million Dollar Bitcoin” (pdf) but variations of this argument also involve supplanting some percentage of a payment rail.  For instance, if the Bitcoin network captured X% of the daily transaction volume of Visa or ACH then it should create additional demand for bitcoin, bidding up the market value to new highs.  But this could be a non sequitur.  Just because supporters find value in this “virtual currency scheme” does not mean the rest of the market will.  Perhaps they will, but in this circumstance, this tech is not being built in a vacuum so maybe not.

For example, currently listed on AngelList:

While many of these startups will burn out of capital and fail to gain traction, there may be a handful that do find significant consumer adoption — and it may or may not involve a cryptocurrency.5

One additional challenge with the X%-of-incumbents market share argument (and this occurs in every industry) is that it assumes that market participants (Alice and Cathy) are willing to go through the frictions to use Bitcoin, the network instead of existing rails or products like Apple Pay.  Or that Alice and Cathy perceive bitcoin, the asset, the same way as some backers do.  It could happen but is conceivable that it may not as well (to be even handed, there are any number of investors and entrepreneurs that have bullish views, Pantera was just used as an example).

For balance I spoke with Raffael Danielli, a quantitative analyst at ING Investment Management and proprietor of Matlab Trading, and in his view:

In terms of pricing bitcoin, equity models do not work (no dividends, no predictable cash flows) and forex models also don’t work.  At this moment I would value Bitcoin somehow like gold, meaning lots of speculative value and little intrinsic value. When people make those comparisons with precious metals they usually assume that “what if Bitcoin became as big as the market cap of xyz”. More realistically would be to assume “what if Bitcoin became x% as big as the market cap of xyz” with x being (a lot) smaller than 100 because both are competing for the same market share (not entirely true but to some degree).

This also touches on the binary outcome argument: that bitcoin will either go to the moon or fall to zero.  This is a false dichotomy.  Just as it would be fallacious to assume that a new car marquis will absorb all of the market share from the rest of the industry (or none at all), or that a new computer company will similarly displace all incumbents (or none at all), so to is it incorrect to assume that a cryptocurrency only has two directions to go: vaulting into geosynchronous orbit or crashing on the launch pad.

What happened to something in the middle; remain-a-viable niche?

Technical analysis

dilbert technical analysis

To cut to the chase, all bitcoin technical analysis has about as much scientific predictive power as phrenology does.  Not only is the market illiquid and manipulable (see Willy Bot) but there is (probably) still no real fundamental value beyond the transactional demand floor set most likely by the demand generated through the trade of illicit goods and services.  Perhaps that will change in the future, but maybe not.

For instance, Ryan Selkis (“Two Bit Idiot”) recently performed a back-of-the-envelope calculation to create an estimate for “transactional demand” — dialing down to a figure of $0.25 per bitcoin.

A year and a half ago, when the market price of a bitcoin was $143, Rick Falkvinge put together perhaps the only analysis of transactional demand generated by illicit trade (e.g., online gambling, dark markets, Silk Road, etc.).  Based on his own break down of the velocity of coins it amounted to roughly $1.12.  Everything on top of that is based on speculative demand.

In his words, “[…] the current value of one bitcoin, as backed by exchange of products and services in its role as a transactional currency, is roughly one US dollar and twelve US cents. And that’s still a generous estimate.”

Interestingly enough, Falkvinge reached out to Automattic, parent company of WordPress (a CMS developer and web host) to find out what kind of payment volume they had observed (they originally announced support for bitcoin payments in November 2012).  According to Falkvinge:

What about normal products and services? To get a ballpark understanding, I contacted Automattic (the parent company of WordPress) and asked politely if they could share how much revenue they have received in bitcoin, being one of the highest-visibility brands ever to accept bitcoin. The answer came quickly – “a couple of hundred dollars worth, so far”. If the highest-visibility brand accepting bitcoin has had less than two bitcoin in revenue in total, then for all intents and purposes, there is currently no measurable bitcoin economy outside of drugs and gambling.

Last July I also reached out to Automattic to find out if the volume had changed.  In an exchange with Chris L., from customer service (ticket #1886104), he stated:

We will not disclose that type of information since we keep our financial information private, as well as any information as it relates to our users.  If you have any follow up questions, or concerns, please do not hesitate to reply back.

Fast forward to last week, Matt Mullenweg, co-founder of WordPress explained that bitcoin was recently dropped as a payments option (it may be added again later).  Why?

The volume has been dropping since launch, in 2014 it was only used about twice a week, which is vanishingly small compared to other methods of payment we offer.

Conclusions

The takeaway should not be seen as “bitcoin does not have value” or that “bitcoin will not increase in value” or that even “bitcoin will not displace gold as a store of value.”  It clearly does have some kind of value to thousands, perhaps enormous value and utility to hundreds of thousands of traders, merchants and consumers of all stripes.

But in almost every case above, as well as many more often stated on forums, the argument is typically from a supply-sided viewpoint and not the demand (see Steve Waldman’s comments from the Cryptoecon event).  Historically most of the speculative demand seems to originate from a variety of investors with high risk tolerance and low time preference, with the expectation that prices will eventually go up (for a variety of reasons).

While it could change, empirically, we see that in general most participants are still holding coins and not using it for trade or commerce.6  And without any additional actual use-cases that generate transactional demand or additional aggregate demand from outside investors, it is likely that the bitcoin price will largely stay within the range it has seen this past year.  After all, why would it increase just because a large whale has moved a significant quantity to a cold wallet?

How then, can the market value of bitcoin — with a marketcap (or money supply) similar to that of the M1 of the Bolivian boliviano (according to the same ECB report above) — change in the future?7

Every bitcoin holder benefits from any kind of “good” news.  So there is an incentive to pump and manufacture as much good news as possible (e.g., astroturfing).  This seems to have culminated in an effort announced last week by the Bitcoin Foundation:

The Bitcoin Foundation announced today a partnership with Bitcoin companies BitFury, BitGo, Tally Capital, ChangeTip, and Bitcoin Foundation lifetime member Bruce Fenton to engage theAudience – one of the world’s largest multi-channel publishers of social and digital content. theAudience’s team of digital storytellers will work closely with these groups to launch a multi-faceted social and traditional media campaign to educate businesses, consumers, and society at large about Bitcoin.

Is this the same type of payola that “Tom Butterfield” investigated last summer?  The downside of this “educational” push is now any time there is “good” news, we may have to consider the source to find out if it is organic or just a sponsored puff piece.

Though in the end, it probably doesn’t really matter what we think or publish, what matters is — like all markets — is what the actual traders on markets think.  And as an aggregate of their demand relative to the available supply on exchanges, the value is around $270 today.  Perhaps future expectations of utility and value will dramatically change once the BitLicense is fully resolved and professional exchanges such as Gemini and LedgerX come online.

future-crystal-ball1Future research

Is there a way to model prices?

Future research could look at breaking down a cryptocurrency into consumption segments/tranches just as gold is typically done: (e.g., jewelry, investments, industry, etc.).

One reviewer suggested another way to model the future price of bitcoin:

Let v(t) denote the purchasing power of bitcoin (or USD) at date t.

Let R(t+1) = v(t+1)/v(t) denote the (gross) rate of return on (zero interest) money.

Since money (BTC included) is an asset, it must earn an expected rate of return E[R(t+1)] that competes with other forms of wealth. We might make adjustments based on liquidity premia etc, but to a first approximation, let’s just say that the expected rate of return from holding BTC must be about the same as holding any other asset. This is basically the EMH. And it is a compelling argument (just do the counterfactual).

So, for those people expecting huge capital gains from holding BTC… they may turn out to be correct ex post but, if they are, they would just be lucky. The same holds true for any other asset.

Moreover, the EMH tells us that the value of BTC v(t) must follow a random walk with drift — the best forecast for tomorrow’s BTC price is today’s BTC price (plus a modest drift term).

The EMH above only pins down the expected rate of return on an asset — it does not have anything to say about the *level* v(t), only its rate of change.

It is unclear what, if anything, pins down v(t) for BTC, or any fiat object. There are some theories, but in general, I think that v(t) may be indeterminate (i.e., the equilibrium v(t) could be a self-fulfilling prophecy).

If this conjecture is correct, then one could imagine discrete jumps in v(t) that happen for no good reason at all (pure psychology), without altering the expected return properties of the asset.

So, for example, the BTC price could suddenly drop from $300 to $100 and at the same time be a very good investment because if you buy it at $100, it is still expected to generate a competitive return. But this does not mean that the price might not jump down again to $50, or, indeed, up to $150.

One limitation to this approach is that EMH probably more appropriately applies in a normal, more highly liquid market with professional traders that are better informed and have equal access to information (there are currently a number of information asymmetries) and in which financial controls are the norm and not the exception — recall that there is no “neutral” exchange in the cryptocurrency world, all “exchanges” are effectively broker-dealers.

So the approach above assumes that insiders and operators of large exchanges are segregated from financial information of their customers, which they are not (e.g., because of a lack of financial controls, some exchange operators can currently front-run and ‘naked short sell’ their own customers which then distorts price discovery and the overall market).

Researchers may also be able to build a short-term sentiment index of large traders and market makers.  For instance, “accelerating merchant adoption” is typically mentioned as a bullish catalyst.  Maybe that’s true in the long-run but in the short-run it probably isn’t (as described above).  In a first step someone could create a simple regression model to measure the coefficient of “one unit of market adoption” on the market price. Then in a second step make some assumptions about market adoption for all of 2015 and use the estimated coefficient to derive (one small part) of the future price.

If someone does it like this for the most important market actors and factors, you could be able to derive a future price that is more than just a gut feeling.

See also: Eric Tymoigne: “The fair price of bitcoins as measured by the discounted value of future cash flows is zero.”

  1. As we have also seen with altcoins it could also reduce liquidity on exchanges amplifying volatility.  One reviewer suggested that with traditional equities, in such a scenario the impact is likely on liquidity and not on value since traditional calculations always take all outstanding shares into account when calculating value, not just the ones traded on an exchange. []
  2. See also: Too Many Bitcoins: Making Sense of Exaggerated Inventory Claims []
  3. See How do Bitcoin payment processors work? []
  4. In one respect, a similar problem faced Linux F/OSS adoption 20 years ago: end-users wanted a desktop OS, not a full-time hobby. []
  5. See Is the adoption of blockchains and consensus ledgers a foregone conclusion? []
  6. It is arguably rational to hold with the expectation of price appreciation; spending may actually be irrational []
  7. See also Why Bitcoin does not have a market cap []
Send to Kindle

Eric Tymoigne: “The fair price of bitcoins as measured by the discounted value of future cash flows is zero.”

Earlier today The Wall Street Journal posted two responses to the question: “Do Cryptocurrencies Such as Bitcoin Have a Future?”

The ‘Yes’ answer was penned by Campbell R. Harvey, a professor at Duke University.

The ‘No’ answer was penned by Eric Tymoigne an assistant professor at Lewis & Clark College.

I don’t fully agree with all of Tymoigne’s points, but I think the areas regarding speculative demand are empirically valid — he also has a couple other good, concise points that tie in with what Robert Sams has previously discussed (see Seigniorage Shares).

Below is Tymoigne’s full response:

“NO: As a Currency, Bitcoin Violates All the Rules of Finance”

By Eric Tymoigne

Bitcoins are an odd sort of commodity. They are not financial instruments. The value fluctuates widely, in line with changing views regarding the overall usefulness of the bitcoin payment system and the speculative manias surrounding such views. There is no financial logic behind bitcoins’ face value.

In other words, if you like to gamble, this is a perfect asset. If you are looking for an alternative monetary instrument, look elsewhere.

The bitcoin system has two components: the means of payment themselves, and an online ledger, called the block chain, which is a record of all bitcoins that have been created and who holds them. The ledger is the main innovation. It provides an open, decentralized, fast, cheap and supposedly secure means of completing transactions.

Volatile and Illiquid

But as an alleged alternative currency, bitcoin is unacceptable. Its volatility and lack of liquidity pose risks far beyond most traditional currencies.

To understand why, take a quick look at how real money works. Monetary instruments are securities. As such, they have a term to maturity (instantaneous) and an issuer—often a central bank or private banks—that promises to pay the bearer the full face value. Gold coins are a collateralized form of such security. Paper, cheap metal, and electronic entries are the forms such securities take today. The characteristics of these securities allow them to circulate at a stable nominal value (par) in the right financial infrastructure and as long as the creditworthiness of the issuer is strong. This provides a reliable means to complete transactions and, more important, service debts.

Bitcoins, meanwhile, violate all of the rules of finance. There is no central issuer guaranteeing payment at face value to the bearer; in fact, there is no underlying face value, and subsequently no imputed value at maturity, which means they are completely impractical for use in servicing of debt. The fair price of bitcoins as measured by the discounted value of future cash flows is zero.

Bitcoins pose a huge liquidity risk. Ultimately, anyone with bitcoins has to convert them into a national unit of account—dollars, say, or euros—to pay taxes or personal debts and to make other transactions. Their extreme volatility makes them a bad bet if one plans to buy a house in a few years, is saving for college, or has regular payments on, say, a mortgage or car. If bitcoins were a large asset in a portfolio, the investor’s solvency would be at risk. This certainly would be the case if bitcoins were promoted for poorer individuals who don’t have access to banking today.

Logic and Illogic

For an economy to work well, money needs to be created (for example, through bank credits or government spending) and withdrawn (through debt servicing and tax payments) following economic logic. We have all seen recently, in the global financial collapse of 2008-09, how irresponsible behavior on the part of big banks with regard to their lending and debt-servicing practices can set off widespread financial panic followed by years of economic stagnation.

The mechanics of creating and withdrawing money need to operate not only with sound economic logic. They also should be simple, to accommodate quickly the needs of a flexible economy. Today, money is created and destroyed in seconds through digital entries.

Bitcoins, by contrast, are created using a purely mathematical logic that lacks financial or economic underpinnings (currently 25 new bitcoins every 10 minutes); and they can’t be retired as needed to maintain their scarcity. Given the lack of economic logic behind the net injection of bitcoins, there is increased risk of financial and price instability.

The block chain is useful as an authentication tool and is the main innovation. But it’s too soon to tell whether it can have other applications. For now, unfortunately, it’s a potential step forward accompanied by an actual step backward.

Send to Kindle

A brief history of Bitcoin “wallet” growth

There has been a lot of investment and press coverage of the overall Bitcoin ecosystem.  So what kind of growth have some of the larger companies historically had?

Even though it is not an accurate measure of growth or adoption (see Measuring Interest and Not User Adoption), a lot of discussion on social media typically uses self-reported “wallet” numbers as a valid metric for traction.  Ignoring the fact that there is nothing in the protocol that can be described as a “wallet” (there are no real “payment buckets,” since addresses are essentially just UTXO labels), for simplification purposes, we will talk about what are typically referred to as wallets.1

A brief history

As mentioned in a working paper last spring, Coinbase began 2013 with ~13,000 wallets and on February 27, 2014 announced it had reached 1 million.

Similarly, Blockchain.info had roughly ~13,000 wallets in August 2012 and reached 1 million in January 2014.  On April 14, 2014, Blockchain.info reached 1.5 million wallets.

Yet it is unclear how many are active or actually have any bitcoins in them (similar uncertainties surround Coinbase wallets).  More on that later.

Fast forward to the present day, Blockchain.info recently announced that it had 3 million wallets and Coinbase now has 2.5 million (note: the about section on Coinbase also states there are 2 million “users” though that is unclear if they are active, KYC’ed users with an actual balance or just a registered empty account).

