Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin?

[Note: a version of this appeared at Business Insider.  A PDF is also available of the version below.]

The cost of securing the Bitcoin network for a given length of time is roughly equivalent to the value of the block reward over the same time. In economic terms this reads as MP = MC. In Bitcoin and most of its descendants, the labor force (called miners) are provided a hard-coded wage, a seigniorage subsidy called a block reward roughly every 8-10 minutes in consideration for their providing security and processing transactions. In return, this labor force provides the security in a method called “proof-of-work” – hashing through benign math work until it finds a special number, broadcasting that solution to the network (the other laborers) and, once a block is found, repeating the cycle once again.

Is there an economic flaw of proof-of-work as it relates to security?  For instance, on most cryptocurrency chains the asset value of the chain has to be proportional to the proof-of-work otherwise this could lead to an economic incentive to attack the chain. Compounding this issue are new financial instruments such as metacoins, colored coins and smart contracts that can be exchanged on the same chains and unquestionably increase the enterprise value of the chain, yet which do not proportionally incentivize security beyond the existing seigniorage subsidy.

Economically rational laborers will not spend more than the value of a bitcoin to extract the rents of that bitcoin. Because mining rewards were fixed with the genesis block in 2009 (providing a fixed income on a scheduled time table), and market participants are able to determine the percentage of the overall hashrate at a given time that their mining equipment represents, only relatively simple calculations are required to gauge the potential profitability of their mining activities.

In practice, laborers on the Bitcoin network must account for the capital costs of their hashing equipment, rent for the land, administrative overhead, taxes and increasingly important, the energy costs which can be very specific to their locality, depending on the equipment’s geographic location. All of these costs are tallied against an inelastic wage which can only be attained if the hashing equipment they control is able to outcompete other such miners – it is a zero-sum game. And it can be scaled.

The Hashrate Wars

This subsequent escalation, dubbed a “hashrate war” (the competitive fight for ever increasing hashing equipment) created a technological S-curve that looks similar to the chart below:

hashrate over time

The vertical axis in the chart above is logarithmic and illustrates the hashing rate (showing that it will slow down once ASICs hit fabrication node limitations). The horizontal axis projects two years into the future (see also Bespoke Silicon).

Ignoring all of the various issues related to public goods challenges and game theory (such as “selfish mining”), this system has served the bootstrapping phase with relative ease. If it continues to expand at its current rate, the hardware side could potentially become commoditized in the next 3-4 years whereupon a miner’s competitive advantage will solely lay in energy arbitrage. In fact, Satoshi Nakamoto, the pseudonymous creator of the protocol foresaw this noting in the original FAQ that “When Bitcoins start having real exchange value, the competition for coin creation will drive the price of electricity needed for generating a coin close to the value of the coin.”

Thus the relationship between enterprise value and hashing power has been known for some time.

A challenge however, presents itself when this seigniorage subsidy is halved, a structural feature of most cryptocurrencies. With Bitcoin, every 4 years (or every 210,000 blocks) the subsidy is reduced by 50%. This is equivalent to the miners – the labor force – being told they would receive a 50% pay cut. While this issue typically remains hidden and muted when token values appreciate and rise, in the long run continual halvings discentivize laborers from providing security and utility to the network. There have been several “cryptocurrencies” whose labor force fled after their profitability period was over – most notably with Auroracoin – and as a consequence the network was left insecure and vulnerable to double-spending attacks (called a 51% attack).

One such popular token that is currently facing this dilemma is Dogecoin, which is losing 20-30% of its security force every 2 months. While there are potential solutions Dogecoin developers could adopt, incorporate or migrate to, because Dogecoin is still relatively young it has the flexibility of moving towards a different security mechanism. This issue has the potential to become systemic – and thus more difficult to address – in other digital currency ecosystems.

dogecoin comparison chart

Are there any other areas of asymmetric, unbalanced security?

Colored coins, metacoins, smart contracts and user-created assets are buzzwords trumpeted by many cryptocurrency enthusiasts this past year. I even wrote a short book about these groundbreaking possibilities. Considerable publicity has been dedicated to new functionality which promises to expand the extensibility of cryptoprotocols to go beyond tracking ledger entries for just one specific blockchain-managed asset (a coin) and allows users to instead “colored” tokens to represent cars, houses, commodities, stocks, bonds and other financial instruments and wares. For example, there are several colored coin projects currently in beta that allow users to take a fraction of a bitcoin, such as 0.001 BTC and “color” it “blue” (or any other arbitrary color) which represents say, a specific make and model of an automobile like a 2010 Camry LE. The user can then transfer that asset, the title of the Camry, along a cryptoledger (such as the Bitcoin network) to other individuals. Instead of having to transfer tens, hundreds or thousands of bitcoins in exchange for a good or service, users can instead exchange and manage entire asset classes in a trustless, relatively decentralized framework.

