Non-technical Corda whitepaper released

Earlier today our architecture team released its first public whitepaper on Corda.

The WSJ covered it here and here.

Consequently I am somewhat puzzled by news stories that still refer to a “blockchain” as “Bitcoin technology.”  After all, we don’t refer to combustion engines in cars as “horse-powered technology” or an airplane turbine engine as “bird-powered technology.”

A more accurate phrase would be to say something like, “a blockchain is a type of data structure popularized by cryptocurrencies such as Bitcoin and Ethereum.”  After all, chronologically someone prior to Satoshi could have assembled the pieces of a blockchain into a blockchain and used it for different purposes than censorship-resistant e-cash.  In fact, both Guardtime and Z/Yen Group claim to have done so pre-2008, and neither involves ‘proof-of-work.’

Fun fact: Corda is not a blockchain, but is instead a distributed ledger.

Send to Kindle

Code is not law

This past Sunday I gave a new presentation at the Palo Alto Ethereum meetup — it was largely based on my previous two blog posts.

Note: all of the references and citations can be found within the notes section of the slides.  Also, I first used the term “anarchic chain” back in April 2015 based on a series of conversations with Robert Sams.  See p. 27.

Special thanks to Ian Grigg for his constructive feedback.

Slides:

Video:

Send to Kindle

Archy and Anarchic Chains

[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]

Yesterday, at block height 1920000, many elements of the Ethereum community coordinated a purposeful hardfork.

After several weeks of debate and just over a couple weeks of preparation, key stakeholders in the community — namely miners and exchanges — attempted to create a smooth transition from Ethereum Prime (sometimes referred to as Ethereum Classic) into Ethereum Core (Ethereum One).1

Users of exchange services such as Kraken were notified of the fork and are now being allowed to withdraw ETH to Ethereum Core, which many miners and exchanges now claim as “mainnet.”

Was the hardfork a success?  To answer that question depends on which parallel universe (or chain) you resided on.  And it also depends on the list of criteria for what “failure” or “success” are measured by.

For instance, if you ended up with ETH on the “unsupported” fork (Classic), who was financially responsible for this and who could attempt to file a lawsuit to rectify any loses?

Maybe no one.  Why?  Because public blockchains intentionally lack terms of service, EULA, and service level agreements, therefore it is difficult to say who is legally liable for mistakes or loses.

For instance, if financial instruments from a bank were sent to miners during the transition phase and are no longer accessible because the instruments were sent to the “unsupported” chain, who is to blame and bears responsibility?  Which party is supposed to provide compensation and restitution?

De facto versus de jure

This whole hardfork exercise visualizes a number of issues that this blog has articulated in the past.

Perhaps the most controversial is that simply: there is no such thing as a de jure mainnet whilst using a public blockchain.  The best a cryptocurrency community could inherently achieve is a de facto mainnet.2

What does that mean?

Public blockchains such as Bitcoin and Ethereum, intentionally lack any ties into the traditional legal infrastructure.  The original designers made it a point to try and make public blockchains extraterritorial and sovereign to the physical world in which we live in.  In other words, public blockchains are anarchic.

As a consequence, lacking ties into legal infrastructure, there is no recognized external authority that can legitimately claim which fork of Bitcoin or Ethereum is the ‘One True Chain.’  Rather it is through the proof-of-work process (or perhaps proof-of-stake in the future) that attempts to attest to which chain is supposed to be the de facto chain.3

However, even in this world there is a debate as to whether or not it is the longest chain or the chain with the most work done, that is determines which chain is the legitimate chain and which are the apostates.4 5

And this is where, fundamentally, it becomes difficult for regulated institutions to use a public blockchain for transferring regulated data and regulated financial instruments.

For instance, in March 2013 an accidental, unintended fork occurred on what many participants claimed as the Bitcoin mainnet.

To rectify this situation, over roughly four hours, operators of large mining pools, developers, and several exchanges met on IRC to coordinate and choose which chain they would support and which would be discarded.  This was effectively, at the time, the largest fork-by-social-consensus attempted (e.g., proof-of-nym-on-IRC).

There were winners and losers.  The losers included: OKPay, a payment processor, lost several thousand dollars and BTC Guild, a large mining pool who had expended real capital, mined some of the now discarded blocks.

In the Bitcoin world, this type of coordination event is slowly happening again with the never ending block size debate.

One team, Bitcoin Classic, is a small group of developers that supports a hardfork to relatively, quickly increase the block size from 1 MB to 2 MB and higher.  Another group, dubbed Bitcoin Core, prefers a slower role out of code over a period of years that includes changes that would eventually increase the block size (e.g., segwit). 6

Yet as it lacks a formal governance structure, neither side has de jure legitimacy but instead relies on the court of public opinion to make their case.  This is typically done by lobbying well-known figureheads on social media as well as mining pools directly.  Thus, it is a bit ironic that a system purposefully designed for pseudonymous interactions in which participants were assumed to be Byzantine and unknown, instead now relies on known, gated, and trusted individuals and companies to operate.

Note: if the developers and miners did have de jure legitimacy, it could open up a new can of worms around FinCEN administrative requirements. 7  Furthermore, the miners are always the most important stakeholders in a proof-of-work system, if they were not, no one would host events just for them.

arthur twitter pow

Source: Twitter

Ledgers

With this backstory it is increasingly clear that, in the legal sense, public blockchains are not actual distributed ledgers.  Distributed, yes; ledgers, no.

As Robert Sams articulates:8

I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.

That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology!9 Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.

With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!

This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.

I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.

As I have discussed previously, public blockchains intentionally lack hooks into off-chain legal identification systems.

Why?  Because as Sams noted above: a KYC’ed public blockchain is effectively an oxymoron.  Arguably it is self-defeating to link and tie all of the participants of the validation (mining) process and asset transfer process (users) to legal identities and gate them from using (or not using) the network services.  All you have created is a massively expensive permissioned-on-permissionless platform.

But that irony probably won’t stop projects and organizations from creating a Kimberely Process for cryptocurrencies.

I cannot speak on behalf of the plethora of “private chain” or “private ledger” projects (most of which are just ill-conceived forks of cryptocurrencies), but we know from public comments that some regulators and market structures might only recognize blockchains and distributed ledgers that comply with laws (such as domestic KYC / AML regulations) by tying into the traditional legal infrastructure.10 This means tying together off-chain legal identities with on-chain addresses and activity.

Why?

There are multiple reasons, but partly due to the need to reduce settlement risks: to create definitive legal settlement finality and identifying the participants involved in that process.11

Finality

As illustrated with the purposeful Ethereum One hardfork and the accidental Bitcoin fork in 2013, public blockchains by design, can only provide probabilistic settlement finality.

Sure, the data inside the blocks itself is immutable, but the ordering and who does the ordering of the blocks is not.

What does this mean?  Recall that for both Ethereum and Bitcoin, information (usually just private keys) are hashed multiple times by a SHA algorithm making the information effectively immutable.12 It is unlikely given the length of time our star is expected to live, that this hash function can be reversed by a non-quantum computer.

However, blocks can and will be reorganized, they are not immutable.  Public blockchains are secured by social and economic consensus, not by math.

As a consequence, there are some fundamental problems with any fork on public blockchains: they may actually increase risks to the traditional settlement process.  And coupled with the lack of hooks for off-chain identity means that public blockchains — anarchic blockchains — are not well-suited or fit-for-purpose for regulated financial institutions.

After all, who is financially, contractually, and legally responsible for the consequences of a softfork or hardfork on a public blockchain?

  • If it is no one, then it might not be used by regulated organizations because they need to work with participants who can be held legally accountable for actions (or inactions).
  • If it is someone specifically (e.g., a doxxed individual) then you have removed the means of pseudonymous consensus to create censorship resistance.

In other words, public blockchains, contrary to the claims of social media, are not “law” because they do not actually tie into the legal infrastructure which they were purposefully designed to skirt.  By attempting to integrate the two worlds — by creating a KYC’ed public blockchain — you end up creating a strange hydra that lacks the utility of pseudonymity (and censorship resistance) yet maintains the expensive and redundant proof-of-work process.

These types of forks also open up the door for future forks: what is the criteria for forking or not in the future?  Who is allowed and responsible to make those decisions?  If another instance like the successful attack and counter-attack on The DAO takes place, will the community decide to fork again?  If 2 MB blocks are seen as inadequate, who bears the legal and financial responsibility of a new fork that supports larger (or smaller) blocks?  If any regulated institution lose assets or funds in this forking process, who bears responsibility?  Members of IRC rooms?

If the answers are caveat emptor, then that level of risk may not be desirable to many market participants.

Conclusions

Who are you going to sue when something doesn’t go according to plan?  In the case of The DAO, the attacker allegedly threatened to sue participants acting against his interests because he claimed: code is law.  Does he have legal standing?  At this time it is unclear what court would have accepted his lawsuit.

But irrespective of courts, it is unclear how smart contract code, built and executed on an anarchic platform, can be considered “legal.”  It appears to be a self-contradiction.

As a consequence, the fundamental need to tie contract code with legal prose is one of the key motivations behind how Richard Brown’s team in London approached Corda’s design.  If you cannot tie your code, chain, or ledger into the legal system, then it might be an unauthoritative ledger from the perspective of courts.13

And regulated institutions can’t simply just ignore regulations as they face real quantifiable consequences for doing so.  To paraphrase George Fogg, that’s akin to putting your head in the sand.

We continue to learn from the public blockchain world, such as the consequences of forks, and the industry as a whole should try to incorporate these lessons into their systems — especially if they want anyone of weight to use them.  Anarchic blockchains will continue to co-exist with their distributed ledger cousins but this dovetails into a conversation about “regtech,” which is a topic of another post.

Endnotes

  1. Rejecting Today’s Hard Fork, the Ethereum Classic Project Continues on the Original Chain: Here’s Why from Bitcoin Magazine []
  2. This doesn’t mean that regulators and/or financial institutions won’t use public blockchains for various activities; perhaps some of them will be comfortable after quantifying the potential risks associated with them. []
  3. Ethereum developers plan to transition Ethereum from proof-of-work to proof-of-stake within the next year. []
  4. See Arthur Breitman’s interview on Epicenter Bitcoin and Mike Hearn’s interview on Money & Tech []
  5. Philosophically when Bob connects to “The Bitcoin Network” — how does Bob know he is actually connected to the “real” Bitcoin network?  One method is to look at the block header: it should take a specific amount of time to recreate the hash with that proof-of-work. This proves which network has the most work done.  However, in the meantime, Bob might connect to other ‘pretenders’ claiming to be “The Bitcoin Network.”  At this time, there does not appear to be any legal recognition of a specific anarchic chain. []
  6. The Bitcoin Core fork, which is euphemistically called a softfork, is basically a hardfork spread over a long period of time. []
  7. See Section 3.4 []
  8. Personal correspondence: March 9, 2016 []
  9. See Blockchain Finance by Robert Sams []
  10. This is not to say that regulators, governments, and various market participants will not use public blockchains for other activity. []
  11. See Section 3.1 []
  12. For proof-of-work mining, Ethereum uses ethash instead of SHA256.  For hashing itself, Ethereum uses SHA-3 which is part of the Keccak family (some people use the terms interchangeably but that isn’t technically correct). []
  13. See Section 9 []
Send to Kindle

What’s the deal with DAOs?

[Disclaimer: I do not own any cryptocurrencies nor have I participated in any DAO crowdfunding.]

This post will look at the difference between a decentralized autonomous organization (DAO) and a project called The DAO.

Brief explanation

The wikipedia entry on DAOs is not very helpful.  However, Chapters 2 through 5 may be of some use (although it is dated information).

In terms of the uber hyped blockchain world, at its most basic kernel, a DAO is a bit of code — sometimes called a “smart contract” (a wretched name) — that enables a multitude of parties including other DAOs to send cryptographically verifiable instructions (such as a digitally signed vote) in order to execute the terms and conditions of the cloud-based code in a manner that is difficult to censor.

One way to think of a simple DAO: it is an automated escrow agent that lives on a decentralized cloud where it can only distribute funds (e.g., issue a dividend, disperse payroll) upon on receiving or even not receiving a digital signal that a task has been completed or is incomplete.

For instance, let us assume that a small non-profit aid organization whose staff primarily work in economically and politically unstable regions with strict capital controls, set up a DAO — an escrow agent — on a decentralized cloud to distribute payroll each month.

This cloud-based escrow agent was coded such that it would only distribute the funds once a threshold of digital signatures had signed an on-chain contract — not just by staff members — but also from independent on-the-ground individuals who observed that the staff members were indeed doing their job.  Some might call these independent observers as oracles, but that is a topic for a different post.1

Once enough signatures had been used to sign an on-chain contract, the escrow agent would automatically release the funds to the appropriate individuals (or rather, to a public address that an individual controls via private key).  The terms in which the agent operated could also be amended with a predetermined number of votes, just like corporate board’s and shareholder’s vote to change charters and contracts today.

The purported utility that decentralization brings to this situation is that it makes censoring transactions by third parties more difficult than if the funds flowed through a centralized rail.  There are trade-offs to these logistics but that is beyond the scope of this post.

The reason the DAO acronym includes the “organization” part is that the end-goal by its promoters is for it to provide services beyond these simple escrow characteristics such as handling most if not all administrative tasks such as hiring and firing.

Watch out Zenefits, the cryptocurrency world is going to eat your lunch!  Oh wait.

A short history

It is really easy to get caught up in the euphoria of a shiny new toy.  And the original goal of a DAO sounds like something out of science fiction —  but these undertones probably do it a disservice.

Prior to 2014 there had been several small discussions around the topic of autonomous “agents” as it related to Bitcoin.

For instance, in August 2013, Mike Hearn gave a presentation at Turing Festival (see above), describing what was effectively a series of decentralized agents that operated logistical companies such as an autonomous car service.

Several months later, Vitalik Buterin published the Ethereum white paper which dove into the details of how to build a network — in this case a public blockchain — which natively supported code that could perform complex on-chain tasks: or what he dubbed as a decentralized autonomous organization.

Timing

The impetus and timing for this post is based on an ongoing crowdsale / crowdfunding activity for the confusingly named “The DAO” that has drawn a lot of media attention.

Over the past year, a group of developers, some of whom are affiliated with the Ethereum Foundation and others affiliated with a company called Slock.it have created what is marketed as the first living and breathing DAO on the Ethereum network.

The organizers kicked off a month long token sale and at the time of this writing just over 10 million ether (the native currency of the Ethereum blockchain) — or approximately 13% of all mined ether — has been sent to The DAO.  This is roughly equivalent to over $100 million based on the current market price of ether (ETH).

In return for sending ether to The DAO, users receive an asset called a DAO Token which can be used in the future to vote on projects that The DAO wants to fund.2 It is a process that Swarm failed at doing.

An investment fund or a Kickstarter project?

I would argue that, while from a technical standpoint it is possible to successfully set up a DAO in the manner that The DAO team did, that there really isn’t much utility to do so in an environment in which censorship or the theft of funds by third parties will probably not occur.

That is to say, just as I have argued before that permissioned-on-permissionless is a shortsighted idea, The DAO as it is currently set up, is probably a solution to a problem that no one really has.3

Or in short, if you “invested” in The DAO crowdsale thinking you’re going to make money back from the projects via dividends, you might be better off investing in Disney dollars.

Why?

Putting aside securities regulations and regulators such as the SEC for a moment, most of the crowdsale “investors” probably don’t realize that:

  1. crowdfunding in general has a checkered track record of return-on-investment4
  2. crowdfunding in the cryptocurrency world almost always relies on the future appreciation of token prices in order to break-even and not through the actual creation of new features or tools (e.g., see Mastercoin/Omni which effectively flopped)
  3. that the funds, when dispersed to Slock.it and other “products,” could take years, if ever to return a dividend

Why would this pool of capital provide any better expected return-on-investment than others?

Or as Nick Zeeb explained to me:

My sense about The DAO is that it’s a fascinating experiment that I do not want to be part of. I also do not think that a committee of over 1,000 strangers will make wise investment decisions. Most good investment decisions are taken by courageous individuals in my opinion. Anything that can get past a big committee will probably not be the next Google. Imagine this pitch: “Hi I’m Larry and this is Sergey and we want to build the world’s 35th search engine.”

While it probably wasn’t the 35th search engine, tor those unfamiliar with the history of Google, Larry Page and Sergey Brin are the co-founders who created a search engine in what was then though a very crowded market.

So why the excitement?

I think part of it is quite simply: if you own a bunch of ether, there really isn’t much you can do with it right now.  This is a problem that plagues the entire cryptocurrency ecosystem.

Despite all the back-patting at conferences, the market is already filled with lots of different tokens. There is a glut of tokens which do not currently provide many useful things that you couldn’t already do with existing cash systems.5

Part of it also is that most probably think they will some become rich quick through dividends, but that probably won’t happen anytime soon, if at all.

With The DAO, only the development teams of projects that are voted and approved by The DAO (e.g., the thousands of users with DAO Tokens), will see any short term gains through a steady paycheck.  And it is only after they build, ship and sell a product that the original investors may begin seeing some kind of return.

Or in other words: over the past several weeks, the pooling of capital has taken place for The DAO.  In the future there will be various votes as to where that capital goes.  Shortly thereafter, some capital is deployed and later KPI’s will be assessed in order to determine whether or not funding should continue.  All the while some type of profit is sought and dividend returned.

Why, I asked another friend, would this pool of capital offer any better risk adjusted return-on-investment than other asset classes?

In his view:

The return might be high but so is the risk. Always adjust for risk. I think The DAO is better compared to a distributed venture capital firm. Whether that’s better or worse I don’t know — I mean you have the crowd deciding on investments. Or more realistically: nerds who know how to obtain ether (ETH) get to decide on investments.

Does that make them better VCs? Probably not. However, The DAO can decide to hire people with actual credentials to manage and select the investments, admitting its own weakness which would then turn into a strength. I think this can go either way but given the regulator is not prepared for any of this it will probably not work out in the short term.

Does the ‘design-by-giant-nerd-committee’ process work?

Over the past year we have already seen the thousands, probably tens-of-thousands of man-hours dropped into the gravity well that is known as the “block size debate.”  In which hundreds of passionate developers have seemingly argued non-stop on Slack, Twitter, reddit, IRC, conferences and so forth without really coming to an amicable decision any one group really likes.

So if block size-design-by-committee hasn’t worked out terribly well, will the thousands of investors in The DAO take to social media to influence and lobby one another in the future?  And if so, how productive is that versus alternative investment vehicles?

Redistributing the monetary base

Assuming Ethereum has an economy (which it probably doesn’t by most conventional measures), will The DAO create a deflationary effect on the Ethereum economy?

For instance, at its current rate, The DAO could absorb about 20% of the ether (ETH) monetary base.

Does that mean it permanently removes some of the monetary base?  Probably not.

For example, we know that there will be some disbursements to projects such as Slock.it, so there will be some liquidity from this on-chain entity.  And that future DAOs will spend their ether on expenses and development like a normal organization.

But we also know that there is a disconnect between what The DAO is, an investment fund, with what many people see it as: a large vault filled with gold laying in Challenger Deep that will somehow appreciate in value and they will be able to somehow extract that value.

Sure, we will all be able to observe that the funds exist at the bottom of the trench, but someone somewhere has to actually create value with the DAO Tokens and/or ether.

For the same reason that most incubators, accelerators and VC funds fail, that entrepreneur-reliant math doesn’t change for The DAO.  Not only does The DAO need to have a large volume of deal flow, but The DAO needs to attract legitimate projects that — as my friend point out above — have a better risk adjusted return-on-investment than other asset classes.

Will the return-on-investment of the DAO as an asset class be positive in the “early days”?  What happens when the operators and recipients of DAO funds eventually confront the problem of securities regulation?

So far, most of the proposals that appear to be geared up for funding are reminiscent to hype cycles we have all seen over the past couple of years.

Let’s build a product…

  • 2014: But with Bitcoin
  • 2015: But with Blockchain
  • 2016: But with DAO

Maybe the funds will not all be vaporized, but if a non-trivial amount of ETH ends up being held in this DAO or others, it could be the case that with sluggish deal flow, a large portion of the funds could remain inert.  And since this ether would not touching any financial flows; it would be equivalent to storing a large fraction of M0 in your basement safe, siloed off from liquid capital markets.

Ten observations

  1. Since the crowdsale / crowdfund began on April 30, the market price of ETH has increased ~30%; is that a coincidence or is there new demand being generated due to The DAO crowdsale?
  2. A small bug has been discovered in terms of the ETH to DAO Token conversion time table
  3. The DAO surpassed the Ethereum Foundation to become the largest single holder of ether (note: the linked article is already outdated)
  4. In terms of concentration of wealth: according to Etherscan, the top 50 DAO Token holders collectively “own” 38.49% of The DAO
  5. The top 500 DAO Token holders collectively “own” 71.39% of The DAO
  6. As of this writing there are over 15,000 entities (not necessarily individuals) that “own” some amount of a DAO Token
  7. Why is “own” in quotation marks? Because it is still unclear if controlling access to these private keys is the same thing as owning them.  See also: Watermarked Tokens as well as The Law of Bitcoin
  8. Gatecoin, which facilitated the crowdsale of both The DAO and DigixDAO was recently hacked and an estimated $2 million in bitcoins and ether were stolen
  9. Yesterday Gavin Wood, a co-founder of Ethereum, announced that he is stepping down as a “curator” for The DAO.  Curators, according to him, are effectively just individuals who identify whether someone is who they say they are — and have no other duties, responsibilities or authority.
  10. Three days ago, the Slock.it dev team — some of whom also worked on creating The DAO — did a live Q/A session that was videotaped and attempted to answer some difficult questions, like how many DAO Tokens they individually own.

Conclusion

About 17 months ago I put together a list of token crowdsales.  It would be interesting to revisit these at some point later this year to see what the return has been for those holders and how many failed.

For instance, there hasn’t really been any qualitative analysis of crowdsales or ICOs in beyond looking at price appreciation.6 What other utility was ultimately created with the issuance of say, factoids (Factom tokens) or REP (Augur tokens)?

Similarly, no one has really probed Bitcoin mining (and all POW mining) through the lens of a crowdsale on network security. Is every 10 minutes an ICO? After all, the scratch-off contest ties up capital seeking rents on seigniorage and in the long run, assuming a competitive market, that seigniorage is bid away to what Robert Sams has pointed out to where the marginal cost equals the marginal value of a token. So you end up with this relatively large capital base — divorced from the real world — that actually doesn’t produce goods or services beyond the need to be circularly protected via capital-intensive infrastructure.

Other questions to explore in the future include:

  • what are the benefits, if any, of using a centralized autonomous organization (CAO) versus decentralized autonomous organization (DAO) for regulated institutions?
  • how can a party or parties sue a decentralized autonomous organization? 7
  • what are the legal implications of conducting a 51% attack on a network with legally recognized DAOs residing on a public blockchain?8
  • will the continued concentration of ether and/or DAO Tokens create a 51% voting problem identified in the “Curator” section?

Still don’t fully understand what The DAO is?  Earlier this week CoinDesk published a pretty good overview of it.

[Special thanks to Raffael Danielli, Robert Sams and Nick Zeeb for their thoughts]

Endnotes

  1. Note: for the purposes of The DAO, “curators” are effectively identity oracles. []
  2. It appears that currently, once a quorum is achieved, a relatively small proportion of token holders can vote “yes” to a proposal to trigger a large payout. []
  3. The current line-up of goods and services are not based around solving for problems in which censorship is a threat, such as those facing an aid worker in a politically unstable region. []
  4. That is not to say that they all fail. In fact according to one statistic from Kickstarter, there was a 9% failure rate on its platform. Thus, it depends on the platform and what the reward is. []
  5. CoinGecko is tracking several hundred tokens. []
  6. ICO stands for “initial coin offering” — it is slight twist to the term IPO as it relates to securities. []
  7. An added wrinkle to identifying liable parties is: what happens when systems like Zcash launch? []
  8. This presupposes that a DAO will gain legal recognition and/or a public blockchain gains legal standing as an actual legal record. []
Send to Kindle

Self-doxxing, dynamic block making and re-decentralization of mining

There are currently two popular interrelated narratives on social media surrounding participation of the block making process on a public blockchain.  The stories are most pronounced within the Bitcoin community but are also reused by Litecoin, Ethereum and other cryptocurrencies too.

This includes the unchallenged statements that:

(1) anyone can still participate in block making, it is ungated and “permissionless”

(2) following a reward halving (“halvening”), networks become more decentralized because large, centralized farms and actors split apart due to economic pressures

This post looks at both of these and show that in practice neither is really true as of April 2016.

Named block makers

A year ago I reflected on some of the debate surrounding permissioned and permissionless blockchains.  Part of that post involved looking at how the mining market actually evolved in practice; not just based on the generalized claims made by enthusiasts at conferences.

For instance, based on block height below is a list of the first time a pool self-doxxed and signed a coinbase transaction, courtesy of Organ of Corti.  Only the first 50 are chronologically included:

Pool name                Block height                   Date
Eligius 130635 14-Jun-11
BitMinter 152246 7-Nov-11
BTC Guild 152700 10-Nov-11
Nmcbit.com 153343 15-Nov-11
YourBTC 154967 27-Nov-11
simplecoin.us 158291 20-Dec-11
Ass Penny Pool 161432 10-Jan-12
btcserv.net 163672 25-Jan-12
Slush 163970 27-Jan-12
BitLC 166462 12-Feb-12
pool.mkalinin.ru 170937 13-Mar-12
Bitclockers 173863 1-Apr-12
MaxBTC 174819 9-Apr-12
Triplemining 175144 11-Apr-12
CoinLab 180947 21-May-12
wizkid057 184148 12-Jun-12
Generated by General 194247 17-Aug-12
HHTT 197602 7-Sep-12
Ozcoin 207017 8-Nov-12
EclipseMC 208419 18-Nov-12
MTRed 219115 2-Feb-13
50BTC.com 219933 7-Feb-13
Bitparking 226272 17-Mar-13
Discus Fish 236494 17-May-13
ASICMiner 237050 20-May-13
ST Mining Corp 238456 29-May-13
Satoshi Systems 245445 8-Jul-13
GHash.IO 250205 5-Aug-13
175btc.com 253884 24-Aug-13
For Pierce and Paul 259214 21-Sep-13
Alydian5335 261051 1-Oct-13
Megabigpower 261530 4-Oct-13
GIVE-ME-COINS 267919 4-Nov-13
Polmine 282943 29-Jan-14
KoiSystems 285715 14-Feb-14
AntPool 286681 19-Feb-14
MMPool 294747 8-Apr-14
KNC Miner 300700 14-May-14
Bitfinex pool 306406 18-Jun-14
BitAffNet 309657 8-Jul-14
Bitfury 311333 18-Jul-14
Hashmine.io 313882 4-Aug-14
Solo.ckpool 319980 10-Sep-14
Kano.is 325306 14-Oct-14
BTCChina Pool 327211 27-Oct-14
Tangpool 339210 16-Jan-15
For Pyra 339547 19-Jan-15
BW Pool 341167 30-Jan-15
Huobi 341760 3-Feb-15
Dot pool 342104 6-Feb-15

Recall that even though it didn’t initially sign coinbase transactions, Slush began publicly operating at the end of November 2010.  Eligius was announced on April 27, 2011.  DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.

While many enthusiasts claim that “anyone can mine,” in practice, very few choose to for a number of reasons that will be discussed below.

But more to the point, the reason cryptocurrencies allegedly have a “permissionless” characteristic in the first place has to do exclusively with the fact that there is no administrative gating or vetting process for allowing actors on the network to participate in the block making process.  In 2009 there was no whitelist, blacklist, KYC or KYM (know your miner) process.

That is to say, those wanting to create a block did not need permission from a network administrator.1  That is the sole context of the term “permissionless.”

It is not related to developing other platforms that plug into the network.  It is not related to whether the network codebase is open source or not.  It is not related to being able to build software products that somehow utilize the network.  It is not related to being able to view or not view transactions.

Yet due to how the market evolved, today in 2016 while everyone is still paying for the high marginal costs to maintain a network designed for pseudonymous and anonymous interaction, few participants, specifically block makers, are actually capitalizing off of that utility.

For instance:

(1) Acquiring the necessary hardware to become a profitable miner invariably leaves a paper trail.  If instead you acquire the hardware on the second-hand market — in order to remain anonymous — you will still likely leave a paper trail with your legal identity in order to pay for the large energy bill and property taxes.  This is one of the reasons why miners in locations such as China do not publicize their fundraising activities or annual revenue: they don’t want to leave a paper trail to pay any extra taxes.2

(2) The other main mechanism for vetting miners now is through the use of data science itself.  Roughly 10 companies globally provide law enforcement, compliance teams and regulators access to relatively robust analytics tools to track provenance of bitcoins (or other cryptocurrencies) back to coin generation itself.  And in order to sell these mined bitcoins (e.g., to pay for the electricity and the mining hardware), nearly every bitcoin conversion to fiat marketplace now requires some compliance of local KYC and AML regulations.

While there are workarounds such as LocalBitcoins and SharedCoin, generally speaking the pseudonymous network itself in 2016 has largely become doxxed.  Yet the high costs of maintaining pseudonymity, via proof-of-work, still remain.

Hashrate distribution

Above is a pie chart that estimates the hashrate distribution among mining pools over the past 4 days (as of late April 2016).  The 10 largest pools collectively made 97% of the blocks during that time period.3

What about beyond 4 days?

Blocktrail

Source: Blocktrail

Above is the pool distribution of the past year based on coinbase data aggregated by Blocktrail.

The 10 largest pools collectively account for roughly 91.6% of all block making activity.  There is also a relatively long tail that includes roughly another 60 entities (some of whom do sign coinbase transactions) that represent the remaining 8.4% of all block making the past year.

Why do any actors sign transactions at all, after all, isn’t a core characteristic of a public blockchain pseudonymous consensus?  To my knowledge, no one has formally published a thorough explanation for the reasons why.  But one repeated rationale is that pools do so in order to prove to the miners (hashers) connected to the pool what the provenance of the block reward income is.

What does that mean?

For those who have never partaken in the mining process before, a quick history lesson: within the first two years of Bitcoin’s existence a division of labor arose in which block making became separated from hashing itself (e.g., generating proofs-of-work).

That is to say, the security of network security was outsourced to entities who create proofs-of-work and who are colloquially referred to as miners.4  Miners, in return for steady payouts of income, send their work to a pool operator who subsequently batches transactions together into blocks and pays workers based on a pre-arranged agreement (usually proportional, share-based).5

Today, if average Joe buys ASIC mining equipment, he typically does not connect them to his own pool but instead connects them to a pool run by Bob the devops professional.6  And how can Joe trust Bob not to shave off pennies from each share of work that Joe submits?

Block signing in theory provides some semblance of transparency: letting the hashers know if pool operators are skimming off the proceeds by not accurately reporting blocks found (e.g., income).

For instance, if a pool operator makes a block based off of the proof-of-work submitted by one of the hashers connected to a pool, such as Joe, but does not sign the coinbase, the pool operator can try to pretend that it didn’t win the block reward in the first place and therefore would not have to pay the workers (hashers).  This was allegedly more commonplace prior to 2013, before the advent of VC financed farms and pools.7 Now many of the medium and large hashing farm operators want to know the exact revenue number and hear good reasons for why some is missing or if the pool was just “unlucky.”8

Why doesn’t everyone become a block maker, after all, the process is billed as being “open” to all?

There are multiple reasons why, but the most important reason boils down to economics.  Dave Hudson has written about 10 different articles on the baked-in variance (inhomogenous Poisson process) that motivates individuals to continually pool  their mining effort versus solo mine.9 Spoiler alert: you are likely to be struck by lightning before you will ever create a block and reap a block reward by solo mining off of your laptop at home.

Other reasons for why few decide to become block-makers include: the added costs of providing DOS protection to your pool and the need to hire competent staff that can prevent and be on the lookout for problems like BGP hijacking which results in lost revenue.

This has not changed for multiple years and will likely not change for reasons discussed below.

Non-existent re-decentralization

With the upcoming Bitcoin block reward halving that is expected to take place in mid-July, there is a growing chorus of ‘hope’ that it will somehow lead to fewer large mining farms and pools.

This probably won’t occur for several simple reasons, namely due to economic incentives.

Recall that the major reasons why mining activity itself has gravitated to locations such as China isn’t due to conspiracy theories involving lizards but instead ancillary costs.

Specifically the following factors:

  • relatively low labor costs (e.g., professional hashing facilities need to be maintained by a workforce 24 x 7 and wages in China are lower than Russia and the US for this activity)
  • relatively low property costs (e.g., if you have good guanxi, you can utilize and own land at rates below those found in parts of Russia and the US)
  • lower energy costs; I and others have frequently written about this10
  • first-to-market with hardware; because a lot of the final assembly of hashing equipment takes place in southern China, in terms of logistics and transportation end-users have a lead-time advantage over other geographical regions
  • close personal connections with hardware manufacturers and fabrication plants in China and Taiwan; acquiring hardware for mining cryptocurrencies is just as relationship driven as other specialized non-commoditized industries.  Because medium and large miners know who the chip design teams are and what the ASIC roadmaps will be, they can stand in line at the front and acquire hardware before others.

What will happen after a block reward halving?

Just as oil producers with the highest marginal costs have been forced to exit the fracking market over the past couple of years, Bitcoin miners with the thinnest margins will likely exit the market immediately.

What this actually results in, at least the short run, is a more concentrated group of larger hashing farms and pools.

Why?

Because miners as a whole are effectively being given a 50% pay cut to provide the same utility as before.  And ceteris paribus, if Alice doesn’t currently have thick 50% margins, then she will likely exit the market.

In contrast, some of the most profitable miners in China and Republic of Georgia are now operating — even with the large difficulty rise over the past 6 months — with 50+% margins.  They may be squeezed, but they do not have to exit the market.

Basically, the less efficient players will be squeezed out and the more efficient players will remain.  Who is likely be be more efficient?  Larger farms in cheaper locations, or smaller pools made up of less sophisticated players with less capital?

But if the price of cryptocurrencies rise — in this case bitcoins — then won’t former miners come back into the market?

Maybe, but recall, we have seen this song and dance before and it is likely that the block reward halving is already factored into both the current market price and the hardware replacement cycle and as a result there probably will not be a doubling of the market price of bitcoins.  However, that is a topic for a different post.

Other public blockchains

What do mining pool distributions look like for other cryptocurrencies?

Above is the distribution of mining pools for Litecoin over the past day.  Interestingly, Coinotron — a pool I used when mining 3 years ago — currently represents 2.8% of the block making during that time frame.  Two years ago, in May 2014, it represented about 50%.

In August 2015, Litecoin underwent its first block reward halving.  Contrary to popular belief, its market price did not double.  In fact, nine months later the price of a litecoin measured in USD is just fifty cents higher than what it was pre-halving.11

Ethereum mining pool

Source: Etherchain

Above is the distribution of mining pools for Ethereum over the past day.

Interestingly Ethereum formally launched in August 2015 and has seen the same consistent pattern of 3-4 pools representing the majority of block making activity as other cryptocurrencies have witnessed.

In fact, Dwarfpool, despite its name, has flirted with the 50% threshold several times, most notably in March.  The Ethereum development team plans to transition the network from proof-of-work to proof-of-stake (Casper) later this year; it is unclear if the “staking” process will result in similar centralization.

Other cryptocurrencies continue to face similar pool centralization. This includes Namecoin which last year saw one pool, F2Pool provide more than 50% of the network hashrate for multiple months.  While it does not appear that F2Pool behaved maliciously, the fact that one block maker could potentially rewrite history by doing block reorgs motivated Onename to migrate away from Namecoin.

China

It is surprising that with the 60%+ hashrate located in China that there is scant detail in English about how that ecosystem works.  But there are reasons for this.

Recall that based on the current 25 BTC block reward, roughly $450 million in mining rewards has been divvied out over the past year to miners.  On paper that would mean that China-based miners received more than $270 million in revenue, which cements this industry as one of two that continually see large annual revenue flows (the second being exchanges themselves).

I contacted a mining operator in China that currently operates about 40 petahashes per second in equipment.  Note: miners use the abbreviated term ‘P’ and ‘PH’ to denote petahashes per second.

According to him:

“Our public hashing number is based on all our own hardware. This includes two facilities in western Sichuan plus a new Xinjiang site. All of these machines were originally S3’s from Bitmain but we have replaced them with S7’s.  We want to build larger operations than what we have today, but our goal is to maintain a specific percentage of the entire network.”

“Remember our electric rates changes from season to season: different time of year and that hydro power has problems in the winter because of less melt water which results in an energy price that is twice as the rate in the summer.”

“The land is basically free because it is in the mountains and no one is interested in buying property there. So all it takes is construction materials and labor. We hired 10 people last year. We intentionally hired more than we needed so we can build a team and send them places. Our front end operation probably only needs 4-5 people and we pay them $1,000 a month which is actually very competitive for that region.”

“We know a Chinese guy, Mr. LY.  He lives in Sichuan and was originally a hydroelectric operator but now owns his own hydro power station. He learned he could make more money mining than just running the station.”

“Why are people like us able to be competitive?  In Yunnan, Guizhou and Sichuan there was an overinvestment in hydropower last decade and now there is a surplus of electricity.12  Dam operators couldn’t sell the electricity generated so that’s where Bitcoin miners moved to. Also, in Liaoning, some people can free electricity because of the proximity to oil fields – they are given cheap electricity to local residents as compensation for confiscated land/polluting the environment — it is subsidized electricity.”