Altogether, Coinbase purportedly added 1.5 million new wallets over the past year and Blockchain.info supposedly doubled its own wallets.

Sounds like real consumer traction?

Or, maybe not.

Why?  Because there is no cost to open or create a wallet.  In fact, for “best practices” users are supposed to use only one address per transaction due to privacy and security concerns.  Thus, consequently the growth in wallet creation could be a skewed metric.

Internal usage

According to media reports, merchants accepting bitcoin for payments globally increased from ~21,000 in January 2014 to now over 100,000 as of February 2015.  Of that total, Coinbase states it has 38,000 merchants and BitPay claims 53,738 merchants accept bitcoin payments through them.

What does this “growth” actually look like?

coinbase offchain transactions

Above is a chart covering the past year from Coinbase which illustrates the daily off-chain transaction volume, the transactions that take place within the Coinbase database.

While it is unclear if all of this activity represents merchant processing, vault movements, etc., the trend over the year is actually relatively flat.  Perhaps that will change in the future.

Can we be sure that this flatness is missing actual merchant activity?

Four-and-a-half months ago, in October 2014, Brian Armstrong and Fred Ehrsam, co-founders of Coinbase, did a reddit AMA.  At the 31:56 minute mark (video), Fred discussed merchant flows:

One other thing I’ve had some people ask me IRL and I’ve seen on reddit occasionally too, is this concept of more merchants coming on board in bitcoin and that causing selling pressure, or the price to go down. [Coinbase is] one of the largest merchant processors, I really don’t think that is true.  Well one, the volumes that merchants are processing aren’t negligible but they’re not super high especially when compared to people who are kind of buying and selling bitcoin.  Like the trend is going in the right direction there but in absolute terms that’s still true.  So I think that is largely a myth.

What about Blockchain.info?

blockchain my wallet transaction volume

Above is a chart measuring the internal transaction volume over the past year of the “My Wallet” feature (the product name of the user wallet) from Blockchain.info.

Earlier this week, Blockchain.info claimed that “over $270 million in bitcoin transactions occurred via its wallets over the past seven days.”

But this is probably not accurate.  Organ of Corti pointed out that the 7 day average was indeed ~720,000 bitcoins in total output volume (thus making) the weekly volume would be about “5e06 btc for the network.”

Is it valid to multiply the total output volume by USD (or euros or yen)?  No.

Why not?  Because most of this activity is probably a combination of wallet shuffling, laundering and mixing of coins (e.g., use of SharedSend and burner wallets) or any number of superfluous activity.  It was not $270 million of economic trade.

Blockchain.info’s press release seems to be implying that economic trade is taking place, in which all transactions are (probably) transactions to new individuals when in reality it could simply be a lot of “change” address movement.  And more to the point, the actual internal volume looks roughly the same as has been the past few months (why issue a press release now?).

Is there another way to look at this?

blockchain my wallet number of transaction per day

Above is a chart from Blockchain.info that visualizes “My Wallet” transaction volume over the past year.

While Blockchain.info has seen transactions per day roughly double over the past year (from 25,000 to 50,000), without doxxing where those bitcoins go, it cannot be said that a doubling of economic activity, or that bonafide consumer traction has taken place.

Has there been any “exponential” growth, adoption or traction?  Probably not.  Again, perhaps that will change, but consumer usage could simply continue to grow at a linear fashion or maybe even less as well.

There may be a number of reasons, perhaps the average consumer is still someone who buys and holds bitcoin as a speculative investment and has no need to actually spend it with the available merchants.  But this is a topic for another post (see also Zombie activity).

ChangeTip

ChangeTip was founded on December 17, 2013.  It is not generally seen as a wallet, like the services above, in fact it currently bills itself as a micropayment service (e.g., “tipping”).  However, users need a ChangeTip wallet — which is provided for free through its platform — in order to perform their tipping services.

While their “Offsite storage wallet” (cold storage) is publicly accessible, below are three charts culled from Changetip real-time usage stats which has been broken the last couple of weeks (or the API they were collecting data from is broken; or both).  The time period is from between December 6, 2014 and February 17, 2015, covering ~73 days including Christmas and BitPay’s “Bitcoin St. Petersburg Bowl.”

changetip total number of tips sent

The chart above visualizes the total number of tips sent on the ChangeTip platform .  In just over 2 months it increased from: 119,740 tips to 187,071 tips.  During this 73 day period, approximately 67,331 tips were sent which is roughly 922 per day.

changetip total usd tipped to date

The chart above visualizes the total USD tipped to date (at current exchange rate).  During this time frame it increased from: $54,767 to $111,963.  Thus $57,196 was sent in tips during 73 days, roughly $783 per day.

changetip total numbers of users

The chart above visualizes the total number of ChangeTip users during the same time frame.  It increased from 45,851 users to 67,469 users.  According to this data, 21,618 users joined ChangeTip during 73 days, which is approximately 296 new users per day.

Altogether this comes to a grand total as of February 17, 2015 — 67,469 users have sent 187,071 tips totaling $111,963.  The average user has sent 2.7 tips altogether, with each tip worth about $0.60 (just under 60 cents to be precise).

Perhaps this trend will change — in addition to its usage on Twitter and Reddit they have added support to Slack and Youtube.

But then again, maybe tipping is not a really accurate, useful or desirable signaling mechanism (recall that micropayments is not a new idea).  And while speculative, a lack of traction could be one of the reasons why — after 3 months since Coinbase first launched their own — it recently dropped their own tipping feature (e.g., the engineering resources consumed more than the service generated).

Future research and conclusions

What about Android Bitcoin wallets?  Last October a github user put together a short comparison of the top 10 Bitcoin wallets by number of downloads.  What we saw then was a power law distribution: growth in downloads among the top 3 but a relative plateau for others.  More striking was that there was linear growth, not exponential.  Future research should also take into account the corresponding amount of deleted wallets and inactive wallets.  Note: last May at the Dutch Nationaal Bitcoin Congres, Mike Hearn described this comparison of downloaded vs deleted wallets at length, see his presentation (video) starting at 11:30m.

Bitreserve, which incidentally also launched in October 2014, provides a public transparency stats page which could serve as the beginning of a “best practices” for the industry.

Why is this important?

We have previously looked at BitPay data (which was flat).  Circle and Xapo have not publicly released much data at this time (incidentally, breadwallet is actually ranked higher at #4 in the Apple Store than both Coinbase and Xapo).  Yet from the data above it is increasingly clear that actual user numbers should not be conflated with wallet creation numbers.

Aside from movement into P2SH addresses, it is hard to really say where large, sustained organic growth is occurring.  Perhaps it is only a matter of time, maybe it is “early days” as some say.  Or maybe it is a reflection of other economic development constraints.

Update:

I received an email from Andreas Schildbach, creator of the Android Bitcoin wallet, and a portion of it is posted below (with his permission):

Install count is at 700k. Perhaps an interesting metric is that on GitHub, it’s forked 384 times (and starred 371 times). A lot of these forks made it to the Play Store.

Update 2:

I received an email from Wendell Davis, creator of the Hive Wallet.  According to him, all the Hive Wallet stats are open and accessible.  He also pointed to a similar, smaller discussion on reddit last fall.

Update 3:

BitcoinPulse has been tracking the total amount of downloads for the Satoshi bitcoind client (the reference client); over the past year there has been a linear increase in downloads.  Arianna Simpson pointed out that MultiBit, as of March 2014, had at least 1.5 million downloads.

  1. I would like to, again, thank Andrew Poelstra for crystalizing this point for me. []
Send to Kindle

While we wait for another Bitcoin black swan event

I was interviewed and quoted a few times in the past couple weeks:

Is Bitcoin Stalling? at Technology Review:

The design of Bitcoin and the blockchain, its public transaction ledger, make it challenging to distinguish specific types of transactions. Nonetheless, researchers from the U.S. Federal Reserve determined in a recent analysis that the currency is “still barely used for payments for goods and services.” Last week, nearly 200,000 bitcoins changed hands each day, on average. But fewer than 5,000 bitcoins per day (worth roughly $1.2 million) are being used for retail transactions, according to estimates by Tim Swanson, head of business development at Melotic, a Hong Kong-based cryptocurrency technology company. After some growth in 2013, retail volume in 2014 was mostly flat, says Swanson.

After the Bitcoin Gold Rush at The New Republic:

“Some of the New York Bitcoin Center guys are pretty religious,” says Tim Swanson, who has written two e-books on cryptocurrencies in the past year, most recently The Anatomy of a Money-like Informational Commodity: A Study of Bitcoin. Before that, while living in China, he built his own graphics-chip miners. (Some of his miners have since been re-purposed as gaming systems.) Swanson has grown increasingly skeptical that Bitcoin will unsettle the existing finance megaliths. “You have centralization without the benefits of centralization,” he says. Bitcoin’s promise of frictionless finance is drowning in the ever more immense cost of mining, user-friendly infrastructure, and appeasing regulators.

“Being your own bank sounds cool in theory,” Swanson says, “but it’s a pain in reality.”

Beyond Bitcoin, episode #27: An Architecture For The Internet Of Money at Let’s Talk Bitcoin.

In this episode, Meher Roy does a fantastic job explaining what a neutral, agnostic protocol actually is and why the current allotment of cryptocurrency “protocols” are not real protocols.  Many thanks to Arthur Falls for his time, patience and great questions.  We will all miss the show.

Send to Kindle

Can Bitcoin’s internal economy securely grow relative to its outputs?

killer app mouse trapHow do economies grow?

At the end of the day, that is ultimately the question that the Bitcoin community is asking when it asks, “what is the non-currency ‘killer app’ for Bitcoin?”  And this could be akin to asking, “what is the ‘killer app’ for the Chinese economy?”

Why?

Because as described in a number of other posts, “Bitcoinland” — a “virtual-state” — probably has more in common with the economic dynamics of a “nation-state” than say, agnostic, inflationary computer protocols like TCP/IP/HTTP.

So what is the “killer app” for a meat space economy like China?  How, as measured in GDP, did China grow from 364 billion RMB ($58 billion USD) in 1978 to 58 trillion RMB ($9.4 trillion USD) in 2013?  Was it solely the result of Deng Xiaopeng efforts of “reform and opening up?”  The full answer to that involves surveying numerous books; the shorter answer involved a combination of liberalizing a nearly fully autarkic economy and improving the productivity levels of existing inputs.

In the physical world, one way to measure how an economy develops is by looking at something called total factor productivity (TFP).  An increase in TFP is largely a result of technological improvements, inventions and innovations.  That is to say, for the same quantity of inputs, more outputs are created.

We see this frequently occur in developing economies as subsistence farmers adopt mechanization to improve agricultural yields, sometimes by several orders of magnitude.   For instance, the 2011 harvest yields in Heilongjiang province China, broke nation-wide records, rising 11% over the previous year due to ‘bigger and better machinery for threshing and plowing’ (for more specifics see also: Wage Growth, Landholding, and Mechanization in Chinese Agriculture).

Historically, as an economy develops, the inputs (such as land and labor) become more productive and therefore produce more outputs.  Can the internal Bitcoin economy also see such productivity gains?

Maybe, but probably not securely.

Let’s rewind for a moment.  Because there is no land per se, let us instead look at the labor component of Bitcoinland.

Unlike the labor market in the real world, this virtual-state has a marginal productivity of labor of zero.  It is very unique in that manner.  That means irrespective of the amount of hashing power (or laborers) added or removed from the network, the virtual country will always (and only) produce a fixed amount of output (block rewards).  Both David Evans and Tadge Dryja independently discussed this observation last year.

keep-calm-and-ceteris-paribusProportionalism

Simultaneously, this virtual country’s economic output is secured through proportionalism: ceteris paribus, in the long-run it should take a bitcoin to make a bitcoin.  Rational laborers (miners) will not spend more than a bitcoin to make one.  Thus if a coin is worth $250, miners as an aggregate will not spend more than $37,500 per hour to secure the ledger.

Recall that maintaining a distributed consensus network is different from consensus on a centralized ledger.  Bitcoin was purposefully designed so that it is artificially expensive for people to cast “votes” for a consensus.  The necessity was to make casting “votes” in the consensus artificially high since we cannot know who is participating in the “vote” (because it operates on an untrusted network).

What is another way to look at this?

I spoke with Jonathan Levin, formerly of Coinometrics.  In his view:

The security model of Bitcoin is how much it would cost a malicious attacker to gain a significant portion of the network. The security model of Bitcoin is therefore an anti-Sybil attack mechanism and not necessarily focused on securing financial transactions. This begs the question: Is any financial transaction secure if the cost of reversing it is less than the value of the transaction. Or would we need a system in which it would cost $1 million to undo $1 million of value?

This question is difficult to answer in the abstract. For different use cases, there might need less proof-of-work needed in order to secure the transaction. There could be a few reasons for this.  In many cases the issuer of the goods may be able to monitor the network for an attack waiting for sufficient work to be done before issuing the goods, e.g. Warehousing and physical delivery. For account balances, the victim could alter the balance of the attacker. There are very few $1 million transactions that are consumed instantly. However it does throw high value escrow services based in Bitcoin into question.

In the original white paper, Satoshi, albeit incorrectly calculated the probability of successful block reversals by an adversary. From this a magic number of 6 confirmations was often deemed as secure. I think this security model should be framed as burying a transaction under some dollar equivalent value of proof-of-work. This might give businesses more accurate view of the security of bitcoin transactions.

One unfortunate reality for assessing the security of bitcoin transactions is that we still need to factor in market concentration due to the possibility of bribes and corruption. Where some of these pools would actually find it profitable to attempt block reversals, a la selfish mining, it is difficult to think of an economic model for bribery and corruption in the Bitcoin network. Furthermore, we have seen the discussion take place on gated entry where you can make the entry into the validating nodes set super secure but someone may be able to bribe that entity to reverse / block transactions.

What does Levin mean by the cost of reversing a transaction?

To successfully disrupt the country (the network), the maximum cost to do so is roughly 0.5 x MC, where MC is the marginal cost of production.

In today’s terms to brute force the network — to attack it head on through its hypothetical ‘Maginot Line‘ it would in theory cost half of $37,500 per hour (or rather, half of the aggregate of 6 blocks as Levin suggested above) to obtain the magical “51%” of the hashrate needed to continuously double-spend.

In reality, the actual cost is significantly less due to out-of-band / side-channel / rubber hose attacks.  But that is a topic for another article.

A parasitic unit of account?

In May 2014, at the Bitcoin Foundation Amsterdam conference, Robert Sams brought up two interesting points that involve Bitcoin as a developing country, the first involved deflation:

There is a different reason for why we maybe should be concerned about the appreciation of the exchange rate because whenever you have an economy where the expected return on the medium of exchange is greater than the expected return of the underlying economy you get this scenario, kind of like what you have in Bitcoin.  Where there is underinvestment in the actual trade in goods and services.  For example, I don’t know exactly how much of bitcoin is being held as “savings” in cold storage wallets but the number is probably around $5 billion or more, many multiples greater than the amount of venture capital investment that has gone into the Bitcoin space.  Wouldn’t it be a lot better if we had an economy, where instead of people hoarding the bitcoin, were buying bitshares and bitbonds.  The savings were actually in investments that went into the economy to fund startups, to pay programmers, to build really cool stuff, instead of just sitting on coin.

I think one of the reasons why that organic endogenous growth and investment in the community isn’t there is because of this deflationary nature of bitcoin.  And instead what we get is our investment coming from the traditional analogue economy, of venture capitalists.  It’s like an economy where the investment is coming from some external country where Silicon Valley becomes like the Bitcoin equivalent of People’s Bank of China.  And I would much prefer to see more organic investment within the cryptocurrency space.  And I think the deflationary nature of bitcoin does discourage that.