However, in this model the labor force providing security has no incentive to consume more capital or create additional hashrate just because the market value of colored coins is in excess of the uncolored value (since the value of miners’ new coins will be solely based on uncolored exchange value). Just because social conventions on the edges of the network add value perceptions to the network, based on the current code, miners do not automatically receive any additional value for providing that security.

So we should ask: does this raise the risk of a double-spend? Perhaps, because more hashrate is required for a proof-of-work blockchain with additional color value transactions on the chain. Yet, there is no automatic mechanism to do reward this additional labor leading a (remote) possibility of having to remove some Script’s altogether. Script is the built-in scripting language used for creating and customizing transactions.

The gap between mining value and enterprise value

For instance, assuming this colored coin technology works and is adopted by 1,000 people the following scenario could take place. The total market value of a block reward (currently 25 bitcoins) is roughly $12,500 (or $500 per bitcoin), thus ceteris paribus the labor force is only spending $12,500 every 10 minutes to secure the blockchain (in practice it is a lot more, there are several exceptions). One such exception is the expectation of token value appreciation – that is to say that if Bob the miner believes that a bitcoin’s value is $1000, but the price is currently $500, Bob is still willing to expend up to $1000 for mining each bitcoin, discounted by his internal calculation for the probability that bitcoin will rise to that price. However, if colored coins are adopted and used via the built-in scripting methods, there is potential for a seemingly unlimited amount of assets to be traded on the Bitcoin network. If these several thousand colored coin users add additional value, this creates an incentive for attackers to attack the network through colored coin-based double-spending attacks.

For example, where each of these 10,000 users places the title of a 2010 Camry each valued at $10,000 that would theoretically add $100 million in value that the network is transferring, but for which miners are not being proportionally rewarded or paid to secure those assets. As a consequence, over time as tens of thousands of assets – and functionality – are added to the network, the gap between mining reward value and enterprise value widens which creates a vulnerability, an economic incentive for criminals to use hashrate to attack the network. A rogue attacker could sell an asset and build a competing tree (consensus in Bitcoin is based on whatever is the longest tree of blocks). After a successful 51% attack, the rogue attacker could then broadcast a fake chain built without the corresponding asset, having switched it out thus effectively double-spending. And if the total value that the network is transacting is at least twice as much as bitcoin value is, then there is a financial incentive for rogue participants to attack the network. The impact of a successful attack involves a lot of speculation and will likely fill continue to provide researchers many more volumes of conjecture and modeling.

Money for nothing

This scenario raises the question: what then is the potential divergence in value between bitcoin the currency and bitcoin the network (which can transfer and protect other data)? This issue only presents itself now as, previously, only bitcoins – and no other apps, assets or instruments – existed on the network. This gives rise to a coordination problem because miners would have to also keep track of the color, keep track of the exchanges the color is being traded on, and keep track of the settlement price (if there is such a thing) so that they could adequately gauge market clearing prices and readjust the coinbase reward every 10 minutes.  Again, even if this coordination problem is solved the seigniorage reward does not increase – the current fixed income does not reflect the actual value being transacted on the network.  So colored coins on a fully decentralized network could end up on an undersecured network of their own making with the only solution: recode the block rewards based on the value of the color and this presents a number of technical and social engineering challenges. In some ways this issue is related to the hypothetical economic disconnection between blacklisted and whitelisted tokens (due to Coin Validation) – a blacklisted token would be sold for less than what a whitelisted token would sell for.

A follow-up question that the community will likely debate is: Why wouldn’t the value of a bitcoin increase as items of value are transferred on the blockchain via colored coins or another protocol, such that the miner’s block rewards would adequately compensate the miners? According to Preston Byrne, a securitization attorney in London the answer to this is “that the value of bitcoin used in a colored coin transaction does not need to bear any relationship to the value of the associated asset – the network is being used to transmit information, and that information represents rights, and is the rights – not the token – which are valuable.” If the price of bitcoin does not adequately incentivize the miners, then there will be a difference between value of a bitcoin and the network and then some entity will have to step in to compensate for that difference. Whether collective action is sufficient to provide this compensation is currently unknown but there are coordination problems inherent in this model that would make this difficult.