“No one really pays taxes because miners don’t generate something considered valuable. That’s to say from the perspective of taxpayer, miners don’t generate something of value, because the government doesn’t really recognize bitcoin. Bitcoin mining isn’t illegal, we still pay a small amount of taxes but it’s like running a company that doesn’t make money. Instead a miner just pays a small amount of taxes and all the profit is invisible to the law as it stands today.”

I also reached out to another mining operator based in southern China who explained that in practice, mining farms that produce 1 PH or more are usually not based in cities:

“Most of the time they are not in cities, more like in the middle of nowhere and it would be inaccurate to name towns.”

Instead he listed provinces where they are spread out including: Heilongjiang,Liaoning, Hebei, Sichuan, Tianjin, Anhui, Jiangsu, Ghuizhou, Inner Mongolia, Shanxi, Guangdong.  “Shenzhen for sure, there are testing facilities that are easily over 1P.”

What about ‘subprovincial’ locations?

“It is inaccurate to present information that way.  A lot of the time, the sites are between borders because it’s in the middle of nowhere.  And it normally spreads over lots of sites.  One place has nearly 200 sites crossing two provinces; a lot of small ones representing about 100KW of power each.  They are spread over several hundred kilometers; no economy of scale after a certain point.”

No service-level agreements

This type of self-doxxing, quasi-dynamic environment has led to another interesting phenomenon: ad hoc customer service via social media.

For example, two days ago, a user sent approximately 291.2409 bitcoins as a mining “fee.”13  A small pool called BitClub Network built the block that included this fee.  This fee is equivalent to about $136,000.

The community as a whole then began a crowdsourced investigation into who may have sent this fee and the motivations for doing so, with many believing it to be a mistake.  After all they reasoned, a typical “fee” that most mining pools require in order to be included in the next block is usually less than 25 cents on most days.

A user affiliated with BitClub has since publicly stated it would like to return the fee to the original entity that sent it, though it is unclear if he is speaking with any authority or if the whole thing was a ruse to begin with.

But, as I have argued before, this not only sets a bad precedent for miners as a whole due to a loss of revenue from the forthcoming ‘halvening,’ but the ability to contact a block maker sets a dangerous precedent for the core utility of the network: the disappearance of pseudonymous consensus.

Or as one redditor adroitly pointed out:

Or in other words, if block making was actually pseudoymous and decentralized, with 100+ unidentified pools creating blocks each day, it would be difficult if not impossible to locate and provide timely customer service to a user who made a mistake.

For instance, the most well-known block reorg occurred in March 2013 and it was only resolved when miners, including Slush and BTCGuild, contacted and coordinated with one another via IRC.  If the network was more decentralized and pseudonymous, this coordination would have been very difficult to do, and this was by design.

I pointed out this irony on Twitter earlier this week as well: that there are trade-offs with this approach and the downside of using a bearer asset-based system that had no service level agreement, no EULA, no terms of service results in a world in which users who make mistakes have to complain on social media and hope someone is charitable.

And this happens on a regular basis: earlier this month a user accidentally sent 13.65 bitcoins to the BTCC pool and used reddit as his customer service forum.

That type of friction is not what most consumers want.14  It is a poor user experience which has gradually led to the creation of ‘trusted’ intermediaries in this ecosystem which as described in previous posts, recreates the existing financial system but without the same level of oversight and financial controls.

The cryptocurrency community is learning the hard way why intermediaries exist, why SLAs exist, why legal identities are required for financial transactions, why consumer protection laws arose and so forth.  Pointing out these patterns is not malice or due to a lack of understanding of how cryptocurrencies work, but rather it serves as illustrations for why it has been hard to find real sustainable traction in the space.

How else is this visualized?

scaling bitcoin panel

Source: Jameson Lopp

This past December an event was held in Hong Kong called “Scaling Bitcoin.”

One of the sessions involved a panel comprised of the world’s largest mining farm and pool operators.

The individuals in the photo above allegedly represent about 90% of the network hashrate.

Thus, for all the hype around “trust anchors” tied into public blockchains such as Bitcoin, claims of decentralization and “trust-lessness” are empirically untrue.

In practice, due to centralization and identity leakage, the cost to successfully reorganize a block isn’t through a Maginot Line attack (e.g., via hashrate), but through cheaper out-of-band attacks, such as hosting events in which self-doxxed miners participate.  But that is also a topic for a different post.

Conclusion

16 months ago, Vitalik Buterin and others jokingly quipped that the trends towards centralization in Bitcoin mining (and other cryptocurrencies) resulted in a world where each coinbase transaction effectively arose from a multisig process.

To quote Buterin: “with Bitcoin, we’re paying $600 million a year on a 5-of-10 multisig.”

10 is roughly the amount of quasi-permanent block makers in a given day.  And $600 million was the amount of revenue that miners received at that time due to the higher market value of bitcoin.

In theory, anyone can turn on their computer and hope to become a block maker on a public blockchain — no one has to register with a “Blockchain Admin” because there is no admin.  However, in practice it requires a certain amount of technical knowledge and more importantly, capital, to profitably and sustainably operate a mining farm and pool.

And in order to scale this profitably, in practice, most miners at some point reveal their legal identities thereby negating the core characteristic of a public blockchain: pseudonymity.  How?  Miners, after having erected purpose-built facilities or to liquidate their holdings, may be required by external authorities to go through a gating / vetting process (such as KYC).

Ironically, a substantial increase in cryptocurrency prices may inevitably result in self-doxxing of all major farms. How?  As market prices increase, miners in turn expend more capital to increase their own hashrate to chase the seigniorage rents.

Because of the KYC requirements of utilizing resources like electricity at a hydroelectric dam and the subsequent identity leakage, this turns the block making process itself into a mostly known, permissioned activity.  Consequently, based on this past history, the term DMMS should probably be qualified with a “quasi” modifier in the front: QDMMS.

Similarly, while many enthusiasts have been led to believe a block reward halving will somehow re-decentralize the mining ecosystem, the fact of the matter is chip performance (as measured in hashrate efficiency) is only one factor in the total calculation that professional miners must account for.15

Furthermore, semiconductor engineering itself is effectively on a known, mature trajectory and which appears to be lacking any significant leaps in technological improvement.  The largest entities, such as Intel, see this relatively static path which is one of the reasons why they have formally abandoned their tick-tock roadmap and now plan to lay off 12,000 people.

In contrast, energy prices, land prices, labor costs and taxes are among other major components that professional mining operators look at as a whole and decide whether to stay in a market or not.  Even if there is some price increase after the halvening, home mining by amateurs outside of China will likely continue to remain unprofitable after July.

Thus a year from now the mining ecosystem will probably look a lot like it does today, with most farms and pools being self-doxxed and relatively centralized.16

[Special thanks to Antony Lewis for his constructive feedback]

Endnotes

  1. Censorship-resistance is an emergent property that arises from this design.  See also: Settlement Risks Involving Public Blockchains []
  2. There are other reasons too including not wanting to divulge any comparative advantage they might have that would incentivize new entrants to come into the market. []
  3. Note: it is believed that some large mining operators, such as Bitfury, may actually spread some of their hashers (workers) across multiple pools, in order to reduce their own pool percentage and thereby reduce the concerns over centralization.  This can only be proven with an on-site physical audit. []
  4. There has been research done on non-outsourceable block making. See Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions by Miller et. al. []
  5. Analysis of Bitcoin Pooled Mining Reward Systems by Meni Rosenfeld []
  6. Most of the pools in operation do not require documentation of equipment or legal identification of miners. []
  7. Note: technically speaking nothing is stopping mining pools from signing blocks and in fact, some do it for advertising purposes. []
  8. There is also a term-of-art called “luck” which Organ of Corti and others analyze on a regular basis. []
  9. Incidentally for those wanting access to the block-making superhighway, to reduce orphan rates, there exists a centralized service: Bitcoin Relay Network. []
  10. See also Appendix B and Section 2 []
  11. Note: Dogecoin began to merge mine with Litecoin in September 2014 and in terms of hashrate the two have moved in tandem with one another ever since. []
  12. China’s water hegemony in Asia from Livemint []
  13. Note: a fee implies something that is mandatory.  The discussion surrounding what is and is not a fee or how it should be calculated and applied is a contentious topic in the cryptocurrency community. []
  14. Cryptocurrencies are effectively designed ‘for cypherpunks by cypherpunks.’  While caveat emptor may be desirable to certain demographics, others prefer consumer protection which bearer-based systems do not have. []
  15. Note: in terms of efficiency, 28nm chips are usually in the range of 0.25-0.35 watts/(gh/s), while the newer 14nm or 16nm ones are more likely 0.12 watts/(gh/s) or less. []
  16. See also: Permissioned-on-permissionless []
Send to Kindle

What did bitcoin movements look like in 2015?

[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise.]

Last April, May and August I wrote three posts that attempted to look at the flow of funds: where bitcoins move to throughout the ecosystem.

Thanks to the team at Chainalysis we can now have a more granular view into specific  transfer corridors and movements (not necessarily holdings) between miners, exchanges, darknet markets, payment processors and coin mixers.

The first three charts are backwards looking.

Bitcoin PieAbove is a simplified, color coded version of a tool that Chainalysis provides to its customers such as compliance teams at exchanges.  The thickness of a band accurately represents the volume of that corridor, it is drawn to scale.

What is the method used to generate the plot?

The chord-plot shows all bitcoin transactions in 2015 traced down all the way back to a known entity. This means that the connection between the entities can be any number of hops away.

So for instance, for the exchanges it will include direct arbitrage, but also the modus operandi for bitcoin: individuals buying bitcoins at an exchange and then doing peer-to-peer transfers.  Again this can be any number of hops and then perhaps later end at an exchange again where someone is cashing out.

According to Chainalysis, by hiding all the intermediate steps we can begin to learn how most of the Bitcoin ecosystem is put together (e.g., can it be split into sub systems?, is there a dark and a lit economy?, and what is bitcoin actually used for?).

Legend:

  • Blue: virtual currency exchanges
  • Red: darknet markets
  • Pink: coin mixers
  • Green: mining pools
  • Yellow: payment processors

Altogether there are 14 major exchanges tracked in blue including (in alphabetical order): Bitfinex, Bitreserve (now Uphold), Bitstamp, BitVC (subsidiary of Huobi), BTCC (formerly BTC China), BTC-e, Circle, Coinbase (most), Huobi, itBit, Kraken, LocalBitcoins, OKCoin and Xapo.

The identity of 12 exchanges were removed with the exception of BTC-e and LocalBitcoins.

  • BTC-e was founded in July 2011 and is one of the oldest operating exchanges still around.  It does not require users to provide KYC documentation nor has it implemented AML processes.  This has made it an attractive exchange for those wanting to remain anonymous.
  • LocalBitcoins was founded in June 2012 and is a combination of Craigslist and Uber for bitcoin transfers.  It enables users to post trade requests on its site and provides escrow and reputation services for the facilitation of those trades.  Like BTC-e, it does not require users to provide KYC documentation nor has it implemented AML processes.  As a result it is a popular service for those wanting to trade bitcoins anonymously.

sharedcoinSharedCoin (depicted in pink above) is a product / service from Blockchain.info that allows users to mix their coins together with other users.  It is one of about a dozen services that attempt to — depending who you talk to — delink the history or provenance of a bitcoin.

agoraFounded in the spring of 2013, Agora (depicted in red above) was the largest known darknet market operating in 2015.

Forward Tracing

For each of the entities labeled on the charts below there is a ‘send to self’ characteristic which in fact are the UTXOs that originate from that entity and ends in unspent funds without first hitting another service.  So it can be both cold storage owned by the service or someone hoarding (“hodling”) coins using that service.

Interestingly enough, the deposits held at one VC-backed intermediary almost all stay cold.

forward looking localbitcoinsAbove is LocalBitcoins.

forward looking btceAbove is BTC-e.

forward looking sharedcoinAbove is SharedCoin.

Questions and Answers

I also spoke with the Chainalysis team about how their clustering algorithm worked.

Q: What about all the transactions that did not go between central parties and intermediaries?  For instance, if I used my wallet and sent you some bitcoins to your wallet, how much is that in terms of total activity?

A: The analysis above is intended to isolate sub-economies, not to see who is directly trading with who. The Chainalysis team previously did a Chord of that roughly a year ago which shows the all-time history (so early days will be overrepresented) and it was based only on one hop away transactions and normalized to what the team can ascribe to a known service.

The new chord above is different as it continues searching backwards until it locates an identified entity – this means it could have passed through an other either unidentified or less perfectly described service – but as it is same for everything and we have the law of large numbers it will still give a pretty accurate picture of what subeconomies exist.  It was made to identify if the Bitcoin network had a dark economy and a lit economy (e.g. if the same coins were moving in circles e.g. dark-market->btc-e->localbitcoin->dark-market and what amount of that loop would include the regulated markets too).

So, for example, the transfers going between the regulated exchanges, many will be multihop transfers, but they start and end in regulated exchanges and as such could be described as being part of the lit economy.

Q: What specific exchange activity can you actually identify?

A: It varies per service but Chainalysis (and others) have access to some “full wallets” from clients.  Also newer deposits are often not known so the balance in a wallet will be underestimated due to how the current algorithms work.

Further, some services require special attention and special analytics to be well represented due to their way of transacting – this includes some of the regional dark markets and Coinbase (due to how the company splits and pools deposits, see below).  By looking at all the known entities and how many addresses they contain as a percentage of all addresses ever used for bitcoin in all time, Chainalysis has significant coverage and these are responsible for more than half of all transactions ever happened.

Q: And what was the motivation behind building this?

A: The initial purpose of the plot was to identify subsystems and pain points in the ecosystem – the team was at first uncertain of the possibility that every Bitcoin user simply bought bitcoins from exchanges to buy drugs but that does not seem to be the case.  Most drug buyers use LocalBitcoins and sellers cash-in via mixers on LocalBitcoins or BTC-e (for the larger amounts).

Q: How large is SharedCoin and other mixers?

A: SharedCoin is currently around 8 million addresses and Bitcoin Fog is 200,000 addresses; they are the two largest.1

Additional analysis

Based on the charts above, what observations can be seen?

  • With a forward tracing graph we can see where all the unspent bitcoins come from (or are stored).  One observation is that intermediaries, in this case exchanges, are holding on to large quantities of deposits.  That is to say that many users (likely traders) — despite the quantifiable known risks of trusting exchanges — still prefer to store bitcoins on virtual currency exchanges.  Or to look at it another way: exchanges end up with many stagnant bitcoins and what this likely means is that users are buying lots of bitcoins from that exchange and not moving them and/or the exchange itself is holding a lot of bitcoins (perhaps collected via transaction fees or forfeited accounts).2

  • A lot of the activity between exchanges (as depicted in blue lines) is probably based on arbitrage.  Arbitrage means if Exchange A is selling bitcoins for a higher price than Exchange B, Alice will buy bitcoins on Exchange B and transfer them to Exchange A where they are sold for a profit.
  • Despite the amount of purported wash trading and internal bot trading that several Chinese exchanges are believed to operate, there is still a lot of on-chain flows into and out of Chinese-based exchanges, most likely due to arbitrage.
  • An unknown amount of users are using bitcoin for peer-to-peer transactions.  This may sound like a truism (after all, that’s what the whitepaper pitches in its title), but what this looks like above is that people go to exchanges to transfer fiat currencies for virtual currencies.  Then users, using the P2P mechanic of bitcoin (or other virtual currencies), transfer their coins to someone else.  We can see this by counting hops between the exchanges.

A potential caveat

Because of how certain architectures obfuscate transactions — such as Coinbase and others — it can be difficult for accurate external data analysis.  However with their latest clustering algorithm, Chainalysis’s coverage of Coinbase now extends to roughly the same size of the size of Mt. Gox at its height.3

Why can this be a challenge?  Coinbase’s current design can make it difficult for many data analytics efforts to clearly distinguish bitcoins moving between addresses.  For instance, when Bob deposits bitcoins into one Coinbase address he can withdraw the deposit from that same address up to a limit.  After about two bitcoins are withdrawn, Bob then automatically begins to draw out of a central depository pool making it harder to look at the flow granularly.

Other secondary information also makes it unclear how much activity takes place internally.  For instance, in a recent interview with Wired magazine, Coinbase provided the following information:

According to Coinbase, the Silicon Valley startup that operates digital bitcoin wallets for over 2.8 million people across the globe, about 20 percent of the transactions on its network involve payments or other tasks where bitcoin is used as a currency. The other 80 percent of those transactions are mere speculation, where bitcoin is traded as a commodity in search of a profit.

In a subsequent interview with New York Business Journal, Coinbase stated that it “has served 2.9 million people with $3 billion worth of bitcoin transactions.”

It is unclear at this time if all of those transactions are just an aggregation of trades taking place via the custodial wallet or if it also includes the spot exchange it launched last January.

Future research

Publishing cumulative bitcoin balances and the number of addresses for different entities such as exchanges could help compliance teams and researchers better understand the flows between specific exchanges.  For instance, a chart that shows what percentage of the 15 million existing bitcoins everyone holds at a given moment over different time intervals.

This leads to the second area: rebittance, a portmanteau of remittance and bitcoin.  Last year it was supposed to be the “killer app” for cryptocurrencies but has failed to materialize due in part, to some of the reasons outlined by Save on Send.4 Further research could help identify how much of the flows between exchanges and the peer-to-peer economy is related to cross-border value transfer as it relates to rebittance activity.

And as the market for data analysis grows in this market — which now includes multiple competitors including Coinalytics, Blockseer, Elliptic and Scorechain — it may be worth revisiting other topics that we have looked at before including payment processors, long-chains and darknet markets and see how their clustering algorithms and coverage are comparable.

Conclusions

For compliance teams it appears that the continued flow between illicit corridors (darknet markets) is largely contingent on liquidity from two specific exchanges: BTC-e and LocalBitcoins.  In addition, coin mixing is still a popular activity: from this general birds-eye view it appears as if half of the known mixing is directly related to darknet market activity and the motivation behind the other half is unknown.

Based on the information above other economic activity is still dwarfed by arbitrage and peer-to-peer transactions. And lastly, based on current estimates it appears that several million bitcoins are being stored on the intermediaries above.

[Note: special thanks to Michael Gronager and the Chainalysis team for their assistance and feedback on this post.]

  1. There are many regional smaller projects in, for example, smaller European countries whose flows may be underrepresented as they are less known in part because they do not use commonly used languages. However most are likely a part of the long tail of coin distribution. []
  2. There is a spectrum of intermediaries in which bitcoins are stagnant (or active).  For instance, in an interview last May, Wences Casares, founder and CEO of Xapo stated:

    Still, Casares indicated that Xapo’s customers are most often using its accounts primarily for storage and security. He noted that many of its clientele have “never made a bitcoin payment”, meaning its holdings are primarily long-term bets of high net-worth customers and family offices.

    “Ninety-six percent of the coins that we hold in custody are in the hands of people who are keeping those coins as an investment,” Casares continued. []

  3. See also The missing MtGox bitcoins from WizSec []
  4. There are notable exceptions that have gained regional traction including: BitX, Coins.ph and Align Commerce. []
Send to Kindle

Anchor’s aweigh

One comment I have noticed continually re-appear on social media over the last couple months is roughly the following:

If you’re building a new blockchain you should regularly take a hash of the network state and “anchor” it (write it) into another blockchain, for redundancy purposes.

This “anchor” idea has appeared in public material from BitFury, Factom, Tierion, Gil Luria and now 21inc (a VC-backed botnet operator).

Part of the current popularity in the anchoring meme is that some cryptocurrency enthusiasts and Bitcoin maximalists in particular want other non-cryptocurrency distributed ledgers to rely on existing cryptocurrency networks — networks that some enthusiasts own tokens to and hope that price appreciation will take place in the event that the network is used.

Ignoring the hypothetical monetary incentives, let’s assume that writing/storing network states externally is useful and it is the goal of every blockchain designers such as Bob and Alice.  Are other blockchains the only relevantly secure places that all blockchain designers should look at using?

Probably not.

For instance, if the goal is to publish a hash of a state in a media that is difficult to censor and widespread enough to retrieve over time, then there are several “old school” newspapers and magazines that can be used for such purposes (which is what Guardtime does).

For instance:

  • There are half a dozen Japanese newspapers that each have over 2 million in circulation.
  • In the UK, both The Sun and Daily Mirror have a circulation of over 1.5 million
  • Similarly, in the US, there are three companies: USA Today, The New York Times and The Wall Street Journal that also have a circulation of over 1.5 million

The question for the paranoid is, what is more likely: someone deliberately destroying and/or replacing 1.5 million newspapers which contain the hash of the network state, or someone knocking out 5,728 network nodes?

While “anchoring” the hash of state into other media may be useful, leaving it in just one blockchain — such as the Bitcoin blockchain — does not fully reduce the risk of a well-funded attacker trying to revise history.  Safety in this case comes in numbers and if it is redundancy Bob and Alice are looking for (and paranoid about), it may be worth it to publish hashes in multiple venues and media.

Similarly, if sustainability is a key concern then public goods such as cryptocurrencies have a question mark on them as well. Why?  Because there are over 100 dead altcoins now.  Convincing users — and more importantly miners — to maintain a network when it is no longer profitable to do so is an uphill challenge.1

Lastly, a well designed network (or distributed ledger in this case) that is robust and mature should not necessarily rely on “anchoring” at all.  But this dovetails into a different conversation about how to design a secure network, a topic for another post.  Either way, hash-storage-as-service, is probably not the next big trillion dollar idea for 2016.

  1. It’s a challenge for any public good, not just Bitcoin, that eventually relies solely on altruism and charity. []
Send to Kindle

The evolving distributed ledger tech landscape

Yesterday I gave an abbreviated presentation based on R3CEV research first publicly shown at the GaiaX – Blockchain University event “Blockchain Summit” held in Tokyo.

[Japanese translation 日本語]

Note: below are the citations and notes for several of the slides:

  • Slide 3: The companies in the red square boxes are some of the startups that are primarily trying to create non-cryptocurrency distributed ledgers. (Source: Startup Management)
  • Slide 6: CB Insights
  • Slide 7: CNN|Money
  • Slide 9: Twitter
  • Slide 10: CoinDesk Venture Capital aggregation
  • Slide 13: The great pivot or just this years froth? and NY Post estimate
  • Slide 15: Field of Dreams image in reference to the model that you build it first with the hope that customers come
  • Slide 19: One example of this euphemism is from Adam Draper (and a similar reference point on Twitter).  Each of these five companies has a couple product lines, one of which focuses on cryptocurrencies in a non-marginal manner.
  • Slide 21: This list could include a number of others including Tezos (DLS) and a handful of other startups including a couple in Japan
  • Slide 22: Aite Group
  • Slide 23: Collective head count for these companies is just under 100 and total funding raised (that is publicly announced) is around $10 million.  There are still more companies trying to build foundational layers (some proprietary, others open) than teams building applications on top.   Legend in parenthesis: E=Ethereum, R=Ripple, CP=Counterparty, OA=OpenAssets, TM=Tendermint
  • Slide 24: Most of the large non-bank financial institutions such as clearing houses and exchanges all have working groups focused on distributed ledger technology (e.g., CLS, SWIFT, LSEG, CME, Nasdaq, Deutsche Borse, DTCC).  The Linux Foundation project is in its formative stage.
Send to Kindle

Watermarked tokens and pseudonymity on public blockchains

As mentioned a couple weeks ago I have published a new research paper entitled: “Watermarked tokens and pseudonymity on public blockchains

In a nutshell: despite recent efforts to modify public blockchains such as Bitcoin to secure off-chain registered assets via colored coins and metacoins, due how they are designed, public blockchains are unable to provide secure legal settlement finality of off-chain assets for regulated institutions trading in global financial markets.

The initial idea behind this topic started about 18 months ago with conversations from Robert Sams, Jonathan Levin and several others that culminated into an article.

The issue surrounding top-heaviness (as described in the original article) is of particular importance today as watermarked token platforms — if widely adopted — may create new systemic risks due to a distortion of block reorg / double-spending incentives.  And because of how increasingly popular watermarked projects have recently become it seemed useful to revisit the topic in depth.

What is the takeaway for organizations looking to use watermarked tokens?

The security specifications and transaction validation process on networks such as the Bitcoin blockchain, via proof-of-work, were devised to protect unknown and untrusted participants that trade and interact in a specific environment.

Banks and other institutions trading financial products do so with known and trusted entities and operate within the existing settlement framework of global financial markets, with highly complex and rigorous regulations and obligations.  This environment has different security assumptions, goals and tradeoffs that are in some cases opposite to the designs assumptions of public blockchains.

Due to their probabilistic nature, platforms built on top of public blockchains cannot provide definitive settlement finality of off-chain assets. By design they are not able to control products other than the endogenous cryptocurrencies they were designed to support.  There may be other types of solutions, such as newer shared ledger technology that could provide legal settlement finality, but that is a topic for another paper.

This is a very important issue that has been seemingly glossed over despite millions of VC funding into companies attempting to (re)leverage public blockchains.  Hopefully this paper will help spur additional research into the security of watermarking-related initiatives.

I would like to thank Christian Decker, at ETH Zurich, for providing helpful feedback — I believe he is the only academic to actually mention that there may be challenges related to colored coins in a peer-reviewed paper.  I would like to thank Ernie Teo, at SKBI, for creating the game theory model related to the hold-up problem.  I would like to thank Arthur Breitman and his wife Kathleen for providing clarity to this topic.  Many thanks to Ayoub Naciri, Antony Lewis, Vitalik Buterin, Mike Hearn, Ian Grigg and Dave Hudson for also taking the time to discuss some of the top-heavy challenges that watermarking creates.  Thanks to the attorneys that looked over portions of the paper including (but not limited to) Jacob Farber, Ryan Straus, Amor Sexton and Peter Jensen-Haxel; as well as additional legal advice from Juan Llanos and Jared Marx.  Lastly, many thanks for the team at R3 including Jo Lang, Todd McDonald, Raja Ramachandran and Richard Brown for providing constructive feedback.

Watermarked Tokens and Pseudonymity on Public Blockchains

Send to Kindle

Creative angles of attacking proof-of-work blockchains

[Note: the following views were originally included in a new paper but needed to be removed for space and flow considerations]

While most academic literature has thus far narrowly focused under the assumption that proof-of-work miners such as those used in Bitcoin will behave according to a “goodwill” expectation, as explored in this paper, there may be incentives that creative attackers could look to exploit.

Is there another way of framing this issue as it relates to watermarked tokens such as colored coins and metacoins?

Below are comments from several thought-leaders working within the industry.

According to John Light, co-founder of Bitseed:1

When it comes to cryptocurrency, as with any other situation, an attacker has to balance the cost of attacking the network with the benefit of doing so. If an attacker spends the minimum amount required to 51% attack bitcoin, say $500 million, then the attacker needs to either be able to short $500 million or more worth of BTC for the attack to be worth it, or needs to double spend $500 million or more worth of BTC and receive some irreversible benefit and not get caught (or not have consequences for getting caught), all while taking into consideration the loss of future revenues from mining honestly. When you bring meta-coins into the equation, things get even murkier; the cost is less dependent on the price of bitcoin or future mining revenues, and depends more on the asset being attacked, whether it’s a stock sale or company merger that’s being prevented, or USD tokens being double-spent.

There’s no easy answer, but based on the economics of the situation, and depending on the asset in question, it doesn’t seem wise to put more value on chain than the market cap of BTC itself (as a rough benchmark – probably not that exact number, but something close to it).

Not a single study has been publicly published looking at this disproportionalism yet it is regularly touted at conferences and social media as a realistic, secure, legal possibility.

According to Vitalik Buterin, creator of Ethereum:2

There are actually two important points here from an economics perspective. The first is that when you are securing $1 billion on value on a system with a cryptoeconomic security margin that is very small, that opens the door to a number of financial attacks:

  1. Short the underlying asset on another exchange, then break the system
  2. Short or long some asset at ultrahigh leverage, essentially making a coin-flip bet with a huge amount of money that it will go 0.1% in one direction before the other. If the bet pays off, great. If it does not pay off, double spend.
  3. Join in and take up 60%+ of the hashrate without anyone noticing. Then, front-run everyone. Suppose that person A sends an order “I am willing to buy one unit of X for at most $31”, and person B sends an order “I am willing to sell one unit of X for at least $30”. As a front-runner, you would create an order “I am willing to sell one unit of X for at least $30.999” and “I am willing to buy one unit of X for at most $30.001”, get each order matched with the corresponding order, and earn $0.998 risk-free profit. There are also of course more exotic attacks.

In fact, I could see miners even without any attacks taking place front-running as many markets as they can; the ability to do this may well change the equilibrium market price of mining to the point where the system will, quite ironically, be “secure” without needing to pay high transaction fees or have an expensive underlying currency.

The second is that assets on a chain are in “competition” with each other: network security is a public good, and if that public good is paid for by inflation of one currency (which in my opinion, in a single-currency-chain environment, is economically optimal) then the other currencies will gain market share; if the protocol tries to tax all currencies, then someone will create a funky meta-protocol that “evades taxes by definition”: think colored coins where all demurrage is ignored by definition of the colored coin protocol. Hence, we’ll see chains secured by the combination of transaction fee revenue and miner front running.

Unsolved economics question: would it be a good thing or a bad thing if markets could secure themselves against miner frontruns? May be good because it makes exchanges more efficient, or bad because it removes a source of revenue and reduces chain security.

Cryptoeconomics is a nascent academic field studying the confluence of economics, cryptography, game theory and finance.3

Piotr Piasecki, a software developer and independent analyst explained:4

If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running – the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Alternatively, when they see there is a high market pressure coming in, especially in systems that are inefficient by design, they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.

Or in other words, because miners have the ability to order transactions in a block this creates an opportunity to front run. If publicly traded equities are tracked as a type of colored coin on a public blockchain, miners could order transaction in such a way as to put certain on-chain transactions, or trades in this case, to execute before others.

Robert Sams, co-founder of Clearmatics, previously looked at the bearer versus registered asset challenge:5

One of the arguments against the double-spend and 51% attacks is that it needs to incorporate the effect a successful attack would have on the exchange rate. As coloured coins represent claims to assets whose value will often have no connection to the exchange rate, it potentially strengthens the attack vector of focusing a double spend on some large-value colour. But then, I’ve always thought the whole double-spend thing could be reduced significantly if both legs of the exchange were represented on a single tx (buyer’s bitcoin and seller’s coloured coin).

The other issue concerns what colour really represents. The idea is that colour acts like a bearer asset, whoever possesses it owns it, just like bitcoin. But this raises the whole blacklisted coin question that you refer to in the paper. Is the issuer of colour (say, a company floating its equity on the blockchain) going to pay dividends to the holder of a coloured coin widely believed to have been acquired through a double-spend? With services like Coin Validation, you ruin fungibility of coins that way, so all coins need to be treated the same (easy to accomplish if, say, the zerocoin protocol were incorporated). But colour? The expectations are different here, I believe.

On a practical level, I just don’t see how pseudo-anonymous colour would ever represent anything more than fringe assets. A registry of real identities mapping to the public keys would need to be kept by someone. This is certainly the case if you ever wanted these assets to be recognised by current law.

But in a purely binary world where this is not the case, I would expect that colour issuers would “de-colour” coins it believed were acquired through double-spend, or maybe a single bitcoin-vs-colour tx would make that whole attack vector irrelevant anyway. In which case, we’re back to the question of what happens when the colour value of the blockchain greatly exceeds that of the bitcoin monetary base? Who knows, really depends on the details of the colour infrastructure. Could someone sell short the crypto equity market and launch a 51% attack? I guess, but then the attacker is left with a bunch of bitcoin whose value is…

The more interesting question for me is this: what happens to colour “ownership” when the network comes under 51% control? Without a registry mapping real identities to public keys, a pseudo-anonymous network of coloured assets on a network controlled by one guy is just junk, no longer represents anything (unless the 51% hasher is benevolent of course). Nobody can make a claim on the colour issuer’s assets. So perhaps this is the real attack vector: a bunch of issuers get together (say, they’re issuers of coloured coin bonds) to launch a 51% attack to extinguish their debts. If the value of that colour is much greater than cost of hashing 51% of the network, that attack vector seems to work.

On this point, Jonathan Levin, co-founder of Chainalysis previously explained that:6

We don’t know how much proof of work is enough for the existing system and building financially valuable layers on top does not contribute any economic incentives to secure the network further. These incentives are fixed in terms of Bitcoin – which may lead to an interesting result where people who are dependent on coloured coin implementations hoard bitcoins to attempt to and increase the price of Bitcoin and thus provide incentives to miners.

It should also be noted that the engineers and those promoting extensibility such as colored coins do not see the technology as being limited in this way. If all colored coins can represent is ‘fringe assets’ then the level of interest in them would be minimal.

Time will tell whether this is the case. Yet if Bob could decolor assets, in this scenario, an issuer of a colored coin has (inadvertently) granted itself the ability to delegitimize the bearer assets as easily as it created them. And arguably, decoloring does not offer Bob any added insurance that the coin has been fully redeemed, it is just an extra transaction at the end of the round trip to the issuer.

  1. Personal correspondence, August 10, 2015. Bitseed is a startup that builds plug-and-play full nodes for the Bitcoin network. []
  2. Personal correspondence, August 13, 2015. []
  3. See What is cryptoeconomics? and Formalizing Cryptoeconomics by Vlad Zamfir []
  4. Mining versus Consensus algorithms in Crypto 2.0 systems by Piotr Piasecki []
  5. As quoted in: Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
  6. This example originally comes from Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? by Tim Swanson; reused with permission. []
Send to Kindle

A few known Bitcoin mining farms

[Note: the following overview on known Bitcoin mining farms was originally included in a new paper but needed to be removed for space and flow considerations]

Several validators on the Bitcoin network, as well as many watermarked token issuers, are identifiable and known.1 What does this mean?  Many Bitcoin validators are drifting usage outside the pseudonymous context of the original network due to their use of specialty equipment that creates a paper trail.  In other words, pseudonymity has given way to real world identity.  Soon issuers of color will likely follow because they too have strong ties to the physical, off-chain world.

For instance, on August 4, 2015, block 368396 was mined by P2Pool. This is notable for two reasons.

The first is that the block included a transaction sent from Symbiont.io, a NYC-based startup building “middleware” that enables organizations and financial institutions to create and use ‘smart securities’ off-chain between multiple parties and have the resulting transaction hashed onto a blockchain, in this case, the Bitcoin blockchain.2

Several weeks later, Symbiont announced that it would begin using their “stack” to provide similar functionality on a permissioned ledger.3 This follows a similar move by T0.com – a wholly owned subsidiary of Overstock.com – which initially used Open Assets to issue a $5 million “cryptobond” onto the Bitcoin blockchain, but have subsequently switched to using a “blockchain-inspired” system designed by Peernova.456

The second reason this was notable is that the block above, 368396, included at least one transaction from Symbiont which was mined by a small pool called P2Pool.7 Unlike other pools discussed in this paper, P2Pool is not continually operated in a specific region or city.

It is decentralized in that all participants (hashers) must run their own full Bitcoin nodes which stand in contrast with pools such as F2Pool, KnC mining pool and BTCC (formerly called BTC China), where the pool operator alone runs the validating node and the labor force (hashers) simply search for a mid-state that fulfills the target difficulty.8

Due to this resource intensive requirement (running a full node requires more bandwidth and disk space than merely hashing itself), P2Pool is infrequently used and consequently comprises less than 1% of the current network hashrate.

P2Pool’s users are effectively pseudonymous. Due to the intended pseudonymity it is also unclear where the transaction fees and proceeds of hashing go. For instance, do the hashers comprising this pool benefit from the proceeds of illicit trade or reside in sanctioned countries or who to contact in the event there is a problem? And unlike in other pools, there is no customer service to call and find out.

Bitcoin’s – and P2Pool’s – lack of terms of service was intentionally done by design (i.e., caveat emptor). And in the event of a block reversal, censored transaction or a mere mistake by end-users, as noted above there is no contract, standard operating procedure or EULA that mining pools (validators) must adhere to. This is discussed in section 3.

This pseudonymous arrangement was the default method of mining in 2009 but has evolved over the years. For example, there are at least two known incidents in which a miner was contacted and returned fees upon request.

Launched in late summer of 2012 and during the era of transition from GPUs and FPGA mining, ASICMiner was one of the first publicly known companies to create its own independent ASIC mining hardware. Its team was led by “FriedCat,” a Chinese businessman, who custom designed and integrated ASIC chips called Block Eruptors, ASICMiner operated their own liquid immersion facility in Hong Kong.9

At its height, ASICMiner (which solo-mined similar to KnC and BitFury do today) reached over 10% of the network hashrate and its “shareholders” listed its stock on GLBSE (Global Bitcoin Stock Exchange), GLBSE is a now defunct virtual “stock market” that enabled bitcoin users to purchase, trade and acquire “shares” in a variety of listed companies.10 GLBSE is notable for having listed, among other projects, SatoshiDice which was later charged by the Securities and Exchange Commission (SEC) for offering unregistered securities to the public.1112

While unregistered stock exchanges catering to cryptocurrency users and China-based mining pools may be common sights today, on August 28, 2013, a bitcoin user sent a 200 bitcoin fee that was processed by ASICMiner.13 Based on then-market rates, this was approximately worth $23,518.14 The next day, for reasons that are unknown, ASICMiner allegedly sent the errant fee back to the original user.15 At the time, one theory proposed by Greg Maxwell (a Bitcoin Core developer) was that this fee was accidentally sent due to a bug with CoinJoin, a coin-mixing service.16

Liquid Bitcoin

Liquid cooled hashing equipment at ASICMiner in 2013. Source: Xiaogang Cao

The second notable incident involved BitGo, a multisig-as-a-service startup based in Palo Alto and AntPool, a large China-based pool (which currently represents about 15% of the network hashrate) operated by Bitmain which also manufacturers Antminer hardware that can be acquired directly from the company (in contrast to many manufacturers which no longer sell to the public-at-large). On April 25, 2015 a BitGo user, due to a software glitch, accidentally sent 85 bitcoins as a mining fee to AntPool. Based on then-market rates, this was worth approximately $19,197.17

The glitch occurred in BitGo’s legacy recovery tool which used an older version of a library that causes a 32-bit truncation of values and results in a truncation of outputs on the recovery transaction.18 To resolve this problem, the user “rtsn” spent several days publicly conversing with tech support (and the community) on Reddit.19

Eventually the glitch was fixed and Bitmain – to be viewed as a “good member of the community” yet defeating the purpose of a one-way-only, pseudonymous blockchain – sent the user back 85 bitcoins.