As I noted in a previous article, the $500 million that VC’s have deployed to build Bitcoinland are effectively a foreign exchange currency play (because it is a virtual-only foreign country that can only be accessed with a pre-paid card, bitcoin).  This money is being paid to effectively leverage one economy, or rather one unit-of-account (namely USD, EUR, RMB) to build a virtual unit-of-account called BTC.

But because of a number of factors, including volatility and lack of native on-protocol financial services (such as credit facilities), bitcoins are not typically used to fund internal improvements (such as building the actual country of Bitcoinland).  Or as Sam aptly noted:

I think the issue if should you have more elastic supply or not it just really comes down to the fact that if you have a fixed supply of something, the only way that changes in demand can be expressed is through the change in price.  And people have expectations of increased demand so that means those expectations, expectations of future demand get translated into present day prices.

And the inelastic supply creates volatility in the exchange rate which kind of undermines the long term objective of something like cryptocurrency ever becoming a unit of account.  And forever it will be a medium of exchange that’s parasitic on the unit of account function of national currencies.  So I do think the issue does need to be addressed.

What does this have to do with “growing” the GDP of Bitcoinland?  And more to the point, how can Bitcoinland increase the amount of outputs?

If the labor force in Bitcoinland, miners, are continuously expanding and contracting the amount of capital they destroy to secure the network (in concert with the market price of the token), then the size of the Bitcoin economy is continuously shifting in size each hour, day, week and month.

Or in other words, as measured in terms of several foreign unit-of-accounts (because the physical land, electricity and hardware are paid for in foreign currency): the size of Bitcoinland is directly proportional to the amount of fixed outputs.  Denominated in BTC, the economy grows at an incrementally fixed rate.  It cannot, due to deterministic rules, be more productive in terms of outputs.  It can only grow larger and/or faster than this fixed amount through what amounts to ‘secondary issuance’ of watermarked metacoins such as Counterparty, Mastercoin and colored coins.

As described below, while this is not an issue today, these hacked-in under-secured metacoins are a double-edged sword.  Why?  Because these metacoins create a disproportional rewards vulnerability discussed last year.

top heavyHacked-in value

Recall that metaprotocols (or sometimes referred to as ‘embedded consensus mechanisms’) that utilize and sit on top of Bitcoin blockchain provide disproportional rewards.  For instance, while both Counterparty and Mastercoin require participants to pay some nominal transaction fee, the social value of the actual asset itself if effectively piggy backing and free-riding off seigniorage rewards (this also happens with colored coins and Dogeparty).  Aside from mining pools that use Luke-Jr.’s software, miners in general currently have no way to distinguish between a watermarked transaction from any other transaction.

Consequently, they have no incentive to destroy more capital to protect these metacoins in part because they receive no additional revenue to do so… because the network and coinbase itself has no knowledge of the social value placed on these metacoins and therefore cannot distribute rewards in proportion to the actual value being protected.  And the network then is effectively top-heavy.

For example, if for some reason Apple Inc. decided to issue all of its shares onto the Bitcoin network via a metacoin, this could create a top-heavy security vulnerability.  Recall that the total market cap of Apple’s shares is ~$750 billion USD but the labor force of Bitcoinland is only destroying enough capital to secure ~$3.46 billion in bitcoins (at the time of this writing $250 x 13.85 million mined coins).

Thus in the long run, miners are probably not destroying enough capital to ultimately secure metacoin assets, making the network less secure.

Or in other words, Bitcoinland — as it is encoded today — probably cannot securely increase its productivity levels (as would be measured by TFP) without opening itself up to some kind of vulnerability.

What about merged mining?

Last year I wrote a short working paper discussing the potential of merged mining as a way of productively reusing the existing capital base.  In theory it sounds like an easy home run but in practice, if it costs miners nothing to merge mine, then it also costs them nothing to attack the merged chain/coin.  Relying on and trusting in goodwill or altruism of a labor force is the direct antithesis of the game theory baked into Bitcoin itself: where it is assumed that all parties can and will be adversaries.

Empirically we have seen Bitcoin pools attack chains that have attempted to merge mine (see Coiled Coin).

bitcoin namecoin hashrate 2015

We have also seen (above) how Namecoin’s hashrate has diverged over this past year and how it now consistently represents less than half of Bitcoin’s (note: Namecoin began merged mining with Bitcoin in October 2011).

This is due to at least 2 reasons:

1) not all Bitcoin pools support AuxPOW (merged mining) with Namecoin

2) also due to a block reward halving that took place in mid-December 2014 (notice that in contrast to the popular narrative, there was in fact no doubling in namecoin value because the market had already priced the future block halving into present day prices)

Or in other words, if it depends on the growth of an underlying unit-of-account hoping for an unseen Bitcoin GDP multiplier (or in this case a non-currency ‘killer app’) probably is similar to wanting something for nothing.

That doesn’t mean it shouldn’t be tried or that all the startups in this space are for naught. In fact, it looks like there are any number of useful innovations with practical applications (such as hierarchical deterministic, multisig, keyless wallets, etc.), including the experiments coming out of the altchain/ledger community.  Several investors and entrepreneurs willing to navigate the space could see a good return if some of these innovations become integrated within other industries (such as financial services).

Yet in practice, operating a distributed consensus network based on proof-of-work seems to require an always changing capital allocation structure that is fused to the market value of its internal unit-of-account relative to national currencies.  And based on the current version of the program, Bitcoinland itself (and not the ecosystem on the edges) may likely remain a laboratory model of a marginally subsistence nation that (often) violently moves between contractionary and expansionary cycles.

Other open questions

  • Aside from currency conversion, can there be a stable, secure domestic economy within Bitcoin.  If so, what is or could be another identifiable, exportable good or service?
  • As its labor force (miners) must continuously exchange the domestic currency (BTC) into a foreign currency (USD, EUR, RMB) to pay for bills — what is the recent historical precedence of economies that start off subsisting off of a foreign unit-of-account that later manage to move on to become an independent unit-of-account for economic calculation purposes?
  • Can other Bitcoin-like cryptocurrency economies actually grow, or are they all faced with similar constraints with respect to proportionalism?
  • Existing metacoins require their own consensus systems and as such, they don’t fully rely on Bitcoin.  Can this be further enhanced?

See also:

Send to Kindle

Is the adoption of blockchains and consensus ledgers a foregone conclusion?

Earlier this evening I gave a new presentation to the Sim Kee Boon Institute (SKBI) for Financial Economics at Singapore Management University (where I am a new research fellow).

Covered a lot of ground over 2 hours, I am not sure if there is a recording but will post it if one surfaces.  Below is the deck that I used.  Many thanks to David Lee, Ernie Teo, William Mougayar, Mikkel Larsen, Taulant Ramabaja, Taariq Lewis, Dan O’Prey, Bobby Ong, Meher Roy, Richard Brown, Sidney Zhang, Dave Hudson, Jonathan Levin and Robert Sams for their feedback.

Abstract: 
For the past two years, many entrepreneurs, developers, investors and enthusiasts have promoted the view that blockchains and in particular, Bitcoin will eventually be adopted as a universal value transfer mechanism — a type of global payment rail fit for a cornucopia of use-cases. Empirically this does not seem to be the case as over the past year and specifically the past 6 months, multiple startups have been created that specialize in areas that Bitcoin is not particularly well suited for. Whether any of these succeed is another matter entirely, but it is not a foregone conclusion that any one blockchain will be the “one to rule them all” based on their competitive (dis)advantages. This presentation outlines a number of vendors that have either announced or are working on solutions for the broader “Fintech” space as well as incumbent institutions in the existing ecosystem.
Send to Kindle

The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland

Recently the Museum of American Finance hosted an event covering Bitcoin.  One of the panelists allegedly said: “we don’t think about infrastructure cost of VOIP because it’s approaching zero.”  I haven’t seen a video, so it’s unclear if this is a summation of their thoughts.  But in terms of the infrastructure costs of Bitcoin, this is probably not comparing apples to apples because the incentives and costs to successfully attack the Skype network are very different than a network such as Bitcoin.

If the cost to maintain Bitcoin’s infrastructure is zero, so too is the cost to successfully attack it.  In fact, just about anyone motivated to do so could have successfully “attacked” (e.g., double spent) the Bitcoin network in its first 18 months because the hashrate was relatively low because the value of the token was negligible (e.g., miners weren’t destroying additional units of capital because there was no financial incentive to do so).

For example, by the end of June 2010, the network strength (detailed here) was around 139 megahashes/second.  To obtain half that hashrate, or 70 megahashes/second, an attacker would need to only spin up about 10 Xeon processors which could be obtained through AWS relatively cheaply (note: Satoshi probably used just one computer).

It was not until market participants increasingly valued the coin (vis-à-vis higher demand) which then in turn incentivized miners to destroy a corresponding amount of capital to protect the ledger.  Or as Peter Todd recently explained: the maximum cost to successfully attack Bitcoin’s network is directly proportional to the market value of the token.  It is intentionally designed to be expensive to attack otherwise anyone could change the history.  Or as Richard Brown has explained, proof of work as used in Bitcoin is “inefficient” on purpose.

The logistics of currency positions

In practice miners are taking one currency (USD, EUR, RMB), usually one denominated based on where the equipment is located, and through the process of destroying exergy (see Chapter 3), converting it into a foreign currency called bitcoin.  Or in other words, miners are currency convertors.  And irrespective of scale, “to mine” is effectively taking a long position on bitcoin versus a fiat currency (recall that the mining equipment and operating costs are paid for in foreign currency).  For many actors, it is not just a forex bet but also a gamble on appreciation.  As discussed in Chapter 3, there are at least two classes of actors willing and able to mine at losses, including some who hope that the token will appreciate in value.

I, along with several others, have written about this numerous times.  In the long run, most miners, if not all, do not actually generate economic profit because of how the difficulty rating adjusts proportional to the amount of hashrate that is added to the network (e.g., the “Red Queen effect”).  If it becomes cheaper to “mine” then the situation will simply incentivize more hashrate to be added resulting in a higher difficulty rating, negating the temporary advantage.  In the short run, there are actual differences in margins due to differences in climate, electricity prices, administrative overhead, taxes, etc.  Some, such as BitFury and a few in China, have better economies of scale and/or handsome land and energy deals due to guanxi (a few consequently have “cost of production” down to $80 per bitcoin and even lower as of this writing).

How the sausage is made

Unless you have mined some kind of coin before (see 12 Step Guide), in order to understand how mining actually works we must begin by noting that most miners are not actual miners, but rather hashers who effectively ‘rent’ their equipment to pools (pools charge a fee in exchange for this service).  Miners, technically speaking, are the machines that actually select, process and validate a transaction.  Hashing equipment does not do this.

For instance, CoinTelegraph recently ran a story on the new Raspberry Pi 2 Model B which costs $35.

raspberry node

This Pi computer (above) is effectively the only miner, the only “transaction processing” machine in an entire mining warehouse.

Since the entire Bitcoin blockchain can and is processed with something this cheap, why is mining so expensive then?

That is where Sybil protection and decentralization come into play.  Recall that for the supply side of the equation, miners compete with one another to win the block reward (since it accounts for roughly 99.5% of their revenue, a figure which hasn’t changed much in a couple years, see below for more).  Thus, rationally economic actors will strip a mining facility of anything that lacks utility (in some cases, even computer “cases” themselves).  If it is not hashing, it is not helping to generate income.  Thus in all warehouses today, they have row after row of specialized machines called ASICs to provide this spartan hashing function (recall this was all initially spurred on by ArtForz creativity).  In practice, this hashing equipment actually just asks for a block header from the host node of a pool (such as the Pi Raspberry) and only “hashes” the “midstate” but that is another discussion entirely (see this excellent explanation from Vitalik Buterin).  Thus, the only bona fide “mining” equipment in a facility is usually something akin to the Pi computer above.

[Sidebar: whenever someone claims that Bitcoin mining manufacturing pushed fabrication geometries to new limits, the reality is that designing a mining chip (or really, hashing chip) is actually, relatively simple: you only need a small handful of engineers to do it compared with say, a Xeon chip (which requires several hundred).  In fact, most of the IP for SHA256 modules (or tiles) for “mining” equipment can be purchased from existing backend design companies.]

So what utility do those rows of ASICs provide then?

As shown in the video (above), the sole job of those single-use ASIC machines are to provide “proof of work” hashing power which thereupon provides Sybil protection for the blockchain.  The video above was filmed in Liaoning province in China last fall by Vice magazine.  Be sure to also read more details from Jake Smith’s article covering the same facility (he was also the laowai translating in the video).

The bigger picture

Recall that the estimated total deployed capital from VC firms over the past 18 months in the Bitcoin space is roughly $500 million into over 100 startups.  And the direct financial rewards to miners over the same time frame has been roughly $780 million (3,600 bitcoins x 540 days x $400 weighted token price).  This wealth transfer represents a large opportunity cost to the emerging economy that is Bitcoinland (one notable exception is BitFury, which invested in BitGo).  Because instead of being able to hire software developers with that $780 million, it was used to fund exergy dissipation through:

  • Semiconductor firms such as TSMC
  • Utility companies (coal power plants in China, facilities in Washington, Finland and Ukraine)
  • Property and real estate agencies

Or in short, in an alternate universe in which Satoshi had created a different distributed yet secure consensus protocol (one that may or may not exist) in which the infrastructure costs did not directly scale in proportion to the value of the token, $780 million could have been instead used to hire 7,800 full-time developers (based on SF Bay wages).

But the Bitcoin network doesn’t need those developers, the current network can do everything the incumbents provide right?

Based on at least one post, Satoshi may have hoped to compete with Visa but he/she could turn out to be empirically wrong, there are real costs to maintaining a decentralized network.  As it stands today, the Bitcoin protocol does not offer any of the actual banking and credit services of existing financial institutions.  Consequently, recall that the expenditure and threat models on ‘trusted’ centralized networks are different than ‘untrusted’ decentralized networks.  As I and others have described elsewhere, Sybil protection and decentralization add costs to operating a network — they do not in fact, make it cheaper.  There is no free lunch or “free energy” in the mining process, anyone claiming that proof-of-work-based “mining” will somehow become ‘cheaper’ in the future is in the same class as the perpetual motion salesman.

Why is this important?

Another way to think about it: the $500 million that VC’s have deployed to build Bitcoinland are effectively a foreign exchange currency play (because it is a virtual-only foreign country that can only be accessed with a pre-paid card, bitcoin).  This money is being paid to effectively leverage one economy, or rather one unit-of-account (namely USD, EUR, RMB) to build a virtual unit-of-account called BTC (see more from Robert Sams).  But, and this is important for international adoption: there are no real corresponding exports from that economy (yet).  Furthermore, there are several reasons why the narrative of social media enthusiasts will likely not go according to plan.

Bitcoinland – a large, virtual retirement facility

bitcoin mining rewardsFrom a network sustainability perspective, Bitcoinland is a senior citizen and its trust fund (revenue base) is no longer in the “early days.”

Investor and entrepreneur interest may still be in the “early days,” but the asymptotical reward structure rapidly aged this economy into its twilight years much like early stars.

As of this writing, approximately 13.8 million bitcoins have been divvied out to miners over the past 6 years.  This represents roughly 2/3 of the internal income the Bitcoin trust fund had at the beginning.  More than half of the remaining will be apportioned in the next five and half years.