In contrast, the Ripple protocol, sidechains and perhaps even a proof-of-stake system could probably alleviate at least this specific concern. These alternative consensus mechanisms have one advantage to hash-based proof of work systems like Bitcoin, at least for the transfer of non-crypto value (i.e., colored coins).  For instance, Ripple’s distributed consensus mechanism allows users to exchange assets via gateways without needing to proportionally incentivize the security labor force. This is not necessarily an endorsement of this particular platform, rather it serves as examples of how it is immune to that particular attack vector.

Alternative approaches to network security

I reached out to several experts for their views on this issue. According to Robert Sams, founder of Krtyptonomic and Cryptonomics:

One of the arguments against the double-spend and 51% attacks is that it needs to incorporate the effect a successful attack would have on the exchange rate. As coloured coins represent claims to assets whose value will often have no connection to the exchange rate, it potentially strengthens the attack vector of focusing a double spend on some large-value colour. But then, I’ve always thought the whole double-spend thing could be reduced significantly if both legs of the exchange were represented on a single tx (buyer’s bitcoin and seller’s coloured coin).

The other issue concerns what colour really represents. The idea is that colour acts like a bearer asset, whoever possesses it owns it, just like bitcoin. But this raises the whole blacklisted coin question that you refer to in the paper. Is the issuer of colour (say, a company floating its equity on the blockchain) going to pay dividends to the holder of a coloured coin widely believed to have been acquired through a double-spend? With services like Coin Validation, you ruin fungibility of coins that way, so all coins need to be treated the same (easy to accomplish if, say, the zerocoin protocol were incorporated). But colour? The expectations are different here, I believe.

On a practical level, I just don’t see how psudo-anonymous colour would ever represent anything more than fringe assets. A registry of real identities mapping to the public keys would need to be kept by someone. This is certainly the case if you ever wanted these assets to be recognised by current law.

But in a purely binary world where this is not the case, I would expect that colour issuers would “de-colour” coins it believed were acquired through double-spend, or maybe single bitcoin-vs-colour tx would make that whole attack vector irrelevant anyway. In which case, we’re back to the question of what happens when the colour value of the blockchain greatly exceeds that of the bitcoin monetary base? Who knows, really depends on the details of the colour infrastructure. Could someone sell short the crypto equity market and launch a 51% attack? I guess, but then the attacker is left with a bunch of bitcoin whose value is…

The more interesting question for me is this: what happens to colour “ownership” when the network comes under 51% control? Without a registry mapping real identities to public keys, a psudo-anonymous network of coloured assets on a network controlled by one guy is just junk, no longer represents anything (unless the 51% hasher is benevolent of course). Nobody can make a claim on the colour issuer’s assets. So perhaps this is the real attack vector: a bunch of issuers get together (say, they’re issuers of coloured coin bonds) to launch a 51% attack to extinguish their debts. If the value of that colour is much greater than cost of hashing 51% of the network, that attack vector seems to work.

In other words, while these new financial instruments could technically be exchanged in a trustless manner, the current protocol cannot automatically incentivize their protection or account for their enterprise value, the equivalent of using a mall security guard to protect Fort Knox. While miners may be able to protect against amateurish shoplifters or even unorganized cat burglars, once organized criminals calculate and realize that one “color” asset is worth the economic effort of attacking the vault they may try to do so.   And because the blockchain is public and color assets could be known to the world-at-large, taking the Fort Knox analogy further, this would be like a mall cop standing in front of the contents of Fort Knox piled up on an open field (or behind a see-through glass vault). It is an attempt to guard the Crown jewels not in a fortress with armed guards, tanks and turrets, but with Paul Blart.

On this point, Jonathan Levin, co-founder of Coinometrics explained that:

We don’t know how much proof of work is enough for the existing system and building financially valuable layers on top do not contribute any economic incentives to secure the network further. These incentives are fixed in terms of Bitcoin – which may lead to an interesting result where people who are dependent on coloured coin implementations hoard bitcoins to attempt to and increase the price of Bitcoin and thus provide incentives to miners.

It should also be noted that the engineers and those promoting extensibility such as colored coins do not see the technology as being limited in this way. If all colored coins can represent is ‘fringe assets’ then the level of interest in them would be minimal. Time will tell whether this is the case. Yet if Bob could decolor assets, in this scenario, an issuer of a colored coin has (inadvertently) granted itself the ability to delegitimize the bearer assets as easily as it created them.  And arguably, decoloring does not offer Bob any added insurance that the coin has been fully redeemed, it is just an extra transaction at the end of the round trip to the issuer. That is an implicit negative for investors and users.  This raises some concerns in the future, if a party had the ability to invalidate Bitcoin accounts based on their own criteria that the miners might gain an influence over the colored coins and may bias various aspects of the economy incentivized through some kind of backchannel payment.  For instance, BitUndo is a new “double spending as a service” project that is trying to do just that, provide a way for users to send transactions to a mining pool in an attempt to reverse transactions something that has created a flurry of reactions in the community. In the end, colored coins ends up being expensive through imposed TX fees, and thus becomes less attractive to issuers and users.