May Bitcoin Fee

Fee to Bitmain (Antpool) highlighted in red on Total Transaction Fee chart.  Source: Blockchain.info

On September 11, 2015 another user accidentally sent 4.6 bitcoins (worth $1,113) as a fee to a mining pool, which in this instance was AntPool.20 Bitmain, the parent company, once again returned the fee to the user.

Do we know about other farms?21

HaoBTC is a newly constructed medium-sized hashing farm located in Kangding, western Sichuan, near the Eastern border with Tibet.22 It currently costs around 1.5 million RMB per petahash (PH) – or $242,000 – to operate per year. This includes the infrastructure and miner equipment costs. It does not include the operating costs which consists of: electricity, labor, rent and taxes (the latter two are relatively negligible).

The facility itself cost between $600,000 – $700,000 to build (slightly less than the $1 million facility BitFury built in 2014 in the Republic of Georgia) and its electrical rate of 0.2 RMB per kWh comes from a nearby hydroelectric dam which has a 25,000 kW output (and cost around $10 million to construct).23

In dollar terms this is equivalent to around $0.03 / kWh (during the “wet” or “summer” season). For perspective, their electric bill in August 2015 came in at 1.4 million RMB (roughly $219,000); thus electricity is by far the largest operating cost component.

When all the other costs are accounted for, the average rises to approximately $0.045 per kWh. The electricity rate is slightly more expensive (0.4 RMB or $0.06) during winter due to less water from the mountains. The summer rate is roughly the same price as the Washington State-based hashing facilities which is the cheapest in the US (note: it bears mentioning that Washington State partly subsidizes hydroelectricity).

HaoBTC

HaoBTC staff installing hashing equipment. Source: Eric Mu

At this price per joule it would cost around $105 million to reproduce “work” generated by the 450 petahash Bitcoin blockchain. Due to a recent purchase of second-hand ASICMiner Tubes, HaoBTC currently generates just over 10 PH and they are looking to expand to 12 PH by the end of the year.24 The key figure that most miners are interested in is that at the current difficulty level it costs around $161 for HaoBTC’s farm to create a bitcoin, giving them a nearly 100% margin relative to the current market price.

The ASIC machines they – and the rest of the industry uses – are single use; this hashing equipment cannot run Excel or Google services, or even bitcoind. Thus common comparisons with university supercomputers is not an apples-to-apples comparison as ASIC hashing cannot do general purpose computing; ASIC hashing equipment can perform just one function.25

There is also a second-hand market for it. For instance, hashing facilities such as HaoBTC actively look to capitalize off their unique geographical advantages by using older, used hardware. And there is a niche group of individuals, wanting to remain anonymous, that will also purchase older equipment.26

Although individual buyers of new hashing equipment such as Bob, do typically have to identify themselves to some level, both Bob can also resell the hardware on the second-hand market without any documentation. Thus, some buyers wanting to buy hashing equipment anonymously can do so for a relative premium and typically through middlemen.2728

While Bitbank’s BW mining farm and pool have been in the news recently29, perhaps the most well-known live visual of mining facilities is the Motherboard story on a large Bitcoin mining farm in Dalian, Liaoning:30

Incidentally, while Motherboard actually looked at just one farm, the foreigner helping to translate for the film crew independently visited another farm in Inner Mongolia which during the past year Bitbank apparently acquired.31

Are there any other known facilities outside of China?32

Genesis Mining

Source: Business Insider / Genesis Mining

Genesis Mining is a cloudhashing service provider that purportedly has several facilities in Iceland.33 According to a recent news story the company is one of the largest users of energy on the island and ignoring all the other costs of production (aside from electricity), it costs about $60 to produce a bitcoin.34 However, when other costs are included (such as hardware and staffing) the margin declines to — according to the company — about 20% relative to the current bitcoin price. At the time of the story, the market price of a bitcoin was around $231.

The four illustrations above are among a couple dozen farms that generate the majority of the remaining hashrate.

What does this have to do with colored coins?

The network was originally designed in such a way that validators (block makers) were pseudonymous and identification by outside participants was unintended and difficult to do.  If users can now contact validators, known actors in scenic Sichuan, frigid Iceland or rustic Georgia, why not just use a distributed ledger system that already identifies validators from the get go?  What use is proof-of-work at all? Why bother with the rhetoric and marginal costs of pseudonymity?

The social pressure type of altruism noted above (e.g,. Bitmain and BitGo returning fees) actually could set a nebulous precedent: once block rewards are reduced and fees begin to represent a larger percentage of miner revenue, it will no longer be an “easy” decision to refund the user in the event there is a mistake.35 If Bitmain did not send a refund, this backup wallet error would serve as a powerful warning to future users to try and not make mistakes.

While there have been proposals to re-decentralize the hashing process, such as a consumer-device effort led by 21inc which amounts to creating a large corporate operated botnet, one trend that has remained constant is the continued centralization of mining (block making) itself.3637 The motivation for centralizing block making has and continues to be about one factor: variance in payouts.38 Investors in hashing prefer stable payouts over less stable payouts and the best way to do that with the current Poisson process is to pool capital (much like pooling capital in capital markets to reduce risk).

Whether or not these trends stay the same in the future are unknown, however it is likely that the ability to contact (or not contact) certain pools and farms will be an area of continued research.

Similarly one other potential drawback of piggy backing on top of a public blockchain that could be modeled in the future is the introduction of a fat tail risk due to the boundlessness of the price of the native token.39 In the case of price spikes even if for short time can create price distortions or liquidity problem on the off-chain asset introducing a correlation between the token and the asset that theoretically was not supposed to be there.

  1. For instance, the staff of Let’s Talk Bitcoin issues LTBCoin on a regular basis to listeners, content creators and commenters. []
  2. Wall Street, Meet Block 368396, the Future of Finance from Bloomberg []
  3. On August 20, 2015, Symbiont announced it is also building a permissioned ledger product. See also the second half of Bitcoin’s Noisy Size Debate Reaches a Hard Fork from The Wall Street Journal, Why Symbiont Believes Blockchain Securities Are Wall Street’s Future from CoinDesk and Why Symbiont Believes Blockchain securities are Wall Street’s Future []
  4. The CoinPrism page for the specific token that Overstock.com initially used for the “cryptobond” can be viewed here; similarly the file on the T0 domain that verifies its authenticity can be seen here. See also: World’s First Corporate “Cryptobond” was issued using Open Assets []
  5. Overstock CEO Uses Bitcoin Tech to Spill Wall Street Secret from Wired and Overstock.com and FNY Capital Conclude $5 Million Cryptobond Deal from Nasdaq []
  6. One reviewer likened the Overstock “cryptobond” proof of concept as a large wash trade: ”Basically it’s a cashless swap of paper and thus no currency settlement. And the paper has no covenants and thus very easy to digitally code. Basically Overstock is paying FNY a spread of 4% for doing this deal. And if the bond and loan are called simultaneously, say in the next month, that means that Overstock paid FNY about $16,667.00 to do this trade. And since there was no cash exchanged, I am presuming, then this is smoke and mirrors. But they actually did it. However, I don’t see much of a business model where the issuer of a bond has to simultaneously fund the investor with a loan to buy the bond and pay him 33 basis points to boot!” []
  7. P2Pool wiki and P2Pool github []
  8. See Target, How Bitcoin Hashing Works and On Mining by Vitalik Buterin []
  9. ASICMINER: Entering the Future of ASIC Mining by Inventing It from Bitcoin Talk, Mystery in Bitcoinland…. the disappearance of FriedCat from Bitcoin Reporter; Chinese Mining mogul FriedCat has stolen more than a million in AM hash SCAM from Bitcoin Talk and Visit of ASICMINER’s Immersion Cooling Mining Facility from Bitcoin Talk []
  10. See 12.2 Pool and network miner hashrate distributions from Organ of Corti and Bitcoin “Stock Markets” – It’s Time To Have A Chat from Bitcoin Money []
  11. See SEC Charges Bitcoin Entrepreneur With Offering Unregistered Securities from SEC and the Administrative Proceeding order []
  12. In (Rosenfeld 2012) the author noted that one of the risks for running an “alternative to traditional markets” – such as GLBSE – were the regulatory compliance hurdles. Overview of Colored Coins by Meni Rosenfeld, p. 4. []
  13. Block 254642 and Some poor person just paid a 200BTC transaction fee to ASICminer. []
  14. According to the Coindesk Bitcoin Price Index, the market price of a bitcoin on August 28, 2013 was approximately $117.59. []
  15. Included in block 254769 []
  16. A thread discussed this theory: Re: CoinJoin: Bitcoin privacy for the real world (someday!) []
  17. According to the Coindesk Bitcoin Price Index, the market price of a bitcoin on April 25, 2015 was approximately $225.85. []
  18. The user “vytah” debugged this issue in a reddit thread: Holy Satoshi! Butter pays 85Btc transaction fees for a 16Btc transaction. Is this the largest fee ever paid? []
  19. Help! Losing Over 85 BTC Because of BitGo’s Flawed Recovery Process! on Reddit []
  20. To AntMiner, miner of block #374082. I did an accidental 4.6 BTC fee. on Reddit []
  21. Readers may be interested in a little more history regarding self-identification by miners: Slush, the first known pool, began publicly operating at the end of November 2010 and was the first to publicly claim a block (97838).   Eligius was announced on April 27, 2011 and two months later signed the first coinbase transaction (130635).   DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in May 2011, more than 50% of the network hashrate. See Deepbit pool owner pulls in $112* an hour, controls 50% of network and DeepBit pool temporarily reaches critical 50% threshold from Bitcoin Miner and What has been the reaction to permissioned distributed ledgers? []
  22. This information comes from personal correspondence with Eric Mu, July 7, 2015 as well as two other public sources: Inside a Tibetan Bitcoin Mine: The Race for Cheap Energy from CoinTelegraph and Three months living in a multi-petahash BTC mine in Kangding, Sichuan, China from Bitcoin Talk []
  23. Last summer BitFury quickly built a relatively cheap data center in Georgia partly due to assistance from the national government. See BitFury Reveals New Details About $100 Million Bitcoin Mine from CoinDesk []
  24. Personal correspondence with Eric Mu, August 10, 2015 []
  25. One common talking point by some Bitcoin enthusiasts including venture capitalists is that Google’s computers, if repurposed for mining Bitcoin, would generate only 1-2% of the network hashrate – that the Bitcoin network is “faster” than all of Google’s data centers combined. This is misleading because these Bitcoin hashing machines cannot provide the same general purpose utility that Google’s systems can. In point of fact, the sole task that ASIC hashing equipment itself does is compute two SHA256 multiplications repeatedly. []
  26. Some academic literature refers to miners on the Bitcoin network as “anonymous participants.” In theory, Bitcoin mining can be anonymous however by default mining was originally a pseudonymous activity. Participants can attempt to remain relatively anonymous by using a variety of operational security methods or they can choose to identify (“doxx”) themselves as well. See The Bitcoin Backbone Protocol: Analysis and Applications by Garay et al. []
  27. Thanks to Anton Bolotinsky for this insight. []
  28. This is similar to the “second-hand” market for bitcoins too: bitcoins originally acquired via KYC’ed gateways sometimes end up on sites like LocalBitcoins.com (akin to “Uber for bitcoins”) – where the virtual currency is sold at a premium to those wanting to buy anonymously. []
  29. The Unknown Giant: A First Look Inside BW, One of China’s Oldest and Largest Miners from Bitcoin Magazine []
  30. Inside the Chinese Bitcoin Mine That’s Grossing $1.5M a Month from Motherboard []
  31. Jake Smith, the translator, also wrote a short story on it: Inside one of the World’s Largest Bitcoin Mines at The Coinsman []
  32. While it is beyond the scope of this paper, there are a couple of general reasons why medium-sized farms such as HaoBTC have been erected in China. Based upon conversations with professional miners in China one primary reason is that both the labor and land near energy generating facilities is relatively cheap compared with other parts of the world. Furthermore, energy itself is not necessarily cheaper, unless farms managers and operators have guanxi with local officials and power plant owners.   And even though it is common to assume that due to the capital controls imposed at a national level – citizens are limited to the equivalent of $50,000 in foreign exchange per year – there have been no public studies as to how much capital is converted for these specific purposes. There are other ways to avoid capital controls in China including art auctions and pawn shops on the border with Macau and Hong Kong. See also How China’s official bank card is used to smuggle money from Reuters and What Drives the Chinese Art Market? The Case of Elegant Bribery by Jia Guo See On Getting Paid From China. Is There Really A $50,000 Yearly Limit? from China Law Blog and Bitcoins: Made in China []
  33. Look inside the surreal world of an Icelandic bitcoin mine, where they literally make digital money from Business Insider []
  34. It is unclear how much hashrate they actually operate or control, a challenge that plagues the entire cloudhashing industry leading to accusations of fraud. []
  35. And this is also a fundamental problem with public goods, there are few mechanisms besides social pressure and arbitrary decision making to ration resources. As described in (Evans 2014), since miners are the sole labor force, they create the economic outputs (bitcoins) and security, it is unclear why they are under any expectation to return fees in a network purposefully designed to reduce direct interactions between participants. See Economic Aspects of Bitcoin and Other Decentralized Public-Ledger Currency Platforms by David Evans []
  36. See 21 Inc Confirms Plans for Mass Bitcoin Miner Distribution from CoinDesk and What impact have various investment pools had on Bitcoinland? []
  37. In 2014 the state of New Jersey sued a MIT student, Jeremy Rubin, for creating a web-based project that effectively does the same thing as the silicon-based version proposed by 21inc. See Case Against Controversial Student Bitcoin Project Comes to Close from CoinDesk. In addition, the FTC, in its case against Butterfly Labs also looked at BFL not informing customers properly regarding difficulty rating changes. According to the FTC’s new release on this case: “A company representative [BFL] said that the passage of time rendered some of their machines as effective as a “room heater.” The FTC charged that this cost the consumers potentially large sums of money, on top of the amount they had paid to purchase the computers, due to the nature of how Bitcoins are made available to the public.” []
  38. This issue was cited in the CryptoNote whitepaper as one motivation for creating a new network. On p. 2: “This permits us to conjecture the properties that must be satisfied by the proof-of-work pricing function. Such function must not enable a network participant to have a significant advantage over another participant; it requires a parity between common hardware and high cost of custom devices. From recent examples [8], we can see that the SHA-256 function used in the Bitcoin architecture does not possess this property as mining becomes more efficient on GPUs and ASIC devices when compared to high-end CPUs. Therefore, Bitcoin creates favourable conditions for a large gap between the voting power of participants as it violates the “one-CPU-one-vote” principle since GPU and ASIC owners possess a much larger voting power when compared with CPU owners. It is a classical example of the Pareto principle where 20% of a system’s participants control more than 80% of the votes.” []
  39. I would like to thank Ayoub Naciri for providing this example. []
Send to Kindle

A dissection of two Bitfury papers

BitFuryBitfury, the Bitcoin mining company, recently published two papers:

The underlying motivations for writing them was that Bitfury is trying to assure the world that public blockchains can still be used in “proprietary contexts.” While they provide a good frame for the issue, there are several leaps in logic, or direct contradictions to established theory that necessarily weaken their argument.

Below is my discussion of them. Note: as usual, this only represents my opinion and does not necessarily represent the views of the organizations that I advise or work for.

Overall I thought the two papers did not seem to have been reviewed by a wider audience including lawyers: specifically they should have sent them to commercial and securities lawyers to see if any legal issues should be considered. Much of their pitch basically amounts to mining for the sake of mining.

One final note: for additional commentary I also reached out to Dave Hudson who is proprietor of HashingIt and an expert as it relates to Bitcoin mining analysis.  He is unaffiliated with Bitfury.

Notes for Part 1:

On p. 2, Bitfury wrote the following statement:

The key design element of blockchains – embedded security – makes them different from ordinary horizontally scalable distributed databases such as MySQL Cluster, MongoDB and Apache HBase. Blockchain security makes it practically impossible to modify or delete entries from the database; furthermore, this kind of security is enforced not through the central authority (as it is possible with the aforementioned distributed databases), but rather through the blockchain protocol itself.

Is this a problematic summary?

According to Dave Hudson:

As a network protocol engineer of many years I tend to find the concept of a “blockchain protocol” somewhat odd. Here’s a link to definitions of “protocol.”

What do we mean by protocol here? It’s not actually a network protocol because there is no “blockchain protocol”, there are many different ones (each altcoin has its own and there are many more besides). At best the idea of a “blockchain protocol” is more a meta-protocol, in that we say there are some things that must be done in order for our data to have blockchain-like characteristics. It’s those characteristics that provide for non-repudiation.

Also on p. 2, Bitfury uses the term “blockchain-based ledger.”  I like that because, as several developers have pointed out in the past, the two concepts are not the same — distributed ledgers are not necessarily blockchains and vice versa.

On p. 4 and 5 they list several objections for why financial institutions are hesitant to use a public blockchain yet leave a couple noticeable ones off including the lack of a service level agreement / terms of service between end users and miners.  That is to say, in the event of a block reorg or 51% attack, who calls who?

On p. 7, I don’t think that censorship resistance can be generalized as a characteristic for “all blockchains.”

In Dave Hudson’s view:

Moreover, censorship resistance makes absolutely no sense in many instances. Who would be censoring what?

I’m actually not convinced that censorship resistance is actually a “thing” in Bitcoin either. Plenty of well-formed transactions can be censored by virtue of them being dust or having non-standard scripts. If anything the only thing that Bitcoin does is provide a set of conditions in which a transaction is probabilistically going to be mined into blocks in the network.

For those interested, there are a handful of “standard’ transaction types that are usually accepted by most mining pools.

On p. 11, I disagree with this statement:

If a blockchain database is completely opaque for clients (i.e., they have no access to blockchain data), the security aspect of blockchain technology is diminished. While such system is still protected from attacks on the database itself, interaction with clients becomes vulnerable, e.g. to man-in-the middle attacks. As a built-in protocol for transaction authorization is one of core aspects of blockchain technology, its potential subversion in favor of centralized solutions could negatively influence the security aspect of the system. Additionally, as transactions are accessible to a limited set of computers, there exists a risk of human factor intervening into the operation of the blockchain with no way for clients to detect such interference. Thus, the opaque blockchain design essentially undermines the core aspects of blockchain technology:
• decentralization (absence of a single point of failure in the system)
• trustlessness (reliance on algorithmically enforced rules to process transactions with no human interaction required).

I think trustlessness is a red herring that cypherpunks and Bitcoiners have been perpetually distracted by. It may be an end-goal that many would like to strive for but trust-minimization is a more realistic intermediate characteristic for those operating within the physical, real world.

Why? Because existing institutions and legal infrastructure are not going to disappear tomorrow just because a vocal group of cryptocurrency enthusiasts dislikes them.

According to Dave Hudson:

As with so many things-Bitcoin, I think this is an implementation necessity being seen as a innately desirable characteristic. Bitcoin requires “trustlessness” because it’s non-permissioned, yet in truth it totally relies on trust to work. We trust that Sybil attacks aren’t happening and that network service providers are not colluding to support such attacks. We trust that a large body of miners are not colluding to distort the system. We trust that changes to the software (or updates to compilers and operating systems) have not rendered old, non-recently-used keys are still able to support signing of transactions. We trust that Satoshi (and other large holders) will not drop 1M, or worse 10M coins onto exchanges crashing the price to a few cents per coin! There’s no “too big to fail” here!

In truth real-world people actually like to trust things. They want to trust that their national governments will ensure services work and that invaders are kept out. They want to trust that law enforcement, fire and medical services will keep them safe. I’m not sure that I like the idea of a trustless Police force?

What people do like is the ability to verify that the entities that they actually do trust are in fact doing what they should. Blockchain designs allow us to do just this.

That last statement in particular succinctly summarizes some of the motivations for financial institutions looking to use a shared ledger that is not the Bitcoin blockchain.

On p. 12, I disagree with this statement:

While the permissioned nature of blockchains for proprietary applications may be a necessary compromise in the medium term because of compliance and other factors, read access to blockchain data together with the publicly available blockchain protocol would remove most of vulnerabilities associated with opaque blockchain designs and would be more appealing to the clients of the institution(s) operating the blockchain. As evidenced by Bitcoin, simplified payment verification softwarecan be used to provide a direct interface to blockchain data that would be both secure and not resource intensive.

The reason I disagree with this statement is because the term “opaque” is loaded and ill-defined.

For instance, several groups within the Bitcoin ecosystem have spent the last several years trying to delink or obfuscate transaction history via zk-SNARKs, stealth addresses, mixing via Coinjoin and Coinshuffle and other methods. This type of activity is not addressed by Bitfury — will they process Bitcoin transactions that are obfuscated?

Granular permissions — who is allowed to see, read or write to a ledger — is a characteristic some of these same Bitcoin groups are not fans of but is a needed feature for financial institutions. Why? Because financial institutions cannot leak or expose personal identifiable information (PII) or trading patterns to the public.

Securely creating granular permissions is doable and would not necessarily reduce safety or transparency for compliance and regulatory bodies. Operating a non-public ledger is not the same thing as being “opaque.” While hobbyists on social media may not be able to look at nodes run by financial institutions, regulators and compliance teams can still have access to the data.

It also bears mentioning that another potential reason some public blockchains have and/or use a token is as an anti-spam mechanism (e.g., in Ripple and Stellar a minute amount is burnt).1

On p. 13, I disagree with this statement:

The problem is somewhat mitigated if the access to block headers of the chain is public and unrestricted; however, convincing tech-savvy clients and regulators that the network would be impervious to attacks could still be a difficult task, as colluding operators have the ability to effortlessly reorganize the arbitrary parts of the blockchain at any given moment. Thus, the above consensus protocol is secure only if there is no chance of collusion among blockchain operators (e.g., operators represent ideal parties with conflicting interests). Proof of work provides a means to ensure absence of collusion algorithmically, aligning with the overall spirit of blockchain technology.

This is untrue. People run pools, people run farms. Earlier this year Steve Waldman gave a whole presentation aptly named “Soylent Blockchains” because people are involved in them.

As we have seen empirically, pool and farm operators may have conflicting incentives and this could potentially lead to collusion. Bitcoin’s “algorithms” cannot prevent exogenous interactions.

On p. 14 I disagree with this statement:

There is still a fixed number of miners with known identities proved by digital signatures in block headers. Note that miners and transaction processors are not necessarily the same entities; in the case that mining is outsourced to trusted companies, block headers should include digital signatures both from a miner and one or more processing institutions.

Having a “trusted company” run a proof-of-work mining farm is self-defeating with respect to maintaining pseudonymity on an untrusted network (which were the assumptions of Bitcoin circa 2009). If all miners are “trusted” then you are now operating a very expensive trusted network. This also directly conflicts with the D in DMMS (dynamic-membership multi-party signature).

According to Dave Hudson:

If the signing is actually the important thing then we may as well say there’s a KYC requirement to play in the network and we can scale it all the way back to one modest x86 server at each (with the 1M x reduction in power consumption). Of course this would kill mining as a business.

On p. 14 I think the Bitfury proposal is also self-defeating:

The proposed protocol solves the problem with the potentially unlimited number of alternative chains. Maintaining multiple versions of a blockchain with proof of work costs resources: electricity and hashing equipment. The hashing power spent to create a blockchain and the hashing power of every miner can be reliably estimated based on difficulty target and period between created blocks; an auditor could compare these numbers with the amount of hashing equipment available to operators and make corresponding conclusions.

The authors go into detail later on but basically they explain what we can already do today: an outside observer can look at the block headers to see the difficulty and guess how much hashrate and therefore capital is being expended on the hash.

On p. 15 they present their proposal:

Consequently, $10 million yearly expenses on proof of work security (which is quite low compared to potential gains from utilizing blockchain technology, estimated at several billion dollars per year [54]) correspond to the hash rate of approximately 38 PHash / s, or a little less than 10% of the total hash rate of the Bitcoin network.

This is entirely unneeded. Banks do not need to spend $10 million to operate hardware or outsource operation of that hardware to some of its $100 million Georgia-based hydro-powered facilities.

According to Dave Hudson:

Precisely; banks can use a permissioned system that doesn’t need PoW. I think this also misses something else that’s really important: PoW is necessary in the single Bitcoin blockchain because the immutability characteristics are derived from the system itself, but if we change those starting assumptions then there are other approaches that can be taken.

In section 3.1 the authors spend some time discussing merged mining and colored coins but do not discuss the security challenges of operating in a public environment. In fact, they assume that issuing colored coins on a public blockchain is not only secure (it is not) but that it is legal (probably not either).2

On p. 16 they mention “transaction processors” which is a euphemism that Bitfury has been using for over a year now. They dislike being called a mining company preferring the phrase “transaction processors” yet their closed pool does not process any kind of transactions beyond the Bitcoin variety.

On page 17 they wrote:

[M]aintenance of the metachain could be outsourced to a trusted security provider without compromising confidential transaction details.

If taken to the logical extreme and all of the maintenance was “outsourced” to trusted security providers they would have created a very expensive trusted network. Yet in their scenario, financial institutions would have to trust a Republic of Georgia-based company that is not fully transparent.

Also on page 17 they start talking about “blockchain anchors.” This is not a new or novel idea.  As other developers have spoken about the past and Guardtime puts anchors into newspapers like The New York Times (e.g., publishes the actual hashes in a newspaper).  And, again, this could easily be done in other ways too. Why restrict anchoring to one location? This is Bitcoin maximalism at work again.

On p. 20 they wrote:

Bitcoin in particular could be appropriate for use in blockchain innovations as a supporting blockchain in merged mining or anchoring due to the following factors: • relatively small number of mining pools with established identities, which allows them to act as known transaction validators by cooperating with institutions

This is self-defeating for pseudonymous interactions (e.g., Bitcoin circa 2008). Proof-of-work was integrated to fight Sybil attacks. If there are only a few mining pools with established identities then there are no Sybil’s and you effectively have an extremely expensive trusted network.

Notes on Part 2:

On p. 3 they wrote:

If an institution wants to ensure that related Bitcoin transactions are mined by accredited miners, it may send transactions over a secure channel directly to these miners rather than broadcasting them over the network; accepting non-broadcast transactions into blocks is a valid behavior according to the Bitcoin protocol.

An “accredited miner” is a contradiction.

On p. 4 the first paragraph under section 1.3 was well written and seems accurate. But then it falls apart as they did not consult lawyers and financial service experts to find out how the current plumbing in the back-office works — and more importantly, why it works that way.

On p.4 they wrote:

First, the transfer of digital assets is not stored by the means of the Bitcoin protocol; the protocol is unaware of digital assets and can only recognize and verify the move of value measured in bitcoins. Systems integrating digital assets with the Bitcoin blockchain utilize various colored coin protocols to encode asset issuance and transfer (see Section 2.2 for more details). There is nothing preventing such a protocol to be more adapted to registered assets.

Yes there is in fact things preventing Bitcoin from being used to move registered assets, see “Watermarked tokens and pseudonymity on public blockchains.”  And their methods in Section 1.6 are non-starters.

Also on page 4 they wrote:

Second, multisignature schemes allow for the creation of limited trust in the Bitcoin environment, which can be beneficial when dealing with registered assets and in other related use cases. Whereas raw bitcoins are similar to cash, multisignature schemes act not unlike debit cards or debit bank accounts; the user still has a complete control of funds, and a multisignature service provides reputation and risk assessment services for transactions.

This is the same half-baked non-sense that Robert Sams rightly criticized in May. This is a centralized setup. Users are not gaining any advantage for using the Bitcoin network in this manner as one entity still controls access via identity/key.

On p. 5 they wrote:

One of the use cases of the 2-of-3 multisignature scheme is escrow involving a mediator trusted by both parties. A buyer purchasing certain goods locks his cryptocurrency funds with a multisignature lock, which requests two of the three signatures: the buyer’s, the seller’s, and the mediator’s.

This is only useful if it is an on-chain, native asset. Registered assets represent something off-chain, therefore Bitcoin as it exists today cannot control them.

On p. 6 they talk about transactions being final for an entire page without discussing why this is important from a legal perspective (e.g., why courts and institutions need to have finality). This paper ignores how settlement finality takes place in Europe or North America nor are regulatory systems just going to disappear in the coming months.

On page 7 they mention that:

To prevent this, a protocol could be modified to reject reorganizations lasting more than a specified number of blocks (as it is done in Nxt). However, this would make the Bitcoin protocol weakly subjective [21], introducing a social-driven security component into the Bitcoin ecosystem.

There is already a very publicly known, social-driven security component: the Bitcoin dev mailing list. We see this almost daily with the block-size debate. The statement above seems to ignore what actually happens in practice versus theory.

On p. 7 and 8 they write:

The security of the Bitcoin network in the case of economic equilibrium is determined by the rewards received by block miners and is therefore tied to the exchange rate of Bitcoin. Thus, creating high transaction throughput of expensive digital assets on the Bitcoin blockchain with the help of colored coin protocols has certain risks: it increases the potential gain from an attack on the network, while security of the network could remain roughly the same (as there are no specific fees for digital asset transactions; transaction fees for these transactions are still paid in bitcoins). The risk can be mitigated if Bitcoin fees for asset transactions would be consciously set high, either by senders or by a colored coins protocol itself, allowing Bitcoin miners to improve security of the network according to the value transferred both in bitcoins and in digital assets.

There is no way to enforce this increase in fee. How are “Bitcoin fees for asset transactions … consciously set high”? This is a question they never answer, (Rosenfeld 2012) did not answers it, no one does. It is just assumed that people will start paying higher fees to protect off-chain securities via Bitcoin miners.

There is no incentive to pay more and this leads to a hold-up problem described in the colored coin “game” from Ernie Teo.

On p. 8 they wrote:

As there is a relatively small number of Bitcoin mining pools, miners can act as known processors of Bitcoin transactions originating from institutions (e.g., due to compliance reasons). The cooperation with institutions could take the form of encrypted channels for Bitcoin transactions established between institutions and miners.

This is silly. If they are known and trusted, you have a trusted network that lacks a Sybil attacker. There is no need for proof-of-work mining equipment in such a scenario.

On p. 8 they wrote:

In the ideal case though, these transactions would be prioritized solely based on their transaction fees (i.e., in a same way all Bitcoin transactions are prioritized), which at the same time would constitute payments for the validation by a known entity. Thus, this form of transaction processing would align with the core assumption for Bitcoin miningthat miners are rational economic actors and try to maximize their profit.

It cannot be assumed that miners will all behave as “rational economic actors.” They will behave according to their own specific incentives and goals.

On p. 9 they wrote:

Additionally, partnerships between institutions and miners minimize risk in case transactions should not be made public before they are confirmed.

Registered and identifiable miners is the direct anti-thesis of pseudonymous interactions circa Bitcoin 2008. That type of partnership is a win-lose interaction.

On p. 10 they wrote:

One of the interesting financial applications of colored coins is Tether (tether.to), a service using colored coins to represent US dollars for fast money transfer. Several cryptocurrencies such as Nxt and BitShares support custom digital assets natively.

As it exists today, Tether.to is similar in nature to a Ripple gateway such as SnapSwap: both are centralized entities that are subject to multiple regulatory and compliance requirements (note: SnapSwap recently exited its USD gateway business and locked out US-based users from its BTC2Ripple business).

tether msb

According to FinCEN’s MSB Registrant Search Web page, Tether has a registration number (31000058542968) and one MSB.  While they have an AML/CTF program in place, it is unclear in its papers how Bitfury believes the Bitcoin network (which Tether utilizes) can enforce exogenous claims (e.g., claims on USD, euros, etc.).

Furthermore, there has been some recent research looking at how the Federal Reserve and the Bank of England could use distributed ledgers to issue digital currency.3

If a central bank does utilize some kind of distributed ledger for a digital currency they do not need proof-of-work mining or the Bitcoin network to securely operate and issue digital currency.

Ignoring this possible evolution, colored coins are still not a secure method for exogenous value transfers.

On page 10 they wrote:

Colored coins are more transparent for participants and auditors compared to permissioned blockchains

This is untrue and unproven. As Christopher Hitchens would say, what can be asserted without evidence can be dismissed without evidence.

On page 10 they wrote:

As colored coins operate on top of permissionless blockchains, systems using colored coins are inherently resistant to censorship – restrictions on transactions are fully specified by a colored coins protocol instead of being enforced by a certain entity

This is also untrue. This is a bit like trying to have their cake and eat it too.

On page 11 they have a diagram which states:

Figure 2: Using colored coins on top of the Bitcoin blockchain to implement asset transactions. For compliance, financial institutions may use secure communication channels with miners described in Section 2.1 to place asset transactions on the blockchain

Again this is self-defeating. As the saying goes: be careful what you wish for. If Bitfury’s proposal came true, their pool(s) could become payment service providers (PSP) and regulated by FinCEN.

On page 12 and 13 they wrote:

Bitcoin and other public permissionless blockchains could be a part of the interconnected financial environment similarly to how cash is a ubiquitous part of the banking system. More concretely, cryptocurrencies could be used as: • one of the means to buy and sell assets on permissioned blockchains • an instrument that enables relatively fast value transfer among permissioned blockchains • an agreed upon medium for clearing operations among blockchains maintained by various institutions (Fig. 4).

Bitcoins as a permanent store-of-value are effectively a non-starter as they lack any endogenous self-stabilizing mechanism.4

According to Dave Hudson:

The systemic risks here just make this idea farcical. The Internet is somewhat immune to this because there are technology providers all over the world who can independently choose to ignore things in regulatory domains that want to do “bad things”. There is no such safety net in a system that relies on International distributed consensus (the Internet has no such problem, although DNS is a little too centralized right now). Even if it could somehow be guaranteed that things can’t be changed, fixed coin supply means artificial scarcity problems are huge (think Goldfinger trying to irradiate the gold in Fort Knox) – you wouldn’t need a nuclear weapon, just a good piece of malware that could burn coins (if they’re not stolen then there’s no way to trace who stole them). There’s also the 1M coins dropped onto exchanges problem.

The discussion over elastic and inelastic money supplies is a topic for another post.

On page 15 they wrote:

If a blockchain is completely opaque for its end users (e.g., a blockchain-based banking system that still uses legacy communication interfaces such as credit cards), the trustless aspect of blockchains is substantially reduced. End users cannot even be sure that a blockchain system is indeed in use, much less to independently verify the correctness of blockchain data (as there is no access to data and no protocol rules to check against). Human factor remains a vulnerability in private blockchain designs as long as the state of the blockchain is not solely based on its protocol, which is enforced automatically with as little human intervention as possible. Interaction based on legacy user authentication interfaces would be a major source of vulnerabilities in the case of the opaque blockchain design; new interfaces based on public key cryptography could reduce the associated risk of attacks.

While mostly true, there are existing solutions to provide secure verification. It is not as if electronic commerce did not or could not occur before Bitcoin came into existence. Some private entities take operational security seriously too. For instance, Visa’s main processing facility has 42 firewalls and a moat.

On page 15 they wrote:

Proprietary nature of private blockchains makes them less accessible; open sourced and standardized blockchain implementations would form a more attractive environment for developers and innovations. In this sense, blockchains with a public protocol are similar to open Internet standards such as IP, TCP and HTTP, while proprietary blockchain designs could be similar to proprietary Internet protocols that did not gain much traction. A proprietary blockchain protocol could contain security vulnerabilities that remain undiscovered and exploited for a long time, while a standardized open blockchain protocol could be independently studied and audited. This is especially true for protocols of permissionless blockchains, as users have a direct economic incentive to discover vulnerabilities in the system in order to exploit them.

This is just scaremongering. While some of the “blockchain” startups out there do in fact plan to keep the lower layers proprietary, the general view in October 2015 is that whatever bottom layer(s) are created, will probably be open-sourced and an open-standard. Bitcoin doesn’t have a monopoly on being “open” in its developmental process.

On page 15 they wrote:

As the Bitcoin protocol has been extensively studied by cryptographers and scientists in the field, it could arguably form the basis for the standardized blockchain design.

This is untrue, it cannot be the backbone of a protocol as it is not neutral. In order to use the Bitcoin network, users are required to obtain what are effectively illiquid pre-paid gift cards (e.g., bitcoins). Furthermore, an attacker cannot collect “51%” of all TCP/IP packets and take over the “internet” whereas with Bitcoin there is a real “majoritarianism” problem due to how network security works.

A truly neutral protocol is needed and there have been at least two proposals.5

On page 15 they wrote:

The key design element of blockchains is “embedded economy” – a superset of embedded security and transaction validation. Each blockchain forms its own economic ecosystem; a centrally controlled blockchain is therefore a centrally controlled economy, with all that entails.