One common refrain is that at some unknown date and time, transaction fees will somehow increase and/or more users will collectively pay more fees.  This is a possibility but is unlikely for the reasons discussed on numerous occasions for reasons described in this working paper (it is a type of collective action problem).

In fact, the biggest counterpoint to this is that we have direct evidence to the contrary.

transaction fees in USD

The chart (above) illustrates the total transaction fees to miners (denominated in USD) over the past 2 years.  Denominated in BTC, the 2 year chart shows the same trend line.

Fees to miners is actually at a 2 year low (in BTC) and not increasing despite the fact that there are now more than 100,000 merchants that accept bitcoin for payments (up from 20,000 last year).

Why is merchant adoption far outpacing consumer adoption?  Well there are multiple reasons which I and others have discussed before.  More on that later.

Perhaps there is another way to visualize this historically, from the beginning?historical transaction fee

The chart (above) is from Organ of Corti and illustrates what I mentioned at the start of this post: that roughly 0.5% of a miner’s revenue comes from transactions (effectively, user donations), the vast majority still comes from the block reward.

But isn’t the retail economy booming and will balance this out?  No.

As shown from Jorge Stolfi (and Coinbase’s own chart), on-chain retail growth is stagnant (in fact, it is one of the glaring omissions in Bitpay’s new infographic).

Why?  Because most consumers are, in practice, not incentivized or otherwise interested in converting their local currency into a foreign currency for goods or services they can already buy with their existing currency.  Endless threads on social media have proposed solutions to this inertia, but the fact of the matter is in practice, consumers are only willing to change if and when the alternative is not just as useful, but significantly so (there is an entire segment of economics that studies consumer choice and indifference curves).  And they are only going to use something if it provides them more utility.  Thus to them, entering Bitcoinland (and current cryptocurrencies in general) is a friction they have preferred to avoid.  Perhaps that will change, but then again, maybe not.

Again, recall that the primary utility provided by the Bitcoin blockchain was to circumvent trusted third parties (TTP), which in practice, the average consumer are okay with having to deal with (the tradeoff between less privacy for more insurance, etc.).  For instance, in terms of demographics, the vast majority of gamblers that use bitcoin are based in the US because online gambling is illegal here.  European gamblers typically use bank transfers.  When SatoshiDice blocked US-based IPs, gambling volume dropped significantly for them (and flowed to other similar sites).  Maybe there will be another “killer app” but then again, maybe blockchains in general attract illicit activities because their decentralized nature enables routing around TTP, which some bitcoin holders find useful and attractive.

Circular flow of income

One last issue that intersects with miners and the Bitcoinland consumer economy is that of volatility.  This is a topic that generates enormous reaction and I am aware of companies such as Bitwage, Hedgy, Teraexchange that are attempting to create either hedging mechanisms against volatility and/or bridges between two different unit-of-accounts.

Ignoring the impact of the Poisson process, there is never a dull moment for being a cryptocurrency miner (professional or otherwise) as you never have a really good idea of how much capital to deploy in the future due largely to the continuous uncertainty over what the future market price of a coin is and what the difficulty rating may adjust to.  Or as Robert Sams aptly noted:

It is the nature of markets to push expectations about the future into current prices. Deterministic money supply combined with uncertain future money demand conspire to make the market price of a coin a sort of prediction market on its own future adoption.  Since rates of future adoption are highly uncertain, high volatility is inevitable, as expectations wax and wane with coin-related news, and the coin market rationalises high expected returns with high volatility (no free lunch).

Yanis Varoufakis, the new finance minister for Greece, has written about the monetary supply schedule challenges within Bitcoin several times.  One notable quote he had last year involved how speculative demand for bitcoin outstrips transactional demand:

“By a long mile. Bitcoin transactions don’t go beyond the first transaction. The people who have accepted bitcoins don’t use them to buy something else. It gets back to the circular flow of income. When Starbucks not only accepts bitcoins but pays their workers in bitcoins and pays their suppliers in bitcoins, when you go back four of five stages of productions using bitcoin, then bitcoin will have made it. But that isn’t happening now and I don’t think that will happen.” Because it isn’t happening now, he continues, and because so many more people are speculating on bitcoin rather than transacting with it, “Volatility will remain huge and will deter those who might have wanted to enter the bitcoin economy as users, as opposed to speculators. Thus, just as bad money drives out good money, Gresham’s famous law, speculative demand for bitcoins drives out transactional demand for it.”

What this has looked like in practice is that miners themselves are creating a currency with which they are not necessarily able to pay their electricity bills or leases with.  They have to convert it.  Perhaps this will change, but since the bulk of this virtual currency has to be converted into a foreign currency (USD, EUR, RMB), it creates continuous sell-side pressure on the market (see How do Bitcoin payment processors work?).  And without a corresponding increase in demand from those holding foreign currency, the market price declines.

Hedging may help mitigate some losses for a few of the merchants that choose to keep and not convert bitcoin payments they receive, but again, hedging isn’t free.   It also costs someone something to do — hedging can be expensive, this is why corporates do not typically hedge against ongoing foreign revenue but they only hedge against large one-off items (such as acquisitions, or large shipments / purchases).  Just ask the airline industry about its fuel hedging strategies.  Recall again that consumers in general prefer stable purchasing power for medium’s-of-exchange (no one is trying to directly use petroleum as a currency).

Without a circular flow of income, this is unlikely to change and this is something that requires years, perhaps even decades to build even with dynamically adjusted, elastic money supplies.  For instance, recall even with its $9.5 trillion economy and its $2 trillion in exports, the RMB only represents 2.17% of all international trade settlements (for comparison, the Greeks exported 27 billion in goods and services in 2013).  Perhaps indeed, Bitcoinland is still in the “early days” — or maybe its fixed monetary supply has inflicted it with incurable progeria (i.e., few want to spend it, so not enough fees to replace the block reward).  And thus its main exports will continue to be ways to distribute exergy via currency conversion processes and illicit trade.

Is all lost?

bitcoin moonEarlier this week William Mougayar encouraged advocates in this nascent space to basically chill out with the moon rhetoric.  Again, it is impossible to know what consumers will eventually adopt.  Anyone claiming that there will just be “one winner” that encompasses all use-cases is probably wrong in the short run (note that Richard Brown and Meher Roy have suggested that there may be some kind of “Grand Unified Theory” of cryptofinance but that is a topic for another post).

Every business, institution and customer has different wants and needs that will dictate actual adoption of technology and not the other way around.  Entrepreneurs, developers and investors cannot assume a market will adopt their own narrative any more than shipwreck survivors can “assume a boat” — thus as Mougayar has touched on: blockchains and consensus ledgers may find traction outside of niches only if they satiate mass consumer appeal, not just hobbyist interest.

To the chagrin of the heavily invested, Bitcoin may prove to be the vehicle that will spawn a variety of useful mainstream tech but that will never actually go mainstream itself.  In that respect, perhaps Bitcoinland is essentially a huge R&D program.  Perhaps this is a modern facsimile of The Rise of ‘Worse Is Better.’  Bitcoin enthusiasts believe that they are the “New Jersey” crowd in this particular story but in truth they may be taking the “MIT” approach, where they are seeking to build a perfect new financial platform. The lesson of the story is that the MIT approach almost always fails because it is incredibly hard to do and relies on perfect up-front understanding, while the New Jersey approach favors incremental discovery and evolving things towards something that works well enough.

Or maybe, conversely, some black swan event such as a large hedge fund publicly announces major buys or an ETF is approved or large-scale regulatory clarity occurs (see also: the Bitcoin Bingo card); we can only know in retrospect.

In the meantime, other mental models are being discussed including a separation of specialized distributed ledger systems (via consensus-as-a-service) from the current crop of cryptocurrency systems as well as proposed a dual-currency solution (such as Seigniorage Shares) that could end up implemented in other projects such as Augur’s prediction market: it could also be used for CFDs, it does no one any good if the underlying currency is too volatile to price contracts in — even if you “win” you could still lose due to currency depreciation (this is not an endorsement).

Other ideas such as the new replace-by-fee patch targeted at providing a mechanism for miners to prioritize transactions or metacoin censoring tools to allow mining pools to filter out watermarked coins (colored coins, Counterparty, etc.), will undoubtedly provide empirical feedback to future ledger designers on what to do and not to do.

Welcome to Bitcoinland, a virtual world whose artificial age is more akin to Sumter County than Madison County and whose primary export is currency conversion via exergetic displacement.  On-chain population: roughly 380,000.

Send to Kindle

What about the new BitLicense revision?

A new revision (pdf) of the New York BitLicense was released this week.  Yesterday CoinDesk reached out to several people in the industry to see what their view was on the new copy.  I have a small quote in the subsequent article: “BitLicense Revision Leaves Room for Continued Debate

Below are my unabbreviated thoughts (I would like to thank Ryan Straus for being able to discuss in-depth some of these issues the past week as well):

It is still unclear to me whether the BitLicense is establishing a facilitator regime (like money transmission or custody) or an intermediary regime (like deposit taking).   Does the BitLicense permit the acceptance of deposits by licensees?  If not, then the question remains whether organizations like NYDFS and DOJ considers hosted wallet services to constitute deposit taking. If so, BitLicensees would presumably not be able to avail themselves to the securities exemption that is available to banks and other deposit takers. A deposit is a debt owed by the depository to the customer (depositor).  Does holding oneself out as a depository qualify as a securities offering?  If so, would licensees qualify for the bank exemption to the securities laws?

Obviously I’ll let the lawyers hash this out, but so far the interpretations of what “software” is or is not still seems vague especially since it is still not clear if these firms will be classified as a “custodial regime” as custody denotes possession and bitcoins arguably cannot be possessed in any sense (e.g., is Blockstream acting as a custodian for building and providing a service that enables federated pegs; are the servers that participate as the federated nodes liable?).

Send to Kindle

What is the blockchain hard fork “missile crisis?”

Over the past couple of months there has been a number of discussions revolving around increasing the Bitcoin block size from its current 1 MB limit to 20 MB. One such plan is Gavin Andresen’s proposal (this is not to single him out as there are others with similar proposals). The code change itself is trivial, as it can simply be changed to any arbitrary number in a couple of keystrokes (for instance, see Vitalik Buterin discuss this at 14:15).

However, getting the majority of validating nodes, miners and the rest of the ecosystem on-board in a timely fashion is a very non-trivial matter.

Recall that, as illustrated by Organ of Corti and Dave Hudson, the average block size has increased over the past year to the point where we will likely max out at around 3 transactions per second with the current 1 MB limit. Since many of the investors, developers and entrepreneurs in this space would like to make Bitcoin ‘competitive’ to other payment platforms such as Visa, according to their view, this number eventually needs to increase by several orders of magnitude.

Fundamentally there are two trade-offs in block size economics:

  • Keeping a 1 MB block size requires higher fees to end-users but results in a more decentralized network
  • With a larger, 20 MB block size, fees are (temporarily) subsidized to end-users but with fewer validating nodes on the network

A quick explanation of both:

  • Retaining a 1 MB block size ultimately results in higher transaction fees because block space is scarce and miners will only process and include transactions based on market-based prioritization rates (e.g., pay higher to be included faster). While this would likely mean the end of certain types of transactions (such as “long chain” transactions) as well as fee-less transactions which have disproportionally increased the size of the blockchain over the past six months relative to actual commerce, simultaneously this design decision would have the effect of retaining some nominal decentralization as the increase in blockchain size would remain relatively linear and thus the blockchain could be validated by several thousand nodes as it is done today without (much) additional cost.

In early March 2014, there were approximately 10,000 nodes however over the past year there has been a decline by roughly 1/3. What does this distribution of roughly 6,400 current nodes look like?

user agents getaddr

Recall that the original value proposition of the Bitcoin blockchain was its decentralized characteristic, thus the more miners and validation nodes that are geographically distributed, the less prone the network is to single-points of failure. Furthermore, while many people call the various artifacts that have increased the blockchain size “bloat,” because this is a public good and no one owns it, it is imprecise to do so (e.g., one man’s 80 byte “trash” OP_RETURN is another man’s data storing “treasure“).

Whether consumers are sensitive to this change in fees is another matter due to elastic demand, they may simply switch over substitute goods (e.g., competing chains and ledgers).  What does this mean exactly?

  • An increase to a 20 MB block size would likely continue the same “low” fee (donation) structure practiced and promoted today as there is purportedly more room for non-priority transactions. The known challenge however is that if 20 MB blocks became “filled,” this would require a corresponding increase in bandwidth and disk space which would require more costs to be borne by the validating nodes which are already operating as public goods. That is to say, a blockchain that increased in size by 20 MB every 10 minutes would fill over 1 terabyte a year which would create additional costs for participants and likely reduce the amount of verification nodes and therefore reduce the decentralization of the network.

The other challenge to Andresen’s plan is, that because the prioritization of transactions would still not be adjusting towards via fees to miners, this would in turn continue the status quo in which miners continue to largely rely on seigniorage to operate. This is an unhealthy trend as it stalls the transition from block rewards to fees which was the narrative stated since day one on October 31, 2008 (see section 6).

What will happen?common user agents

It is difficult to predict what exactly will happen as the key actors in this space are still deciding what to use social capital on.

Gavin Andresen, as recently as two weeks ago, stated that most of the large payment processors, exchanges and other service companies are on-board with his plan (see also David Davout’s recent dialogue with Andresen). Furthermore, others in the community have (likely erroneously) found correlation between market cap and transaction volume yet as we know, correlation does not actually imply causation. Similarly, ‘Death and Taxes’ recently presented a narrative reinforcing Andresen’s view yet for some reason glossed over the all-important miners perspective.  Others, such as in the ideological wing personified by Mircea Popescu claim that they will fight this effort with an actual attack.

Irrespective as to what size a block is increased to, it will likely create at least a temporary fork as validating nodes need to upgrade and they are not being compensated for storage and traffic (Andresen’s plan is to “future proof” the protocol such that the 20 MB change is included in a patch this year but isn’t “turned on” until needed later on). There is at least one open question: what is the minimal amount of full nodes that are required for network to operate within current trust/security model?  Unlike miners, their value to the system is hard to measure.

What the experts say

While the field is young, one expert in this space is Jonathan Levin who modeled network propagation in his masters thesis. I reached out to him and in his view:

I think that the 20mb proposal is untenable given the current way that blocks are propagated around the Bitcoin network. The Bitcoin network and specifically the Bitcoin miners use a gossip network to relay blocks to each other. That means that as the size of the block increases, the time that it takes to spread around the network also increases linearly. We have seen this first in the work of Decker and Wattenhofer as well as my own work.

The problem is that the increased time that blocks take to propagate around the network increase the probability of orphan races between different mining pools. If you create blocks that are 20mb and a competing pool is creating blocks under 1mb or even empty ones, they have a higher expected return per hash. This is because you would expect your blocks to lose out to smaller blocks in an orphan race if both are found in quick succession. Now we can argue that miners will continue to create large blocks out of altruism but if we continue to increase the size of the blocks without greater utilisation of better block relaying protocols we risk breaking this equilibrium and miners resorting to nasty strategies like creating empty blocks which suit no one.

I also spoke with several other professionals in this space.

For instance, I spoke with Atif Nazir, co-founder of Block.io and an instructor at Blockchain University. According to him:

On the one hand, increasing block sizes, as you say, may result in lower transaction fee requirements. However, if the transaction fees actually are lowered by, say, 1000x what they are now (0.00001 is the minimum accepted by the reference client), this will lower the cost of “institutional attacks” on the Bitcoin infrastructure, where an attacker can push 1000 transactions for an erstwhile cost of 1. The attack will basically be “make infrastructure expensive to run for the average joe, drive them towards centralized infrastructure services that run APIs, Blockchain Explorers, etc.” It is good for business, bad for the decentralization of the network in the near term.