This is untrue. If we are going to use real-world analogies: Bitcoin’s network is not dynamic but rather disperses static rewards to its labor force (miners). It is, internally, a rigid economy and if it were to be accurately labeled, it is a command economy that relies on altruism and VC subsidies to stay afloat.6

On page 16 they wrote:

It is not clear how the blockchain would function in the case validators would become disinterested in its maintenance, or how it would recover in the case of a successful attack (cf. with permissionless blockchains, which offer the opportunity of self-organization).

The statement above is unusual in that it ignores how payment service providers (PSPs) currently operate.  Online commerce for the most part has and likely will continue to exist despite the needed maintenance and profit-motive of individual PSPs.  There are multiple motivations for continued maintenance of maintenance transfer agreements — this is not a new challenge.

While it is true that there will likely be dead networks in the futures (just like dead ISPs in the past), Bitcoin also suffers from a sustainability problem: it continually relies on altruism to be fixed and maintained and carries with it an enormous collective action burden which we see with the block-size debate.

There are over a hundred dead proof-of-work blockchains already, a number that will likely increase because they are all public goods that rely on external subsidies to exist. See Ray Dillinger’s “necronomicon” for a list of dead alt coins.

If Bitfury’s proposal for having a set of “fixed” miners arises, then it is questionable about how much self-organization could take place in a static environment surrounding a public good.

Conclusion

Despite the broad scope of the two papers from Bitfury neither was able to redress some of the most important defects that public blockchains have for securing off-chain assets:

  • how is legal settlement finality resolved
  • how to incentivize the security of layers (such as colored coins) which distort the mining process
  • how to enforce the security of merged mining which empirically becomes weaker over time

If Bitfury is truly attempting to move beyond merely processing Bitcoin transactions in its Georgian facilities, it needs to address what constraints and concerns financial institutions actually face and not just what the hobbyist community on social media thinks.

  1. See also: Needing a token to operate a distributed ledger is a red herring and A blockchain with emphasis on the “a” []
  2. See also: Can Bitcoin’s internal economy securely grow relative to its outputs? and Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? []
  3. This includes: Fedcoin—how banks can survive blockchains by Robin Winkler and Centrally Banked Cryptocurrencies by George Danezis and Sarah Meiklejohn []
  4. See Seigniorage Shares from Robert Sams []
  5. See: A Protocol for Interledger Payments by Stefan Thomas and Evan Schwartz and An architecture for the Internet of Money by Meher Roy []
  6. See also: Chapter 10 in The Anatomy of a Money-like Informational Commodity and Economic Aspects of Bitcoin and Other Decentralized Public-Ledger Currency Platforms by David Evans []
Send to Kindle

Integrating, Mining and Attacking: Analyzing the Colored Coin “Game”

[Note: Below is a guest post from Ernie Teo, a post-doctorate researcher at SKBI (where I am currently a visiting research fellow).  It is referenced in a new paper covering the distorted incentives for securing public blockchains.]

Integrating, Mining and Attacking: Analyzing the Colored Coin “Game”

By Ernie G. S. Teo, Sim Kee Boon Institute for Financial Economics,
Singapore Management University

The research in this post came about when Tim Swanson invited me to look at colored coin providers and their incentives from a game theory perspective. The results are based on a number of phone conversations with Tim; I would like to take the opportunity to thank Tim for his insights on the matter. For an introduction to what colored coins are, refer to Chapter 3 in Great Chain of Numbers.

The initial question Tim wanted to know was if colored coins can be identified will miners charge excessively high fees to include these transactions. The led to a discussion of the possibilities of the colored coin issuer becoming a miner; and of an attack on the network to take control of the colored assets.

The problem proved to be very interesting as there could be many implications on the success of the system given the potential costs and benefits. Entities or players within the “game” could strategically choose to sabotage themselves if the incentives were right. In this post, I will attempt to explain this using a “sequential game” format. I will explain the various stages where choices can be made and the players involved in each stage. This will be followed by an analysis of the various outcomes and the strategic choices of each party given the incentives involved.

Before we start, I would like to disclaim that the model that follows is a simplified version of the problem and helps us to think about the potential issues that could arise. They are based on various assumptions and in no way should the results be taken at face value.

Stage 1: Before the colored coin issuer (CCI) starts operations, we assume that they will consider if they will choose to become a miner (Assuming that they can include their own transactions into blocks if no one else would). The decision maker (or player) here is the CCI, the choices available are to integrate or to not integrate.

Stage 2a: When the CCI starts issuing colored coins, it would have to decide on the fees it would pay for the transaction. We assume that the CCI is a rational entity and will choose the optimal fees. However as there are two possibilities in stage 1, there will be 2 possible fees quoted; one for a CCI whom is also a miner (integrated) and another for a CCI whom is not a miner (non-integrated). The decision maker here is the CCI and the choice is the fee quoted.

Stage 2b: This is immediately followed by the miners deciding to include the transaction in the block or not. For simplicity’s sake, we assume that there is only one miner in this game (this can be the CCI). The decision maker here is the miner and the choice is to mine the transaction or not.

If the decision in Stage 2b is not to mine, the game ends (End 1).

Stage 3: We next assume that the miner can choose to fraudulently attack the system and transfers the colored coin to itself. The decision maker here is still the miner and the choice is to attack or not.

This gives us 2 alternative endings (End 2 and End 3). The game can be described by Figure 1.

Colored Coin Teo

Figure 1: The stages of the “game”

If we consider the game, there are only 2 decision makers or players: The CCI and the miner. Next, we consider what are the possible outcomes or payoffs for each possible ending described above. This is described in Figure 2 below, there are actually 6 possibilities as there are 2 types of CCIs, integrated and non-integrated. When there is integration, there is really only one player.

Colored Coin Teo 2

Figure 2: Payoffs of the game

Having setup the game and determined the payoffs, we analyze the possibilities of each outcome. This is subject to the comparative magnitude of each payoff. Let’s start with the non-integrated outcomes, there are 3 possibilities:

  1. Not Integrated. Mined. Attacked.
  2. Not Integrated. Mined. Not Attacked.
  3. Not Integrated. Not Mined.

An attack happens if M3>M2 (this will happen if the net benefit of the attack is positive).

If M3>M2, the transaction will be mined if M3>M1. This is because the miner expects the attack to take place, the miner will thus only mine the transaction if it the payoff from mining and attacking is better than not mining. Since we assumed that M1=0, M3 will be always larger than M1. Thus When M3>M2, mining always takes place and an attack happens.

If M2>M3, the attack will not happen (this would indicate that the net benefits of the attack is negative). The transaction will be mined if M2>M1 or if the transaction fees are positive.

The transaction will not be mined if M1≥M2. Since M2 (the transaction fee) has to be at least zero, if M2=0, the transaction will not be mined.

To summarize, there are 3 scenarios:

  1. M3>M2≥M1: The transaction is mined and an attack takes place. The CCI gets CC3NI.
  2. M2>M3 and M2>M1: The transaction is mined and an attack will not take place. Note that the inequality between M1 and M3 does not matter for this outcome. The CCI gets CC2NI.
  3. M1≥M2>M3: The transaction is not mined. The CCI gets CC1NI.

In stage 1, the CCI is making the decision to integrate. To analyze this, we need to compare the non-integrated outcomes with the integrated ones. We thus have to look at the integrated outcomes first before we discuss stage 1. The outcomes are:

  1. Mined. Attacked.
  2. Mined. Not Attacked.
  3. Not Mined.

An attack happens if CC3I>CC2I. (This again will happen if the net benefit of the attack is positive).

If CC3I>CC2I, mining will occur if CC3I>CC1I. Similar to the non-integrated case, CC3I is always larger than CC1I . In fact this case is stronger as CC1I is at most zero and is likely to be negative as it is a cost. Thus if the CCI is willing to launch an attack against itself, it will definitely mine the transaction.

If CC2I>CC3I, no attack happens. For mining to occur, CC2I≥CC1I (the CCI will prefer to mine if they are indifferent). CC2I will always be larger than CC1I unless mining fees are zero (in which case it is equal), mining will always occur if CC2I>CC3I.

For mining to not occur, CC1I>CC2I or CC1I>CC3I needs to hold. To summarize, there are 3 scenarios:

  1. CC3I>CC2I and CC3I>CC1I: The transaction will be mined and an attack occurs. CC3I is the final payoff.
  2. CC2I>CC3I and CC2I>CC1I: The transaction is mined and no attack happens. CC2I is the final payoff.
  3. CC1I>CC3I (we had determined that CC1I>CC2I could not be possible): No mining occurs. CC1I is the final payoff.

Note that we have determined that mining will always occur if the CCI chooses to integrate. Thus there are only 2 relevant scenarios instead of the 3 found in the non-integrated case. The main assumption is that the CCI miner will be able to get its transaction included on the blockchain; this could be either because it is the only miner or it has invested in sufficient computing resources to ensure it.

There are a total of 9 combinations of events detailed in Figure 3. Figure 3 also shows the conditions required for integration to occur under each scenario.

Colored Coin Teo 3

Figure 3: Analyzing the Integration Choice.

Colored Coin Teo 2

Figure 2: Payoffs of the game

Referring back to figure 2, we can make the following assumptions:

CC1NI is always larger than CC1I

CC2NI is always larger than CC2I

CC2NI is always larger than CC1I

Thus the 3 inequalities highlighted in red in Figure 4 are never possible, no integration will occur in scenario B+E, B+F and C+F.

In the other 6 scenarios, integration could occur given the right conditions. We can make some predictions on what is likely to occur.

  1. In all scenarios with event A (A+D, A+E and A+F) where the non-integrated miner attacks, it is likely that the CCI prefers to integrate.
  2. In scenario B+D, there are two possibilities. If the cost of attack is large, the CCI will not integrate. Otherwise, it will integrate and reap the benefits of launching an attack on itself.
  3. When event C occurs and no integration takes place, the transaction will not be mined and the CCI gets nothing. Integration will thus occur as long as the cost of integration is small enough. This will be relevant for scenario C+D and C+E as we has ruled out C+F earlier.

One may ask if the CCI would want to attack itself. Well, if the benefit of attacking is large, a colored coin issuer may want to attack the network to derive a onetime benefit even though the company will never be trusted afterwards. However, this is unlikely as the cost of integration has to be extremely large for the CCI to be able to successfully attack the network.

Finally to answer our initial question, let us consider the issue of whether a non-integrated miner (in the event that a colored coin transaction can be identified) will force the CCI to quote high fees in order to get the transaction included. This is only relevant in the scenarios where the CCI initially chooses not to integrate. However, if colored transactions can be identified, miners can choose not to include these transactions unless the transaction fees are high enough. The fee can only be so high that it does not force the CCI to choose integration instead. In general, we can say that this fee cannot be higher than the cost of integration (this would refer to the per transaction cost of integration on average).

Based on this “game”, will colored coins be able to exist on a network such as Bitcoin? If colored transactions can be identified, there could be 2 issues. 1. The colored assets are so valuable that the non-integrated miner would want to attack the system, 2. The fees do not incentivized non-integrated miners to include the transactions. To overcome these issues the CCI could chose to integrate (or become a miner with sufficient computing power to be able to ensure that its transactions gets recorded). However, if the cost of doing so is too high to be justifiable, the CCI is better off not operating at all.

Send to Kindle

Some housekeeping of events and interviews

It has been a little while since I posted the events, panels and presentations I have been involved with.  Below is some of the public activity over the past 5-6 months.

Interviews with direct quotes:

Indirect quotes:

Academic citations:

Presentations, panels and events:

Send to Kindle

Designing a Global Fabric for Finance (G3F)

Over the past two weeks there have been a number of news stories related to R3 — a fintech startup that I now work at.  The first of which was from the Financial Times, entitled Blockchain initiative backed by nine large investment banks.  Today we announced an additional 13 banks have joined our effort.

Although I cannot speak for the whole team, I can give you the vision I have with the aim of bringing clarity to the various bits of information that have been circulating.

Homework

Over the past year, the R3 team has spent copious amounts of time conducting due diligence on the greater “distributed ledger” or “shared ledger” space.  I joined as an advisor in January when they were already knee deep in the task; I am now Director of Market Research.

What I and several others on the team found is that while there were a number of orthogonally useful pieces floating around (such as multisig and ideas like Engima), none of the publicly available technology platforms that has been funded by venture capital provided a flexible, holistic base layer with the specific functional requirements for secure, scalable enterprise use.

This includes incorporating non-functionals that globally regulated financial institutions must adhere to such as: compliance, privacy, reporting and reconciliation.  Similarly, many of the venture funded projects also failed to address the business requirements of these same institutions.

In sportsball terms, the nascent industry is 0-for-2 in their current approach.

Some of that is understandable; for example, Bitcoin solves a set of problems for a niche group of individuals operating under certain security assumptions (e.g., cypherpunks not wanting to interface with banks or governments).  Regulated financial institutions do not operate under those assumptions, thus axiomatically Bitcoin in its current form is highly unlikely to be a solution to their problems at this time.  As a consequence, the technology solutions pitched by many of these startups are hammers looking for nails that do not exist in the off-chain world.

R3 is not a Bitcoin company nor a cryptocurrency company.  We are not seeking to build a “better” or even a different type of virtual currency.  Why not?  Instead of starting with a known solution, such as a spreadsheet, we are starting with the problem set which continually influences the customized solution.  This is one of the biggest reasons I was attracted to this specific effort: R3 is not a re-enactment of Field of Dreams.  Build it with the hopes that someone will come is the siren song, the motto even, for throngs of failed startups.

But weren’t the original shared ledgers — often called blockchains — robust enough to protect all types of assets and a legion of use-cases?

Many public ledgers were originally designed to secure endogenous, on-chain information (e.g., the native token) but in their current incarnations are not fit for purpose to handle off-chain titles.  For instance, Bitcoin was not initially designed to secure exogenous data — such as transmitting high-value off-chain securities — vis-a-vis pseudonymous miners.  And it appears all attempts to mutate Bitcoin itself into a system that does, ends up creating a less secure and very expensive P-o-P network.

What are we doing then?

Rather than try to graft and gerrymander our business requirements onto solutions designed for other problems, we are systematically looking at a cornucopia of challenges and cost-drivers that currently exist at financial institutions.  We will seek to address some of these drivers with a generalized agnostic fabric, with layers that fulfill the critical infrastructure specifications of large enterprises and with services that can be run on top in a compliant fashion.

What is a Global Fabric for Finance (G3F) then?  If you had the chance to build a new financial information network from scratch that incorporated some of the elements and learnings of the shared ledger world, what would it look like?

For starters, a fabric specifically built for and by trusted parties does not need something akin to mining or block rewards.  In fact, not only is there is no Sybil spoofing problem on a trusted network but there are already many known, existing methods for securely maintaining a transaction processing system.  Consequently, needing a block reward may (or may not) be a red herring and has likely been a costly, distracting sideshow to other types of utility that this technology represents.

If trust is not an issue, what use (as Arvind Narayanan and certain high profile enthusiasts have asked) is any part of the shared ledger toolkit?  There are a number of uses, many of which I touched on in a paper back in April.

What about specific use-cases?

While a number of ideas that have surfaced at conferences and media events over the past summer, R3 remains focused on an approach of exploration and ideation.

And while there will likely be some isolated tests on some use-case(s) in sand boxes in the coming year, it is important to reflect on the G3F vision which will be further elaborated on by Richard Brown (our head of technology) in the coming weeks.  If the fabric is only capable of handling one or two specific asset classes, it will fall short of the mandate of being a generalized fabric used to secure financial information for enterprises.

Why directly work with banks during this formative stage?  Why not just raise money and start building and shipping code?

To be frank, if financial institutions and regulatory bodies are not involved and engaged  from the beginning, then whatever fabric created will likely: 1) fail to be viewed as an authoritative and legal record of truth and 2) fall short of adequately address their exacting needs.  It would be a non-starter for a financial institution to use technology that is neither secure, or whose on-chain record is considered non-canonical by off-chain authorities.

What does that mean?

While some in the shared ledger community would like to believe that dry, on-chain code supersedes off-chain wet-code, the facts on the ground continue to contradict that thesis.  Therefore, if you are going to create a non-stealth fintech startup, it must be assumed that whatever products and services you create will need to operate under existing laws.  Otherwise you will spend most of your time hiding out in remote Caribbean islands or Thailand.

Growth

The R3 team is comprised of pragmatic thinkers and doers, experienced professionals who understand that a financial system cannot be built with up and down votes on reddit or whose transaction processors may reside in sanctioned countries.

standards

Source: XKCD

While nothing is finalized at the time of this writing, it is our aim at R3 to make the underlying base layer of this fabric both open sourced and an open standard.

After all, a foundation layer this critical would benefit from the collective eyeballs of the entire programming community.  It also bears mentioning that the root layer may or may not even be a chain of hashed blocks.

Furthermore, we are very cognizant of the fact that the graveyard for building industry standards is deep and wide.  Yet, as I mentioned to IBT, failing to create a universal standard will likely result in additional Balkanization, recreating the same silos that exist today and nullifying the core utility of a shared ledger.

It is a pretty exciting time in modern history, where being a nerd — even a cryptonerd — means you are asked to appear on stage in front of decision makers, policy makers, captains of industry and social media influencers.  Some even get to appear in person and not just as a telepresence robot.  Yet as neat as some of the moon math and cryptographic wizardry may be, failing to commercialize it in a sustainable manner could leave many of the innovative forks, libraries and github repos no more than starry-eyed science fair projects.

To that end, we are currently hiring talented developers keen on building a scalable, secure network.  In addition, rather than reinventing the wheel, we are also open to partnerships with existing technology providers who may hold key pieces to building a unified standard.  I am excited to be part of this mathematical industrial revolution, it’s time to strike while the iron is hot and turn good academic ideas into commercial reality.  Feel free to contact us.

Send to Kindle

What is permissioned-on-permissionless?

As of this writing, more than half of all VC funding to date has gone into building permissioned systems on top of a permissionless network (Bitcoin). Permissioned-on-Permissionless (PoP) systems are an odd hydra, they have all of the costs of Sybil-protected permissionless systems (e.g., high marginal costs) without the benefits of actual permissioned systems (e.g., fast confirmations, low marginal costs, direct customer service).

Thus it is curious to hear some enthusiasts and VCs on social media and at conferences claim that the infrastructure for Bitcoin is being rolled out to enable permissionless activity when the actual facts on the ground show the opposite is occurring.  To extract value, maintain regulatory compliance and obtain an return-on-investment, much of the investment activity effectively recreates many of the same permission-based intermediaries and custodians that currently exist, but instead of being owned by NYC and London entities, they are owned by funds based near Palo Alto.

For example, below are a few quotes over the past 18 months.

In a February 2014 interview with Stanford Insights magazine, Balaji Srinivasan, board partner at Andreessen Horowitz and CEO of 21inc, stated:

Thus, if the Internet enabled permissionless innovation, Bitcoin allows permissionless monetization.

In July 2015, Coinbase announced the winners of its hackathon called BitHack, noting:

The BitHack is important to us because it taps into a core benefit of Bitcoin: permissionless innovation.

Also in July 2015, Alex Fowler, head of business development at Blockstream, which raised $21 million last fall, explained:

At Blockstream, our focus is building and supporting core bitcoin infrastructure that remains permissionless and trustless with all of the security and privacy benefits that flow from that architecture.

Yet despite the ‘permissionless’ exposition, to be a customer of these companies, you need to ask their permission first and get through their KYC gates.

For instance, in Circle’s user agreement they note that:

Without limiting the foregoing, you may not use the Services if (i) you are a resident, national or agent of Cuba, North Korea, Sudan, Syria or any other country to which the United States embargoes goods (“Restricted Territories”), (ii) you are on the Table of Denial Orders, the Entity List, or the List of Specially Designated Nationals (“Restricted Persons”), or (iii) you intend to supply bitcoin or otherwise transact with any Restricted Territories or Restricted Persons.

Is there another way of looking at this phenomenon?

There have been a number of interesting posts in the past week that have helped to refine the terms and definitions of permissioned and permissionless:

Rather than rehashing these conversations, let’s look at a way to define permissionless in the first place.

Permissionless blockchains

permissionless blockchainA couple weeks ago I gave a presentation at the BNY Mellon innovation center and created the mental model above to describe some attributes of a permissionless blockchain.  It is largely based on the characteristics described in Consensus-as-a-service.

DMMS validators are described in the Blockstream white paper.  In their words:

We  observe  that  Bitcoin’s  blockheaders  can  be  regarded  as  an  example  of  a dynamic-membership multi-party signature (or DMMS ), which we consider to be of independent interest as a new type of group signature. Bitcoin provides the first embodiment of such a signature, although this has not appeared in the literature until now. A DMMS is a digital signature formed by a set of signers which has no fixed size.  Bitcoin’s blockheaders are DMMSes because their proof-of-work has the property that anyone can contribute with no enrolment process.   Further,  contribution is weighted by computational power rather than one threshold signature contribution per party, which allows anonymous membership without risk of a Sybil attack (when one party joins many times and has disproportionate input into the signature).  For this reason, the DMMS has also been described as a solution to the Byzantine Generals Problem [AJK05]

In short, there is no gating or authorizing process to enroll for creating and submitting proofs-of-work: theoretically, validating Bitcoin transactions is permissionless.  “Dynamic-membership” means there is no fixed list of signatories that can sign (i.e. anyone in theory can).  “Multi-party” effectively means “many entities can take part” similar to secure multi-party computation.1

Or in other permission-based terms: producing the correct proof of work, that meets the target guidelines, permits the miner (block maker) to have full authority to decide which transactions get confirmed.  In other words, other than producing the proof-of-work, miners do not need any additional buy-in or vetting from any other parties to confirm transactions onto the blockchain. It also bears mentioning that the “signature” on a block is ultimately signed by one entity and does not, by itself, prove anything about how many people or organizations contributed to it.2

Another potential term for DMMS is what Ian Grigg called a Nakamoto signature.

Censorship-resistance, while not explicitly stated as such in the original 2008 white paper, was one of the original design goals of Bitcoin and is further discussed in Brown’s post above as well as at length by Robert Sams.

The last bucket, suitable for on-chain assets, is important to recognize because those virtual bearer assets (tokens) are endogenous to the network.  DMMS validators have the native ability to control them without some knob flipping by any sort of outside entity.  In contrast, off-chain assets are not controllable by DMMS validators because they reside exogenous to the network.  Whether or not existing legal systems (will) recognize DMMS validators as lawful entities is beyond the scope of this post.

Permissionless investments

What are some current examples of permissionless-related investments?

zooko permissionless

Source: Twitter

This past week I was in India working with a few instructors at Blockchain University including Ryan Charles.  Ryan is currently working on a new project, a decentralized version of reddit that will utilize bitcoin.

In point of fact, despite the interesting feedback on the tweet, OB1 itself, the new entity that was formed after raising $1 million to build out the Open Bazaar platform, is permission-based.

How is it permission-based when the DMMS validators are still permissionless?  Because OB1 has noted it will remove illicit content on-demand from regulators.

In an interview with CoinDesk, Union Square Venture managing partner, Brad Burnham stated that:

Burnham acknowledged that the protocol could be used by dark market operators, but stressed the OpenBazaar developers have no interest in supporting such use cases.  “They certainly won’t be in the business of providing enhanced services to marketplaces that are selling illegal goods,” he noted.

Based on a follow-up interview with Fortune, Brian Hoffman, founder of OB1 was less specific and a bit hand-wavy on this point, perhaps we will not know until November when they officially launch (note: Tor support seems to have disappeared from Open Bazaar).

One segment of permissionless applications which have some traction but have not had much (if any) direct VC funding include some on-chain/off-chain casinos (dice and gambling games) and dark net markets (e.g., Silk Road, Agora).  Analysis of this, more illicit segment will be the topic of a future post.

What are some other VC-funded startups that raised at least a Series A in funding, that could potentially be called permissionless?  Based on the list maintained by Coindesk, it appears just one is — Blockchain.info ($30.5 million).

Why isn’t Coinbase, Xapo or Circle?  These will be discussed below at length.

What about mining/hashing, aren’t these permissionless activities at their core?

Certain VC funded mining/hashing companies no longer offer direct retail sales to hobbyists, this includes BitFury and KnC Miner.  These two, known entities, through a variety of methods, have filed information about their operations with a variety of regulators.3  To-date BitFury has raised $60 million and it runs its own pool which accounts for about 16% of the network hashrate.  Similarly, KnC has raised $29 million from VCs and also runs its own pool, currently accounting for about 6% of the network hashrate.

What about other pools/block makers?  It appears that in practice, some require know-your-customer (KYC), know-your-business (KYB), know-your-miner (KYM) and others do not (e.g., selling custom-made hardware anonymously can be tricky).

  • MegaBigPower gathers KYC information.
  • Spondoolies Tech is currently sold out of their hardware but require some kind of customer information to fill out shipping address and customs details.  They have raised $10.5 million in VC funding.
  • GHash allows you to set up a pseudonymous account with throwaway email addresses (or via Facebook and Google+), but they have not published if they raised any outside funding
  • Most Chinese hashing and mining pools are privately financed.  For instance, Bitmain has not needed to raise funding from VCs (yet).  The also, currently, do not perform KYC on their users.  I spoke with several mining professionals in China and they explained that none of the big pools (Antpool, F2pool, BTC China pool, BW.com) require KYM at this time.  Over the past four days, these pools accounted for: 21%, 17%, 10% and 8% of the network hashrate respectively — or 56% altogether.  Update 7/29/2015: a representative at BTC China explained that: “Yes, we do KYC the members of our mining pool. We verify them the same way we KYC all registered users on BTCC.”
  • 21inc, not much more is known publicly at this time but if the idea of a “BitSplit” chip is correct, then what could happen is the following: as more chips are flipped on in devices, the higher the difficulty level rises (in direct proportion to the hashrate added).  As a result, the amount of satoshi per hash declines over time in these devices.  What this likely will lead to is a scenario in which the amount of satoshi mined by a consumer device will be less than “dust limit” which means a user will likely be unable to move the bitcoins off of the pool without obtaining larger amounts of bitcoin first (in order to pay the transaction fee).  Consequently this could mean the users will need to rely on the services provided by the pool, which could mean that the pool will need to become compliant with KYC/AML regulations.  All of this speculation at this time and is subject to changes.  They have received $121 million in VC funding.
  • As explained above, while individual buyers of hashing equipment, Bob and Alice, do typically have to “doxx” themselves up to some level, both Bob and Alice can resell the hardware on the second-hand market without any documentation.  Thus, some buyers wanting to pay a premium for hashing hardware can do so relatively anonymously through middlemen.4  This is similar to the “second-hand” market for bitcoins too: bitcoins acquired via KYC’ed gateways end up on LocalBitcoins.com and sold at a premium to those wanting to buy anonymously.

Notice a pattern?  There is a direct correlation between permissionless platforms and KYC/AML compliance (i.e., regulated financial service businesses using cryptocurrencies are permissioned-on-permissionless by definition).

Blockchain.info attempts to skirt the issue by marketing themselves as a software platform and for the fact that they do not directly control or hold private keys.5

This harkens back to what Robert Sams pointed out several months ago, that Bitcoin is a curious design indeed where in practice many participants on the network are now known, gated and authenticated except the transaction validators.

What about permissioned-on-permissionless efforts from Symbiont, Chain and NASDAQ?  Sams also discussed this, noting that:

Now, I am sure that the advocates of putting property titles on the bitcoin blockchain will object at this point. They will say that through meta protocols and multi-key signatures, third party authentication of transaction parties can be built-in, and we can create a registered asset system on top of bitcoin. This is true. But what’s the point of doing it that way? In one fell swoop a setup like that completely nullifies the censorship resistance offered by the bitcoin protocol, which is the whole raison d’etre of proof-of-work in the first place! These designs create a centralised transaction censoring system that imports the enormous costs of a decentralised one built for censorship-resistance, the worst of both worlds.

If you are prepared to use trusted third parties for authentication of the counterparts to a transaction, I can see no compelling reason for not also requiring identity authentication of the transaction validators as well. By doing that, you can ditch the gross inefficiencies of proof-of-work and use a consensus algorithm of the one-node-one-vote variety instead that is not only thousands of times more efficient, but also places a governance structure over the validators that is far more resistant to attackers than proof-of-work can ever be.

This phenomenon is something I originally dubbed “permissioned permissionlessness” for lack of a better term, but currently think permissioned-on-permissionless is more straightforward and less confusing.

What does this mean?

Permissioned-on-Permissionless

PoP blockchainThe Venn diagram above is another mental model I used at the BNY Mellon event.

As mentioned 3 months ago, in practice most block makers (DMMS validators) are actually known in the real world.

While the gating process to become a validator is still relatively permissionless (in the sense that no single entity authorizes whether or not someone can or cannot create proofs-of-work), the fact that they are self-identifying is a bit ironic considering the motivations for building this network in the first place: creating an ecosystem in which pseudonymous and anonymous interactions can take place:

The first rule of cypherpunk club is, don’t tell anyone you’re a cypherpunk.  The first rule of DMMS club is, don’t tell anyone you’re a DMMS.

The second bucket, neither censorship resistant nor trade finality, refers to the fact that large VC funded companies like Coinbase or Circle not only require identification of its user base but also be censor their customers for participating in trading activity that runs afoul of their terms of service.  Technically speaking, on-chain trade finality hurdles refers to bitcoin transactions not being final (due to a block reorg, a longer chain can always be found, undoing what you thought was a confirmed transaction).  This has happened several times, including notably in March 2013.

For instance, in Appendix 1: Prohibited Businesses and Prohibited Use, Coinbase lays out specific services that it prohibits interaction with, including gambling.  For example, about a year ago, users from Seals with Clubs and other dice/gambling sites noticed that they were unable to process funds from these sites through Coinbase and vice versa.

brian armstrong coinbase

Source: Twitter

The tweet above is from Brian Armstrong is the CEO of Coinbase, which is the most well-funded permissioned-on-permissionless startup in the Bitcoin ecosystem.  For its users, there is nothing permissionless about Bitcoin as they actively gate who can and cannot be part of their system and black list/white list certain activities, including mining (hashing) itself.6  It is not “open” based on common usage of the word.

In other words, contrary to what some Coinbase executives and investors claim, in an effort to extract value in a legally palatable manner, they must fulfill KYC/AML requirements and in doing so, effectively nullify the primary utility of a permissionless network: permissionlessness.  Furthermore, Coinbase users do not actually use Bitcoin for most transactions as they do not control the privkey, Coinbase does.  Coinbase users are not using Bitcoin on Coinbase, they are using an internal database.7 Or to use the marketing phrase: you are not your own bank, Coinbase is — which leads to a bevy of regulatory compliance questions beyond the scope of this post.8 However, once your bitcoins are out of Coinbase and into your own independent wallet where you control the private key, then you get the utility of the permissionless platform once more.

What are other permissioned-on-permissionless platforms?  Below are twenty-seven different companies that have raised at least a Series A (figures via CoinDesk) in alphabetical order:

  • Bitex.la: ($4 million)
  • BitGo: ($14 million)
  • BitGold: ($5.3 million)
  • Bitnet: ($14.5 million)
  • BitPay: ($32.5 million)
  • Bitreserve: ($14.6 million)
  • Bitstamp: ($10 million)
  • BitX: ($4.82 million)
  • BTC China ($5 million)
  • ChangeTip: ($4.25 million)
  • Chain: ($13.7 million)9
  • Circle: ($76 million)
  • Coinbase: ($106 million)
  • Coinplug: ($3.3 million)
  • Coinsetter: ($1.9 million)
  • Cryex: ($10 million)
  • GoCoin: ($2.05 million)
  • Huobi ($10 million)
  • itBit: ($28.25 million)
  • Korbit: ($3.4 million)
  • Kraken: ($6.5 million)
  • Mirror, formerly Vaurum: ($12.8 million)
  • OKCoin: ($11 million)
  • Ripple Labs ($37 million)
  • Vogogo ($21 million)
  • Xapo: ($40 million)

Altogether this amounts to around $492 million, which is more than half of the $855 million raised in the overall “Bitcoin space.”

What do these all have in common again?  Most are hosted wallets and exchanges that require KYC/AML fulfillment for compliance with regulatory bodies.  They require users to gain permission first before providing a service.

pie chart bitcoin fundingThe chart above visualizes funding based on the schema’s explored in this post.  Based on a total venture capital amount of $855 million, in just looking at startups that have received at least a Series A, 57.5% or $492 million has gone towards permissioned-on-permissionless systems.  An additional $224 million, or 26.1% has gone towards mining and hashing.10

Permissionless-on-permissionless includes Blockchain.info, ShapeShift, Hive, Armory and a sundry of other seed-stage startups that collectively account for around $50 million or 5.8% altogether.  The remaining 10.6% include API services such as Gem and BlockCypher; hardware wallets such as Case and Ledger; and analytic services such as Tradeblock.  In all likelihood, a significant portion of the 10.6% probably is related to permissioned-on-permissionless (e.g., Elliptic, Align Commerce, Bonafide, Blockscore, Hedgy, BitPagos, BitPesa) but they have not announced a Series A (yet) so they were not included in the “blue” portion.

Ripple Labs

Why is Ripple Labs on that funding list above?  While Ripple is not directly related to Bitcoin, it is aggregated on the funding list by CoinDesk.

Is it permissioned or permissionless?  A few weeks ago I met with one of its developers, who said in practice, the validator network is effectively permissionless in that anyone can run a validator and that Ripple Labs validators will process transactions that include XRP.11

This past week, Thomas Kelleher tried to outline how Ripple Labs is some kind of “third way” system, that uses ‘soft permissions’ in practice.  There may be a case for granular permissions on a permissionless network, but it did not coherently arise in that piece.

For example, in early May, Ripple Labs announced that it had been fined by FinCEN for not complying with the BSA requirements by failing to file suspicious activity reports (SARs), including notably, on Roger Ver (who did not want to comply with its KYC requests).

In addition to the fine, Ripple Labs also implemented a new identification gathering process for KYC compliance, stating:

The Ripple network is an open network. No one, including Ripple Labs, can prevent others from using or building on the Ripple protocol as they desire. However, when Ripple Labs provides software, such as the Ripple Trade client, Ripples Labs may impose additional requirements for the use of the software. As such, Ripple Labs will require identification of Ripple Trade account holders.

We will ask you to submit personally identifiable information (PII) similar to what you would submit to open a bank account, such as full name, address, national ID number, and date of birth. Users may also be asked to upload their driver’s license or other identifying documents. We will use this information to verify your identity for compliance purposes. We take privacy seriously, so the information you provide during the customer identification process is encrypted and managed by Ripple Trade’s Privacy Policy.

In other words, Ripple Labs was just fined by FinCEN for doing the very thing that Kelleher wants you to believe he is not required to do.   All new Ripple Labs-based “wallets” (Ripple Trade wallets) require user info — this likely means they can control, suspend and block accounts.12  All eight of the main Ripple gateways are also obliged to gather customer information.  The current lawsuit between Jed McCaleb and Ripple Labs, over the proceeds of $1 million of XRP on Bitstamp, will probably not be the last case surrounding the identification and control of such “wallet” activity (e.g., specific XRP flagged).

Thus, while the Ripple network started out as permissionless, it could likely become permissioned at some point due to compliance requirements.  Why?  If you download and install rippled, in practice you are going to use the default settings which rely on Ripple Labs core nodes. In practice, “choose your own” means “choose the default” for 99% percent of its users, ergo Ripple Labs sets the defaults.13 In a paper recently published by Peter Todd, he explained there is no game theoretic advantage to selecting non-default configurations which were not discussed in Kelleher’s essay.

Bob cannot choose his own rules if he has to follow compliance from another party, Ripple Labs. The UNL set may converge on an explicit policy as nodes benefit from not letting other nodes validate (they can prioritize traffic).14

I reached out to Justin Dombrowski, an academic who has spent the past year independently studying different ledger systems for a variety of organizations.  In his view:

I have a hard time thinking of Ripple as anything but plain permissioned because I have a hard time thinking of a realistic circumstance under which an active user wouldn’t also have an account subject to KYC, or be indirectly connected to one. Sure, I can run a node for the purpose of experimenting with some Ripple app I’m developing, but at the end of the day I expect to be payed for that app. And I could mine for free—and yeah, in that case the network is permissionless for me—but that’s a atypical, trivial example I’d think. Ripple is theoretically permissionless, but practically not because incentives align only with permissioned uses.

As Dombrowski noted, things get taxonomically challenging when a company (Ripple Labs) also owns the network (Ripple) and has to begin complying with financial service regulations.  This trend will likely not change overnight and until it explicitly occurs, I will probably continue to put an asterisk next to its name.

Challenges for DMMS validators in a permissioned-on-permissionless world

Over the past month, I have been asked a number of questions by managers at financial institutions about using public / communal chains as a method for transferring value of registered assets.

For instance, what happens if Bank A pays a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned country (e.g., EBA concerns in July 2014)?

In February 2015, according to a story published by Free Beacon, Coinbase was on “the hot seat” for explicitly highlighting this use-case in an older pitch deck because they stated: “Immune to country-specific sanctions (e.g. Russia-Visa)” on a slide and then went on to claim that they were compliant with US Treasury and NY DFS requirements.

Another question I have been asked is, what if the Bitcoin or Litecoin miner that processes transactions for financial institutions (e.g., watermarked tokens) also processes transactions for illicit goods and services from dark net markets?  Is there any liability for a financial institution that continues to use this service provider / block maker?

Lastly, how can financial institutions identify and contact the miner/mining pool in the event something happens (e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend attempt, etc.)?  In their view, they would like to be able to influence upgrades, governance, maintenance, uptime (i.e., typical vendor relationship).

Trade-offs

In the Consensus-as-a-service report I used the following chart showing trade-offs:permissioned tradeoffsI also used the following diagram to illustrate the buckets of a permissioned blockchain:

permissioned chainsRecall that the term “mintette” was first used by Ben Laurie in his 2011 paper describing known, trusted validators and was most recently used in Meiklejohn (2015).

The general idea when I published the report several months ago was that permissionless-on-permissioned (what effectively what Ripple sits) is untenable in the long-run: due to regulatory pressure it is impossible to build a censorship-resistant system on top of a permissioned network.

Ryan Shea pointed this out in his recent piece, noting that:

Permission-ed blockchains are useful for certain things but they are limited in what they can do. Fully decentralized, permission-less, censorship-resistant applications CANNOT be built on them, which for many is a deal-breaker.

What does this mean for your business or organization?  Before deciding what system(s) to use, it is important to look at what the organizations needs are and what the customer information requirements are.

Conclusions

As explored above, several startups and VC funds have unintentionally turned an expensive permissionless system into a hydra gated permissioned network without the full benefits of either.  If you are running a ledger between known parties who abide by government regulations, there is no reason to pay the censorship-resistance cost.  Full stop.15

fixing bitcoin

[The optics of permissioned-on-permissionless]

Most efforts for “legitimizing” or “fixing” Bitcoin involves counteracting features of Bitcoin that were purposefully designed such that it enables users to bypass third parties including governmental policies and regulations.  Businesses and startups have to fight to turn Bitcoin into something it isn’t, which means they are both paying to keep the “naughty” features and paying to hide them.  For example, if Satoshi’s goal was to create a permissioned system that interfaces with other permissioned systems, he would likely have used different pieces — and not used proof-of-work at all.

The commercial logic of this (largely) VC-backed endgame seems to be: “privatize” Bitcoin through a dozen hard forks (the block size fork is the start of this trend that could also change the 21 million bitcoin hard-cap).16

It seems increasingly plausible that some day we may see a fork between the “permissionless-on-permissionless” chain (a non-KYC’ed chain) and the “permissioned-on-permissionless” chain (a fully KYC’ed chain) — the latter comprising VC-backed miners, hosted wallets, exchanges and maybe even financial institutions (like NASDAQ).  The motivations of both are progressively disparate as the latter appears uninterested in developer consensus (as shown by the special interest groups wanting to create larger blocks today by ignoring the feedback from the majority of active core developers and miners).  At that point, there is arguably minimal-to-no need for censorship resistance because users and miners will be entirely permissioned (i.e. known by/to participating institutions and regulators).

When drilling down, some of the permissioned-on-permissionless investment appears to be a sunk cost issue: according to numerous anecdotes several of these VCs apparently are heavily invested in bitcoins themselves so they double down on projects that use the Bitcoin network with the belief that this will create additional demand on the underlying token rather than look for systems that are a better overall fit for business use-cases.17

This raises a question: is it still Bitcoin if it is forked and privatized?   It seems that this new registered asset is best called Bitcoin-in-name-only, BINO, not to be confused with bitcoin, the bearer asset.18

If the end game for permissionless systems is one in which every wallet has to be signed by something KYC/KYB approved, it appears then that this means there would be a near total permissioning of the ledger.  If so, why not use a permissioned ledger instead for all of the permissioned activity?

The discussion over centralized versus institutionalized will also be discussed in a future post.

[Acknowledgements: thanks to Richard Apodaca, Anton Bolotinsky, Arthur Breitman, Richard Brown, Dustin Byington, Justin Dombrowski, Thomas Kelleher, Yakov Kofner, Antony Lewis and John Whelan for their feedback.]

Endnotes

  1. See Does Smart Contracts == Trustless Multiparty Monetary Computation? []
  2. Thanks to Richard Brown for this insight. []
  3. In raising funds, they have “doxxed” themselves, providing information about founders and management including names and addresses.  They are no longer pseudonymous. []
  4. Thanks to Anton Bolotinsky for this insight. []
  5. Are there any other non-mining projects that are VC funded projects that do not require KYC?  A few notable examples include ShapeShift (which de-links provenance and does not require KYC from its users) and wallets such as Hive and Armory.  All three of these are seed-stage. []
  6. For more about know-your-miner and source of funds, see The flow of funds on the Bitcoin network in 2015 []
  7. Perhaps this will change in the future.  Coinbase users can now send funds both on-and-off-chain in a one-click manner. []
  8. Learning from the past to build an improved future of fintech and Distributed Oversight: Custodians and Intermediaries []
  9. Chain is working with NASDAQ on its new issuance program which requires KYC compliance.  In contrast, I created a new account for their API product today and it did not require any KYC/KYB. []
  10. See What impact have various investment pools had on Bitcoinland?  It bears mentioning that BitFury raised an additional $20 million since that post, bringing the publicly known amount to around $224 million. []
  11. Visited on July 2, 2015 []
  12. Using similar forensics and heuristics from companies like Chainalysis and Coinalytics, Ripple Labs and other organizations can likely gather information and data on Ripple users prior to the April 2015 announcement due to the fact that the ledger is public. []
  13. Two years ago, David Schwartz, chief cryptographer at Ripple Labs, posted an interesting comment related to openness and decentralization on The Bitcoin Foundation forum. []
  14. Thanks to Jeremy Rubin and Roberto Capodieci for their feedback. []
  15. Thanks to Arthur Breitman for this insight. []
  16. Thanks to Robert Sams for this insight. []
  17. Richard Apodaca, author of the forthcoming Decoding Bitcoin book, has another way of looking at VCs purchasing bitcoins, that he delves into on reddit twice. []
  18. One reviewer suggested that, “this would cease being bitcoin if the measuring stick is what Satoshi wanted.” []
Send to Kindle

Buckets of Permissioned, Permissionless, and Permissioned Permissionlessness Ledgers

A few hours ago I gave the following presentation to Infosys / Finacle in Mysore, India with the Blockchain University team.  All views and opinions are my own and do not represent those of either organization.

Send to Kindle

Learning from the past to build an improved future of fintech

[Note: below is a slightly edited speech I gave yesterday at a banking event in Palo Alto.  This includes all of the intended legalese, some of which I removed in the original version due to flow and time.  Special thanks to Ryan Straus for his feedback.  The views below are mine alone and do not represent those of any organization or individual named.]

Before we look to the future of fintech, and specifically cryptocurrencies and distributed ledgers, let’s look at the most recent past.  It bears mentioning that as BNY Mellon is the largest custodial bank in the world, we will see the importance of reliable stewardship in a moment below.

In January 2009 an unknown developer, or collective of developers, posted the source code of Bitcoin online and began generating blocks – batches of transactions – that store and update the collective history of Bitcoin: a loose network of computer systems distributed around the globe.

To self-fund its network security, networks like Bitcoin create virtual “bearer assets.” These assets are automatically redeemable with the use of a credential.  In this case, a cryptographic private key.  From the networks point of view, possession of this private key is the sole requirement of ownership.  While the network rules equivocate possession and control, real currency – not virtual currency – is the only true bearer instrument.  In other words, legal tender is the only unconditional exception to nemo dat quod non habet – also known as the derivative principal – which dictates that one cannot transfer better title than one has.

Several outspoken venture investors and entrepreneurs in this space have romanticized the nostalgia of such a relationship, of bearer assets and times of yore when a “rugged individual” can once again be their own custodian and bank.1 The sentimentality of a previous era when economies were denominated by precious metals held – initially not by trusted third parties – but by individuals, inspired them to invest what has now reached more than $800 million in collective venture funding for what is aptly called Bitcoinland.

Yet, the facts on the ground clearly suggests that this vision of “everyone being their own bank” has not turned into a renaissance of success stories for the average private key holder.  The opposite seems to have occurred as the dual-edged sword of bearer instruments have been borne out.  At this point, it is important to clearly define our terms.  The concepts of “custody” and “deposit” are often conflated.  While the concepts are superficially similar, they are very different from a legal perspective.  Custody involves the transfer of possession/control.  A deposit, on the other hand, occurs when both control and title is transferred.

Between 2009 and early 2014, based on public reports, more than 1 million bitcoins were lost, stolen, seized and accidentally destroyed.2 Since that time, several of the best funded “exchanges” have been hacked or accidentally sent bitcoins to the wrong customer.  While Mt. Gox, which may have lost 850,000 bitcoins itself, has attracted the most attention and media coverage – rightfully so – there is a never ending flow of unintended consequences from this bearer duality.3

For instance, in early January 2015, Bitstamp – one of the largest and oldest exchanges – lost 19,000 bitcoins due to social engineering and phishing via Gmail and Skype on its employees including a system administrator.4 Four months later, in May, Bitfinex, a large Asian-based exchange was hacked and lost around 1,500 bitcoins.5 In another notable incident, last September, Huobi, a large Bitcoin exchange in Beijing accidentally sent 920 bitcoins and 8,100 litecoins to the wrong customers.6  And ironically, because transactions are generally irreversible and the sole method of control is through a private key they no longer controlled them: they had to ask for the bitcoins back and hope they were returned.

A study of 40 Bitcoin exchanges published in mid-2013 found that at that time 18 out of 40 – 45% — had closed doors and absconded with some portion of customer funds.7 Relooking at that list today we see that about another five have closed in a similar manner.  All told, at least 15% if not higher, of Bitcoin’s monetary base is no longer with the legitimate owner.  Can you imagine if a similar percentage of real world wealth or deposits was dislocated in the same manner in a span of 6 years?8

In many cases, the title to this property is encumbered, leading to speculation that since many of these bitcoins are intermixed and pooled with others, a large percentage of the collective monetary base does not have clean title, the implications of which can be far reaching for an asset that is not exempted from nemo dat, it is not fungible like legal tender.9

As a consequence, because people in general don’t trust themselves with securing their own funds, users have given – deposited – their private keys with a new batch of intermediaries that euphemistically market themselves as “hosted wallets” or “vaults.” What does that look like in the overall scheme?  These hosted wallets, such as Coinbase and Xapo, have collectively raised more than $200 million in venture funding, more than a quarter of the aggregate funding that the whole Bitcoin space has received. Simultaneously, the new – often unlicensed – parties collectively hold several million bitcoins as deposits; probably 25-30% of the existing monetary base.10 Amazingly, nobody is actually certain whether a “hosted wallet” is a custodian of a customers bitcoin or acquired title to the bitcoin and is thus a depository.

Yet, in recreating the same financial intermediaries that they hoped to replace – in turning a bearer asset into a registered asset – some Bitcoin enthusiasts have done so in fashion that – as described earlier – has left the system ripe for abuse.  Whereas in the real world of finance, various duties are segregated via financial controls and independent oversight.11 In the Bitcoin space, there have been few financial controls.  For example, what we call a Bitcoin exchange is really a broker-dealer, clearinghouse, custodian, depository and an exchange rolled into one house which has led to theft, tape painting, wash trading, and front-running.12 All the same issues that led to regulatory oversight in the financial markets in the first place.

And while a number of the better funded and well-heeled hosted wallets and exchanges have attempted to integrate “best practices” and even third-party insurance into their operation, to date, there is only one Bitcoin “vault” – called Elliptic — that has been accredited with meeting the ISAE 3402 custodial standard from KPMG. Perhaps this will change in the future.

But if the point of the Bitcoin experiment, concept, lifestyle or movement was to do away or get away from trusted third parties, as described above, the very opposite has occurred.

What can be learned from this?  What were the reasons for institutions and intermediation in the first place?  What can be taken away from the recent multi-million dollar educational lesson?

We have collectively learned that a distributed ledger, what in Bitcoin is called a blockchain, is capable of clearing and settling on-chain assets in a cryptographically verifiable manner, in near-real time all with 100% uptime because its servers – what are called validators – are located around the world.  As we speak just under sixty four hundred of these servers exist, storing and replicating the data so that availability to any one of them is, in theory, irrelevant.13

Resiliency, accountability and transparency, what’s not to like?  Why wouldn’t financial institutions want to jump on Bitcoin then, why focus on other distributed ledger systems?

One of the design assumptions in Bitcoin is that its validators are unknown and untrusted – that there is no gating or vetting process to become a validator on its open network.  Because it is purposefully expensive and slow to produce a block that the rest of the network will regard as valid, in theory, the rest of the network will reject your work and you will have lost your money.  Thus, validators, better technically referred to as a block maker, attempt to solve a benign math problem that takes on average about 10 minutes to complete with the hope of striking it rich and paying their bills. There are exceptions to this behavior but that is a topic for another time.14

The term trust or variation thereof appears 13 times in the final whitepaper.  Bitcoin was designed to be a solution for cypherpunks aiming to minimize trust-based relationships and mitigate the ability for any one party to censor or block transactions. Because validators are unknown and untrusted, to protect against history-reversing attacks, Bitcoin was purposefully designed to be inefficient.15 That is to say attackers must expend real world resources, energy, to disrupt or rewrite history.  The theory is that this type of economic attack would stave off all but the most affluent nation-state actors; in practice this has not been the case, but that again is a topic for another speech.

Thus Bitcoin is perhaps the world’s first, commodity-based censorship resistance-as-a-service.  To prevent attackers on this communal network from reversing or changing transactions on a whim, an artificially expensive anti-Sybil mechanism was built in dubbed “proof of work” – the 10 minute math problem.  Based on current token value, the cost to run this network is roughly $300 million a year and it scales in direct proportion to the bitcoin market price.16

Thus there are trade-offs that most financial institutions specifically would not be interested in.

Why you may ask?

Because banks already know their customers, staff and partners. Their counterparties and payment processors are all publicly known entities with contractual obligations and legal accountability.  Perhaps more importantly, the relationship created between an intermediary and a customer is clear with traditional financial instruments.  For example, when you deposit money in your bank account, you know (or should know) that you are trading your money for an IOU from the bank.17 On the other hand, when you place money in a safe deposit box you know (or should know) that you retain title to the subject property.  This has important considerations for both the customer and intermediary.  When you trade your money for an IOU, you are primarily concerned with the financial condition of the intermediary.  However, when you retain title to an object held by somebody else, you care far more about physical and logical security.

As my friend Robert Sams has pointed out on numerous occasions, permissionless consensus as it is called in Bitcoin, cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack as it rests on economics, not technology.18 Bitcoin is a curious design indeed where in practice many participants on the network are now known, gated and authenticated except the transaction validators.  Why use expensive proof-of-work at all at this point if that is the case?  What is the utility of turning a permissionless system into a permissioned system, with the costs of both worlds and the benefits of neither?

But lemonade can still be squeezed from it.

Over the past year more than a dozen startups have been created with the sole intent to take parts of a blockchain and integrate their utility within financial institutions.19 They are doing so with different design assumptions: known validators with contractual terms of service. Thus, just as PGP, SSL, Linux and other open source technology, libraries and ideas were brought into the enterprise, so too are distributed ledgers.

Last year according to Accenture, nearly $10 billion was invested in fintech related startups, less than half of one percent of which went to distributed ledger-related companies as they are now just sprouting.20

What is one practical use?  According to a 2012 report by Deutsche Bank, banks’ IT costs equal 7.3% of their revenues, compared to an average of 3.7% across all other industries surveyed.21)  Several of the largest banks spend $5 billion or more in IT-related operating costs each year.  While it may sound mundane and unsexy, one of the primary use cases of a distributed ledger for financial institutions could be in reducing the cost centers throughout the back office.

For example, the settlement and clearing of FX and OTC derivatives is an oft cited and increasingly studied use case as a distributed ledger has the potential to reduce counterparty and systemic risks due to auditability and settlement built within the data layer itself.22

How much would be saved if margining and reporting costs were reduced as each transaction was cryptographically verifiable and virtually impossible to reverse? At the present time, one publicly available study from Santander estimates that “distributed ledger technology could reduce banks’ infrastructure costs attributable to cross-border payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022.”23

With that said, in its current form Bitcoin itself is probably not a threat to retail banking, especially in terms of customer acquisition and credit facilities.  For instance, if we look at on-chain entities there are roughly 370,000 actors.  If the goal of Bitcoin was to enable end-users to be their own bank without any trusted parties, based on the aggregate VC funding thus far, around $2,200 has been spent to acquire each on-chain user all while slowly converting a permissionless system into a permissioned system, but with the costs of both.24

That’s about twice as much as the average bank spends on customer acquisition in the US.  While there are likely more than 370,000 users at deposit-taking institutions like Coinbase and Xapo, they neither disclose the monthly active users nor are those actual Bitcoin users because they do not fully control the private key.

If we were to create a valuation model for the bitcoin network (not the price of bitcoins themselves), the network would be priced extremely rich due to the wealth transfer that occurs every 10 minutes in the form of asset creation.  The network in this case are miners, the block makers, who are first awarded these bearer instruments.

How can financial institutions remove the duplicative cost centers of this technology, remove this $300 million mining cost, integrate permissioned distributed ledgers into their enterprise, reduce back office costs and better serve their customers?

That is a question that several hundred business-oriented innovators and financial professionals are trying to answer and we will likely know in less time it took Bitcoin to get this far.

Thanks for your time.

Endnotes:

  1. Why Bitcoin Matters by Marc Andreessen []
  2. Tabulating publicly reported bitcoins that were lost, stolen, seized, scammed and accidentally destroyed between August 2010 and March 2014 amounts to 966,531 bitcoins. See p. 196 in The Anatomy of a Money-like Informational Commodity []
  3. Mt. Gox files for bankruptcy, hit with lawsuit from Reuters []
  4. Bitstamp Incident Report []
  5. Bitfinex Warns Customers to Halt Deposits After Suspected Hack from CoinDesk []
  6. Why One Should Think Twice Before Trading On The Bitcoin Exchanges from Forbes []
  7. See Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk by Tyler Moore and Nicolas Christin []
  8. This has occurred during times of war.  See The Monuments Men []
  9. Bitcoin’s lien problem from Financial Times and Uniform Commercial Code and Bitcoin with Miles Cowan []
  10. Based on anecdotal conversations both Coinbase and Xapo allegedly, at one point stored over 1 million bitcoins combined. See also: Too Many Bitcoins: Making Sense of Exaggerated Inventory Claims []
  11. See Distributed Oversight: Custodians and Intermediaries []
  12. See Segregation of Duties in the CEWG BitLicense comment []
  13. See Bitnodes []
  14. See Majority is not Enough: Bitcoin Mining is Vulnerable from Ittay Eyal and Emin Gün Sirer []
  15. See Removing the Waste from Cryptocurrencies: Challenges and More Challenges by Bram Cohen and Cost? Trust? Something else? What’s the killer-app for Block Chain Technology? by Richard Brown []
  16. See Appendix B []
  17. See A Simple Explanation of Balance Sheets (Don’t run away… it’s interesting, really!) by Richard Brown []
  18. Needing a token to operate a distributed ledger is a red herring []
  19. See The Distributed Ledger Landscape and Consensus-as-a-service []
  20. Fintech Investment in U.S. Nearly Tripled in 2014 from Accenture []
  21. IT in banks: What does it cost? from Santander []
  22. See No, Bitcoin is not the future of securities settlement by Robert Sams []
  23. The Fintech 2.0 Paper: rebooting financial services from Santander []
  24. One notable exception are branchless banks such as Fidor which is expanding globally and on average spends about $20 per customer.  See also How much do you spend on Customer Acquisition? Are you sure? []
Send to Kindle

A blockchain with emphasis on the “a”

Over the past month a number of VCs including Chris Dixon and Fred Wilson use the term “the blockchain” in reference to Bitcoin, as if it is the one and only blockchain.1

There are empirically, many blockchains around.  Some of them do not involve proof-of-work, some of them are not even cryptocurrencies.  Yet despite this, Dixon blocked Greg Slepak on Twitter (creator of okTurtles and DNSChain) for pointing that out just a couple weeks ago.

But before getting into the weeds, it is worth reflecting on the history of both virtual currencies and cryptocurrencies prior to Bitcoin.

The past

Below are several notable projects that pre-date the most well-known magic internet commodity.

  • DigiCash (1990)
  • e-gold (1996)
  • WebMoney (1998)
  • PayPal (1998) “Bitcoin is the opposite of PayPal, in the sense that it actually succeeded in creating a currency.”  — Peter Thiel
  • Beenz (1998)
  • Flooz (1999)
  • Liberty Reserve (2006)
  • Frequent flyer points / loyalty programs
  • WoW gold, Linden Dollars, Nintendo Points, Microsoft Points

According to an excellent article written a couple years ago by Gwern Branwen:

Bitcoin involves no major intellectual breakthroughs, so Satoshi need have no credentials in cryptography or be anything but a self-taught programmer! Satoshi published his whitepaper May 2009, but if you look at the cryptography that makes up Bitcoin, they can basically be divided into:

  • Public key cryptography
  • Cryptographic signatures
  • Cryptographic hash functions
  • Hash chain used for proof-of-work
    • Hash tree
    • Bit gold
  • cryptographic time-stamps
  • resilient peer-to-peer networks

And what were the technological developments, tools and libraries that spearheaded those pieces?  According to Branwen:

  • 2001: SHA-256 finalized
  • 1999-present: Byzantine fault tolerance (PBFT etc.)
  • 1999-present: P2P networks (excluding early networks like Usenet or FidoNet; MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, i2p etc.)
  • 1998: Wei Dai, B-money
  • 1997: HashCash; 1998: Nick Szabo, Bit Gold; ~2000: MojoNation/BitTorrent; ~2001-2003, Karma, etc
  • 1992-1993: Proof-of-work for spam
  • 1991: cryptographic timestamps
  • 1980: public key cryptography
  • 1979: Hash tree

Other prior art can be found in The Ecology of Computation from Huberman.2 One open question for permissionless systems is whether or not a blockchain is a blockchain if it is neither proof-of-work-based or proof-of-stake-based (“Cow system” in Bram Cohen’s terminology).  But that’s a topic for another post.

The present

About two weeks ago, /r/bitcoin learned that Bitcoin was not the creator of all this fundamental technology.  That indeed, there were over 30 years of academic corpus that cumulatively created the system we now call “a blockchain,” in this case, Nakamoto consensus.  And this has spawned a sundry of other experiments and projects that have since been kickstarted.

For example:

  • CoinMarketCap currently tracks 592 cryptocurrencies / 59 assets
  • CoinGecko tracks 225 cryptocurrencies/assets
  • Ray Dillinger’s “Necronomicon” includes over 100 dead altcoins
  • Map of Coins is currently tracking 686 derivatives of various cryptocurrencies; this includes all hashing functions (e.g., scrypt, X11, X13) and includes existing and defunct chains
  • These are just publicly known blockchains and there are likely dozens if not hundreds of private trials, proof of concepts in academia, institutions and from hobbyists (e.g., Citibank announced in July 2015 that it was testing out three blockchains with a “Citicoin” to better understand use-cases)

So it appears that there are more than one in the wild.

Yet, a couple weeks ago Fred Wilson wrote that:

If you think of the blockchain as an open source, peer to peer, massively distributed database, then it makes sense for the transaction processing infrastructure for it to evolve from individuals to large global corporations. Some of these miners will be dedicated for profit miners and some of them will be corporations who are mining to insure the integrity of the network and the systems they rely on that are running on it. Banks and brokerage firms are the obvious first movers in the second category.

He later clarified in the comments and means the Bitcoin blockchain, not others.

One quibble is that transaction processing is not clearly defined relative to hashing.  Today, bitcoin transactions are actually processed by very small, non-powerful computers (even a Raspberry Pi).

What about the pictures with entire rooms filled with computers?  Why does it cost so much to run a hashing farm then?

Because of the actual workhorse of the network: ASICs designed to generate proofs-of-work.  These hashing systems do not do any transaction processing, in fact, they cannot even run a Bitcoin client on them.3

Tangentially William Mougayar, investor and author, stated the following in the AVC thread:

Only trick is that mining is not cheap initially, and the majority is done in China. It presents an interesting energy challenge: you need lots of electricity to run the computers, but also to keep them cool. So, if you’re using solar you still need to cool them. And if you put them in cool climates like near the north pole, there is no solar. Someone needs to solve that equation.

Mining cannot be made “cheaper” otherwise the network becomes cheaper to attack.

In fact, as Bram Cohen mentioned last week, “energy efficient” proofs-of-works is a contradiction in terms.

Thus, there is no “equation to solve.”  In the long run, miners will bid up the marginal costs to which they equal the marginal value (MC=MV) of a bitcoin in the long run.  We see this empirically, there is no free lunch.  If hashing chips somehow became 50% more efficient, hashing farms just add 50% more of them — this ratcheting effect is called the Red Queen effect and this historically happens in a private seigniorage system just as it does in proof-of-work cryptocurrencies.4

organ proportionalismAs shown in the chart above, hashrate follows price; the amount of resources expended (for proof-of-work) is directly proportional to market value of a POW token.

Furthermore, in terms of Wilson’s prediction that banks will begin mining: what benefit do banks have for participating in the mining process?  If they own bitcoins, perhaps it “gives them a seat at the table.”  But if they do not own any, it provides no utility for them.

Why?  What problem does mining solve for organizations such as banks?  Or to put another way: what utility does proof-of-work provide a bank that knows its customers, staff and transaction processors?5

Permissioned Permissionlessness, BINO-style

One goal and innovation for Bitcoin was anonymous/pseudonymous consensus which comes with a large requirement through trade-offs: mining costs and block reorganization risk.

To quote Section 1 of the Nakamoto whitepaper regarding the transaction costs of the current method of moving value and conducting commerce:

These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party

Thus:

  • Bitcoin was designed with anonymous consensus to resist censorship by governments and other trusted third parties.
  • If you are running a ledger between known parties who abide by government regulations, there is no reason to pay that censorship-resistance cost.  Full stop.

Today several startups and VC funds have (un)intentionally turned an expensive permissionless system into a hydra, a gated permissioned network without the full benefits of either.  Consequently, through this mutation, some of these entities have also turned a bearer asset into a registered asset with the full costs of both.

For instance, it is currently not possible to build a censorship-resistant cash system on top of a permissioned ledger (due to the KYC requirements) yet this is basically what has attempted with many venture funded wallets such as Coinbase.

The end result: Bitcoin in name only (BINO).  In which a permissionless network is (attempted to be) turned into a permissioned network.  It bears mentioning that companies such as Peernova and Blockstack are not trying to compete with Bitcoin — they are not trying to build censorship-resistant cash.

While financial institutions can indeed download a client and send tokens around, Bitcoin was purposefully designed not to interface with financial intermediaries as it was modeled on the assumption that no one can be trusted and that parties within the network are unknown.  Therefore if parties transacting on the network are both known and trusted, then there probably is no reason to use Bitcoin-based proof-of-work.  Instead, there are other ways to secure transactions on a shared, replicated ledger.

Ask the experts

I reached out to several experts unaffiliated with Bitcoin itself to find out what the characteristics of a blockchain were in their view.

Ian Grigg has spent twenty years working in the cryptocurrency field and is the author of the Financial Cryptography blog as well as the Ricardian Contract and most recently the “Nakamoto signature.”  Below are his thoughts:

As far as *history* is concerned, it looks like just about every individual component of Bitcoin was theorised before 2009.  The last thing that I’d thought was new was the notion of a shared open repository of transactions, but it seems Eric Hughes actually proposed it in the 1990s.  And of course Todd Boyle was banging the triple entry drum in the late 1990s.

Bitcoin has no monopoly on any term except bitcoin and BTC as far as I can see. The big question is really between permissioned and permissionless ledger designs.

If you go for a permissioned ledger, then you can do some more analysis and also reduce the need for the consensus signing to be complicated. At the base level, just one signatory might be enough, or some M of N scheme. But we don’t need the full nuclear PoW-enfused Nakamoto Signature.

But also, the same analysis says we don’t need a block. What’s a block? It’s a batch of transactions that the ‘center’ works on to make them so. But if we’ve got permissioned access, and we’ve reduced the signing to some well-defined set, why not go for RTGS and then we haven’t got a block.

The block in the blockchain exists because of the demands of the networking problem – with a network of N people all arguing over multiple documents, we know it can’t be done in less than a second for a small group and less than 10 seconds for a large group. So to get the scaling up, we *have to make a block* or batch of *many* transactions so we can fit the consensus algorithm over enough tx to make it worthwhile.

Therefore the block, the Nakamoto Signature, PoW and the incentive structure all go together. That’s the blockchain.

Zaki Manian, co-founder of SKUChain and all around Bay-area crypto guru:

Cryptography is interesting right now because the primitives have matured and pre-cryptographic systems are becoming less and less robust.

Commitment schemes are widely used in cryptography. Nakamoto signatures (if Adam Back wants to concede the naming rights) are the thermodynamic commitment to a set of values. A conventional signature in attributable commitment.

A cryptocurrency is an application of a ledger. A distributed ledger needs to syndicate the order of stored transaction. There is a lot of value to syndicating and independently validating the commitments to interested parties. Generalized Byzantine Agreement, n-of-m signatures and transaction syndication decrease the discretion in the operating of systems. Ultimately, discretion is a source of fragility. I think Ian’s reference to RTGS is somewhat disingenuous. Systems with a closed set of interacting parties aren’t particularly helpful. Open participation systems are fundamentally different.

There don’t seem to be any settle lines between the properties of permissioned and permission-less systems. We have both and time will tell.

Pavel Kravchenko, formerly chief cryptographer at Stellar, now chief cryptographer at Tembusu Systems:

I’ve seen the discussion, it seems rather political and emotional. Since the term blockchain is not clearly defined people tend to argue. To make everything clear I would start from security model – who is the adversary, what security assumptions we are making, what is the cost of a particular attack etc. For now (still very early days of crypto-finane) using blockchain as a common word for such variety of conditions is acceptable for me.

Vlad Zamfir, who has helped spearhead the cryptoeconomics field alongside others at Ethereum (such as Vitalik).  In his view:

“Blockchains” are a class of consensus protocols (hence why I like to pedantically refer to them as blockchain-based consensus protocols).  They are not necessarily ledgers, although blocks always do contain ordered logs.

These logs need not be transactions – although we can call them transactions if we want, and so you can call it a ledger if you want – it’s just misleading.

Blockchains are characterized by the fact that they have a fork-choice rule – that they choose between competing histories of events.

Traditional consensus protocols don’t do this, so they don’t need to chain their blocks – for them numbering is sufficient.

Economic consensus protocols contain a ledger in their consensus state, in which digital assets are defined – assets who are used to make byzantine faults expensive.

It is much less misleading to refer to this class of protocols as ledgers, than to blockchains generally speaking – although it is still misleading.

You can make an economic consensus protocol that lets people play chess. It would have a ledger, but it wouldn’t be fair to call it a distributed ledger – it’s a distributed chess server.

Economic consensus allows for public consensus, which acts as a (crappy) public computer.

Public consensus protocols have no “permissioned” management of the computers that make up this crappy public computer.

Non-public consensus protocols have “permissioned” management of these computers.

I think the main thing that is consistently lacking from these discussions is the fact that you can have permissioned control of the state of a public consensus protocol without “permissioning” the validator set.

Robert Sams, co-founder of Clearmatics who has done a lot of the intellectual heavy lifting on the “permissioned ledger” world (I believe he first coined the term in public), thinks that:

If I were to guess, I’d say that the block chain design will eventually yield to a different structure (eg tree chains). It’s the chaining that’s key, not the particular object of consensus (although how the former works is parasitic on the latter).

I think Szabo’s use of “block chain” rather than “blockchain” is more than a question of style. Out of habit I still merge adjective and noun like most people, but it’s misleading and discourages people from thinking about it analytically.

I tell you though, the one expression that really gets on my nerves is “the blockchain” used in contexts like “the blockchain can solve problem X”. Compound the confusion with the definite article. As if there’s only one (like “the internet”). And even when the context assumes a specific protocol, “the” subconsciously draws attention away from the attacker’s fork, disagreements over protocol changes and hard forks.

Anyway this debate with people talking up their Bitcoin book and treating innovation outside its “ecosystem” as apostasy is tiresome and idle.

Christopher Allen, who has had a storied career in this space including co-authoring the TLS standard:

I certainly was an early banner waiver — I did some consulting work with Xanadu, and later for very early Digicash. At various points in the growth of SSL both First Virtual and PGP tried to acquire my company. When I saw Nick’s “First Monday” article the day it came out, as it immediately clicked a number of different puzzle pieces that I’d not quite put together into one place. I immediately started using the term smart contracts and was telling my investors, and later Certicom, that this is what we really should be doing (maybe because I was getting tired of battles in SSL/TLS standards when that wasn’t what Consensus Development had been really founded to solve).

However, in the end, I don’t think any thing I did actually went anywhere, either technically or as a business, other than maybe getting some other technologists interested. So in the end I’m more of a witness to the birth of these technologies than a creator.

History in this area is distorted by software patents — there are a number of innovative approaches that would be scrapped because of awareness of litigious patent holders. I distinctly remember when I first heard about some innovative hash chain ideas that a number of us wanted to use hash trees with it, but we couldn’t figure out how to avoid the 1979 Merkle Hash Tree patent whose base patent wouldn’t expire until ’96, as well as some other subsidiary hash tree and time stamp patents that wouldn’t expire until early 2000s.

As I recall, at the time were we all trying to inspired solve the micropayment problem. Digicash had used cryptography for larger-sized cash transactions, whereas First Virtual, Cybercash and others were focused on securing the ledger side and needed larger transaction fees and thus larger amounts of money to function. To scale down we were all looking at hash chain ideas from Lamport’s S/KEY from the late 80’s and distributed transactional ledgers from X/Open’s DTP from the early 90s as inspirations. DEC introduced Millicent during this period, and I distinctly remember people saying “this will not work, it requires consumers to hold keys in a electronic wallet”. On the cryptographic hash side of this problem Adam Back did Hashcash, Rivest and his crew introduced PayWord and Micromint. On the transaction side CMU introduced NetBill.

Nick Szabo wrote using hashes for post-unforgeable transaction logs in his original smart contract paper in ’97, in which he referred to Surety’s work (and they held the Merkle hash tree and other time signature patents), but in that original paper he did not look at Proof of Work at all. It was another year before he, Wei Dai, and Hal Finney started talking about using proof-of-work as a possible foundational element for smart contracts. I remember some discussions over beer in Palo Alto circa ’99 with Nick after I became CTO of Certicom about creating dedicated proof-of-work secure hardware that would create tokens that could be used as an underlying basis for his smart contract ideas. This was interesting to Certicom as we had very good connections into cryptographic hardware industry, and I recommended that we should hire him. Nick eventually joined Certicom, but by that point they had cancelled my advanced cryptography group to raise profits in order to go public in the US (causing me to resign), and then later ceased all work in that area when the markets fell in 2001.

I truly believe that would could have had cryptographic smart contracts by ’04 if Certicom had not focused on short-profits (see Solution #3 at bottom of this post for my thoughts back in 2004 after a 3-year non-compete and NDA)…

What is required, I believe, is a major paradigm shift. We need to leave the whole business of fear behind and instead embrace a new model: using cryptography to enable business rather than to prevent harm. We need to add value by making it possible to do profitable business in ways that are impossible today. There are, fortunately, many cryptographic opportunities, if we only consider them.

Cryptography can be used to make business processes faster and more efficient. With tools derived from cryptography, executives can delegate more efficiently and introduce better checks and balances. They can implement improved decision systems. Entrepreneurs can create improved auction systems. Nick Szabo is one of the few developers who has really investigated this area, through his work on Smart Contracts. He has suggested ways to create digital bearer certificates, and has contemplated some interesting secure auctioning techniques and even digital liens. Expanding upon his possibilities we can view the ultimate Smart Contract as a sort of Smart Property. Why not form a corporation on the fly with digital stock certificates, allow it to engage in its creative work, then pay out its investors and workers and dissolve? With new security paradigms, this is all possible.

When I first heard about Bitcoin, I saw it as having clearly two different parts. First was a mix of old ideas about unforgeable transaction logs using hash trees combined into blocks connected by hash chains. This clearly is the “blockchain”. But in order for this blockchain to function, it needed timestamping, for which fortunately all the patents had expired. The second essential part of Bitcoin was through a proof-of-work system to timestamp the blocks, which clearly was based on Back’s HashCash rather than the way transactions were timestamped in Szabo’s BitGold implementation. I have to admit, when I first saw it I didn’t really see much in Bitcoin that was innovative — but did appreciate how it combined a number of older ideas into one place. I did not predict its success, but thought it was an interesting experiment and that might lead to a more elegant solution. (BTW, IMHO Bitcoin became successful more because of how it leveraged cypherpunk memes and their incentives to participate in order to bootstrap the ecosystem rather than because of any particularly elegant or orginal cryptographic ideas).

In my head, Bitcoin consists of blocks of cryptographic transactional ledgers chained together, plus one particular approach to time-stamping this block chain that uses proof-of-work method of consensus. I’ve always thought of blockchain and mining as separate innovations.

To support this separation for your article, I have one more quote to offer you from Nick Szabo:

Instead of my automated market to account for the fact that the difficulty of puzzles can often radically change based on hardware improvements and cryptographic breakthroughs (i.e. discovering algorithms that can solve proofs-of-work faster), and the unpredictability of demand, Nakamoto designed a Byzantine-agreed algorithm adjusting the difficulty of puzzles. I can’t decide whether this aspect of Bitcoin is more feature or more bug, but it does make it simpler.

As to your question of when the community first started using the word consensus, I am not sure. The cryptographic company I founded in 1988 that eventually created the reference implementation of SSL 3.0 and offered the first TLS 1.0 toolkits was named “Consensus Development” so my memory is distorted. To me, the essential problem has always been how to solve consensus. I may have first read it about it in “The Ecology of Computation” published in 1988 which predicted many distributed computational approaches that are only becoming possible today, which mentions among other things such concepts as Distributed Scheduling Protocols, Byzantine Fault-Tolerance, Computational Auctions, etc. But I also heard it from various science fiction books of the period, so that is why I named my company after it.