We’ve seen something like this occur on the Dogecoin Network in the past few months, where one user or a group of individuals were pushing transactions with 0 transaction fees. These transactions were accepted as valid by the Dogecoin reference clients, and as a result, caused bandwidth consumption hikes for the dorm-room nodes, which populate most of the current network(s). The resulting change by the Dogecoin Core team was to add a fee of 1.0 DOGE for every transaction, which isn’t yet mandatory, but is on its way there. The dorm-room nodes, however, are already on the decline in both Bitcoin and Dogecoin due to the increasing size of the Blockchain, and the bandwidth consumed by them.

Increasing the Block sizes sounds like a good idea for the number of transactions flowing on the network, but in the near term it will drive a lot of the nodes out of the system because of CPU/bandwidth/disk IO hikes. Increasing the Block sizes will definitely increase infrastructure costs, driving more users towards centralized places that can afford to host API services for the Blockchain. However, given this crunch on the average joe Bitcoin nodes, this will lead to a more concentrated effort towards “pick what you need” style nodes (say, SPV). Again, in the near term, the number of “full nodes” on the network will dwindle, but as more companies come into the ecosystem, this number will inevitably rise.

Bitcoin as a whole is headed towards a network where most nodes don’t actually host the entire Blockchain — increasing the block size will only accelerate this change. This will lead to more innovative solutions, and who knows, we might find a way for nodes to communicate cost-effectively rather than the current “gossip”-style protocol we use, where you inform all your peers when you hear about a new transaction. The community can very dynamic, and I think the longer term outlook for the network looks good regardless. Bitcoin is powered by nerds like you and I, and we tend to find solutions where others walk away.

Nazir raises an interesting point in terms of a hypothetical time horizon for when a transition (between short term and long term) could take place.

Another individual who has done a lot of modeling of incentives, mining and block sizes is Dave Hudson, a software developer who also writes at HashingIt. According to him:

Changes to the distributed consensus software within Bitcoin raise really interesting questions about the evolution of cryptocurrencies and how truly decentralised they really are. With each change we’re actually seeing something interesting happen where the ongoing participants in the system all effectively agree to move to a new system: BTC becomes BTC’ becomes BTC”, etc. We might be calling BTC” Bitcoin but any legacy nodes running BTC’ or BTC also think they’re Bitcoin too. At some point in time something happens and the various systems start to disagree about what is or isn’t valid and those could be very subtle. Imagine for example that BTC” introduced a subtle change that inadvertently made some of Satoshi’s coins unspendable; nobody might ever know until someone with Satoshi’s keys tries to spend their Bitcoins. Arguably it might already have happened as the result of some random compiler bug (not a fault in the Bitcoin-core code, but a bug in the way that’s transformed into something that runs on the node CPUs).

Clearly the Bitcoin-core developers try very hard to ensure that this sort of thing doesn’t happen by accident, but in order to sustain all participants holdings within the system they really do have to try to ensure that every node moves from BTC to BTC’ to BTC”, etc. In order to do this they essentially have to persuade everyone to migrate to each new version within some specific time window.

Now let’s imagine for a moment that instead of miners all tending to mine through centralised infrastructure (mining pools), that we really did have true decentralisation and had hundreds of thousands, or millions, of nodes that all did their own transaction selection and mining. Perhaps they’re even embedded into things that their users didn’t even realise were contributing to mining. At this scale it would probably be almost impossible to get them all to move to adopt a planned fork. We would either see the protocol totally stagnate or else we would see potentially very significant forks occurring.

In practice the system holds together in a cohesive way because, in the absence of a precise protocol spec, the core devs try to ensure that everyone uses the same consensus-critical software, runs it on the same sorts of hardware that all do things the same way and with some reasonably consistent set of capabilities.

It’s seems a slight irony that one of the key factors in the successful maintaining and sustaining of the Bitcoin network is continual centralised actions, and that things aren’t actually massively decentralised.

This last point is intriguing in that a lot of the software in this space is still relatively homogeneous and that if a network were to scale to become as distributed (or decentralized) as is hoped while simultaneously incorporating many nodes and clients, then it is likely that a diverse set (or lackthereof) of developer tools could prevent or perhaps even incentivize attacks (e.g., if every actor in the ecosystem uses the same client then that could create a vulnerability to the network).

In an exchange with Peter Todd, a contributor and developer on Bitcoin core and other related protocols (such as ClearingHouse), he framed the issue:

At the recent O’Reilly Media conference basically I pointed out that because this is an externality / tragedy-of-the-commons problem we may have to see Bitcoin fail due to a blocksize increase first before the community actually groks the issue. Personally I’m inclined to not oppose a blocksize increase on this grounds – Bitcoin failing cleanly is probably good for my interests.

In terms of “getting people on board” – to a degree you inherently can’t do this, because a blocksize increase will inherently exclude people from the system. See for example the discussion between Greg Maxwell and Gavin Andresen several weeks ago on the #bitcoin-dev IRC channel.

I spoke with Robert Sams, co-founder of a fintech startup who has previously written analysis covering the marginal costs of Bitcoin-like systems. In his view:

Levin’s point about network propagation is key: mining a larger block has a lower expected return because of the increased probability of losing out to a smaller block in an orphan race.

Now all of what you argue is a totally sound economic conjecture based on the assumption of distributed mining economics. Miners include tx until the marginal cost of tx inclusion (opportunity cost of including a different tx when up against the block limit + block propagation effect) equals marginal revenue (the fee).

However, for me the crucial economic force here is what happens to fees under concentrated mining. The logic changes from the marginal costs equals the marginal revenue logic in the above distributed case to a more strategic, oligopolistic pricing dynamic. What I mean is this. In the distributed case, whether or not a given miner includes a given tx has no material effect on the expected confirmation time for the tx sender. But in the concentrated mining scenario it does. If some pool is 35% of the network, the decision by that pool to not include the tx will materially increase the confirmation time of that transaction. So miners can extract more of the value that a tx senders place on fast confirmation times by setting their own minimum fee threshold, knowing that this threshold will over time effect the fees that tx senders include. What that optimal threshold is depends upon how much senders are willing to pay for faster tx confirmation times. Who knows what that is, but the implication is clear: under concentrated mining, fees levels will start to reflect more what tx senders are willing to pay rather than the cost to miners of including them.

So when you cast the blocksize issue in this concentrated mining context, it’s really not clear what will happen. My bets are that fees will go up and we won’t have to worry about blocksizes because higher fees will act as a break on adoption.

If block sizes are increased we will learn a lot about the dynamics of the community, the interplay between incentives such as fees and seigniorage have for on-boarding (and off-boarding) miners as well as how price sensitive users are in this space.

Ultimately it is the miners who decide as they are the entities creating Sybil protection and preventing double-spend attacks (or in some cases, providing that service). Or as Raffael Danielli, a quantitative research analyst at ING explained:

In theory, fee rewards should incentivize miners to include as many transactions as possible. In reality though fee rewards are a tiny percentage of block rewards and the risk-rewards ratio simply doesn’t add up at the moment (risking a (almost) sure 25 BTC payoff to get a potential say 25.1 BTC). What are the rational incentives for miners to upgrade and actually fill 20mb blocks? At the moment there are none that I am aware of. If there are no incentives for miners then this is not going to happen. Period. There is no altruism when it comes mining and anyone who bets on it is in for a rude awakening.

But this crosses over into the new field of cryptoeconomics which is a topic for another day.

[Thanks to Anton Bolotinksy for his thoughts on measuring the value of nodes within the system.]

Update from Organ of Corti:

I would add that there is a downward pressure on block size for block makers. I’ve done some research with Nadi Sarrer that proves the larger the block, the longer propagation takes. Even if a pool uses the relay network, increased latency also increases the chance of a pool losing an orphan race.

So block makers have to decide how to maximise fees while at the same time minimising block size. Some, like Discus Fish (f2pool) have tested both minimum block size (only including coinbase tx) and maximum block size, and lately seem comfortable producing maximum sized block each time. (They also seem to have a ‘pay for tx inclusion’ scheme here, but I don’t know much about it)

I think eventually pools will aim to use a decision making algorithm to:

a) Pick a block size they think will make losing an orphan race less likely.
b) Include all available high fee density (fee/kb) transactions in the block
c) then include high fee transactions
d) any left over space can be given to low and zero fee txs

With more data, this sort of process could be optimised to calculate the expected value of a block including the probability of losing orphan races. This would only lead to larger blocks when the value of the included txs outweighed the losses due to orphan races in the long term.

Of course, if all block makers had the same sized blocks, this would not be an issue. But if a block maker can win an orphan race by the expedient of having a smaller block, then they will.

Some open questions for the community: How will fewer network nodes affect orphan races? If the blocks are solved many seconds apart, I would think that fewer network nodes will mean fewer orphan races since the time for a block to propagate to most of the network will reduce significantly. However, if the blocks are solved at the same time, an orphan race might be more likely since the paths taken by the blocks propagating will have less affect on the overall propagation time. Which do you think is more likely?

In summary: If block makers are rational actors and the risk of losing orphan races is a significant downward pressure on block size, I don’t think increasing the available block space will have a significant effect on actual block size. There’s a lot of room for improvement in the tx inclusion algorithms used by most pools, and if I was a block maker I would increase the fee density of blocks and include far fewer low-fee and fee-free txs.

Send to Kindle

Videos from Cryptoeconomicon event

A few of the videos from the Cryptoeconomicon event are now online (repo). If you are interested, below are two of the panels I moderated on the first day.

“Proof of Work” with Vitalik Buterin, Matthew Wampler-Doty, Peter Todd:

“Practical and Social Applications” with Aaron Wright, Steve Waldman, Anthony D’Onofrio, Stefan Thomas:

Send to Kindle

Interview with Epicenter Bitcoin

About two weeks ago I was interviewed over at Epicenter Bitcoin.

We covered a number of topics, some of which were previously covered by a few recent guests of the show (such as Robert Sams, Vitalik Buterin and Preston Byrne).

This episode also spawned a number of comments over at Reddit this past week, where I responded to a couple of people.

One clarification I would like to make regarding a specific comment I made on the show.  At around the 53 minute mark I discuss something called “trusted transparency.”  Guy Corem, CEO of Spondoolies Tech (an Israeli-based mining company) reached out to me this morning and explained that there is a misunderstanding and the area he is working on is more akin to an odometer.  I’ll probably write something up later next month as more information becomes public.

Also, the usual caveats: these alone are my opinions and I could be incorrect.

Send to Kindle

Cryptoeconomics for beginners and experts alike

This past week Koinify and the Cryptocurrency Research Group (CCRG), a new academic organization, held a 3-day event — the first of its kind called Cryptoeconomicon, an interdisciplinary private event that included a cross section of developers, entrepreneurs, academics and a few investors.  It was purposefully scheduled to coincide with O’Reilly Media’s own “Bitcoin and the Blockchain” conference which took place in the middle of it.

I attended what amounted to four days of seminars, brainstorming and networking sessions.  Below are my summarized thoughts.  Note: these are my opinions alone and do not reflect those of other participants or the companies I work with.  You can view pictures/info of the event: #cryptoecon and @cryptoecon

Rather than going through each session, I will just highlight a few areas that stood out to me and include outside relevant content.

What is cryptoeconomics?

According to Vlad Zamfir, of the Ethereum project, cryptoeconomics as a field might be defined as:

A formal discipline that studies protocols that govern the production, distribution and consumption of goods and services in a decentralized digital economy.  Cryptoeconomics is a practical science that focuses on the design and characterization of these protocols.

Zamfir discussed this at length (slides) (video) and rather than going too in-depth with what he said I wanted to reiterate his main points he gave:

Cryptoeconomic security as information security

  • Mechanisms are really programs
  • They can distribute payoffs
  • The programs have a certain behaviour in the Nash equilibrium case
  • The NE has a cryptoeconomic security
  • We can be assured that a program will run a particular way

He also argues that “cryptoeconomics” should be see as more economics for cryptography rather than cryptography for economics:

  • Economic mechanisms can give guarantees that a program will run in a particular way that cryptography alone can’t provide.
  • Incentives are forward facing, cryptography is a function of already-existing information
  • How do we provide custom cryptoeconomic guarantees?

The last part in relation to his talk that really stuck out to me was on the final day.  In his view (slides) the technical term that should be applied is, “distributed cryptoeconomic consensus” which would assuage concerns from the academic “distributed consensus” community that uses different terminology.  Under this definition, this means:

  • A cryptoeconomic mechanism with the Nash equilibrium of assuring distributed byzantine fault tolerant consensus
  • We should be able to assert and prove the cryptoeconomic assurances of any consensus mechanism
  • Distributed consensus mechanisms can create a pure cryptoeconomy. Even the execution of the mechanisms is has a measurable assurance.

Most interesting comment of the event

I think the most apt comment from the economics discussion came from Steve Waldman, a software developer and trader over at Interfluidity on the first day of the event.

While there will likely be a recording posted on Youtube (video), in essence what he said was that in the blockchain space — and specifically the developers in the room — they are creating an enormous amount of supply without looking to see what the corresponding demand is.  That is to say, there is effectively a supply glut of “blockchain tech” in part because few people are asking whether or not this tech actually has any practical consumer demand.  Where are the on-the-ground consumer behavior surveys and reports?

Again, if Bitcoin (the overall concept) is viewed as an economy, country or even a startup, it is imperative that the first question is resolved: what is the market need?  Who are the intended consumers?  So far, despite lots of attention and interest, there has been very little adoption related to blockchains in general.  Perhaps this will change, maybe it is only a temporary mismatch.  Maybe it these are the chicken-egg equivalent to computing languages like Ruby or PHP and eventually supply somehow creates the demand?  Or maybe it suffers from the Kevin Costner platform trap (e.g,. if you build it, will they come?).

To illustrate this contrarian view:

why startups fail

Source: David Norris https://twitter.com/norrisnode/status/561262588466839553

Maybe there is no real market need for these first generation concepts?  Perhaps the network will run out of block rewards (cash incentives) to the miners before these blockchains can gain mainstream traction?  Maybe the current developers are not quite right for the job?

Or maybe, blockchains such as Bitcoin simply get outcompeted in the overall marketplace.  For instance, there are currently 1,586 Payment startups listed on AngelList and 106 P2P Money Transfer startups listed on AngelList.  Most of these will likely burn out of capital and cease to exist, but there are probably at least a dozen or so of each that will (and have) gained traction and are direct competitors to these first generation blockchains.

Perhaps this will change, but then again, maybe the market is more interested in what William Mougayar (who unfortunately was not part of the event) pointed out a few days ago.  Simply put, maybe there is more room to grow in the “Blockchain Neutral Smart Services” and “Non-Blockchain Consensus” quadrants:

Crypto_Tech

We cannot know for certain a priori what market participants will decide.  Perhaps Bitcoin is good enough to do everything its enthusiastic supporter claim it can.

Or maybe, as Patrick Collison, CEO of Stripe, wittily stated in Technology Review:

“Bitcoin is kind of a financial Rorschach test; everyone projects their desired monetary future onto it.”

Now, to be fair, Collison (who was not part of the event) has a horse in the race with Stellar.  Fortunately there was not much emphasis on token prices going to the moon at the Cryptoecon event.  When incentives did come up, it was largely related to how a consensus mechanism can be secure through a self-reinforcing Nash equilibrium.