The future

What about tokens?

Virtual tokens may only be required for permissionless ledgers – where validators are unknown and untrusted – in order to prevent spam and incentivize the creation of proofs-of-work.  In contrast, if parties are known and trusted – such as a permissioned ledger – there are other historically different mechanisms (e.g., contracts, legal accountability) to secure a network without the use of a virtual token. 6

Is everything still too early or lack an actual sustainable use-case?

Maybe not.  It may be the case, as Richard Brown recently pointed out, that for financial institutions looking to use shared, replicated ledgers, utility could be derived from mundane areas, such as balance sheets.  And you don’t necessarily need a Tom Sawyer botnet to protect that.

What attracts or repels use-cases then?

  • Folk law: “Anything that needs censorship-resistance will gravitate towards censorship-resistant systems.”
  • Sams’ law: “Anything that doesn’t need censorship-resistance will gravitate towards non censorship-resistant systems.”

Many financial institutions (which is just one group looking at shared, replicated ledgers) are currently focused on: fulfilling compliance requirements, reducing cost centers, downscaling branching and implementing digital channels.  None of this requires censorship-resistance.  Obviously there are many other types of organizations looking at this technology from other angles and perhaps they do indeed find censorship-resistance of use.

In conclusion, as copiously noted above, blockchains are a wider technology than just the type employed by Bitcoin and includes permissioned ledgers.  It bears mentioning that “permissioned” validators are not really a new idea either: four years ago Ben Laurie independently called them “mintettes” and Sarah Meiklejohn discussed them in her new paper as well.

Endnotes

  1. See The financial cloud from Adam Ludwin []
  2. Thanks to Christopher Allen for pointing this out. []
  3. See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland []
  4. See Bitcoins: Made in China []
  5. Why would banks want to use a communal ledger, validated by pseudonomyous pools whom are not privy to a terms of service or contractual obligation with? See Needing a token to operate a distributed ledger is a red herring and No, Bitcoin is not the future of securities settlement []
  6. See also Needing a token to operate a distributed ledger is a red herring and Consensus-as-a-service []
Send to Kindle

Q&A regarding the Distributed Ledger Landscape

About 10 days ago I had the pleasure of speaking at Blockchain University (hosted over at PwC) regarding distributed ledgers (permissioned and permissionless).  One of the slides was intentionally taken out of context by a user on reddit and unsurprisingly the subsequent /r/bitcoin thread covering it involved a range of ad hominem attacks that really missed what was being discussed at the actual talk: what are the characteristics of a blockchain.

I will likely write a post on this topic at length in the next couple of days.  In the meantime, below is the video which incidentally pre-emptively answered a few of the questions from that thread.

Also, for those curious to know who were asking the good questions in the audience, this included: Jeremy Drane (PwC), Christopher Allen (co-creator of the TLS standard) and Nick Tomaino (Coinbase) among others.

Send to Kindle

Bram Cohen: “Removing the Waste from Cryptocurrencies: Challenges and More Challenges”

Bram Cohen, the creator of BitTorrent, has opined on Bitcoin over the years on social media (such as Twitter).  Over the last couple of weeks he has been increasingly vocal on some hurdles such as the increase in block sizes (via a hard fork) and the dangers of accepting and institutionalizing zero-confirmation transactions.

Last week he gave a presentation at the SF Bitcoin Dev meetup in which he covered a variety of alternatives to proof-of-work such as proof-of-steak (which he dubs “Cow systems”).

Send to Kindle

Book review: The Age of Cryptocurrency

age of cryptocurrencyOn my trip to Singapore two weeks ago I read through a new book The Age of Cryptocurrency, written by Michael Casey and Paul Vigna — two journalists with The Wall Street Journal.

Let’s start with the good.  I think Chapter 2 is probably the best chapter in the book and the information mid-chapter is some of the best historical look on the topic of previous electronic currency initiatives.  I also think their writing style is quite good.  Sentences and ideas flow without any sharp disconnects.  They also have a number of endnotes in the back for in-depth reading on certain sub-topics.

In this review I look at each chapter and provide some counterpoints to a number of the claims made.

Introduction:

[Note: I manually typed the quotes from the book, all transcription errors are my own and should not reflect on the book itself.]

The book starts by discussing a company now called bitLanders which pays content creators in bitcoin.  The authors introduce us to Francesco Rulli who pays his bloggers in bitcoin and tries to forbid them from cashing out in fiat, so that they create a circular flow of income.1 One blogger they focus on is Parisa Ahmadi, a young Afghani woman who lacks access to the payment channels and platforms that we take for granted.  It is a nice feel good story that hits all the high notes.

Unfortunately the experience that individuals like Ahmadi, are not fully reflective of what takes place in practice (and this is not the fault of bitLanders).  For instance, the authors state on p. 2 that: “Bitcoins are stored in digital bank accounts or “wallets” that can be set up at home by anyone with Internet access.  There is no trip to the bank to set up an account, no need for documentation or proof that you’re a man.”

This is untrue in practice.  Nearly all venture capital (VC) funded hosted “wallets” and exchanges now require not only Know-Your-Customer (KYC) but in order for any type of fiat conversion, bank accounts.  Thus there is a paradox: how can unbanked individuals connect a bank account they do not have to a platform that requires it?  This question is never answered in the book yet it represents the single most difficult aspect to the on-boarding experience today.

Starting on page 3, the authors use the term “digital currency” to refer to bitcoins, a practice done throughout the remainder of the book.  This contrasts with the term “virtual currency” which they only use 12 times — 11 of which are quotes from regulators.  The sole time “virtual currency” is not used by a regulator to describe bitcoins is from David Larimer from Invictus (Bitshares).  It is unclear if this was an oversight.

Is there a difference between a “digital currency” and “virtual currency”?  Yes.  And I have made the same mistake before.

Cryptocurrencies such as bitcoin are not digital currencies.  Digital currencies are legal tender, as of this writing, bitcoins are not.  This may seem like splitting hairs but the reason regulators use the term “virtual currency” still in 2015 is because no jurisdiction recognizes bitcoins as legal tender.  In contrast, there are already dozens of digital currencies — nearly every dollar that is spent on any given day in the US is electronic and digital and has been for over a decade.  This issue also runs into the discussion on nemo dat described a couple weeks ago.

On page 4 the authors very briefly describe the origination of currency exchange which dates back to the Medici family during the Florentine Renaissance.  Yet not once in the book is the term “bearer asset” mentioned.  Cryptocurrencies such as bitcoin are virtual bearer instruments and as shown in practice, a mega pain to safely secure.  500 years ago bearer assets were also just as difficult to secure and consequently individuals outsourced the security of it to what we now call banks.  And this same behavior has once again occurred as large quantities — perhaps the majority — of bitcoins now are stored in trusted third party depositories such as Coinbase and Xapo.

Why is this important?

Again recall that the term “trusted third party” was used 11 times (in the body, 13 times altogether) in the original Nakamoto whitepaper; whoever created Bitcoin was laser focused on building a mechanism to route around trusted third parties due to the additional “mediation and transaction costs” (section 1) these create.  Note: that later on page 29 they briefly mentioned legal tender laws and coins (as it related to the Roman Empire).

On page 8 the authors describe the current world as “tyranny of centralized trust” and on page 10 that “Bitcoin promises to take at least some of that power away from governments and hand it to the people.”

While that may be a popular narrative on social media, not everyone involved with Bitcoin (or the umbrella “blockchain” world) holds the same view.  Nor do the authors describe some kind of blue print for how this is done.  Recall that in order to obtain bitcoins in the first place a user can do one of three things:

  1. mine bitcoins
  2. purchase bitcoins from some kind of exchange
  3. receive them for payments (e.g., merchant activity)

In practice mining is out of the hands of “the people” due to economies of scale which have trended towards warehouse mining – it is unlikely that embedded ASICs such as from 21 inc, will change that dynamic much, if any.  Why?  Because for every device added to the network a corresponding amount of difficulty is also added, diluting the revenue to below dust levels.  Remember how Tom Sawyer convinced kids to whitewash a fence and they did so eagerly without question?  What if he asked you to mine bitcoins for him for free?  A trojan botnet?  While none of the products have been announced and changes could occur, from the press release that seems to be the underlying assumption of the 21 inc business model.

In terms of the second point, nearly all VC funded exchanges require KYC and bank accounts.  The ironic aspect is that “unbanked” and “underbanked” individuals often lack the necessary “valid” credentials that can be used by cheaper automated KYC technology (from Jumio) and thus expensive manual processing is done, costs that must be borne by someone.  These same credential-less individuals typically lack a bank account (hence the name “unbanked”).

Lastly with the third point, while there are any number of merchants that now accept bitcoin, in practice very few actually do receive bitcoins on any given day.  Several weeks ago I broke down the numbers that BitPay reported and the verdict is payment processing is stagnant for now.

Why is this last point important to what the authors refer to as “the people”?

Ten days after Ripple Labs was fined by FinCEN for not appropriately enforcing AML/KYC regulations, Xapo  — a VC funded hosted wallet startup — moved off-shore, uprooting itself from Palo Alto to Switzerland.  While the stated reason is “privacy” concerns, it is likely due to regulatory concerns of a different nature.

In his interview with CoinDesk last week, Wences Casares, the CEO and founder of Xapo noted that:

Still, Casares indicated that Xapo’s customers are most often using its accounts primarily for storage and security. He noted that many of its clientele have “never made a bitcoin payment”, meaning its holdings are primarily long-term bets of high net-worth customers and family offices.

“Ninety-six percent of the coins that we hold in custody are in the hands of people who are keeping those coins as an investment,” Casares continued.

96% of the coins held in custody by Xapo are inert.  According to a dated presentation, the same phenomenon takes place with Coinbase users too.

Perhaps this behavior will change in the future, though, if not it seems unclear how this particular “to the people” narrative can take place when few large holders of a static money supply are willing to part with their virtual collectibles.  But this dovetails into differences of opinion on rebasing money supplies and that is a topic for a different post.

On page 11 the authors describe five stages of psychologically accepting Bitcoin.  In stage one they note that:

Stage One: Disdain.  Not even denial, but disdain.  Here’s this thing, it’s supposed to be money, but it doesn’t have any of the characteristics of money with which we’re familiar.

I think this is unnecessarily biased.  While I cannot speak for other “skeptics,” I actually started out very enthusiastic — I even mined for over a year — and never went through this strange five step process.  Replace the word “Bitcoin” with any particular exciting technology or philosophy from the past 200 years and the five stage process seems half-baked at best.

On page 13 they state, “Public anxiety over such risks could prompt an excessive response from regulators, strangling the project in its infancy.”  Similarly on page 118 regarding the proposed New York BitLicense, “It seemed farm more draconian than expected and prompted an immediate backlash from a suddenly well-organized bitcoin community.”

This is a fairly alarmist statement.  It could be argued that due to its anarchic code-as-law coupled with its intended decentralized topology, that it could not be strangled.  If a certain amount of block creating processors (miners) was co-opted by organizations like a government, then a fork would likely occur and participants with differing politics would likely diverge.  A KYC chain versus an anarchic chain (which is what we see in practice with altchains such as Monero and Dash).  Similarly, since there are no real self-regulating organizations (SRO) or efforts to expunge the numerous bad actors in the ecosystem, what did the enthusiasts and authors expect would occur when regulators are faced with complaints?

With that said — and I am likely in a small minority here — I do not think the responses thus far from US regulators (among many others) has been anywhere near “excessive,” but that’s my subjective view.  Excessive to me would be explicitly outlawing usage, ownership and mining of cryptocurrencies.  Instead what has occurred is numerous fact finding missions, hearings and even appearances by regulators at events.

On page 13 the authors state that “Cryptocurrency’s rapid development is in some ways a quirk of history: launched in the throes of the 2008 financial crisis, bitcoin offered an alternative to a system — the existing financial system — that was blowing itself up and threatening to take a few billion people down with it.”

This is retcon.  Satoshi Nakamoto, if he is to be believed, stated that he began coding the project in mid-2007.  It is more of a coincidence than anything else that this project was completed around the same time that global stock indices were at their lowest in decades.

Chapter 1:

On page 21 the authors state that, “Bitcoin seeks to address this challenge by offering users a system of trust based not on human being but on the inviolable laws of mathematics.”

While the first part is true, it is a bit cliche to throw in the “maths” reason.  There are numerous projects in the financial world alone that are run by programs that use math.  In fact, all computer programs and networks use some type of math at their foundation, yet no one claims that the NYSE, pace-makers, traffic intersections or airplanes are run by “math-based logic” (or on page 66, “”inviolable-algorithm-based system”).  A more accurate description is that Bitcoin’s monetary system is rule-based, using a static perfectly inelastic supply in contrast to either the dynamic or discretionary world humans live in.  Whether this is desirable or not is a different topic.

On page 26 they describe the Chartalist school of thought, the view that money is political, that “looks past the thing of currency and focuses instead on the credit and trust relationships between the individual and society at large that currency embodies” […] “currency is merely the token or symbol around which this complex system is arranged.”

This is in contrast to the ‘metallist’ mindset of some others in the Bitcoin community, such as Wences Casares and Jon Matonis (perhaps there is a distinct third group for “barterists”?).

I thought this section was well-written and balanced (e.g., appropriate citation of David Graeber on page 28; and description of what “seigniorage” is on page 30 and again on page 133).

On page 27 the authors write, “Yet many other cryptocurrency believers, including a cross section of techies and businessmen who see a chance to disrupt the bank centric payments system are de facto charatalists.  They describe bitcoin not as a currency but as a payments protocol.”

Perhaps this is true.  Yet from the original Nakamoto whitepaper, perhaps he too was a chartalist?  Stating in section 1:

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.

A payments rail, a currency, perhaps both?

Fun fact: the word “payment” appears 12 times in the whole white paper, just one time less than the word “trust” appears.

On page 29 they cite the Code of Hammurabi.  I too think this is a good reference, having made a similar reference to the Code in Chapter 2 of my book last year.

On page 31 they write, “Today, China grapples with competition to its sovereign currency, the yuan, due both to its citizens’ demand for foreign national currencies such as the dollar and to a fledgling but potentially important threat from private, digital currencies such as bitcoin.”

That is a bit of a stretch.  While Chinese policy makers do likely sweat over the creative ways residents breach and maneuver around capital controls, it is highly unlikely that bitcoin is even on the radar as a high level “threat.”  There is no bitcoin merchant economy in China.  The vast majority of activity continues to be related to mining and trading on exchanges, most of which is inflated by internal market making bots (e.g., the top three exchanges each run bots that dramatically inflate the volume via tape painting).  And due to how WeChat and other social media apps in China frictionlessly connect residents with their mainland bank accounts, it is unlikely that bitcoin will make inroads in the near future.

On page 36 they write, “By 1973, once every country had taken its currency off the dollar peg, the pact was dead, a radical change.”

In point of fact, there are 23 countries that still peg their currency to the US dollar.  Post-1973 saw a number of flexible and managed exchange rate regimes as well as notable events such as the Plaza Accord and Asian Financial Crisis (that impacted the local pegs).

On page 39 they write, “By that score, bitcoin has something to offer: a remarkable capacity to facilitate low-cost, near-instant transfer of value anywhere in the world.”

The point of contention here is the “low-cost” — something that the authors never really discuss the logistics of.  They are aware of “seigniorage” and inflationary “block rewards” yet they do not describe the actual costs of maintaining the network which in the long run, the marginal costs equal the marginal value (MC=MV).

This is an issue that I tried to bring up with them at the Google Author Talk last month (I asked them both questions during the Q&A):

The problem for Vigna’s view, (starting around 59m) is that if the value of a bitcoin fell to $30, not only would the network collectively “be cheaper” to maintain, but also to attack.

On paper, the cost to successfully attack the network today by obtaining more than 50% of the hashrate at this $30 price point would be $2,250 per hour (roughly 0.5 x MC) or roughly an order of magnitude less than it does at today’s market price (although in practice it is a lot less due to centralization).  Recall that the security of bitcoin was purposefully designed around proportionalism, that in the long run it costs a bitcoin to secure a bitcoin.  We will talk about fees later at the end of next chapter.

Chapter 2:

On page 43, in the note at the bottom related to Ray Dillinger’s characterization that bitcoin is “highly inflationary” — Dillinger is correct in the short run.  The money supply will increase by 11% alone this year.  And while in the long run the network is deflationary (via block reward halving), the fact that the credentials to the bearer assets (bitcoins) are lost and destroyed each year results in a non-negligible amount of deflation.

For instance, in chapter 12 I noted some research: in terms of losing bitcoins, the chart below illustrates what the money supply looks like with an annual loss of 5% (blue), 1% (red) and 0.1% (green) of all mined bitcoins.

lost coins

Source: Kay Hamacher and Stefan Katzenbeisser

In December 2011, German researchers Kay Hamacher and Stefan Katzenbeisser presented research about the impact of losing the private key to a bitcoin. The chart above shows the asymptote of the money supply (Y-axis) over time (X-axis).

According to Hamacher:

So to get rid of inflation, they designed the protocol that over time, there is this creation of new bitcoins – that this goes up and saturates at some level which is 21 million bitcoins in the end.

But that is rather a naïve picture. Probably you have as bad luck I have, I have had several hard drive crashes in my lifetime, and what happens when your wallet where your bitcoins are stored and your private key vanish? Then your bitcoins are probably still in the system so to speak, so they are somewhat identifiable in all the transactions but they are not accessible so they are of no economic value anymore. You cannot exchange them because you cannot access them. Or think more in the future, someone dies but his family doesn’t know the password – no economic value in those bitcoins anymore. They cannot be used for any exchange anymore. And that is the amount of bitcoins when just a fraction per year vanish for different fractions. So the blue curve is 5% of all the bitcoins per year vanish by whatever means there could be other mechanisms.

It is unclear exactly how many bitcoins can be categorized in such a manner today or what the decay rate is.

On page 45 the authors write, “Some immediately homed in on a criticism of bitcoin that would become common: the energy it would take to harvest “bitbux” would cost more than they were worth, not to mention be environmentally disastrous.”

While I am unaware of anyone who states that it would cost more than what they’re worth, as stated in Appendix B and in Chapter 3 (among many other places), the network was intentionally designed to be expensive, otherwise it would be “cheap to attack.”  And those costs scale in proportion to the token value.

As noted a few weeks ago:

For instance, last year O’Dwyer and Malone found that Bitcoin mining consumes roughly the same amount of energy as Ireland does annually.  It is likely that their estimate was too high and based on Dave Hudson’s calculations closer to 10% of Ireland’s energy consumption.23 Furthermore, it has likely declined since their study because, as previously explored in Appendix B, this scales in proportion with the value of the token which has declined over the past year.

The previous post looked at bitcoin payments processed by BitPay and found that as an aggregate the above-board activity on the Bitcoin network was likely around $350 million a year.  Ireland’s nominal GDP is expected to reach around $252 billion this year.  Thus, once Hudson’s estimates are integrated into it, above-board commercial bitcoin activity appears to be about two orders of magnitude less than what Ireland produces for the same amount of energy.

Or in other words, the original responses to Nakamoto six and a half years ago empirically was correct.  It is expensive and resource intensive to maintain and it was designed to be so, otherwise it would be easy to attack, censor and modify the history of votes.

Starting on page 56 they describe Mondex, Secure Electronic Transaction (SET), Electronic Monetary System, Citi’s e-cash model and a variety of other digital dollar systems that were developed during the 1990s.  Very interesting from a historical perspective and it would be curious to know what more of these developers now think of cryptocurrency systems.  My own view, is that the middle half of Chapter 2 is the best part of the book: very well researched and well distilled.

On page 64 they write:

[T]hat Nakamoto launched his project with a reminder that his new currency would require no government, no banks and no financial intermediaries, “no trusted third party.”

In theory this may be true, but in practice, the Bitcoin network does not natively provide any of the services banks do beyond a lock box.  There is a difference between money and the cornucopia of financial instruments that now exist and are natively unavailable to Bitcoin users without the use of intermediaries (such as lending).

On page 66 they write, “He knew that the ever-thinning supply of bitcoins would eventually require an alternative carrot to keep miners engaged, so he incorporated a system of modest transaction fees to compensate them for the resources they contributed.  These fees would kick in as time went on and as the payoff for miners decreased.”

That’s the theory and the popular narrative.

However, what does it look like in practice?

Above is a chart visualizing fees to miners denominated in USD from January 2009 to May 17, 2015.  Perhaps the fees will indeed increase to replace block rewards, or conversely, maybe as VC funding declines in the coming years, the companies that are willing and able to pay fees for each transaction declines.

On page 67, the authors introduce us to Laszlo Hanyecz, a computer programmer in Florida who according to the brief history of Bitcoin lore, purchased two Papa John’s pizzas for 10,000 bitcoins on May 22, 2010 (almost five years ago to the day).  He is said to have sold 40,000 bitcoins in this manner and generated all of the bitcoins through mining.  He claims to be the first person to do GPU mining, ramping up to “over 800 times” of a CPU; and during this time “he was getting about half of all the bitcoins mined.”  According to him, he originally used a Nvidia 9800 GTX+ and later switched to 2 AMD Radeon 5970s.  It is unclear how long he mined or when he stopped.

In looking at the index of his server, there are indeed relevant OpenCL software files.  If this is true, then he beat ArtForz to GPU mining by at least two months.

solar pizza

Source: Laszlo Hanyecz personal server

On page 77 they write, “Anybody can go on the Web, download the code for no cost, and start running it as a miner.”

While technically this is true, that you can indeed download the Satoshi Bitcoin core client for free, restated in 2015 it is not viable for hoi polloi.  In practice you will not generate any bitcoins solo-mining on a desktop machine unless you do pooled mining circa 2011.  Today, even pooled mining with the best Xeon processors will be unprofitable.  Instead, the only way to generate enough funds to cover both the capital expenditures and operating expenditures is through the purchase of single-use hardware known as an ASIC miner, which is a depreciating capital good.  Mining has been beyond the breakeven reach of most non-savvy home users for two years now, not to mention those who live in developing countries with poor electrical infrastructure or uncompetitive energy rates.  It is unlikely that embedded mining devices will change that equation due to the fact that every additional device increases the difficultly level whilst the device hashrate remains static.

This ties in with what the authors also wrote on page 77, “You don’t buy bitcoin’s software as you would other products, which means you’re not just a customer.  What’s more, there’s no owner of the software — unlike, say, PayPal, which is part of eBay.”

This is a bit misleading.  In order to use the Bitcoin network, users must obtain bitcoins somehow.  And in practice that usually occurs through trusted third parties such as Coinbase or Xapo which need to identify you via KYC/AML processes.  So while in 2009 their quote could have been true, in practice today that is largely untrue for most new participants — someone probably owns the software and your personal data.  In fact, a germane quote on reddit last week stated, “Why don’t you try using Bitcoin instead of Coinbase.”

Furthermore, the lack of “ownership” of Bitcoin is dual-edged as there are a number of public goods problems with maintaining development that will be discussed later.

On page 87 they describe Blockchain.info as a “high-profile wallet and analytics firm.”  I will come back to “wallets” later.  Note: most of these “wallets” are likely throwaway, temp wallets used to move funds to obfuscate provenance through the use of Shared Coin (one of the ways Blockchain.info generates revenue is by operating a mixer).

Overall Chapter 3 was also fairly informative.  The one additional quibble I have is that Austin and Beccy Craig (the story at the end) were really only able to travel the globe and live off bitcoins for 101 days because they had a big cushion: they had held a fundraiser that raised $72,995 of additional capital.  That is enough money to feed and house a family in a big city for a whole year, let alone go globe trotting for a few months.

Chapter 4:

On page 99 they describe seven different entities that have access to credit card information when you pay for a coffee at Starbucks manually.  Yet they do not describe the various entities that end up with the personal information when signing up for services such as Coinbase, ChangeTip, Circle and Xapo or what these depository institutions ultimately do with the data (see also Richard Brown’s description of the payment card system).

When describing cash back rewards that card issuers provide to customers, on page 100 they write, “Still it’s an illusion to think you are not paying for any of this.  The costs are folded into various bank charges: card issuance fees, ATM fees, checking fees, and, of course, the interest charged on the millions of customers who don’t pay their balances in full each month.”

Again, to be even handed they should also point out all the fees that Coinbase charges, Bitcoin ATMs charge and so forth.  Do any of these companies provide interest-bearing accounts or cash-back rewards?

On page 100 they also stated that, “Add in the cost of fraud, and you can see how this “sand in the cogs” of the global payment system represents a hindrance to growth, efficiency, and progress.”

That seems a bit biased here.  And my statement is not defending incumbents: global payment systems are decentralized yet many provide fraud protection and insurance — the very same services that Bitcoin companies are now trying to provide (such as FDIC insurance on fiat deposits) which are also not free.

On page 100 they also write, “We need these middlemen because the world economy still depends on a system in which it is impossible to digitally send money from one person to another without turning to an independent third party to verify the identity of the customer and confirm his or her right to call on the funds in the account.”

Again, in practice, this is now true for Bitcoin too because of how most adoption continues to take place on the edges in trusted third parties such as Coinbase and Circle.

On page 101 they write:

In letting the existing system develop, we’ve allowed Visa and MasterCard to form a de facto duopoly, which gives them and their banking partners power to manipulate the market, says Gil Luria, an analyst covering payment systems at Wedbush Securities.  Those card-network firms “not only get to extract very significant fees for themselves but have also created a marketplace in which banks can charge their own excessive fees,” he says.

Why is it wrong to charge fees for a service?  What is excessive?  I am certainly not defending incumbents or regulatory favoritism but it is unclear how Bitcoin institutions in practice — not theory — actually are any different.

And, the cost per transaction for Bitcoin is actually quite high (see chart below) relative to these other systems due to the fact that Bitcoin also tries to be a seigniorage system, something that neither Visa or MasterCard do.

cost per transaction

Source: Markos05

On page 102 when talking about MasterCard they state, “But as we’ve seen, that cumbersome system, as it is currently designed, is tightly interwoven into the traditional banking system, which always demands a cut.”

The whole page actually is a series of apples-and-oranges comparisons.  Aside from settlement, the Bitcoin network does not provide any of the services that they are comparing it to.  There is nothing in the current network that provides credit/lending services whereas the existing “cumbersome” system was not intentionally designed to be cumbersome, but rather is intertwined and evolved over decades so that customers can have access to a variety of otherwise siloed services.  Again, this is not to say the situation cannot be improved but as it currently exists, Bitcoin does not provide a solution to this “cumbersome” system because it doesn’t provide similar services.

On page 102 and 103 they write about payment processors such as BitPay and Coinbase, “These firms touted a new model to break the paradigm of merchants’ dependence on the bank-centric payment system described above.  These services charged monthly fees that amounted to significantly lower transaction costs for merchants than those charged in credit-card transactions and delivered swift, efficient payments online or on-site.”

Except this is not really true.  The only reason that both BitPay and Coinbase are charging less than other payment processors is that VC funding is subsidizing it.  These companies still have to pay for customer service support and fraud protection because customer behavior in aggregate is the same.  And as we have seen with BitPay numbers, it is likely that BitPay’s business model is a losing proposition and unsustainable.

On page 103 they mention some adoption metrics, “The good news is found in the steady expansion in the adoption of digital wallets, the software needed to send and receive bitcoins, with Blockchain and Coinbase, the two biggest providers of those, on track to top 2 million unique users each at the time of the writing.”

This is at least the third time they talk about wallets this way and is important because it is misleading, I will discuss in-depth later.

Continuing they write that:

Blockchain cofounder Peter Smith says that a surprisingly large majority of its accounts — “many more than you would think,” he says cryptically — are characterized as “active.”

This is just untrue and should have been pressed by the authors.  Spokesman from Blockchain.info continue to publish highly inflated numbers.  For instance in late February 2015, Blockchain.info claimed that “over $270 million in bitcoin transactions occurred via its wallets over the past seven days.”

This is factually untrue.  As I mentioned three months ago:

Organ of Corti pointed out that the 7 day average was indeed ~720,000 bitcoins in total output volume (thus making) the weekly volume would be about “5e06 btc for the network.”

Is it valid to multiply the total output volume by USD (or euros or yen)?  No.

Why not?  Because most of this activity is probably a combination of wallet shuffling, laundering and mixing of coins (e.g., use of SharedSend and burner wallets) or any number of superfluous activity.  It was not $270 million of economic trade.

Blockchain.info’s press release seems to be implying that economic trade is taking place, in which all transactions are (probably) transactions to new individuals when in reality it could simply be a lot of “change” address movement.  And more to the point, the actual internal volume looks roughly the same as has been the past few months (why issue a press release now?).

Continuing on page 103 they write, “For the first eight months months of 2014, around $50 million per day was passing thought the bitcoin network (some of which was just “change” that bitcoin transactions create as an accounting measure)…”

There is a small typo above (in bold) but the important part is the estimate of volume.  There is no public research showing a detailed break down of average volume of economic activity.  Based on a working paper I published four months ago, it is fairly clear that this figure is probably in the low millions USD at most.  Perhaps this will change in the future.

On page 106 they write about Circle and Xapo:

For now, these firms make no charge to cover costs of insurance and security, betting that enough customers will be drawn to them and pay fees elsewhere — for buying and selling bitcoins, for example — or that their growing popularity will allow them to develop profitable merchant-payment services as well.  But over all, these undertaking must add costs back into the bitcoin economy, not to mention a certain dependence on “trusted third parties.”  It’s one of many areas of bitcoin development — another is regulation — where some businessmen are advocating a pragmatic approach to bolstering public confidence, one that would necessitate compromises on some of the philosophical principles behind a model of decentralization.  Naturally, this doesn’t sit well with bitcoin purists.

While Paul Vigna may not have written this, he did say something very similar at the Google Author Talk event (above in the video).

The problem with this view is that it is a red herring: this has nothing to do with purism or non-purism.

The problem is that Bitcoin’s designer attempted to create a ‘permissionless’ system to accommodate pseudonymous actors.  The entire cost structure and threat model are tied to this.  If actors are no longer pseudonymous, then there is no need to have this cost structure, or to use proof-of-work at all.  In fact, I would argue that if KYC/KYM (Know Your Miner) are required then a user might just as well use a database or permissioned system.  And that is okay, there are businesses that will be built around that.

This again has nothing to do with purism and everything to do with the costs of creating a reliable record of truth on a public network involving unknown, untrusted actors.  If any of those variables changes — such as adding real-world identity, then from a cost perspective it makes little sense to continue using the modified network due to the intentionally expensive proof-of-work.

On page 107 they talk about bitcoin price volatility discussing the movements of gasoline.  The problem with this analogy is that no one is trying to use gasoline as money.  In practice consumers prefer purchasing power stability and there is no mechanism within the Bitcoin network that can provide this.

For instance:

volatility 1volatility 2volatility 3The three slides above are from a recent presentation from Robert Sams.  Sams previously wrote a short paper on “Seigniorage Shares” — an endogenous way to rebase for purchasing power stability within a cryptocurrency.

Bitcoin’s money supply is perfectly inelastic therefore the only way to reflect changes in demand is through changes in price.  And anytime there are future expectations of increased or decreased utility, this is reflected in prices via volatility.

Oddly however, on page 110, they write, “A case can be made that bitcoin’s volatility is unavoidable for the time being.”

Yet they do not provide any evidence — aside from feel good “Honey Badger” statements — for how bitcoin will somehow stabilize.  This is something the journalists should have drilled down on, talking to commodity traders or some experts on fuel hedging strategies (which is something airline companies spend a great deal of time and resources with).

Instead they cite Bobby Lee, CEO of BTC China and Gil Luria once again.  Lee states that “Once its prices has risen far enough and bitcoin has proven itself as a store of value, then people will start to use it as a currency.”

This is a collective action problem.  Because all participants each have different time preferences and horizons — and are decentralized — this type of activity is actually impossible to coordinate, just ask Josh Garza and the $20 Paycoin floor.  This also reminds me of one of my favorite comments on reddit: “Bitcoin will stabilize in price then go to the moon.”

The writers then note that, “Gil Luria, the Wedbush analyst, even argues that volatility is a good thing, on the grounds that it draws profit-seeking traders into the marketplace.”

But just because you have profit-seeking traders in the market place does not mean volatility disappears.

trading view

Credit: George Samman

For instance, in the chart above we can see how bitcoin trades relative to commodities over the past year:

  • Yellow is DBC
  • Red is OIL
  • Bars are DXY which is a dollar index
  • And candlesticks are BTCUSD
DBC is a commodities index and the top 10 Holdings (85.39% of Total Assets):
  • Brent Crude Futr May12 N/A 13.83
  • Gasoline Rbob Fut Dec12 N/A 13.71
  • Wti Crude Future Jul12 N/A 13.56
  • Heating Oil Futr Jun12 N/A 13.20
  • Gold 100 Oz Futr Dec 12 N/A 7.49
  • Sugar #11(World) Jul12 N/A 5.50
  • Corn Future Dec12 N/A 5.01
  • Lme Copper Future Mar13 N/A 4.55
  • Soybean Future Nov12 N/A 4.38
  • Lme Zinc Future Jul12

It bears mentioning that Ferdinando Ametrano has also described this issue in depth most recently in a presentation starting on slide 15.

Continuing on page 111, the writers note that:

Over time, the expansion of these desks, and the development of more and more sophisticated trading tools, delivered so much liquidity that exchange rates became relatively stable.  Luria is imagining a similar trajectory for bitcoin.  He says bitcoiners should be “embracing volatility,” since it will help “create the payment network infrastructure and monetary base” that bitcoin will need in the future.

There are two problems with Luria’s argument:

1) As noted above, this does not happen with any other commodity and historically nothing with a perfectly inelastic supply

2) Empirically, as described by Wences Casares above, nearly all the bitcoins held at Xapo (and likely other “hosted wallets”) are being held as investments.  This reduces liquidity which translates into volatility due to once again the inability to slowly adjust the supply relative to the shifts in demand.  This ties into a number of issues discussed in, What is the “real price” of bitcoin? that are worth revisiting.

Also on page 111, they write that “the exchange rate itself doesn’t matter.”

Actually it does.  It directly impacts two things:

1) outside perception on the health of Bitcoin and therefore investor interest (just talk to Buttercoin);

2) on a ten-minute basis it impacts the bottom line of miners.  If prices decline, so to is the incentive to generate proof-of-work.  Bankruptcy, as CoinTerra faces, is a real phenomenon and if prices decline very quickly then the security of the network can also be reduced due to less proof-of-work being generated

Continuing on page 111, “It’s expected that the mirror version of this will in time be set up for consumers to convert their dollars into bitcoins, which will then immediately be sent to the merchant.  Eventually, we could all be blind to these bitcoin conversions happening in the middle of all our transactions.”

It’s unfortunate that they do not explain how this will be done without a trusted third party, or why this process is needed.  What is the advantage of going from USD-> paying a conversion fee -> BTC -> conversion fee -> back into USD?  Why not just spend USD and cut out the Bitcoin middleman?

Lastly on page 111, “Still, someone will have to absorb the exchange-rate risk, if not the payment processors, then the investors with which they trade.”

The problem with this is that its generally not in the mandate or scope of most VC firms to purchase commodities or currencies directly.  In fact, they may even need some kind of license to do so depending on the jurisdiction (because it is a foreign exchange play).  Yet expecting the payment processors to shoulder the volatility is probably a losing proposition: in the event of a protracted bear market how many bitcoins at BitPay — underwater or not — will need to be liquidated to pay for operating costs?4

On page 112 they write, ‘Bitcoin has features from all of them, but none in entirety.  So, while it might seem unsatisfying, our best answer to the question of whether cryptocurrency can challenge the Visa and MasterCard duopoly is, “maybe, maybe not.”

On the face of it, it is a safe answer.  But upon deeper inspection we can probably say, maybe not.  Why?  Because for Bitcoin, once again, there is no native method for issuing credit (which is what Visa/MasterCard do with what are essentially micro-loans).

For example, in order to natively add some kind of lending facility within the Bitcoin network a new “identity” system would need to be built and integrated (to enable credit checks) — yet by including real-world “identity” it would remove the pseudonymity of Bitcoin while simultaneously maintaining the same costly proof-of-work Sybil protection.  This is again, an unnecessary cost structure entirely and positions Bitcoin as a jack-of-all-trades-but-master-of-none.  Why?  Again recall that the cost structure is built around Dynamic Membership Multi-Party Signature (DMMS); if the signing validators are static and known you might as well use a database or permissioned ledgers.

Or as Robert Sams recently explained, if censorship resistance is co-opted then the reason for proof-of-work falls to the wayside:

Now, I am sure that the advocates of putting property titles on the bitcoin blockchain will object at this point. They will say that through meta protocols and multi-key signatures, third party authentication of transaction parties can be built-in, and we can create a registered asset system on top of bitcoin. This is true. But what’s the point of doing it that way? In one fell swoop a setup like that completely nullifies the censorship resistance offered by the bitcoin protocol, which is the whole raison d’etre of proof-of-work in the first place! These designs create a centralised transaction censoring system that imports the enormous costs of a decentralised one built for censorship-resistance, the worst of both worlds.

If you are prepared to use trusted third parties for authentication of the counterparts to a transaction, I can see no compelling reason for not also requiring identity authentication of the transaction validators as well. By doing that, you can ditch the gross inefficiencies of proof-of-work and use a consensus algorithm of the one-node-one-vote variety instead that is not only thousands of times more efficient, but also places a governance structure over the validators that is far more resistant to attackers than proof-of-work can ever be.

On page 113, they write, “the government might be able to take money out of your local bank account, but it couldn’t touch your bitcoin.  The Cyprus crisis sparked a stampede of money into bitcoin, which was now seen as a safe haven from the generalized threat of government confiscation everywhere.”