Perhaps a future event could discuss what Meher Roy (who unfortunately was not in attendance either) adroitly summarized and modeled in relation to how actors are betting on crypto-finance platforms:

meher roy table

Source: https://medium.com/@Meher/a-model-to-makes-sense-of-beliefs-and-associated-crypto-finance-platforms-f761a7d782cb

Back to the show

There were a number of startups at the event, probably around a dozen or so.  In my view, the most concise overview was from Sergey Nazarov co-founder of SmartContract.  The interface was clean, the message was clear and “issuance” can be done today.  I’m not necessarily endorsing the stack he’s using, but I think he has clearly talked to end-users for ease of use feedback (note: be sure to consult a lawyer before using any ‘smart contracting’ system, perhaps they are not recognized as actual “contracts” in your jurisdiction).  Also, drones.

It would have been nice to see a little longer debate between StorJ, Maidsafe and Filecoin groups.  I think there was probably a little too much “it just works” handwaving but thought that Juan Binet-Betez from IPFS/Filecoin gave the most thorough blueprint of how his system worked (he also showed a small working demo).

It was not recorded but I think messaging for Augur (a variation of Truthcoin) was pretty poor.  Again, just my opinion but I was vocal about the particular use-case (gambling) proposed as it would simply bring more negative PR to a space smashed with bad PR.  The following day other members of the team discussed other uses including prediction markets for political events (similar to what Intrade did).  I am skeptical that in its current form it will become widely adopted because futures markets, like the CME, already do a relatively competitive job at providing this service for many industries and these decentralized markets could likely just attract marginal, illicit activities as has been the trend so far.  I could be wrong and perhaps they will flourish in emerging markets for those without access to the CME-like institutions.

Things that look less skeptical

  • There were about 10-12 people affiliated with Ethereum at the event, all of them were developers and none of them seemed to push their product as “the one chain to rule them all” (in fact, there was a healthy debate about proof-of-stake / proof-of-work within their contingent).  I’ve been fairly skeptical since last summer when their team looked gigantically bloated (too many cooks in the kitchen) but they seem to have since slimmed down, removing some of the pumpers and focusing on the core tech.  This is not to say they will succeed, but I am slightly less skeptical than I was 3-4 months ago.
  • I also had a chance to sit down with a couple members of the IBM ADEPT ‘Internet of Things’ team.  They held a ~3 hour workshop which was attended by around 20 people.  The session was led by Henning Diedrich (IBM), David Kravitz (IBM) and Patrick Deegan (Open Mustard Seed Project).  Again, even though I’ve paged through the ADEPT whitepaper, I was hesitant to believe that this was little more than marketing on the part of IBM.  But by the time the session was over, I was a little less skeptical.  Perhaps in the future, when more appliances and devices have secure proplets, they could use a method — such as a blockchain/cryptoledger — to securely bid/ask on resources like electricity.  B2B and machine-to-machine ideas were discussed and piggybacked on.  Obviously there are all sorts of funny and sad ways this could end but that is up for Michael Bay to visualize next year.
  • This also intersects with another good comment from Stefan Thomas (CTO of Ripple Labs).  In a nutshell, on a panel during the first day, he thinks there is some confusion and conflation of the terms “automation,” “decentralization,” “smart contracts” and “blockchains.”  That is to say, while blockchains are automated, that is not to mean that it is the only means to achieve automation.  Nor is decentralization necessary for automation to be achieved in every use-case.  Nor are smart contracts the only way to control automated devices.  When the video is posted I’ll be sure to link it (video).
  • Ethan Buchman, lead dev for Eris, was both witty and on top of his form, noting that in practice users don’t need a new browser every time they go to a new site, so they shouldn’t need a new client to view a different blockchain.  Let’s keep our eye on Decerver to see how this germinates.
  • Lastly, the two investors that attended the VC panel on Wednesday included Shahin Farshchi from Lux Capital and Pearl Chan of Omidyar Network.  What I liked about them is they weren’t pushing a certain binary viewpoint.  They were both upfront and honest: neither had invested in this space, not because they hated it, but because they were taking their time to see what opportunities actually fit within their mandate.  Perhaps they will at some point.  One joke that Farshchi mentioned was that back when cellular telephony was growing, “everyone and their mom” was selling base station equipment and chips.  Similarly there were over 300 companies creating thin film solar cells before bankruptcies and mergers.  So the type of euphoria we see in the Bitcoin-space is not necessarily unique.

Room for improvement

Perhaps if there is a next event it could include representatives from Blockstream, Bitfury and other Bitcoin-centered projects.  It would be nice to have some perspective from those deeply concerned about with maintaining secure consensus and the Blockstream team has some of the most experienced engineers in this space.  Hearing their views next to what Peter Todd (who attended and had some interesting calculations for the estimated costs to attack a network), could help developers build better tools.  Similarly, developers from Peernova, Square, Stripe, M-Pesa and Western Union would also likely be good resources to provide empirical feedback.

Additional clarity for what a decentralized autonomous organization (DAO) actually is and is not could be spelled out as well.  And how do these intersect with existing legal jurisprudence (can they? as Brett Scott might ask).   For anyone who has read “The Cookie Monster” by Vernor Vinge, both Matt Liston and Vitalik Buterin made some not-entirely-unreasonable points about machine-rights and whether or not machines should trust humans (e.g., humans expect bots to provide truthful information, but can the reverse be expected?  And what happens if a bot, like a DAO, is deemed too successful or broke a law in some jurisdiction — does it get “carted” away in a truck?).

Lastly, I think by the time there is another event, there will hopefully be more clarity for what a “smart contract” is.  One panel I moderated, I tried to get the participants to use the word “banana” instead because the term “banana” is overused and often conflated to mean many things it is legally not.  Primavera De Filippi from the Cryptolaw panel made some good comments too about whether or not “bananas” are actual legally binding contracts; she previously did a workshop with Aaron Wright (also in attendance) at the recent Distributed Networks and the Law event held at Harvard/MIT.  Steve Omohundro also spoke realistically about these scenarios on the final day, where does liability start and stop for developers of DAOs?

[Note: I would like to thank Kieren James-Lubin, Vitalik Buterin, Tom Ding, Sri Sriram for organizing the event, Robert Schwentker for acting as emcee/photographer, and CFLD and Omidyar Network for sponsoring the event including the delicious food.]

Send to Kindle

Slicing data: what comprises blockchain transactions?

[Note: a PDF version of this is available]

Over the past month we have seen nominal transaction volume on the Bitcoin network reach several all-time highs. Enthusiasts on social media have proposed any number of theories including a rise in retail payments or commercial volume.

Yet upon further inspection, there does not appear to be a silver bullet answer.

We know, for example, that these transactions can originate or be comprised of faucet outputs, mining rewards, coin mixing, gambling, movement to ‘change’ addresses and simple wallet shuffling. 1 So with this type of identification problem, how can analysts distinguish the signal from the noise? Or as Peter Todd and others explained last month, for a few hundred dollars a day, it is possible to inflate the transaction volume by an entire order of magnitude.2

For instance, questions have arisen over a series of what some call “long chains.” Last month several commentators on a popular thread on Hacker News identified thousands of small transactions originating from a single source.3 The source was continually sending transactions and paid transaction fees for each of them. The reason this struck many as odd as a rational actor would simply bundle the transactions together to save on transaction fees.

While there are likely different motivations for doing so, one reason for why this was occurring was that the originating source was attempting to delink or otherwise mix and tumble coins to make it difficult to “dox” or identify the originating source. But it could also be a faucet and at one point even pools paid out miners using chained transactions, perhaps some still do.

What does this look like? Below is a chart created by user “FatalLogic” in that thread:

hackernews

Source: Hacker News

The green line identifies the overall transaction volume on the Bitcoin blockchain, whereas the red line follows the rule, the heuristic that removes these “long chains.”

Is there a definition of long chains?

Two weeks ago Blockchain.info published several similar charts excluding “Long Chains.”

According to Jonathan Levin, formerly of Coinometrics:4

Blockchain.info have implemented a heuristic to identify high velocity activity that is probably unrelated to real world commerce. Every day the internal counter resets and counts how many times transaction outputs were spent on the same day. So if a wallet paid someone 1 btc in one transaction output and they then transferred that to cold storage that would be a chain of two. However there are some chains where the chain of spent outputs of a given day exceeds 1000. Each day, on average, the sample size is 144 blocks. Therefore, for chains of more than 144, the chain of transactions involve zero confirmation transactions (i.e., are not relying on the blockchain for their security). In other words, it is a measure of velocity.

These long chains show that there are some parts of the economy that are flipping outputs almost 10 times a block with chains of over 1000 in a day. This may not relate to real world commerce or security processes, probably more likely to be gambling or mixing. In Satoshi Dice often the bettor just takes their winnings and gambles again with everything being done with 0 confirmations. Likewise with mixing there is little need to wait for confirmations and the priority is obscuring the origin of the transaction outputs. Finally this is unlikely to capture a lot of activity run by the centralised services since their objective is fee minimisation.

Furthermore, according to the description on Blockchain.info’s site, “A chart showing the total number of bitcoin transactions per day excluding those part of long chain transaction chains. There are many legitimate reasons to create long transaction chains however they may also be caused by coin mixing or possible attempts to manipulate transaction volume.”

The first chart below is the original unmodified chart of total transactions on the Bitcoin blockchain:5 blockchaininfo unmodified

Using the same Y-o-Y time frame, below is the newly modified chart, using the Blockchain.info heuristic that removes these “chains” longer than 10:6

blockchaininfo modified

As we can tell above, by removing these “long chains” the volume decreases by 3x, yet there does appear to be an upward trend over the past several months.

I spoke with Atif Nazir, the CEO and co-founder of Block.io. In his view:7

The term “longest chain” is vague – it would be misleading to say it is just coin mixing. The volume could be a series of transactions where the user cannot spend to the desired destinations in the same transaction. This could be a limitation of their wallet software’s user interface, or the backend of the software itself.

For instance, if a faucet is built on Block.io, the owner spends coins rapidly, sometimes breaking them into a couple transactions if they are efficient, and at other times into hundreds of transactions that spend unconfirmed change in rapid succession. We have seen chains of unconfirmed spends as long as 1,000 transactions, and they could be longer if blocks are not found.

In general, achieving provable privacy through coin mixing and coin shuffling is hard as long as you stay on the same Blockchain. With the current methods, you can look at a destination address and say, with some certainty, “hey, this guy is the one who stole the Bitstamp coins.”8

In the absence of a definite, no-non-sense way to look at “long chains” of transactions, the safest assumption would be to consider them as unconfirmed chain spends, where the user wants to spend transactions very quickly deliberately or due to their software’s limitation.

Another potential source is even smaller.

For instance, Sidney Zhang, co-founder of HelloBlock has noticed that:9

Another interesting thing is people are sending dust transactions on the network as advertisements for high-yield investment program (HYIP).10

This transaction, 92aa, is an example of an ad (and the message was removed by blockchain.info).11

What they do is they will look for transactions happening on the blockchain, pick a collection of addresses and then send 1 satoshi to them and then they will attach a “public note” on blockchain.info. The message is normally like earn 7% per day at xyz.com. The public note in this case was removed, probably reported as spam

The second, 1cca, is an example of a faucet. If you look at the tag “win free bitcoins every hour!” it is the address for freebitco.in.12

It is unlikely the long chains come directly from consumers because consumers don’t spend money rapidly.

A more likely scenario is it is a ‘shared’ hot wallet operated by a service (e.g., Coinbase, Circle). A possible explanation then emerges – off-chain gambling sites such as Primedice / Moneypot / Betcoin casino and others operate hot wallets.

In terms of scale, very small casinos may receive approximately 30+ deposits a day. A larger casino easily operate with 1000s of deposits a day and hundreds of withdrawals.

One interesting behavior is that, bitcoin gamblers never keep funds in a casino. They tend to deposit, play and then immediately withdraw without leaving funds there overnight. That could create a huge amount of activities from the same hot wallet. Thus creating a large chain.

Last year Ken Shirriff also pointed out a few of the notable pieces of “spam” that permanently reside on the blockchain including images.13

What does this look like altogether?

For additional analysis I reached out to Organ of Corti who plotted out these differences onto two different charts.14

organ weekly transactions

As shown above, these match up with the heuristic used by the original Hacker News post as well as that of Blockchain.info. In Organ’s view:

If long chains of transactions are used by entities of a very different nature to single transactions or short chains of transactions, then we might expect to see differences in transaction rates and transaction rate cycles between the short and long chain groups.

Starting with a visual comparison of the two groups, the most significant difference between the longer and shorter chain groups is variance. This is to be expected since one long chain of transactions increases transactions rates more than a single, unchained transaction.

Does the yellow line at the bottom represent the actual “real” volume? Perhaps, but maybe not.

In addition, Organ put together a spectrogram to analyze this weekly cycle that is visually apparent in all the charts:

organ spectrogram

Another way to look at it is through a spectral density chart, according to him:

Perhaps a more useful test is to check for periodicity in the data. We know from previous work that currently transactions show a daily and a weekly cycle. I’m using Blockchain.info’s data which is daily, so a spectrogram will only reveal a weekly cycle.

The last plot shows the spectrograms for chains longer and shorter than 10, 100, 1000, or 10000. These show a periodicity similar to that for all transactions of one cycle per week.

We can also compare transaction of chains longer and shorter than 10, 100, 1000, or 10000 by calculating the cross correlation function. In each case the maximum correlation is at lag 0 and is much higher than the upper bound of the 99.9 confidence interval, so the periodicity of the transaction rates of each group (chains longer and shorter than 10, 100, 1000, or 10000) are similar to, also suggesting that time of use for shorter and longer chain transactions are similar.

Further, time series decomposition showed the same starting and finishing days of each weekly cycle.

I think that a working week cycle implies that the larger number uses of longer chain transactions are from businesses with a normal working week, and the correlation in the periodicity of the shorter and longer chains of transactions suggests the largest use of both longer and shorter chains of transactions are by entities with a work days and weekends.

Is there anything that explains the increase then?

Other sources

Earlier this month a new game called SaruTobi was approved for inclusion into the iOS store.15 The game tips its users bitcoin on the blockchain (in contrast, ChangeTip does so off-chain). During its debut week, before running out of coins, according to its first public address, SaruTobi sent out more than 5,000 transactions most of which during an 11-hour time period.16 Within its first two weeks it paid out roughly 6.4 bitcoins with more than 50,000 transactions.17

Another continual source of on-chain usage comes from Counterparty, a “2.0” platform that effectively sits on top of the Bitcoin blockchain and uses bitcoins for each counterparty transaction (e.g., it is an embedded consensus mechanism). Below is a visual of the daily transaction volume over the past year:18

counterparty blockscan

Source: Blockscan.com

The variation follows some of the daily (and weekend) patterns we have observed with Bitcoin in general (e.g., less activity on “Sundays”) but at certain days and times there are peak usages of up to 3% of the Bitcoin network.19 One explanation is that Counterparty is a popular platform for issuing tokens during crowdsales. For instance, the double peaks in December are most likely related to the Gems crowdsale, in which 2,633 BTC were exchanged for 38 million “GEMZ” (the native coin of the Gems system).20

As I briefly described last month, over the past year, a BitcoinTalk user, “dexX7” has been parsing other data, usually related to alt platforms such as Counterparty, Mastercoin, Colored coins and proof of existence.21 Recall that these ‘altcoins’ are actually in practice, just watermarked bitcoin transactions. In order to use these platforms, a user has to interact with the Bitcoin network (e.g., they are embedded consensus mechanisms). Below is a chart he recently sent me that dissects this composed parts:22

dexx7 meta transactions

  • Data captured at block height 340,018
  • There were at least 184,155 identifiable meta-transactions
  • There were 57,489,982 transactions in total
  • There were 16,511,696 unspent outputs

This only includes the transactions dexX7 was able to identify. Counterparty, Mastercoin and Chancecoin use almost entirely “bare multisig” scripts as medium to embed and transport data. In contrast, Proof of Existence, Open Assets, Coinspark and Block Sign use OP_RETURN (note: there is still an active discussion between using 40 bytes and 80 bytes).23 Open Assets and Coinspark are a type of colored coin implementation and both Proof of Existence and Block Sign are a type of notary service (previous charts are available in an album view).24

Some other analysis from dexX7:

Almost all Counterparty transactions carry data via bare multisig and there are about 5000 non-multisig Mastercoin transactions. There are furthermore 17620 unclassified, unspent multisig outputs and 6286 unclassified, spent multisig outputs.

Almost all of those unclassified multisig outputs were created by Wikileaks and actually carry some data too.25

Proof of Existence, Open Assets, Coin Spark and Block Sign account for 7363 OP_RETURN transactions. The total number of all OP_RETURN outputs, according to webbtc.com, is close to 11960, so more than 60 % can be mapped to those four.

Another slice of daily and weekly transactional volume comes from pay-to-script-hash, better known as P2SH. This was originally BIP 16 proposed by Gavin Andresen and incorporated into the protocol in 2012 to “let a spender create a pubkey script containing a hash of a second script, the redeem script.”26

p2sh transactions

Source: P2SH.info

This has replaced ‘bare’ multisig as a means for securing bitcoins. While its use and adoption started off very slow, more than 6% of all bitcoins are now stored in this manner including Bitstamp via its recent integration with BitGo:27

What about retail volume?

As has become apparent, it cannot be said that an increase in transaction volume is (probably) due to any one specific variable. Yet, according to a popular narrative, the quadrupling of acceptance by merchants this past year (from ~20,000 to 82,000), may have led to increased spending by consumers and therefore account for the increase.28

Last month, Jorge Stolfi a computer science professor in Brazil analyzed the BitPay addresses (BitPay reuses addresses) based on the Walletexplorer dataset.29 Below is a visual of what BitPay has received over the past two years.stolfi bitpay

According to Stolfi:

The green line on this graph shows the number of BTC deposited each day into that wallet.30 This graph is rather strange since the number is practically constant since January 2013, about 500–1000 BTC/day, and shows no weekly pattern. And no Black Friday spike either.

In his analysis Stolfi also noticed two different types of orders processed by BitPay, what he labels “wholesale” versus “retail.” The “wholesale” coins are likely miners selling their block rewards in bulk whereas “retail” is consumer behavior (e.g., buying coffee, food, tickets).

Furthermore, if this wallet heuristic is valid, according to Stolfi:

  • BitPay now processes about 1000-1500 “retail” payments per day, averaging less than 1 BTC each;
  • The number of retail transactions processed by BitPay has grown 3x since mid-2013, and has been flat through most of 2014;
  • The amount of BTC processed by BitPay (including “retail” and “wholesale” payments) has been quite constant since Jan/2013, about 500-1000 BTC/day
  • In terms of dollar value, the amount processed by BitPay (including “retail” and “wholesale” payments) has increased a lot from 2013 to 2014, but has fallen 50% or more since February, as the BTC price fell.
  • Black Friday had a modest effect (2x to 3x) on the number of “retail” payments, but had no effect on the total BTC/day (which is dominated by the “wholesale” payments).

And what about off-chain retail transactions?

Below is a public chart from Coinbase that visualizes the off-chain activity that takes place on Coinbase’s platform.31

coinbase chart

Source: Coinbase.com

The noticeable pattern of higher activity on weekdays versus the weekend is apparent irrespective of holidays. Consequently, on most days these self-reported numbers comprise between 3-5% of the total transactions on the Bitcoin blockchain.  However, as Jonathan Levin, has pointed out, it is not clear from these numbers alone are or what they refer to: Coinbase user to user, user to merchant, and possible user wallet to user vault?

Fees

Another way of looking at whether or not transaction volume is increasing is through the “fees” to miner metric (recall that these are not real “fees” as they are not mandatory yet and may be more akin to “donations”).32 Maybe transaction volume based on the methods above does not fully capture hypothesized growth.

transaction fees organ

Above is a new chart from Organ of Corti which visualizes the transaction fees included with each block over the past 6 years.33 If on-chain retail commerce was increasing, it would likely in turn be paid for via some fee mechanism yet this is not apparent. This is not to say that utility has not increased for certain participants. Volume as a whole has clearly increased as shown by the second image – yet these are users who likely opt to send a fee-less transaction to the mempool (these transactions typically take several hours or perhaps a day to be included within a block).

What is another explanation?

It does illustrate that the other narrative – that fees replacing block rewards – has not yet begun to occur. Maybe it will not.

For instance, last year Robert Sams and Vitalik Buterin highlighted the economic costs that are being overlooked to maintain the infrastructure, that fees would unlikely be able to adequately compensate miners.34 And Dave Hudson independently explored what has actually occurred in practice, providing visualizations of the empirical data that highlights and reinforces their marginalized viewpoint.35

To put it another way, if more users were actively using the blockchain to transmit value, then it would likely be apparent via an aggregate increase in fees.

hudson miner rewards

Source: HashingIt.com

As shown above during a four year time span, miners, the actual labor force of the network, are not seeing the narrative play out as it is supposed to (block reward plus fees to miner). Denominated in bitcoin (the blue line), miners have not seen the increase in fees or revenue that many of the same social media promoters claim will happen. Whether this changes is unknown.

Again, recall the current narrative that in the end, transaction fees will purportedly replace the block reward.36 But the causality is the opposite direction than assumed by most: fees people are willing to pay determine the number of miners. Not the other way around. The takeaway is that simply put, fees may not rise to cover the current block reward amounts. It may be that the block reward falls and miners just drop out and net transaction fees never increase reducing the security of the network but this is a topic for another article.

What does this all mean?

For perspective I spoke with Ernie Teo, a research fellow at the Sim Kee Boon Institute for Financial Economics (which hosted a cryptocurrency conference in November).37 According to his team:

We observe similar trends to what has been mentioned in your article. We see a large increase in the one satoshi (or less) addresses over time. This could also be due to the long chain “spammer” you have described above. A few more things we can note from our upcoming analysis on the distribution of bitcoins over time:

  • 50 coin addresses, these are the only addresses in the very beginning due there being only miners on the network. However we see that this does not fluctuate a lot overtime and it indicates that most miners tend to cash out once they mined.
  • Large increase in number of addresses with less than 1 bitcoin. This indicates more “retail” type buyers.
  • Not much change or fluctuations to the large addresses.

I think it is probably true that not a very large proportion of the transactions are retail transactions. In the long run, it doesn’t help the network. We can only wait for the next big innovative app that can boost retail-type usage.

How else can this be visualized?

John Ratcliff recently published several new charts describing “the State of the Blockchain Address(es)“ in which he delves into token movements and in particular “zombie” addresses (addresses that have not been active in 3 or more years).38 They are illuminating and we both disagree on conclusions that can be drawn from them.

For instance, he updated one chart that I previously described as showing more than 70% of coins have not moved in more than 6 months:39

ratcliff distribution age

Source: John Ratcliff

What does the chart above illustrate? If it is velocity then what the color bands reinforce my explanation from two months ago: that the majority of coin holders that were purchased in the November / December 2013 bubble are now underwater.40 We see the transition over the year, in which these coin holders, rather than spending and realizing a loss, hold on to them throughout the months. Hence, why we likely see another uptick to an “older” band starting in mid-November 2014 – the anniversary of the beginning of the most recent bubble.

This explanation is further reinforced by the demographics of bitcoin holders: mostly middle to upper-middle class residents of developed countries – most of whom have “low time preference” (e.g., speculators) and therefore do not need or want to spend bitcoins immediately because they have other means of payment (e.g., credit cards) and can therefore hold onto their coins longer than someone with “higher time preference” (e.g., less affluent individuals living paycheck to paycheck who in theory would have to continually, immediately spend bitcoins). Another potential explanation is the disposition effect, but this is also a topic for a different article.41

badev chen velocity

The chart above (originally Figure 15) was published this past month by two researchers at the Federal Reserve.42 They independently used a similar methodology that Ratcliff has undertaken. In their view:

Figure 15 examines the degree of activity for the addresses in the network. For each date we partition the volume of addresses with positive balances according to their last activity. For example, the addresses that have transacted in the last week are likely to be frequently used (shown with the strip in the bottom). On the other hand, some of the addresses have not been active in the past 52 weeks. Those are likely to serve saving or investment purposes and much less so for transacting. From Figure 15 we can see that the volume of “investment” addresses (not used in the last year) has been steadily decreasing. Still, however, around 75 percent of the addresses in operation with positive balances have not been used in a transaction in the last four months.

While the rest of their report is illuminating, in their concluding remarks, they also do not see retail transactions as comprising more than a marginal amount of volume:

Broadly speaking, our empirical exercise documents general patterns of Bitcoin usage, and examines the use of Bitcoin for investment and payment purposes. We find that while the number of daily users may have doubled every eight months, the transaction volume is negligible compared to the domestic volume of U.S. payment systems. Our analysis of data from the Bitcoin system further suggests that Bitcoin is still barely used for payments for goods and services. In addition, the patterns of circulations of bitcoins and the dynamics of the bitcoin exchange rate are consistent with low usage of Bitcoin for retail payment transactions. Finally, we provide evidence that the exchange rates between bitcoin and other currencies are not well aligned, which we interpret as a lack of depth of the exchange markets and as costly exchange rather than unexploited arbitrage opportunities.

Perhaps these trends will change. Maybe, as some claim, retail volume will increase. But as shown above and through Total Output Volume we know what the maximum “purchasing power volume” of transactions is, this has not been a mystery.43

While merchant adoption continues to increase, consumer adoption for retail purchases appears to be flat (as shown by both BitPay and Coinbase numbers). Future analysis may need to look at correlating these trends for brick and mortar merchants. Without regular use at the register and point-of-sale, there are a number of anecdotal stories of retraining and fumbling that will go on with floor employees with respect to accepting bitcoin.44

Perhaps again, this will change in the future (e.g. Impulse),45 but going forward a full traffic analysis such as the type created by Sarah Meiklejohn et al. two years ago would help the industry as a whole determine what consumer behavior looks like with greater accuracy.46 And this is important for a project whose white paper promotes itself as a payment network for online commerce (see section 1).

So what conclusions can be drawn from this?

As noted at the beginning, there does not appear to be one specific variable that explains the recent increases over the past several months. For example, most tipping from services like Bitui in China and ChangeTip internationally, is already done off-chain (e.g., the independent site ‘ChangeTip stats’ describes activity on the company database).47 SaruTobi is too new to account for all but the last few weeks of growth and DarkWallet activity will likely be “long chain” related. Perhaps offline P2P transactions from OpenBazaar should be identified, aggregated and brought into future analysis.48

Future analysis should also look to factor in or filter out activity related to “change” addresses.  For instance, the short-term ‘velocity’ seen in the daily and weekly bands of Ratcliff and Badev & Chen’s charts could be overstated due to coins which do not actually swap hands but are rather “spent” to themselves due to how “change” is handled by the protocol.  Furthermore, as has been described in Dave Hudson’s modeling of block sizes, it cannot be said that an increase in on-chain volume is axiomatically “good.”49

All we can say for now is that there is an increase in usage from multiple sources, but not likely from on-chain retail commerce which has remained flat for about a year.

This is still a dynamic space and perhaps it may be months or even years before we will be able to fully identify all the major contributors to volume changes.

Acknowledgements

Special thanks to dexX7, Raffael Danielli, Michael Dann, Dave Hudson, David Lancashire, TM Lee, Jonathan Levin, Atif Nazir, Organ of Corti, Jorge Stolfi, Ernie Teo and Sidney Zhang for their constructive feedback and time.

End notes

________________________________________________________________________

  1. At its peak in the first quarter of 2013, Satoshi Dice (a gambling service) represented roughly 48% of all transactions on the Bitcoin network. This is visualized by dexX7. []
  2. See Peter Todd’s tweet and Questions Linger as Daily Bitcoin Transactions Pass 100,000 Milestone from CoinDesk []
  3. See the original comment from ‘sanswork’ in thread covering “Bitcoin adoption in 2015” from Hacker News []
  4. Personal correspondence, January 19, 2015 []
  5. Number of transactions per day from Blockchain.info []
  6. Number of transactions excluding chains longer than 10 from Blockchain.info []
  7. Personal correspondence, January 18, 2015. See Block.io []
  8. Analysis: Bitstamp Hacker Almost Stole Additional $1.75 Million from CoinDesk []
  9. Personal correspondence, January 18, 2015. See HelloBlock. []
  10. For a brief overview see High-yield investment program []
  11. The relevant “ad” address can be viewed at https://blockchain.info/tx/92aa4e600f15d8e5353b180010a270d4f173a7226cc6dd3f40bd5a7bd20e0082 []
  12. The faucet address is located at: https://blockchain.info/tx/1cca64709d2b1679a1a64253afe01f41e2b684ef7d9cbce67fedb764c5bc78c6 and its ‘parent’ is the following address: https://blockchain.info/address/175o52E64wHQumzfLFnKrPaukJsvo9pgMb []
  13. Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela, Wikileaks, photos, and Python software by Ken Shirriff []
  14. Personal correspondence, January 20, 2015. See Organ of Corti. []
  15. Apple Approves iOS Game That Tips Players in Bitcoin from CoinDesk []
  16. SaruTobi’s first address conducted 5,255 transactions: https://blockchain.info/address/17ZgzoQUAiCrCgSieYfGhAvToW9kn6uaLt []
  17. SaruTobi’s second address conducted 6,676 transactions: https://blockchain.info/address/1GumHq1f5XVnxBjnz78uRgJad2nyE5TgjS and then its third and as of this writing, most current address, has done 41,677 transactions: https://blockchain.info/address/3MXxfNZoifLYdS8wJTpvfeDNPt9ZWuMAaN []
  18. See Blockscan Counterparty Transaction History []
  19. See Counterparty CEO tweet and The Composition of Metacoins on the Bitcoin Network by Tim Swanson []
  20. GetGems Token Sale Wrap Up – Thanks x38,135,367! by Tom Kysar []
  21. The Composition of Metacoins on the Bitcoin Network by Tim Swanson []
  22. Personal correspondence, January 21, 2015 []
  23. See the conversation Change the default maximum OP_RETURN size to 80 bytes #5286 at github []
  24. An album overview of select metacoins by dexX7 []
  25. See Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela, Wikileaks, photos, and Python software by Ken Shirriff and this address containing embedded data: https://blockchain.info/tx/6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc []
  26. For a brief overview see Pay to script hash and developer guide to Transactions []
  27. The Bitstamp and BitGo Partnership Is a Watershed Moment for Bitcoin from BitGo []
  28. State of Bitcoin 2015: Ecosystem Grows Despite Price Decline from CoinDesk []
  29. See Are there changes in the volume of retail transactions through Bitpay this past year? by Tim Swanson and WalletExplorer.com []
  30. A permanent copy of the image is located on Jorge Stolfi’s site. []
  31. Coinbase charts []
  32. The Collective Action Problem of Mining Fees by Tim Swanson []
  33. January 18th 2015 Block Maker Statistics by Organ of Corti []
  34. See The Marginal Cost of Cryptocurrency and Some Crypto Quibbles with Threadneedle Street by Robert Sams; Vitalik Buterin has discussed this several times on the official Ethereum blog. In addition, I discussed this at length in Chapter 3 in The Anatomy of a Money-like Informational Commodity. []
  35. The Future Of Bitcoin Transaction Fees? by Dave Hudson []
  36. The Collective Action Problem of Mining Fees by Tim Swanson []
  37. Singapore Event Puts Bitcoin on Mainstream Finance Agenda from CoinDesk []
  38. The State of the Blockchain Address(es) by John Ratcliff []
  39. Analysis: Around 70% of Bitcoins Unspent for Six Months or More from CoinDesk []
  40. Approximately 70% of all bitcoins have not moved in 6 or more months by Tim Swanson []
  41. For a brief overview see Disposition Effect []
  42. Bitcoin: Technical Background and Data Analysis by Anton Badev and Matthew Chen []
  43. Total Output Volume from Blockchain.info []
  44. My Amsterdam Letdown and Why Bitcoin’s Real Value May Lie Beyond the First World from CoinTelegraph []
  45. BitPay recently announced its whitepaper on “Inter-Channel Payments” also called “Impulse.” []
  46. A Fistful of Bitcoins by Meiklejohn et. al. []
  47. See Changetip real-time usage stats []
  48. A few statistics are available at BazaarBay []
  49. See 7 Transactions Per Second? Really? and The Myth Of The Megabyte Bitcoin Block by Dave Hudson []
Send to Kindle

New presentation over at O’Reilly Media on BINO

I have a new O’Reilly Media presentation up online called: “Moving Beyond Bitcoin (BINO) Beta:Transitioning mindshare from Bitcoin-for-everything monopoly to a competitive consensus-as-a-service marketplace.”