In theory this may be true, but in practice, it is likely that a significant minority — if not majority — of bitcoins are now held in custody at depository institutions such as Xapo, Coinbase and Circle.  And these are not off-limits to social engineering.  For instance, last week an international joint-task force confiscated $80,000 in bitcoins from dark web operators.  The largest known seizure in history were 144,000 bitcoins from Ross Ulbricht (Dread Pirate Roberts) laptop.

Similarly, while it probably is beyond the scope of their book, it would have been interesting to see a survey from Casey and Vigna covering the speculators during this early 2013 time frame.  Were the majority of people buying bitcoins during the “Cyprus event” actually worried about confiscation or is this just something that is assumed?  Fun fact: the largest transaction to BitPay of all time was on March 25, 2013 during the Cyprus event, amounting to 28,790 bitcoins.

On page 114, the writers for the first time (unless I missed it elsewhere), use the term “virtual currency.”  Actually, they quote FinCEN director Jennifer Calvery who says that FincCEN, “recognizes the innovation virtual currencies provide , and the benefits they might offer society.”

Again recall that most fiat currencies today are already digitized in some format — and they are legal tender.  In contrast, cryptocurrencies such as bitcoin are not legal tender and are thus more accurately classified as virtual currencies.  Perhaps that will change in the future.

On page 118 they note that, “More and more people opened wallets (more than 5 million as of this writing).”

I will get to this later.  Note that on p. 123 they say Coupa Cafe has a “digital wallet” a term used throughout the entire book.

Chapter 5:

On page 124, “Bitcoins exist only insofar as they assign value to a bitcoin address, a mini, one-off account with which people and firms send and receive the currency to and from other people’s firms’ addresses.”

This is actually a pretty concise description of best-practices.  In reality however, many individuals and organizations (such as exchanges and payment processors) reuse addresses.

Continuing on page 124, “This is an important distinction because it means there’s no actual currency file or document that can be copied or lost.”

This is untrue.  In terms of security, the hardest and most expensive part in practice is securing the credentials — the private key that controls the UTXOs.  As Stefan Thomas, Jason Whelan (p. 139) and countless other people on /r/sorryforyourloss have discovered, this can be permanently lost.  Bearer assets are a pain to secure, hence the re-sprouting of trusted third parties in Bitcoinland.

One small nitpick in the note at the bottom of page 125, “Sometimes the structure of the bitcoin address network is such that the wallet often can’t send the right amount in one go…” — note that this ‘change‘ is intentional (and very inconvenient to the average user).

Another nitpick on page 128, “Each mining node or computer gathers this information and reduces it into an encrypted alphanumeric string of characters known as a hash.”

There is actually no encryption used in Bitcoin, rather there are some cryptographic primitives that are used such as key signing but this is not technically called encryption (the two are different).

On page 130, I thought it was good that they explained where the term nonce was first used — from Lewis Carroll who created the word “frabjous” and described it as a nonce word.

On page 132, in describing proof-of-work, “While that seems like a mammoth task, these are high-powered computers; it’s not nearly as taxing as the nonce-creating game and can be done relatively quickly and easily.”

They are correct in that something as simple as a Pi computer can and is used as the actual transaction validating machine.  Yet, at one point in 2009, this bifurcation did not exist: a full-node was both a miner and a hasher.  Today that is not the case and we technically have about a dozen or so actual miners on the network, the rest of the machines in “farms” just hash midstates.

On page 132, regarding payment processors accepting zero-confirmation transactions, “They do this because non-confirmations — or the double-spending actions that lead to them — are very rare.”

True they are very rare today in part because there are very few incentives to actually try and double-spend.  Perhaps that will change in the future with new incentives to say, double-spend watermarked coins from NASDAQ.

And if payment processors are accepting zero confirmations, why bother using proof-of-work and confirmations at all?  Just because a UTXO is broadcast does not mean it will not be double-spent let alone confirmed and packaged into a block.  See also replace-by-fee proposal.

Small note on page 132, “the bitcoin protocol won’t let it use those bitcoins in a payment until a total of ninety-nine additional blocks have been built on top its block.”

Sometimes it depends on the client and may be up to 120 blocks altogether, not just 100.

On page 133 they write, “Anyone can become a miner and is free to use whatever computing equipment he or she can come up with to participate.”

This may have been the case in 2009 but not true today.  In order to reduce payout variance, the means of production as it were, have gravitated towards large pools of capital in the form of hashing farms.  See also: The Gambler’s Guide to Bitcoin Mining.

On page 135 they write, “Some cryptocurrency designers have created nonprofit foundations and charged them with distributing the coins based on certain criteria — to eligible charities, for example. But that requires the involvement of an identifiable and trusted founder to create the foundation.”

The FinCEN enforcement action and fine on Ripple Labs may put a kibosh on this in the future.  Why?  If organizations that hand out or sell coins are deemed under the purview of the Bank Secrecy Act (BSA) it is clear that most, if not all, crowdfunding or initial coin offerings (ICO) are violating this by not implementing KYC/AML requirements on participants or filing SARs.

On page 136 they write, “Both seigniorage and transaction fees represent a transfer of value to those running the network. Still, in the grand scheme of things, these costs are far lower than anything found in the old system.”

This is untrue and an inaccurate comparison.  We know that at the current bitcoin price of $240 it costs roughly $315 million to operate the network for the entire year.  If bitcoin-based consumer spending patterns hold up and reflect last years trends seen by BitPay, then roughly $350 million will be spent through payment processors, nearly half of which includes mining payouts.

Or in other words, for roughly every dollar spent on commerce another dollar is spent securing it.  This is massive oversecurity relative to the commerce involve.  Neither Saudi Arabia or even North Korea spend half of, let alone 100% of their GDP on military expenditures (yet).

Chapter 6:

Small nitpick on page 140, Butterfly Labs is based in Leawood, Kansas not Missouri (Leawood is on the west side of the dividing line).

I think the story of Jason Whelan is illuminating and could help serve as a warning guide to anyone wanting to splurge on mining hardware.

For instance on page 141, “And right from the start Whelan face the mathematical reality that his static hashrate was shrinking as a proportion of the ever-expanding network, whose computing power was by then almost doubling every month.”

Not only was this well-written but it does summarize the problem most new miners have when they plan out their capital expenditures.  It is impossible to know what the network difficulty will be in 3 months yet what is known is that even if you are willing to tweak the hardware and risk burning out some part of your board, your hashrate could be diluted by faster more efficient machines.  And Whelan found out the hard way that he might as well bought and held onto bitcoins than mine.  In fact, Whelan did just about everything the wrong way, including buying hashing contracts with cloud miners from “PBCMining.com” (a non-functioning url).

On page 144 the authors discussed the mining farms managed by now-defunct CoinTerra:

With three in-built high-powered fans running at top speed to cool the rig while its internal chi races through calculations, each unit consumes two kilowatts per hour, enough power to run an ordinary laptop for a month. That makes for 20 kWh per tower, about ten times the electricity used for the same space by the neighboring server of more orthodox e-commerce firms.

As noted in Chapter 2 above, this electricity has to be “wasted.”  Bitcoin was designed to be “inefficient” otherwise it would be easy to attack and censor.  And in the future, it cannot become more “efficient” — there is no free lunch when it comes to protecting it.  It also bears mentioning that CoinTerra was sued by its utility company in part for the $12,000 a day in electrical costs that were not being paid for.

On page 145 they wrote that as of June 2014, “By that time, the network, which was then producing 88,000 trillion hashes every second, had a computing power six thousand times the combined power of the world’s top five hundred supercomputers.”

This is not a fair comparison.  ASIC miners can do one sole function, they are unable to do anything aside from reorganize a few fields (such as date and nonce) with the aim of generating a new number below a target number.  They cannot run MS Office, Mozilla Firefox and more sobering: they cannot even run a Bitcoin client (the Pi computer run by the pool runs the client).

In contrast, in order to be recognized as a Top 500 computer, only general purpose machines capable of running LINXPACK are considered eligible.  The entire comparison is apples-to-oranges.

On page 147 the authors described a study from Guy Lane who used inaccurate energy consumption data from Blockchain.info.  And then they noted that, “So although the total consumption is significantly higher than the seven-thousand-home estimate, we’re a long way from bitcoin’s adding an entire country’s worth of power consumption to the world.”

This is not quite true.  As noted above in the notes of Chapter 2 above, based on Dave Hudson’s calculations the current Bitcoin network consumes the equivalent of about 10% of Ireland’s annual energy usage yet produces two orders of magnitude less economic activity.  If the price of bitcoin increases so to does the amount of energy miners are willing to expend to chase after the seigniorage.  See also Appendix B.

On page 148 they write that:

For one, power consumption must be measured against the value of validating transactions in a payment system, a social service that gold mining has never provided.  Second, the costs must be weighed against the high energy costs of the alternative, traditional payment system, with its bank branches, armored cars, and security systems. And finally, there’s the overriding incentive for efficiency that the profit motive delivers to innovators, which is why we’ve seen such giant reductions in power consumption for the new mining machines. If power costs make mining unprofitable, it will stop.

First of all, validation is cheap and easy, as noted above it is typically done with something like a Pi computer.  Second, they could have looked into how much real commerce is taking place on the chain relative to the costs of securing it so the “social service” argument probably falls flat at this time.

Thirdly, the above “armored cars and security systems” is not an apples-to-apples comparison.  Bitcoin does not provide any banking service beyond a lock box, it does not provide for home mortgages, small business loans or mezzanine financing.  The costs for maintaining those services in the traditional world do not equate to MC=MV as described at the end of Chapter 1 notes.

Fourthly, they ignore the Red Queen effect.  If a new hashing machine is invented and consumes half as much energy as before then the farm owner will just double the amount of machines and the net effect is the same as before.  This happens in practice, not just in theory, hence the reason why electrical consumption has gone up in aggregate and not down.

On page 149 they write, “But the genius of the consensus-building in the bitcoin system means such forks shouldn’t be allowed to go on for long. That’s because the mining community works on the assumption that the longest chain is the one that constitutes consensus.”

That’s not quite accurate.  Each miner has different incentives.  And, as shown empirically with other altcoins, forks can reoccur frequently without incentives that align.  For now, some incentives apparently do.  But that does not mean that in the future, if say watermarked coins become more common place, that there will not be more frequent forks as certain miners attempt to double-spend or censor such metacoins.

Ironically on page 151 the authors describe the fork situation of March 2013 and describe the fix in which a few core developers convince Mark Karpeles (who ran Mt. Gox) to unilaterally adopt one specific fork.  This is not trustless.

On page 151 they write, “That’s come to be known as a 51 percent attack.  Nakamoto’s original paper stated that the bitcoin mining network could be guaranteed to treat everyone’s transactions fairly and honestly so long as no single miner or mining group owned more than 50 percent of the hashing power.”

And continuing on page 153, “So, the open-source development community is now looking for added protections against selfish mining and 51 percent attacks.”

While they do a good job explaining the issue, they don’t really discuss how it is resolved.  And it cannot be without gatekeepers or trusted hardware.  For instance, three weeks ago there was a good reddit thread discussing one of the problems of Andreas Antonopolous’  slippery slope view that you could just kick the attackers off the network.  First, there is no quick method for doing so; second, by blacklisting them you introduce a new problem of having the ability to censor miners which would be self-defeating for such a network as it introduces a form of trust into an expensive cost structure of trust minimization.

On page 152 they cite a Coinometrics number, “in the summer of 2014 the cost of the mining equipment and electricity required for a 51 percent attack stood at $913 million.”

This is a measurement of maximum costs based on hashrate brute force — a Maginot Line attack.  In practice it is cheaper to do via out of band attacks (e.g., rubber hose cryptanalysis).  There are many other, cheaper ways, to attack the P2P network itself (such as Eclipse attacks).

On page 154 when discussing wealth disparity in Bitcoin they write, “First, some perspective.  As a wealth-gap measure, this is a lousy one.  For one, addresses are not wallets.  The total number of wallets cannot be known, but they are by definition considerably fewer than the address tally, even though many people hold more than one.”

Finally.  So the past several chapters I have mentioned I will discuss wallets at some length.  Again, the authors for some reason uncritically cite the “wallet numbers” from Blockchain.info, Coinbase and others as actual digital wallets.  Yet here they explain that these metrics are bupkis.  And they are.  It costs nothing to generate a wallet and there are scripts you can run to auto generate them.  In fact, Zipzap and many others used to give every new user a Blockchain.info wallet por gratis.

And this is problematic because press releases from Xapo and Blockchain.info continually cite a number that is wholly inaccurate and distorting.  For instance Wences Casares said in a presentation a couple months ago that there were 7 million users.  Where did that number come from?  Are these on-chain privkey holders?  Why are journalists not questioning these claims?  See also: A brief history of Bitcoin “wallet” growth.

On page 154 they write, “These elites have an outsize impact on the bitcoin economy. They have a great interest in seeing the currency succeed and are both willing and able to make payments that others might not, simply to encourage adoption.”

Perhaps this is true, but until there is a systematic study of the conspicuous consumption that takes place, it could also be the case that some of these same individuals just have an interest in seeing the price of bitcoin rise and not necessarily be widely adopted.  The two are not mutually exclusive.

On page 155 and 156 they describe the bitsat project, to launch a full node into space which is aimed “at making the mining network less concentrated.”

Unfortunately these types of full nodes are not block makers.  Thus they do not actually make the network less concentrated, but only add more propagating nodes.  The two are not the same.

On page 156 they describe some of the altcoin projects, “They claim to take the good aspects of bitcoin’s decentralized structure but to get ride of its negative elements, such as the hashing-power arms race, the excessive use of electricity, and the concentration of industrialized mining power.”

I am well aware of the dozens various coin projects out there due to work with a digital asset exchange over the past year.  Yet fundamentally all of the proof-of-work based coins end up along the same trend line, if they become popular and reach a certain level of “market cap” (an inaccurate term) specialized chips are designed to hash it.  And the term “excessive” energy related to proof-of-work is a bit of a non-starter.  Ignoring proof-of-stake systems, if it becomes less energy intensive to hash via POW, then it also becomes cheaper to attack.  Either miners will add more equipment or the price has dropped for the asset and it is therefore cheaper to attack.

On page 157 regarding Litecoin they write that, “Miners still have an incentive to chase coin rewards, but the arms race and the electricity usage aren’t as intense.”

That’s untrue.  Scrypt (which is used instead of Hashcash) is just as energy intensive.  Miners will deploy and utilize energy in the same patterns, directly in proportion to the token price.  The difference is memory usage (Litecoin was designed to be more memory intensive) but that is unrelated to electrical consumption.

Continuing, “Litecoin’s main weakness is the corollary of its strength: because it’s cheaper to mine litecoins and because scrypt-based rigs can be used to mine other scrypt-based altcoins such as dogecoin, miners are less heavily invested in permanently working its blockchain.”

This is untrue.  Again, Litecoin miners will in general only mine up to the point where it costs a litecoin to make a litecoin.  Obviously there are exceptions to it, but in percentage terms the energy usage is the same.

Continuing, “Some also worry that scrypt-based mining is more insecure, with a less rigorous proof of work, in theory allowing false transactions to get through with incorrect confirmations.”

This is not true.  The two difference in security are the difficulty rating and block intervals.  The higher the difficulty rating, the more energy is being used to bury blocks and in theory, the more secure the blocks are from reversal.  The question is then, is 2.5 minutes of proof-of-work as secure as burying blocks every 10 minutes?  Jonathan Levin, among others, has written about this before.

cthuluSmall nitpick on page 157, fairly certain that nextcoin should be referred to as NXT.

On page 158 they write:

If bitcoin is to scale up, it must be upgraded sot hat nodes, currently limited to one megabyte of data per ten-minute block, are free to process a much larger set of information.  That’s not technically difficult; but it would require miners to hash much larger blocks of transactions without big improvements in their compensation.  Developers are currently exploring a transaction-fee model that would provide fairer compensation for miners if the amount of data becomes excessive.

This is not quite right.  There is a difference between block makers (pools) and hashers (mining farms).  The costs for larger blocks would impact block makers not hashers, as they would need to upgrade their network facilities and local hard drive.  This may seem trivial and unimportant, but Jonathan Levin’s research, as well as others suggest that block sizes does in fact impact orphan rates.5 It also impacts the amount of decentralization within the network as larger blocks become more expensive to propagate you will likely have fewer nodes.  This has been the topic of immense debate over the past several weeks on social media.

Also on page 158 they write:

The laboratory used by cryptocurrency developers, by contrast, is potentially as big as the world itself, the breadth of humanity that their projects seek to encompass. No company rulebook or top-down set of managerial instructions keeps people’s choice in line with a common corporate objective. Guiding people to optimal behavior in cryptocurrencies is entirely up to how the software is designed to affect human thinking, how effectively its incentive systems encourage that desired behavior

This is wishful thinking and probably unrealistic considering that Bitcoin development permanently suffers from the tragedy of the commons.  There is no CEO which is both good and bad.

For example, directions for where development goes is largely based on two things:

  1. how many upvotes your comment has on reddit (or how many retweets it gets on Twitter)
  2. your status is largely a function of how many times Satoshi Nakamoto responded to you in email or on the Bitcointalk forum creating a permanent clique of “early adopters” whose opinions are the only valid ones (see False narratives)

This is no way to build a financial product.  Yet this type of lobbying is effectively how the community believes it will usurp well-capitalized private entities in the payments space.

Several months ago a user, BitttBurger, made a similar observation:

I’ve said it before and I will say it again. There is a reason why Developers should not be in control of product development priorities, naming, feature lists, or planning for a product. That is the job of the sales, marketing, and product development teams who actually interface with the customer. They are the ones who do the research and know what’s needed for a product. They are the ones who are supposed to decide what things are called, what features come next, and how quickly shit gets out the door.

Bitcoin has none of that. You’ve got a Financial product, being created for a financial market, by a bunch of developers with no experience in finance, and (more importantly) absolutely no way for the market to have any input or control over what gets done, or what it’s called. That is crazy to me.

Luke is a perfect example of why you don’t give developers control over anything other than the structure of the code.

They are not supposed to be making product development decisions. They are not supposed to be naming anything. And they definitely are not supposed to be deciding “what comes next” or how quickly things get done. In any other company, this process would be considered suicide.

Yet for some reason this is considered to be a feature rather than a bug (e.g., “what is your Web of Trust (WoT) number?”).

On page 159 they write, “The vital thing to remember is that the collective brainpower applied to all the challenges facing bitcoin and other cryptocurrencies is enormous.  Under the open-source, decentralized model, these technologies are not hindered by the same constraints that bureaucracies and stodgy corporations face.”

So, what is the Terms of Service for Bitcoin?  What is the customer support line?  There isn’t one.  Caveat emptor is pretty much the marketing slogan and that is perfectly fine for some participants yet expecting global adoption without a “stodgy” “bureaucracy” that helps coordinate customer service seems a bit of a stretch.

And just because there is some avid interest from a number of skilled programmers around the world does not mean public goods problems surrounding development will be resolved.  For reference: there were over 5000 co-authors on a recent physics paper but that doesn’t mean their collective brain power will quickly resolve all the open questions and unsolved problems in physics.

Chapter 7:

Small nitpick on page 160, “Bitcoin was born out of a crypto-anarchist vision of a decentralized government-free society, a sort of encrypted, networked utopia.”

As noted above, there is actually no encryption used in Bitcoin.

On page 162 they write, “Before we get too carried away, understand this is still early days.”

That may be the case.  Perhaps decentralized cryptocurrencies like Bitcoin are not actually the internet in the early 1990s like many investors claim but rather the internet in the 1980s when there were almost no real use-cases and it is difficult to use.  Or 1970s.  The problem is no one can actually know the answer ahead of time.

And when you try to get put some milestone down on the ground, the most ardent of enthusiasts move the goal posts — no comparisons with existing tech companies are allowed unless it is to the benefit of Bitcoin somehow.  I saw this a lot last summer when I discussed the traction that M-Pesa and Venmo had.

A more recent example is “rebittance” (a portmanteau of “bitcoin” and “remittance”).  A couple weeks ago Yakov Kofner, founder of Save On Send, published a really good piece comparing money transmitter operators with bitcoin-related companies noting that there currently is not much meat to the hype.  The reaction on reddit was unsurprisingly fist-shaking Bitcoin rules, everyone else drools.

yakov breakfast

With Yakov Kofner (CEO Save On Send)

When I was in NYC last week I had a chance to meet with him twice.  It turns out that he is actually quite interested in Bitcoin and even scoped out a project with a VC-funded Bitcoin company last year for a consumer remittances product.

But they decided not to build and release it for a few reasons: 1) in practice, many consumers are not sensitive enough to a few percentage savings because of brand trust/loyalty/habit; 2) lacking smartphones and reliable internet infrastructure, the cash-in, cash-out aspect is still the main friction facing most remittance corridors in developing countries, bitcoin does not solve that; 3) it boils down to an execution race and it will be hard to compete against incumbents let alone well-funded MTO startups (like TransferWise).

That’s not to say these rebittance products are not good and will not find success in niches.

For instance, I also spoke with Marwan Forzley (below), CEO of Align Commerce last week.  Based on our conversation, in terms of volume his B2B product appears to have more traction than BitPay and it’s less than a year old.  What is one of the reasons why?  Because the cryptocurrency aspect is fully abstracted away from customers.

marwan p2p

Raja Ramachandran (R3CEV), Dan O’Prey (Hyperledger), Daniel Feichtinger (Hyperledger), Marwan Forzley (Align Commerce)

In addition, both BitX and Coins.ph — based on my conversations in Singapore two weeks ago with their teams — seem to be gaining traction in a couple corridors in part because they are focusing on solving actual problems (automating the cash-in/cash-out process) and abstracting away the tech so that the average user is oblivious of what is going on behind the scenes.

singapore ron

Markus Gnirck (StartupBootCamp), Antony Lewis (itBit) and Ron Hose (Coins.ph) at the DBS Hackathon event

On page 162 and 163 the authors write about the Bay Area including 20Mission and Digital Tangible.  There is a joke in this space that every year in cryptoland is accelerated like dog years.  While 20Mission, the communal housing venue, still exists, the co-working space shut down late last year.  Similarly, Digital Tangible has rebranded as Serica and broadened from just precious metals and into securities.  In addition, Dan Held (page 164) left Blockchain.info and is now at ChangeTip.

On page 164 they write, “But people attending would go on to become big names in the bitcoin world: Among them were Brian Armstrong and Fred Ehrsam, the founders of Coinbase, which is second only to Blockchain as a leader in digital-wallet services and one of the biggest processors of bitcoin payments for businesses.”

10 pages before this they said how useless digital wallet metrics are.  It would have been nice to press both Armstrong and Ehrsam to find out what their actual KYC’ed active users to see if the numbers are any different than the dated presentation.

On page 165 they write:

“It’s a very specific type of brain that’s obsessed with bitcoin,” says Adam Draper, the fourth-generation venture capitalist…”

I hear this often but what does that mean?  Is investing genetic?  If so, surely there are more studies on it?

For instance, later on page 176 they write, “The youngest Draper, who tells visitors to his personal web site that his life’s ambition is to assist int he creation of an iron-man suit, has clearly inherited his family’s entrepreneurial drive.”

Perhaps Adam Draper is indeed both a bonafide investor and entrepreneur, but it does not seem to be the case that either can be or is necessarily inheritable.

On page 167, “The only option was to “turn into a fractional-reserve bank,” he said jokingly, referring tot he bank model that allows banks to lend out deposits while holding a fraction of those funds in reserve.  “They call it a Ponzi scheme unless you have a banking license.”

Why is this statement not challenged?  I am not defending rehypothecation or the current banking model, but fractional reserve banking as it is employed in the US is not a Ponzi scheme.

Also on page 167 they write, “First, he had trouble with his payments processor, Dwolla which he later sued for $2 million over what Tradehill claimed were undue chargebacks.”

A snarky thing would be to say he should have used bitcoin, no chargebacks.  But the issue here, one that the authors should have pressed is that Tradehill, like Coinbase and Xapo, are effectively behaving like banks.  It’s unclear why this irony is not discussed once in the book.

For instance, several pages later on page 170 they once again talk about wallets:

The word wallet is thrown around a lot in bitcoin circles, and it’s an evocative description, but it’s just a user application that allows you to send and receive bitcoins over the bitcoin network. You can download software to create your own wallet — if you really want to be your own bank — but most people go through a wallet provider such as Coinbase or Blockchain, which melded them into user-friendly Web sites and smart phone apps.

I am not sure if it is intentional but the authors clearly understand that holding a private key is the equivalent of being a bank.  But rather than say Coinbase is a bank (because they too control private keys), they call them a wallet provider.  I have no inside track into how regulators view this but the euphemism of “wallet provider” is thin gruel.  On the other hand Blockchain.info does not hold custody of keys but instead provide a user interface — at no point do they touch a privkey (though that does not mean they could not via a man-in-the-middle-attack or scripting errors like the one last December).

On page 171 they talk about Nathan Lands:

The thirty-year-old high school dropout is the cofounder of QuickCoin, the maker of a wallet that’s aimed directly at finding the fastest easiest route to mass adoption.  The idea, which he dreamed up with fellow bitcoiner Marshall Hayner one night over a dinner at Ramen Underground, is to give nontechnical bitcoin newcomers access to an easy-to-use mobile wallet viat familiar tools of social media.

Unfortunately this is not how it happened.  More in a moment.

Continuing the authors write, “His successes allowed Lands to raise $10 million for one company, Gamestreamer.”

Actually it was Gamify he raised money for (part of the confusion may be due to how it is phrased on his LinkedIn profile).

Next the authors state: “He started buying coins online, where her ran into his eventual business partner, Hayner (with whom he later had a falling-out, and whose stake he bought).”

One of the biggest problems I had with this book is that the authors take claims at face value.  To be fair, I probably did a bit too much myself with GCON.

On this point, I checked with Marshall Hayner who noted that this narrative was untrue:  “Nathan never bought my stake, nor was I notified of any such exchange.”

While the co-founder dispute deserves its own article or two, the rough timeline is that in late 2013 Hayner created QuickCoin and then several months later on brought Lands on to be the CEO.  After a soft launch in May 2014 (which my wife and I attended, see below) Lands maneuvered and got the other employees to first reduce the equity that Hayner had and then fired him so they could open up the cap table to other investors.

quickcoin

QuickCoin launch party with Marshall Hayner, Jackson Palmer (Dogecoin), and my wife

With Hayner out, QuickCoin quickly faded due to the fact that the team had no ties to the local cryptocurrency community.  Hayner went on to join Stellar and is now the co-founder of Trees.  QuickCoin folded by the end of the year and Lands started Blockai.

On page 174 they discuss VCs involved in funding Bitcoin-related startups:

Jerry Yang, who created the first successful search engine, Yahoo, put money from his AME Ventures into a $30 million funding round for processor BitPay and into one of two $20 million rounds raised by depository and wallet provider Xapo, which offers insurance to depositors and call itself a “bitcoin vault.”

While they likely couldn’t have put it in this section, I think it would have been good for the authors to discuss the debate surrounding what hosted wallets actually are because regulators and courts may not agree with the marketing-speak of these startups.6

On page 177 they write about Boost VC which is run by Adam Draper, “He’d moved first and emerged as the leader in the filed, which meant his start-ups could draw in money from the bigger guys when it came time for larger funding rounds.”

It would be interesting to see the clusters of what VCs do and do not co-invest with others.  Perhaps in a few years we can look back and see that indeed, Boost VC did lead the pack.  However while there are numerous incubated startups that went on to close seed rounds (Blockcypher, Align Commerce, Hedgy, Bitpagos) as of this writing there is only one incubated company in Boost that has closed a Series A round and that is Mirror (Coinbase, which did receive funding from Adam Draper, was not in Boost).  Maybe this is not a good measure for success, perhaps this will change in the future and maybe more have done so privately.

On page 179-180 the discussion as to what Plug and Play Tech Center does and its history was well written.

On page 184 they write:

With every facet of our economy now dependent on the kinds of software developed and funded in the Bay Area, and with the Valley’s well-heeled communities becoming a vital fishing ground for political donations and patronage, we’re witnessing a migration of the political and economic power base away from Wall Street to this region.

I have heard variations of this for the past couple of years.  Most recently I heard a VC claim that Andreessen Horrowitz (a16z) was the White House of the West Coast and that bankers in New York do not understand this tech.  Perhaps it is and perhaps bankers do not understand what a blockchain is.

Either way we should be able to see the consequences to this empirically at some point.  Where is the evidence presented by the authors?

incumbents

Source: finviz

Fast forwarding several chapters, on page 287 they write, “Visa, MasterCard, and Western Union combined – to name just three players whose businesses could be significantly reformed — had twenty-seven thousand employees in 2013.”

Perhaps these figures will dramatically change soon, however, the above image are the market caps over the past 5 years of four incumbents: JP Morgan (the largest bank in the US), MasterCard and Visa (the largest card payment providers) and Western Union, the world’s largest money transfer operator.

Will their labor force dramatically change because of cryptocurrencies?  That is an open question.  Although it is unclear why the labor force at these companies would necessarily shrink because of the existence of Bitcoin rather than expand in the event that these companies integrated parts of the tech (e.g., a distributed ledger) thereby reducing costs and increasing new types of services.

On page 185 they write, “Those unimaginable possibilities exist with bitcoin, Dixon says, because “extensible software platforms that allow anyone to build on top of them are incredibly powerful and have all these unexpected uses. The stuff about fixing the existing payment system is interesting, but what’s superexciting is that you have this new platform on which you can move money and property and potentially build new areas of businesses.”

Maybe this is true.  It is unclear from these statements as to what Chris Dixon views as broken about the current payment system.  Perhaps it is “broken” in that not everyone on the planet has access to secure, near-instant methods of global value transer.  However it is worth noting that cryptocurrencies are not the only competitors in the payments space.

According to AngelList as of this writing:

Chapter 8:

This chapter discussed “The Unbanked” and how Bitcoin supposedly can be a solution to banking these individuals.

On page 188 they discuss a startup called 37coins:

“It uses people in the region lucky enough to afford Android smartphones as “gateways” to transmit the messages.  In return, these gateways receive a small fee, which provides the corollary benefit of giving locals the opportunity to create a little business for themselves moving traffic.”

This is a pretty neat idea, both HelloBit and Abra are doing something a little similar.  The question however is, why bitcoin?  Why do users need to go out of fiat, into bitcoin and back out to fiat?  If the end goal is to provide users in developing countries a method to transmit value, why is this extra friction part of the game plan?

Last month I heard of another supposed cryptocurrency “killer app”: smart metering prepaid via bitcoin and how it is supposed to be amazing for the unbanked.  The unbanked, they are going to pay for smart metering with money they don’t have for cars they don’t own.  There seems to be a disconnect when it comes to financial inclusion as it is sometimes superficially treated in the cryptocurrency world.  Many Bitleaders and enthusiasts seem to want to pat themselves on the back for a job that has not been accomplished.  How can the cryptocurrency community bring the potential back down to real world situations without overinflating, overhyping or over promising?

If Mercedes or Yamaha held a press conference to talk about the “under-cared” or “under-motorcycled” they would likely face a backlash on social media.  Bitcoin the bearer instrument, is treated like a luxury good and expecting under-electrified, under-plumbed, under-interneted people living in subsistence to buy and use it today without the ability to secure the privkey without a trusted third party, seems far fetched (“the under bitcoined!”).  Is there a blue print to help all individuals globally move up Maslow’s Hierarchy of Financial Wants & Needs?

On page 189 they write:

“But in the developing world, where the costs of an ineffectual financial system and the burdens of transferring funds are all too clear, cryptocurrencies have a much more compelling pitch to make.”

The problem is actually at the institutional level, institutions which do not disappear because of the Bitcoin blockchain.  Nor does Bitcoin solve the identity issue: users still need real-world identity for credit ratings so they can take out loans and obtain investment to build companies.

For instance on page 190 the authors mention the costs of transferring funds to and from Argentina, the Philippines, India and Pakistan.  One of the reasons for the high costs is due to institutional problems which is not solved by Bitcoin.

In fact, the authors write, “Banks won’t service these people for various reasons. It’s partly because the poor don’t offer as fat profits as the rich, and it’s partly because they live in places where there isn’t the infrastructure and security needed for banks to build physical branches. But mostly it’s because of weak legal institutions and underdeveloped titling laws.”

This is true, but Bitcoin does not solve this.  If local courts or governments do not recognize the land titles that are hashed on the blockchain it does the local residents no good to use Proof of Existence or BlockSign.

They do not clarify this problem through the rest of the chapter.  In fact the opposite takes place, as they double down on the reddit narrative:

“Bitcoin, as we know, doesn’t care who you are. It doesn’t care how much money you are willing to save, send, or spend. You, your identity and your credit history are irrelevant. […] If you are living on $50 a week, the $5 you will save will matter a great deal.”

This helps nobody. The people labeled as “unbanked” want to have access to capital markets and need a credit history so they can borrow money to create a companies and build homes.  Bitcoin as it currently exists, does not solve those problems.

Furthermore, how do these people get bitcoins in the first place?  That challenge is not discussed in the chapter.  Nor is the volatility issue, one swift movement that can wipe out the savings of someone living in subsistence, broached.  Again, what part of the network does lending on-chain?

On page 192 they write, “They lack access to banks not because they are uneducated, but because of the persistent structural and systemic obstacles confronting people of limited means there: undeveloped systems of documentation and property titling, excessive bureaucracy, cultural snobbery, and corruption. The banking system makes demands that poor people simply can’t meet.”

This is very true.  The Singapore conference I attended two weeks ago is just one of many conferences held throughout this year that talked about financial inclusion.  Yet Bitcoin does not solve any of these problems.  You do not need a proof-of-work blockchain to solve these issues.  Perhaps new database or permissioned ledgers can help, but these are social engineering challenges — wet code — that technology qua technology does not necessarily resolve.

Also on page 192 they write, “People who have suffered waves of financial crises are used to volatility. People who have spent years trusting expensive middlemen and flipping back and forth between dollars and their home currency are probably more likely to understand bitcoin’s advantages and weather its flaws.”

This is probably wishful thinking too.  Residents of Argentina and Ukraine may be used to volatility but it does not mean it is something they want to adopt.  Why would they want to trade one volatile asset for another?  Perhaps they will but the authors do not provide any data for actual usage or adoption in these countries, or explain why the residents prefer bitcoin instead of something more global and stable such as the US dollar.

On page 193 they write that, “In many cases, these countries virtually skip over legacy technology, going straight to high-tech fiber-optic cables.”

While there is indeed a number of legacy systems used on any given day in the US, it is not like Bitcoin itself is shiny new tech.  While the libraries and BIPS may be new, the components within the consensus critical tech almost all dates back to the 20th century.

For instance, according to Gwern Branwen, the key moving parts that Bitcoin uses:

  1. 2001: SHA-256 finalized
  2. 1999-present: Byzantine fault tolerance (PBFT etc.)
  3. 1999-present: P2P networks (excluding early networks like Usenet or FidoNet; MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, etc.)
  4. 1998: Wei Dai, B-money5
  5. 19986: Nick Szabo, Bit Gold
  6. 1997: HashCash
  7. 1992-1993: Proof-of-work for spam7
  8. 1991: cryptographic timestamps
  9. 1980: public key cryptography8
  10. 1979: Hash tree

That’s not to say that Bitcoin is bad, old or that other systems are not old or bad but rather the term “legacy” is pretty relative and undefined in that passage.

On page 194 they discuss China and bitcoin, “With bitcoin, the theory goes, people could bypass that unjust banking system and get their money out of China at low cost.”

This is bad legal advice, just look at the problems this caused Coinbase with regulators a couple months ago.  And while you could probably do it low-scale, it then competes with laundering via art sales and Macau junkets and thus expecting this to be the killer use-case for adoption in China is fairly naive.

On page 195 they write “Bitcoin in China is purely a speculator’s game, a way to gamble on its price, either through one of a number of mainland exchanges or by mining it. It is popular — Chinese trading volumes outstrip those seen anywhere else in the world.”

Two months ago Goldman Sachs published a widely circulated report which stated that “80% of bitcoin volume is now exchanged into and out of Chinese yuan.”

This is untrue though as it is solely based on self-reporting metrics from all of the exchanges (via Bitcoinity).  As mentioned in chapter 1 notes above, the top 3 exchanges in China run market-making bots which dramatically inflate trading volume by 50-70% each day.  While they likely still process a number of legitimate trades, it cannot be said that 80% of bitcoin volume is traded into and out of RMB.  The authors of both the report and the book should have investigated this in more depth.

On page 196 they write, “This service, as well as e-marketplace Alibaba’s competing Alipay offering, is helping turn China into the world’s most dynamic e-commerce economy. How is bitcoin to compete with that?”

Great question and the answer is it probably won’t.  See Understanding value transfers to and from China.

Next on page 196 they write, “But what about the potential to get around the controls the government puts on cross-border fund transfers?”

By-passing capital controls was discussed two pages before and will likely cause problems for any VC or PE-backed firm in China, the US and other jurisdictions.  I am not defending the current policies just being practical: if you are reading their book and plan to do this type of business, be sure to talk to a legal professional first.

On page 197 they discuss a scenario for bitcoin adoption in China: bank crisis.  The problem with this is that in the history of banking crisis’ thus far, savers typically flock to other assets, such as US dollars or euros.  The authors do not explain why this would change.  Now obviously it could or in the words of the authors, the Chinese “may warm to bitcoin.”  But this is just idle speculation — where are the surveys or research that clarify this position?  Why is it that many killer use-cases for bitcoin typically assumes an economy or two crashes first?