It is largely based on an earlier presentation (older slides) I gave in Singapore in November plus a few more updated slides from my R3 talk last month (slides).

Note: in order to listen and view you need to register (for free).

Send to Kindle

How do Bitcoin payment processors work?

Yesterday there was a discussion on a listserve about Brian Kelly’s hypothesis’ regarding bitcoin exchange rates and below is an answer I used to discuss where payment processors fit into the ecosystem.

At their core BitPay is basically a forex company, a broker that matches merchants with liquidity providers.  Microsoft and some 44,000 merchants can convert bitcoins into fiat through them (and/or hold portions or all of the coins they receive too).  Some miners also use them to process BTC to USD.

To do this, they have built an exchange (you can also call a few of their team members to place block orders with), which effectively sorts the bid/asks among other exchanges and OTC providers (such as Buttercoin, Mirror, Xapo, Sator Square Partners, Bitfinex, Coinbase, etc.).  I tried describing some of how this plumbing system works in a article a couple months ago.

While I do not have the full details of other payment processors (like Coinsimple or Bitnet), they likely try to build similar relationships with liquidity providers.  And this is important because all payment processors — or really, forex brokers — are faced with the following three situations during an arbitrary 15 minute window:

1) order from merchant is canceled by payment processor
2) order from merchant is accepted and then sold to inventory partner (such as Buttercoin)
3) order from merchant is accepted but the coin is put on payment processor’s books

Payment processors ultimately want commerce to flow so they do their best to match up partners; so in practice there has to be partner on the other end with the same or greater demand for the coins being sold by the consumer/merchant.

I do not have exact numbers for how often #1 happens though I do understand it happens on a daily basis (again, the 15 minute window is to help lock in a price and the OTC demand from partners such as Coinbase may not be fast enough at times) or how often #3 happens (my understanding is US payment processors typically used to hold coins on their own books prior to the IRS ruling last year but have sold their inventory for tax purposes).  Obviously during a heavily volatile period like yesterday (or even today on the upside), there is a possibility that the coins could get placed on the payment processors’s books due to a lack of bids on the OTC partners side, but none of that is really public knowledge.

The point is however, that there has to be a demand side to absorb the sales of coins coming from merchants and payment processors have built some pretty good systems to handle that (incentivized in large part to limit their exposure to exchange rate volatility).  If these partners were to disappear or the coins they decide to purchase declines in aggregate, payment processors are then left with having to choose #1 or #3.  This doesn’t seem to be the case the last few days, the behavior seems to be on the exchanges themselves and not from merchants.

What does this mean in practice?

The current supply pressure on a daily basis: aside from a couple firms such as BitFury (which according to some sources has around a ~$180 total cost of production), miners as a whole end up having to sell the majority of coins each day (~2,000 – 3,000+ coins) and as a whole, merchants process about 5,000 – 6,000 coins a day.  So this means 10,000 coins x 365 days or 3,650,000 coins.  Thus, to maintain a $300 price with that sell pressure the market needs to have ~$1 billion a year in capital come into this space.  And to maintain a $1,200 price with the same merchant/miner behavior the market would need to have ~$4.4 billion.  Therefore it is likely that payment processors try to reduce the amount of exposure to #3, otherwise the coins would eat up the internal budget and increase the burn rate at these startups.

Note: what BitPay’s volume looks like in practice was recently summarized by analysis from Jorge Stolfi.

Send to Kindle

Clarifications and corrections from a computer scientist

[Note: I recently received some feedback on The Anatomy from Jorge Stolfi concerning a few of the passages in the introductory chapter.  Below, reprinted with his permission, are some of his comments and corrections that readers may find helpful and more clarifying than what I originally published.]

In the introduction you say:

Property is a legally recognized right, a relation between actors, with respect to control rights over given contestable, rivalrous resources.14 And with public-private key encryption, individuals can control a specific integer value on a specific address within the blockchain. This “dry” code effectively removes middlemen and valueless transaction costs all while preserving the integrity of the ledger.15 In less metaphysical terms, if the protocol is a cryptocurrency’s “law,” and possession is “ownership,” possession of a private key corresponding to set of transaction (tx) outputs is what constitutes possession.16 In other words, ownership is conflated with possession in the eyes of the Bitcoin protocol.17

I don’t think that the Bitcoin protocol did (or could do) that; property and possession remain quite distinct in its realm, although property is often very difficult to enforce.

As you say, possession is the physical ability to control and use the thing, while property is the legal right to do so. The state decides whether something is your property, and when it passes to someone else. Taking possession of a thing without the state’s agreement — i.e., without becoming its proprietor — constitutes “theft”. In that case the state is supposed to use its power to restore the thing to your possession, and possibly punish the thief.

“Ownership”, “owner”, “own” are sometimes used for possession, but usually they refer to property. I will use them with the latter sense only.

Knowing the private key to a blockchain address gives possession of the bitcoins stored there, but not ownership. The general rules of property still apply: to become owner, you must create some coins with materials, equipment and labor that you own, discover some that have no owner, or receive them from their previous owner, with his agreement; all with many other conditions and exclusions, taxes, etc.. Thus the notions of property and possession are quite distinct even for bitcoin.

The US government has acted on this distinction already, e.g. by seizing the Silk Road bitcoins, prosecuting Trendon Shavers for “misappropriating” bitcoins of clients with his Ponzi scheme, and accusing Butterfly Labs of pocketing bitcoins that they mined using customer equipment.

All crypto assets are essentially bearer assets. To own it is to possess the key.

Even with bearer assets the notions of property and possession are distinct; one can be prosecuted for the theft (taking posession) of bearer bonds or cash that are someone else’s property. Bitcoin, like cash, only makes it more difficult to prove to the state that a theft occurred, and to catch the thief; but that does not mean that property has been reduced to possession.

In the early years of bitcoin, one could perhaps have believed that bitcoins would be outside the scope of the concept of property — like inventions and songs used to be, until the recent transformation of copyright and patents into “intellectual property”. However, even before the legal cases above, Mt GOX and many other cases made the community recognize the concept of “bitcoin theft” — and therefore the notion of property distinct from possession.

The shift from bearer, to registered, to dematerialized, and back to bearer assets is like civilization going full circle, as the institution of property evolved from legal right (possession of property) to the registered form (technical ability to control) that predominates in developed countries today.

I don’t think that the shift from material to dematerialized assets implied the weakening of the concept of property. On the contrary, dematerialized assets became possible only after society invented the concept of property. In fact, dematerialized assets are simply the rights of property of other things, as recorded in some “official” registry recognized by the state, and only as long as those records are changed in ways admitted by the state.

Private blockchain keys are like the keys to a car, in the sense that the person who has the keys in hand can take possession of the car. But the keys do not define the property of the car, which is determined by car documents and records issued and kept by the state.

Complementing the analogy: the blockchain protocol is therefore not the analog of the car ownership documents and records, but more like the door lock mechanism: a blind device that will only give possession of the car to whoever has the proper key, and thus usually makes theft more difficult; but it does not define property. In fact, the door lock sometimes may even hamper the restitution of the car to its rightful owner. And replacement of the door lock (analog of moving bitcoins to another address), by the owner or by a thieff, has no effect on the car’s ownership.

A bit further down from that section:

by building a blockchain tree (called a “parent”) [ … ] These blockchain trees are simultaneously built and elongated by each machine based on previously known validated trees, an ever growing blockchain.

There may be some confusion here perhaps. A Merkle tree is a very general concept: it is a set of data records (or “blocks”), where each record contains, among other information, a cryptographic signature of the contents of some other record, its “parent”. These signatures tie the records in such a way that, if one wants to change the contents of one record, one must recompute all the signatures contained in all the records that are downstream of it. It is called a “tree” because a record may be the parent of two or more other records, thus a fork of the tree.

The Bitcoin blockchain is a special case of a Merkle tree. It forks only “accidentally”, and when it does one of the branches of the fork is usually very short, quickly dies, and becomes completely irrelevant. Thus it is a basically a linear chain (a Merkle chain) or records, rather than a bushy tree.

There have been proposals to change the Bitcoin protocol to use a “bushy” Merkle tree instead of a linear chain. That would make some operations much faster and less wasteful of bandwidth and memory. However, there is so much software out there which depends on the current structure, that such a radical change is highly unlikely to be implemented.

Bushy Merkle trees have been proposed also for other uses, e.g. as a way for exchanges and similar places to demonstrate that they have all the bitcoins that they are supposed to have. But those uses are not part of the Bitcoin protocol.

The blockchain only forks when (1) some bug is found in the protocol, that requires discarding all blocks since the first bad block, and replacing them with a new set of blocks, starting at that point, re-processing all transactions again if possible. Or, (2) when two miners succeed in mining the block N+1 nearly at the same time, and each broadcasts his version of that block without seeing (or acknowledging) the other. Then all the miners may choose either version as the parent for their block N+2. Thus the two branches may grow independently for a while, but at some point one of them will get defintely longer, and then all miners will have to continue extending that branch. At that point the shortest branch will become irrelevant and the blockchain will again become a linear chain.

So, maybe you want to avoid mentioning Merkle trees at this point, and pretend that the blockchain is just a chain that grows orderly, one block at a time. Those accidental branchings are relevant later, for the discussion of double spending and other possible faults/attacks.

Further down:

By January 2014, the computational power of the network reached 200 petaflops, roughly 800 times the collective power of the top 500 supercomputers on the globe.25

Perhaps it would be better to say something like:

“The proof-of-work computation essentially consists of performing a large number of relatively expensive operations, called ‘hashes’. The computing power of the Bitcoin network (or of any Bitcoin mining equipment) is therefore measured in ‘hashes per second’ (H/s). By January 2014, the computational power of the network reached 200 petahashes (200’000 trillion hashes) per second. By comparison, the top 500 supercomputers in the world could perform only about 120 trillion floating-point operations per second (teraflops).”

This too is somewhat garbled:

To prevent forging or double-spending by a rogue mining system, these systems are continually communicating with each other over the internet and whichever machine has the longest tree of blocks is considered the valid one through pre-defined “consensus.” That is to say, all mining machines have or will obtain (through peer-to-peer communication) a copy of the longest chain and any other shorter chain is ignored as invalid and thus discarded

I would just write something like:

“The computers that comprise the Bitcoin network are constantly communicating in peer-to-peer fashion, sharing their known versions of the blockchain and checking each other’s work. The nodes strive to reach a consensus — which is defined as the longest version of the blockchain where each block contains only valid transactions and the correct signature of the previous block. Any side branches that are not part of the longest chain are ignored (and their blocks are called ‘orphans’).

As of this writing, the height of the longest chain has just over 311,000 blocks.

Rather: “As of this writing, the length (or, in bitcoin jargon, the ‘height’) of the consensus chain was over 311,000 blocks.

Send to Kindle

Are there changes in the volume of retail transactions through Bitpay this past year?

A couple days ago I noted that because Bitpay reuses its addresses, it is possible to monitor them and that there hasn’t been much of a growth since May (the last time they announced numbers).

Today a redditor posted some visual analysis and explanation of these same Bitpay addresses.  [Note: I’ve reached out to the user and will update this post if they provide any other information.]  Below is their analysis:

2014-12-04-bitpay-2013-01-01--2014-11-30-num-day

The green line on this graph shows the number of payments per day into the presumed (see below) receiving address of BitPay, from 2013-01-01 to 2014-11-3. Note that the vertical axis uses log scale. The number was about 1000–1500 per day through most of 2014, with a strong weekly pattern. The spike at the right end is Black Friday; there were about 3200 inputs, i.e. about 2x to 3x as many as in a typical day.

2014-12-04-bitpay-2013-01-01--2014-11-30-btc-day

The green line on this graph shows the number of BTC deposited each day into that wallet. This graph is rather strange since the number is practically constant since January 2013, about 500–1000 BTC/day, and shows no weekly pattern. And no Black Friday spike either.

What happens is that there are two kinds of inputs to that wallet, which I will call “retail” and “wholesale” (although I have no idea what the latter are, really). The wholesale inputs are large (often hundreds of BTC) and have been regular in amount since 2013-01. The “retail” ones are much smaller (mostly under 10 BTC, many under 1 BTC), much more numerous, and have increased about 3x from mid-2013 to mid-2014. Hence the first graph above is dominated by the retail inputs, while the second graph basically shows the wholesale ones.

The data for these plots comes from these pages that are claimed to show all transactions into the BitPay receiving wallet since it was created. However, the addresses that make up that “wallet” were inferred from the blockchain by an undisclosed heuristic that is supposed to identify addresses belonging to the same owner.

My guess is that the heuristic simply assumes that two addresses that are inputs to the same transaction must belong to the same owner (since one needs both private keys to sign the transaction) and assigns them to the same “wallet”. If my guess is correct, the heuristic may fail to include in the “Bitpay.com wallet” some addresses that belong to BitPay but were never used together with the identified ones.

However, the volume of BTC that went into that heuristic “wallet” during May/2014 seems to match what BitPay said to process per day in that month (assuming that they picked the best day of May); so it seems that the heuristic wallet is fairly close to the real one.

Updated with more from the same user:

  • BitPay now processes about 1000-1500 “retail” payments per day, averaging less than 1 BTC each;
  • The number of retail transactions processed by BitPay has grown 3x since mid-2013, and has been flat through most of 2014;
  • The amount of BTC processed by BitPay (including “retail” and “wholesale” payments) has been quite constant since Jan/2013, about 500-1000 BTC/day
  • In terms of dollar value, the amount processed by BitPay (including “retail” and “wholesale” payments) has increased a lot from 2013 to 2014, but has fallen 50% or more since February, as the BTC price fell.
  • Black Friday had a modest effect (2x to 3x) on the number of “retail” payments, but had no effect on the total BTC/day (which is dominated by the “wholesale” payments).
Send to Kindle