On page 198 they write, “The West Indies even band together to form one international cricket team when they play England, Australia, and other members of the Commonwealth. What they don’t have, however, is a common currency that could improve interisland commerce.”

More idle speculation.  Bitcoin will probably not be used as a common currency because policy makers typically want to have discretion via elastic money supplies.  In addition, one of the problems that a “common currency” could have is what has plagued the eurozone: differing financial conditions in each country motivate policy makers in each country to lobby for specific monetary agendas (e.g., tightening, loosening).  Bitcoin in its current form, cannot be rebased to reflect the changes that policy makers could like to make.  While many Bitcoin enthusiasts like this, unless the authors of the book have evidence to the contrary, it is unlikely that the policy makers in the West Indies find this desirable.

On page 199 they write, “A Caribbean dollar remains a pipe dream.”

It is unclear why having a unified global or regional currency is a goal for the authors?  Furthermore, there is continued regional integration to remove some frictions, for instance, the ECACH (Eastern Caribbean Automated Clearing House) has been launched and is now live in all 8 member countries.

On page 203 they spoke to Patrick Byrne from Overstock.com about ways Bitcoin supposedly saves merchants money.  They note that, “A few weeks later, Byrne announced he would not only be paying bitcoin-accepting vendors one week early, but that he’d also pay his employee bonuses in bitcoin.”

Except so far this whole effort has been a flop for Overstock.com.  According to Overstock, in 2014 approximately 11,100 customers paid with bitcoin at both its US and international websites.  Altogether this represented roughly $3 million in sales which when coupled with low margin products (based on the top 10 list of things sold on Overstock) is an initiative that Stone Street Advisors labeled “distracting” (see slides 21, 32, 33, 37, 58).

This continues onto page 204, “As a group of businesses in one region begins adopting the currency, it will become more appealing to others with whom they do business. Once such a network of intertwined businesses builds up, no one wants to be excluded from it. Or so the theory goes.”  Byrne then goes on to describe network effects and fax machines, suggesting that this is what will happen with bitcoin.

In other words, a circular flow of income.  The challenge however goes back to the fact that the time preferences of individuals is different and has not lended towards the theory of spending.  As a whole, very few people spend and suppliers typically cash out to reduce their exposure to volatility.  Perhaps this will change, but there is no evidence that it has so far.

On page 206 they talk to Rulli from Film Annex (who was introduced in the introduction):

With bitcoin, “you can clearly break down the value of every single stroke on the keyboard, he says.

And you cannot with fiat?

Continuing the authors talk about Rulli:

He wanted the exchange to be solely in bitcoin for other digital currencies, with no option to buy rupees or dollars: “The belief I have is that if you lock these people into this new economy, they will make that new economy as efficient as possible.”

What about volatility?  Why are marginalized people being expected to hold onto an asset that fluctuates in value by more than 10% each month?  Rulli has a desire to turn the Film Annex Web site “into its own self enclosed bitcoin economy.”  There is a term for this: autarky or closed economy.

Continuing Rulli states, ‘If you start giving people opportunities to get out of the economy, they will just cut it down, whereas if the only way for you to enrich yourself is by trading bitcoins for litecoins and dogecoins, you are going to become an expert in that… you will become the best trader in Pakistan.”

This seems to be a questionable strategy: are these users on bitLanders supposed to be artisans or day traders?  Why are marginalized people expected to compete with world-class professional traders?

On page 210 the second time the term “virtual currency” is mentioned, this time by the Argentinian central bank.

On page 213 they write, “With bitcoin, it is possible to sen money via a mobile phone, directly between two parties, to bypass that entire cumbersome, expensive system for international transfers.”

What an updated version to the book should include is an actual study for the roundtrip costs of doing international payments and remittances.  This is not to defend the incumbents, but rebittance companies and enthusiasts on reddit grossly overstate the savings in many corridors.7 And it still does not do away with the required cash-in / cash-out steps that people in these countries still want and need.

On page 216 they write about the research of Hernando de Soto who discusses the impediments of economic development including the need to document ownership of property.  Unfortunately Bitcoin does not currently solve this because ultimately the recognition of a hash of a document on a blockchain comes down to recognition from the same institutions that some of these developing countries lack.

Continuing on page 217 they write that, “Well, the blockchain, if taken to the extent that a new wave of bitcoin innovators believe possible, could replace many of those institutions with a decentralized authority for proving people’s legal obligations and status. In doing so, it could dramatically widen the net of inclusion.”

How?  How is this done?  Without recognized title transfers, hashing documents onto a chain does not help these people.  This is an institutional issue, not one of technology.  Human corruption does not disappear because of the existence of Bitcoin.

Chapter 9:

On page 219 they write, “Like everything else in the cryptocurrency world, the goal is to decentralize, to take power out of the hands of the middleman.”

By recreating the same middleman, depository institutions, yet without robust financial controls.

On page 220 and 221 they mention “basic encryption process” and “standard encryption models” — I believe that it is more accurately stated as cryptographic processes and cryptographic models.

On page 222 they define “Bitcoin 2.0” / “Blockchain 2.0” and put SatoshiDice into that bucket.  Ignoring the labels for a moment, I don’t think SatoshiDice or any of the other on-chain casino games are “2.0” — they use the network without coloring any asset.

One quibble with Mike Hearn’s explanation on page 223 is when he says, “But bitcoin has no intermediaries.”  This is only true if you control and secure the privkey by yourself.  In practice, many “users” do not.

On page 225 they write, “Yet they are run by Wall Street banks and are written and litigated by high-powered lawyers pulling down six- or seven-figure retainers.”

Is it a crime to be able to charge what the market bears for a service?  Perhaps some of this technology will eventually reduce the need for certain legal services, but it is unclear what the pay rate of attorneys in NYC has in relation with Bitcoin.

Also on page 225 a small typo: “International Derivatives and Swaps Association (ISDA)” — need to flip Derivatives and Swaps.

On page 226, 227, 229 and 244: nextcoin should be called NXT.

On page 227 they write, “Theses are tradable for bitcoins and other cryptocurrencies on special altcoin exchanges such as Cryptsy, where their value is expected to rise and fall according to the success or failure of the protocol to which they belong.”

There is a disconnect between the utility of a chain and the speculative activity around the token.  For instance, most day traders likely do not care about the actual decentralization of a network, for if they did, it would be reflected in prices of each chain.  There are technically more miners (block makers) on dozens of alternative proof-of-work chains than there in either bitcoin or litecoin yet market prices are (currently) not higher for more decentralized chains.

On page 228 they write that:

“Under their model, the underlying bitcoin transactions are usually of small value — as low as a “Satoshi” (BTC0.00000001).  That’s because the bitcoin value is essentially irrelevant versus the more important purpose of conveying the decentralized application’s critical metadata across the network, even though some value exchange is needed to make the communication of information happen.”

Actually in practice the limit for watermarked coins typically resides around 0.0001 BTC.  If it goes beneath 546 satoshi, then it is considered dust and not included into a block.  Watermarked coins also make the network top heavy and probably insecure.8

On page 209, the third time “virtual currency” is used and comes from Daniel Larimer, but without quotes.

On page 230 they discuss an idea from Daniel Larimer to do blockchain-based voting.  While it sounds neat in theory, in practice it still would require identity which again, Bitcoin doesn’t solve.  Also, it is unclear from the example in the book as to why it is any more effective/superior than an E2E system such as Helios.

On page 238 they write, “It gets back to the seigniorage problem we discussed in chapter 5 and which Nakamoto chose to tackle through the competition for bitcoins.”

I am not sure I would classify it as a problem per se, it is by design one method for rewarding security and distributing tokens.  There may be other ways to do it in a decentralized manner but that is beyond the scope of this review.

On page 239 they discuss MaidSafe and describe the “ecological disaster” that awaits data-center-based storage.  This seems a bit alarmist because just in terms of physics, centralized warehouses of storage space and compute will be more efficient than a decentralized topology (and faster too).  This is discussed in Chapter 3 (under “Another facsimile”).

Continuing they quote the following statement from David Irvine, founder of MaidSafe: “Data centers, he says, are an enormous waste of electricity because they store vast amounts of underutilized computing power in huge warehouse that need air-condition and expensive maintenance.”

Or in other words: #bitcoin

On page 242 they mention Realcoin whose name has since been changed to Tether.  It is worth pointing out that Tether does not reduce counterparty risk, users are still reliant on the exchange (in this case Bitfinex) from not being hacked or shut down via social engineering.

On page 244, again to illustrate how fast this space moves, Swarm has now pivoted from offering cryptocurrency-denominated investment vehicles into voting applications and Open-Transactions has hit a bit of a rough patch, its CTO, Chris Odom stepped down in March and the project has not had any public announcements since then.

Chapter 10:

If you missed it, the last few weeks on social media have involved a large debate around blockchain stability with respect to increasing block sizes.  During one specific exchange, several developers debated as to “who was in charge,” with Mike Hearn insisting that Satoshi left Gavin in charge and Greg Maxwell stating that this is incorrect.

gavin mike hearn

Source: Reddit

This ties in with the beginning of page 247, the authors write about Gavin Andresen, “A week earlier he had cleared out his office at the home he shares with his wife, Michele – a geology professor at the University of Massachusetts — and two kids. He’d decided that a man essentially if not titularly in charge of running an $8 billion economy needed something more than a home office.”

Who is in charge of Bitcoin?  Enthusiasts on reddit and at conferences claim no one is.  The Bitcoin Foundation claims five people are (those with commit access).  Occasionally mainstream media sites claim the Bitcoin CEO or CFO is fired/jailed/dead/bankrupt.

The truth of the matter is that it is the miners who decide what code to update and use and for some reason they are pretty quiet during all of this hub bub.  Beyond that, there is a public goods problem and as shown in the image above, it devolves into various parties lobbying for one particular view over another.

The authors wrote about this on page 247, “The foundation pays him to coordinate the input of the hundreds of far-flung techies who tinker away at the open-licensed software. Right now, the bitcoin community needed answers and in the absence of a CEO, a CTO, or any central authority to turn to, Andresen was their best hope.”

It is unclear how this will evolve but is a ripe topic of study.  Perhaps the second edition will include other thoughts on how this role has changed over time.

On page 251 they write, “Probably ten thousand of the best developers in the world are working on this project,” says Chris Dixon, a partner at venture capital firm Andreessen Horowitz.

How does he know this?  There are not 10,000 users making changes to Bitcoin core libraries on github or 10,000 subscribers to the bitcoin development mailing list or IRC rooms.  I doubt that if you added up all of the employees of every venture-backed company in the overall Bitcoin world, that the amount would equate to 2,000 let alone 10,000 developers.  Perhaps it will by the end of this year but this number seems to be a bit of an exaggeration.

Continuing Dixon states, “You read these criticisms that ‘bitcoin has this flaw and bitcoin has that flaw,’ and we’re like ‘Well, great. Bitcoin has ten thousand people working hard on that.”

This is not true.  There is a public goods problem and coordination problem.  Each developer and clique of developers has their own priorities and potential agenda for what to build and deploy.  It cannot be said that they’re all working towards one specific area.  How many are working on the Lightning Network?  Or on transaction malleability (which is still not “fixed”)?  How many are working on these CVE?

On page 254 they discuss Paul Baran’s paper “On Distributed Communications Networks,” the image of which has been used over the years and I actually used for my paper last month.

On page 255 the fourth usage of “virtual currency” appears regarding once more, FinCEN director Jennifer Shasky.  Followed by page 256 with another use of “virtual currency.”  On page 257 Benjamin Lawsky was quoted using “virtual currency.”  Page 259 the term “virtual currency” appears when the European Banking Authority is quoted.  Page 260 and 261 sees “virtual currency” being used in relation with NYDFS and Lawsky once more.  On page 264 another use of “virtual currency” is used and this time in relation with Canadian regulations from June 2014.

On page 265 they mention “After the People’s Bank of China’s antibitcoin directives…”

I am not sure the directives were necessarily anti-bitcoin per se.  Rather they prohibited financial institutions like banks and payment processors from directly handling cryptocurrencies such as bitcoins.  The regulatory framework is still quite nebulous but again, going back to “excessive” in the introduction above, it is unclear why this is deemed “anti-bitcoin” when mining and trading activity is still allowed to take place.  Inconsistent and unhelpful, yes.  Anti?  Maybe, maybe not.

Also on page 265 they mention Temasek Holdings, a sovereign wealth fund in Singapore that allegedly has bitcoins in its portfolio.  When I was visiting there, I spoke with a managing director from Temasek two weeks ago and he said they are not invested in any Bitcoin companies and the lunchroom experiment with bitcoins has ended.

On page 268 the authors discuss “wallets” once more this time in relation with Mt.Gox: “All the bitcoins were controlled by the exchange in its own wallets” and “Reuters reported that only Karpeles knew the passwords to the Mt. Gox wallets and that he refused a 2012 request from employees to expand access in the event that he became incapacitated.”

Chapter 11:

On page 275 the authors use a good nonce, “übercentralization.”

On page 277 they write, “While no self-respecting bitcoiner would ever describe Google or Facebook as decentralized institutions, not with their corporate-controlled servers and vast databases of customers’ personal information, these giant Internet firms of our day got there by encouraging peer-to-peer and middleman-free activities.”

In the notes on the margin I wrote “huh?”  And I am still confused because each of these companies attempts to build a moat around their property.  Google has tried 47 different ways to create a social network even going so far as to cutting off its nose (Google Reader, RIP) to spite its face all with the goal of keeping traffic, clicks and eyeballs on platforms it owns.  And this is understandable.  Similarly Coinbase and other “universal hosted wallets” are also trying to build a walled garden of apps with the aim of stickiness — finding something that will keep users on their platform.

On page 277 they also wrote that, “Perhaps these trends can continue to coexist if the decentralizing movements remains limited to areas of the economy that don’t bleed into the larger sectors that Big Business dominates.”

What about Big Bitcoin?   The joke is that there are 300,027 advocacy groups in Bitcoinland: 300,000 privkey holders who invested in bitcoin and 27 actual organizations that actively promote Bitcoin.  There is probably only one quasi self-regulating organization (SRO), DATA.  And the advocacy groups are well funded by VC-backed companies and investors, just look at CoinCenter’s rolodex.

On page 280 they write, “Embracing a cryptoccurency-like view of finance, it has started an investment program that allows people invest directly in the company, buying notes backed by specific hard assets, such as individual stores, trucks, even mattress pads. No investment bank is involved, no intermediary. Investors are simply lending U-Haul money, peer-to-peer, and in return getting a promissory note with fixed interested payments, underwritten by the company’s assets.”

This sounds a lot like a security as defined by the Howey test.  Again, before participating in such an activity be sure to talk with a legal professional.9

On page 281 they use the term “virtual currencies” for the 11th time, this time in reference to MasterCard’s lobbying efforts in DC for Congress.

On page 283 a small typo, “But here’s the rub: because they are tapped” — (should be trapped).

On page 283 they write, “By comparison, bitcoin processors such as BitPay, Coinbase, and GoCoin say they’ve been profitable more or less from day one, given their low overheads and the comparatively tiny fees charged by miners on the blockchain.”

This is probably false.  I would challenge this view, and that none of them are currently breaking even on merchant processing fees alone.

In fact, they likely have the same user acquisition costs and compliance costs as all payment processors do.

For instance, in October 2014, Brian Armstrong and Fred Ehrsam, co-founders of Coinbase, did a reddit AMA.  At the 21:12 minute mark (video):

Q: Is Coinbase profitable or not, if not, when?

A: It’s happened to be profitable at times, at the moment it’s not; we’re not burning too much cash.  I think that the basic idea here is to grow and by us growing we help the entire ecosystem grow — without dying.  So not at the moment but not far.

It’s pretty clear from BitPay’s numbers that unless they’ve been operating a high volume exchange, they are likely unprofitable.

Why?  Because, in part of the high burn rate.  What does this mean?

Last week Moe Levin, former Director of European Business Development at BitPay, was interviewed by deBitcoin, below is one detailed exchange starting at 1:57m:

Q: There was a lot of stories in the press about BitPay laying off people, can you comment on that?

A: Yea, what happened was we had a high burn rate and the company necessarily needed to scale back a little bit on how many people we hired, how many people we had on board, how much we sponsored things.  I mean things were getting a little bit out of hand with sponsorships, football games and expansion — more care needed to be put on how and where we spent the money.

Q: Can you elaborate on the burn rate?  Tim Swanson wrote a piece on BitPay in April, published this piece about the economy, the BitPay economy. Posted this piece on the burn rate and actual figures, have you read that piece?  Can you comment on that?

A: Yes, it is especially hard for a company to build traction when they start off.  Any start up is difficult to build traction.  It’s doubly hard, the hardness is amplified when a company enters a market with competitors that have near unlimited resources because the other companies can either blow you out of the water or have better marketing strategies or they can do a ton of different things to make your startup more irrelevant.  Standard in any company but it is doubly difficult when you enter a market like that.  In the payments industry, forget about Bitcoin for a second, in the payments industry and the mobile commerce, ecommerce, company-to-company payments industry there are massive players with investments and venture backed companies in the billions.  Competing at that stage is tricky and it necessarily requires a burn rate that is much higher than the average startup because of how you need to compete in this space.  What is also important is that the regulation costs a lot of money for the startups in the Bitcoin economy.  It’s the perfect storm of how a startup will be hit with a ton of expenses early on and that can hurt the growth of a company.  Even though a lot of the money that went into it was growth capital it takes a while to get the balance right between spending and growing.

On page 284 they write, “That leads us to one important question: What happens to banks as credit providers if that age arrives? Any threat to this role could be a negotiating chip for banks in their marketing battle with the new technology.”

This is a good question and it dovetails with the “Fedcoin” discussion over the past 6 months.10

On page 285 they write, “With paper money they can purchase arms, launch wars, raise debt to finance those conflicts, and then demand tax payments in that same currency to repay those debts.”

This is a common misconception, one involving lots of passionate Youtube videos, that before central banks were established or fiat currencies were issued, that there was no war or “less war.”  On page 309 they quote Roger Ver at a Bitcoin conference saying, “they’ll no longer be able to fund these giant war machines that are killing people around the world. So I see bitcoin as a lever that I can use to move the world in a more peaceful direction.”

Cryptocurrencies such as Bitcoin will not end wars for the same reason that precious metals did not prevent wars: the privkey has no control over the “wet code” on the edges.  Wars have occurred since time immemorial due to conflicts between humans and will likely continue to occur into the future (I am sure this statement will be misconstrued on reddit to say that I am in support of genocide and war).

On page 286 they write, “Gil Luria, an analyst at Wedbush Securities who has done some of the most in-depth analysis of cryptocurrency’s potential, argues that 21 percent of U.S. GDP is based in “trust” industries, those that perform middlemen tasks that blockchain can digitize and automate.”

In looking at the endnote citation (pdf) it is clear that Luria and his team is incorrect in just about all of the analysis that month as they rely on unfounded assumptions to both adoption and the price of bitcoin.  That’s not to say some type of black swan events cannot or will not occur, but probably not for the reasons laid out by the Wedbush team.  The metrics and probabilities are entirely arbitrary.

For instance, the Wedbush analysts state, “Our conversation with bitcoin traders (and  Wall Street traders trading bitcoin lead us to believe they see opportunity in a market that has frequent disruptive news flow  and large movements that reflect that news flow.”

Who are these traders?  Are they disinterested and objective parties?

For instance, a year ago (in February 2014), Founders Grid asked 50 Bitcoin “experts” what their bitcoin price predictions were over the next year.  The end result — all but a couple were completely, very wrong (see this spreadsheet for a line-by-line itemization).  Later, in May 2014, CoinTelegraph asked (video) more than 30 Bitcoin “experts” as to what their bitcoin predictions were for the end of 2014.  Once again, all but a couple were completely, very wrong.

Or in short, no one has a very good track record of predicting either prices or adoption.  Thus it is unclear from their statements why a cryptocurrency such as Bitcoin will automatically begin performing the tasks that comprise 21% of US economic output based on “trust.”

On page 288 they write, “So expect a backlash once banks start shutting back-office administrative centers in midtown Manhattan or London’s Canary Wharf when their merchant customers start booking more customer sales via cryptocurrency systems to avoid the 3 percent transaction fees.”

I think there is a lot of conflation here.  For starters, back-offices could be reformed with the integration of distributed ledgers, but probably not cryptocurrency systems (why would a trusted network need proof-of-work?).  Secondly, the empirical data thus far suggests that it doesn’t matter how many merchants adopt cryptocurrencies as payments, what matters is consumer adoption — and thus far the former out paces the latter by several an enormous margin.  Third, that 3% is broken down and paid to a variety of other participants not just Visa or MasterCard.  Fourth, the US economy (like that of Europe and many other regions) is consumer driven — supply does not necessarily create its own demand.

There is one more point, but first the authors quote Chris Dixon from Andreessen Horowitz, “On the one hand you have the bank person who loses their job, and everyone feels bad about that person, and on the other hand, everyone else saves three percent, which economically can have a huge impact because it means small businesses widen their profit margins.”

This myth of “3%” savings is probably just a myth.  At the end of the day Coinbase, BitPay and other payment processors will likely absorb the same cost structures as existing payment processors in terms of user acquisition, customer support, insurance, compliance and so forth.  While the overhead may be lean, non-negligible operating costs still exist.

There are two reasons for why it could be temporarily cheaper to use Coinbase:

1) VC funding and exchange activity subsidizes the “loss-leader” of payment processing;

2) because Coinbase outsources the actual transaction verification to a third party (miners), they are dependent on fees to miners staying low or non-existent.  At some point the fees will have to increase and those fees will then either need to be absorbed by Coinbase or passed on to customers.

On page 290 they quote Larry Summers, “So it seems to me that the people who confidently reject all the innovation here [in blockchain-based payment and monetary systems] are on the wrong side of history.”

Who are these people?  Even Jeffrey Robinson finds parts of the overall tech of interest.  I see this claim often on social media but it seems like a strawman.  Skepticism about extraordinary claims that lack extraordinary proof does not seem unwarranted or unjustified.

On page 292 they write, “But, to borrow an idea from an editor of ours, such utopian projects often end up like Ultimate Frisbee competitions, which by design have no referees — only “observers” who arbitrate calls — and where disputes over rule violations often devolve into shouting matches that are won by whichever player yells the loudest, takes the most uncompromising stance, and persuades the observer.”

This is the exact description of how Bitcoin development works via reddit, Twitter, Bitcoin Talk, the Bitcoin Dev mailing list, IRC and so forth.  This is not a rational way to build a financial product.  Increasing block sizes that impact a multi-billion dollar asset class should not be determined by how many Likes you get on Facebook or how often you get to sit on panels at conferences.

Final chapter (conclusion):

On page 292 they write, “Nobody’s fully studied how much business merchants are doing with bitcoin and cryptocurrencies, but actual and anecdotal reports tend to peg it at a low number, about 1 percent of total sales for the few that accept them.”

My one quibble is that they as journalists were in a position to ask payment processors for these numbers.

Fortunately we have a transparent, public record that serves as Plan B: reused addresses on the Bitcoin blockchain.

Evolution Market v Bitpay BtcAs described in detail a couple weeks ago, the chart above is a log scale measuring the amount of bitcoins that both BitPay (in green) and Evolution (in red) received starting January 16, 2014.  The drop off at the end in March 2015 is related to the exit scam that Evolution underwent (and the drop off for BitPay is related to a limitation in WalletExplorer’s data).

As we can see here, based on the clusters labeled by WalletExplorer, on any given day BitPay processes about 1,200 bitcoins (the actual number is probably about 10% higher).

coinbase transactions

Source: Coinbase

The chart above are self-reported transaction numbers from Coinbase.  While it is unclear what each transaction can or do represent, in aggregate it appears to be relatively flat over the past year.11 Perhaps that will change in the future.

On page 295 they write, “Volatility in bitcoin’s price will also eventually decline as more traders enter the market and exchanges become more sophisticated.”

As Christopher Hitchens once remarked, that which can be asserted without evidence, can be dismissed without evidence.  Those making a positive claim (that volatility will decline) are the party that needs to prove this and they do not in this book.  Perhaps volatility will somehow disappear, but not for the non-technical reasons they describe.

At the bottom of page 295 they write, “Even so, we will go out on a limb here and argue that encryption-based, decentralized digital currencies do have a future.”

Again, there is no encryption in cryptocurrencies, only cryptographic primitives.  Also, as described in the introductory notes above, virtual currencies are not synonymous with digital currencies.

Also on page 295 they write, “Far more important, it solves some big problems that are impossible to address within the underlying payment infrastructure.”

Yes, there are indeed problems with identity and fraud but it is unclear from this book what Bitcoin actually solves.  No one double-spends on the Visa network.  No one has, publicly, hacked the Visa Network (which has 42 firewalls and a moat).  The vulnerabilities and hacks that take place are almost always at the edges, in retailers such as Home Depot and Target (which is unfortunately named).  This is not to say that payment rails and access to them cannot be improved or made more accessible, but that case is not made in this book.

On page 296 they write, “Imagine how much wider the use of cyptocurrency would be if a major retailer such as Walmart switched to a blockchain-based payment network in order to cut tens of billions of dollars in transaction costs off the $350 billion it sends annually to tens of thousands of suppliers worldwide.”

Again this is conflating several things.  Walmart does not need a proof-of-work blockchain when it sends value to trusted third parties.  All the participants are doxxed and KCY’ed.  Nor does it need to convert fiat -> into a cryptocurrency -> into fiat to pay retailers.  Instead, Walmart in theory, could use some type of distributed ledger system like SKUChain to track the provenance of items, but again, proof-of-work used by Bitcoin are unneeded for this utility because parties are known.

Also, while the authors recognize that bitcoins currently represent a small fraction of payments processed by most retailers, one of the reasons for why they may not have seen a dramatic improvement in their bottom line because people — as shown with the Wence Casares citation above (assuming the 96% figure is accurate) — do not typically purchase bitcoins in order to spend them but rather invest and permanently hold them.  Perhaps that may change in the future.

On page 297 they write, “But now bitcoin offers an alternative, one that is significantly more useful than gold.”

That’s an unfounded claim.  The two have different sets of utility and different trade-offs We know precious metals have some use-value beyond ornamentation, what are the industrial usages of bitcoin?  In terms of security vulnerabilities there are trade-offs of owning either one.  While gold can be confiscated and stolen, to some degree the same challenge holds true with cryptocurrencies due to its bearer nature (over a million bitcoins have been lost, stolen, seized and destroyed).12 One advantage that bitcoin seems to have is cheaper transportation costs but that is largely dependent on subsidized transaction fees (through block rewards) and the lack of incentives to attack high-value transactions thus far.

On page 300 they write, “As you’ll know from having read this book, a bitcoin-dominant world would have far more sweeping implications: for one, both banks and governments would have less power.”

That was not proven in this book.  In fact, the typical scenarios involved the success of trusted third parties like Coinbase and Xapo, which are banks by any other name.  And it is unclear why governments would have less power.  Maybe they will but that was not fleshed out.

On page 301 they write, “In that case, cryptocurrency protocols and blockchain-based systems for confirming transactions would replace the cumbersome payment system that’s currently run by banks, credit-card companies, payment processors and foreign-exchange traders.”

The authors use the word cumbersome too liberally.  To a consumer and even a merchant, the average swipeable (nonce!) credit card and debit card transaction is abstracted away and invisible.  In place of these institutions reviled by the authors are, in practice, the very same entities: banks (Coinbase, Xapo), credit-card companies (Snapcard, Freshpay), payment processors (BitPay, GoCoin) and foreign-exchange traders (a hundred different cryptocurrency exchanges).  Perhaps this will change in the future or maybe not.

On page 305 they write about a “Digital dollar.”  Stating, “Central banks could, for example, set negative interest rates on bank deposits, since savers would no longer be able to flee into cash and avoid the penalty.”

This is an interesting thought experiment, one raised by Miles Kimball several months ago and one that intersects with what Richard Brown and Robert Sams have discussed in relation to a Fedcoin.

On page 306 they write about currency reserves, “we doubt officials in Paris or Beijing are conceiving of such things  right now, but if cryptocurrency technology lives up to its potential, they may have to think about it.”

This is wishful thinking at best.  As described in Chapter 13, most proponents of a “Bitcoin reserve currency” are missing some fundamental understanding of what a reserve currency is or how a currency becomes one.

Because there is an enormous amount of confusion in the Bitcoin community as to what reserve currencies are and how they are used, it is recommended that readers peruse what Patrick Chovanec wrote several years ago – perhaps the most concise explanation – as it relates to China (RMB), the United Kingdom (the pound) and the United States (the dollar):

There are four main factors that set the Pound and the Dollar apart as viable and attractive reserve currencies. Each was necessary. They were liquid. They were available. And they were perceived as safe. I’m going to run through each of these conditions in turn. I will consider how they applied to the Pound and the Dollar, and to what extent they are satisfied by China’s Renminbi.

(1) Necessity. The fundamental purpose of a reserve currency is to settle external obligations. The greater quantity and variety of obligations a particular currency can settle, the more useful it is as a reserve currency. The currency of a country that produces little of note and lacks funds to lend or invest is not nearly as useful as one whose home economy produces many goods and services desired around the world, serves as an important source of capital, and has many commercial partners who also find its currency relevant to meeting their own obligations. This idea — that the dominant reserve currency derives its status from its connection with the dominant national economy in an interconnected world – is what underlies Roubini’s reasoning that the Renminbi may be next in line to replace the Dollar.

But this conclusion misses something important. A reserve currency must not only be capable of settling obligations in connection with a heavy-weight economy. It must be required to. Because if you can settle those obligations, as sizeable and important as they may be, using your own currency — or the currency of another leading economy — there is no reason to hold that country’s currency as a reserve. That is precisely the case today with China.

It is unclear how or why some Bitcoin advocates can suggest that bitcoins will ever be used as a reserve currency when there is no demand for the currency to meet external trading obligations let alone in the magnitude that these other currencies do (RMB, USD, GBP).

On page 307 they write:

Under this imagined Bretton Woods II, perhaps the IMF would create its own cryptocurrency, with nodes for managing the blockchain situated in proportionate numbers within all the member countries, where none could ever have veto power, to avoid a state-run 51 percent attack.

Proof-of-work mining on a trusted network is entirely unnecessary yet this type of scenario is propagated by a number of people in the Bitcoin space including Adam Ludwin (CEO of Chain.com) and Antonis Polemitis (investor at Ledra Capital).  Two months ago on a panel at the Stanford Blockchain event, Ludwin predicted that in the future governments would subsidize mining.  Again, the sole purpose of mining on a proof-of-work blockchain is because the actors cannot trust one another.  Yet on a government-run network, there are no unverified actors (Polemitis has proposed a similar proof-of-work solution for Fedcoin).

Again, there is no reason for the Fed, or any bank for that matter, to use a Bitcoin-like system because all parties are known.  Proof-of-work is only useful and necessary when actors are unknown and untrusted.  The incentive and cost structure for maintaining a proof-of-work network is entirely unnecessary for financial services institutions.  Furthermore, maintaining anonymous validators while simultaneously requiring KYC/AML on end users is a bit nonsensical (which is what the Bitcoin community has done actually).  Not only do you have the cost structures of both worlds but you have none of the benefits.  If validators are known, then they can be held legally responsible for say, double spending or censoring transactions.

Robert Sams recently noted the absurdity of this hydra, why permissionless systems are a poor method for managing off-chain assets:

The financial system and its regulators go to great lengths to ensure that something called settlement finality takes place. There is a point in time in which a trade brings about the transfer of ownership–definitively. At some point settlement instructions are irrevocable and transactions are irreversible. This is a core design principle of the financial system because ambiguity about settlement finality is a systemic risk. Imagine if the line items of financial institution’s balance sheet were only probabilistic. You own … of … with 97.5% probability. That is, effectively, what a proof-of-work based distributed ledger gives you. Except that you don’t know what the probabilities are because the attack vectors are based not on provable results from computers science but economic models. Do you want to build a settlement system on that edifice?

Though as shown by the NASDAQ annoucement, this will likely not stop people from trial by fire.

Concluding remarks

Bertha Benz, wife of Karl Benz, is perhaps best known for her August 1886 jaunt through present day Baden-Württemberg in which she became the first person to travel “cross-country” in an automobile — a distance of 106 kilometers.

It is unclear what will become of Bitcoin or cryptocurrencies, but if the enthusiasm of the 19th century German countryside echoed similar excitement as reddit sock puppets do about magic internet money, they must have been very disappointed by the long adoption process for horseless carriages to overtake horses as the primary mode of transportation.  For instance, despite depictions of a widely motorized Wehrmacht, during World War II the Teutonic Heer army depended largely on horses to move its divisions across the battlefields of Europe: 80% of its entire transportation was equestrian.  Or maybe as the popular narrative states: cryptocurrencies are like social networks and one or two will be adopted quickly, by everyone.

So is this book the equivalent to a premature The Age of Automobile?  Or The New Age of Trusted Third Parties?

Its strength is in simplicity and concision.  Yet it sacrifices some technical accuracy to achieve this. While it may appear that I hated the book or that each page was riddled with errors, it bears mentioning that there were many things they did a good job with in a fast-moving fluid industry.  They probably got more right than wrong and if someone is wholly unfamiliar with the topic this book would probably serve as a decent primer.

Furthermore, a number of the incredulous comments that are discussed above relate more towards the people they interviewed than the authors themselves and you cannot really blame them if the interviewees are speaking on topics they are not experts on (such as volatility).  It is also worth pointing out that this book appears to have been completed around sometime last August and the space has evolved a bit since then and of which we have the benefit of hindsight to utilize.

You cannot please everyone 

For me, I would have preferred more data.  VC funding is not necessarily a good metric for productive working capital (see the Cleantech boom and bust).  Furthermore, VCs can and often are wrong on their bets (hence the reason not all of them outperform the market).13 Notable venture-backed flops: Fab, Clinkle, DigiCash, Pets.com and Beenz.  I think we all miss the heady days of Cracked.com.

Only two charts related to Bitcoin were used: 1) historical prices, 2) historical network hashrate.  In terms of balance, they only cited one actual “skeptic” and that was Mark Williams’ testimony — not from him personally.  For comparison, it had a different look and feel than Robinson’s “BitCon” (here’s my mini review).

Both Michael and Paul were gracious to sign my book and answer my questions at Google and I think they genuinely mean well with their investigatory endeavor.  Furthermore, the decentralized/distributed ledger tent is big enough for a wide-array of views and disagreement.  While I am unaware of any future editions, I look forward to reading their articles that tackle some of the challenges I proposed above.  Or as is often unironically stated on reddit: you just strengthened (sic) my argument.

Endnotes:

  1. Note: I contacted Rulli who mentioned that the project has been ongoing for about 10 years — they have been distributing value since 2005 and adopted bitcoin due to what he calls a “better payment solution.”  They have 500,000 registered users and all compete for the same pot of bitcoins each month. []
  2. See also Megawatts Of Mining by Dave Hudson []
  3. Additional calculations from Dave Hudson:
    – Current Bitcoin network capacity: approximately 320 PH/s (320 x 10^15)
    – Best case power efficiency (shipping today): approximately 0.5 J/GH (0.5 x 10^-9 J/H)
    Likely power efficiency: approximately 1.0 J/GH (1 x 10^-9 J/H) = 2 x best case
    – Best case power usage (sustained): 320 x 10^15 x 0.5 x 10^-9 = 160 x 10^6 W = 160 MW
    Likely power efficiency: 160 x 2 = 320 MW
    – Best case power usage per day: 160 x 24 = 3840 MWh = 3.84 GWh
    Likely power usage per day: 320 x 24 = 7680 MWh = 7.68 GWh
    – Best case power usage per year: 3.84 x 365 = 1401.6 GWh = 1.4 TWh
    Likely power usage per year: 7.68 x 365 = 2803.2 GWh = 2.8 TWh
    The best case example would represent the entire Bitcoin network using the best possible hardware and doesn’t account for any cooling or any other computers used in the Bitcoin network. As such it represents an impossible best version of a network of this size. The likely example is probably closer as there is older hardware still in use and most data centers need cooling of some sort.
    The US Energy Information Administration estimated the US power generation capacity for 2012 at 1051 GW so the 320 MW number would represent 0.03% of the total electricity supply for the US. Assuming that we take the 320 MW figure then that would put Bitcoin at about 10% of Ireland’s electricity supply. []
  4. See: How do Bitcoin payment processors work? []
  5. See What is the blockchain hard fork “missile crisis?” []
  6. See Distributed Oversight: Custodians and Intermediaries []
  7. See also: The Rise and Rise of Lipservice: Viral Western Union Ad Debunked []
  8. See Can Bitcoin’s internal economy securely grow relative to its outputs? and Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? []
  9. See Mitigating the Legal Risks of Issuing Securities on a Cryptoledger []
  10. See Fedcoin by JP Koning, Fedcoin: On the Desirability of a Government Cryptocurrency by David Andolfatto, A Central Bank “cryptocurrency”? An interesting idea, but maybe not for the reason we think by Richard Brown and Which Fedcoin? by Robert Sams []
  11. See Slicing Data []
  12. Tabulating publicly reported bitcoins that were lost, stolen, seized, scammed and accidentally destroyed between August 2010 and March 2014 amounts to 966,531 bitcoins. See p. 196 in The Anatomy of a Money-like Informational Commodity by Tim Swanson. See also: Bitcoin Self-Defense, Part I: Wallet Protection by Vitalik Buterin []
  13. See Venture Capitalists Get Paid Well to Lose Money from Harvard Business Review and Ouch: Ten-year venture returns still lag the broader markets from Pando Daily []
Send to Kindle