According to Alex Mizrahi, lead developer of Chromawallet a colored coin project:

It is true that currently block subsidy has a significant impact on network’s security, but it is not meant to work this way in the long run.

We’ll go through 5 subsidy halvings in next 20 years, at that point block subsidy will be around 0.78 BTC. Reward miners get from fees is already on that scale (e.g. 0.134 BTC here) even though blocks aren’t full yet.

So transaction fees are going to play bigger role than subsidy. And value of those fees is linked to usefulness of transactions (i.e. value of those transactions) rather than to exchange rate.

Colored coins increase incentive to attack, but they also increase usefulness of transactions, thus it isn’t clear whether they will have negative or positive impact on network security.

A couple other comments: “Script” is not required for colored coins, they work with very plain bitcoin transactions too. The incentive structure for bitcoin mining sucks from security perspective anyway, so I hope we’ll eventually upgrade to a better protocol (e.g. including proof-of-stake) regardless of colored coin woes. And merged-mined sidechains will have even worse problems unless they are ‘hardened’ in some way.

I also contacted Jack Wang, co-founder of Bitfoo, a hosted wallet that was the first to implement proof-of-reserves. In his view:

The security of the network depends on the aggregate hashing power.  In one method of implementation, if Colored Coins could pay just one pool, say Eligius, extra to prioritize their transactions, but Eligius had only, say 25% of the network power, then the rest of the network could collectively decide to exclude the blocks that Eligius mined.  This makes some sense to me since Eligius itself couldn’t secure the network, yet is the only pool extracting the extra value out of Colored Coins.  Colored Coins would need to distribute the extra rents to at least 50% of the network, and unless this lies within one pool then this is a danger to the Bitcoin network, but if it is 2 or more, this requires coordination and introduces potential holdout problems.

A more natural way to implement this would be that colored coins users would pay higher transaction fees on their own so that any and all miners that included those transactions in their blocks would get more fees. But unless those fees are mandated by colored coins, what is the incentive for individual colored coins users to pay extra?

Towards a more functional future

While this is a speculative issue, what is knowable is that the economics behind it are math-based and built into these protocols. What is also known is that some proposed solutions should be easier to implement than others. For instance, Bitcoin developers could fork the code and create a proof-of-stake ledger proposed by Stephen Reed. Alternatively, because this new extensibility could create fungibility issues, a different – and admittedly impractical – solution might be for mining pools to utilize a trusted Oracle data feed to colored coin exchanges and adjust mining rewards accordingly. Perhaps removing scripts entirely and relying on merge-mined sidechains, instead, could alleviate this potential pain point as well.

What is definitely known is that market participants have every incentive to keep miners mining. If fees are floated users will likely pay higher transaction fees if they do not want miners to go elsewhere. While speculative, colored coins users could become the biggest payer of transaction fees, though in practice, most users do not like paying any fee. Over the past several months this is an issue that Mastercoin and Counterparty developers have promoted: pay the miners higher fees for access to these new platforms because miners expect the value of these special transactions to go beyond the excess of bitcoin transactions. Miners could potentially auction block priority to these transactions over regular bitcoin transactions. One pool, Eligius, operated by Luke-Jr is already filtering out specific bitcoin transaction today. In conclusion, the interaction between second-generation blockchain technology and first-generation incentive mechanisms will continue to be thought-provoking. It is certainly an issue to keep one’s eye on in the coming years.

[Note: I would like to thank Preston Byrne, Petri Kajander and Taariq Lewis for their comments; and Joshua Zeidner for bringing this issue to my attention and for his extensive feedback.]

Cryptocurrency in the news #15

Need to close some tabs, here are some links of interest:

Quote of the day: formulating the Byzantine Generals problem

The subfield of research involving Byzantine fault tolerance has existed for three decades and one of the areas in computer science that Bitcoin provided a decentralized solution for was the Byzantine Generals Problem.

How did the term Byzantine Generals Problem come to exist?  Here’s an answer from the creators:

The Byzantine Generals Problem  (with Marshall Pease and Robert Shostak)
ACM Transactions on Programming Languages and Systems 4, 3 (July 1982), 382-401. PDF

I have long felt that, because it was posed as a cute problem about philosophers seated around a table, Dijkstra’s dining philosopher’s problem received much more attention than it deserves.  (For example, it has probably received more attention in the theory community than the readers/writers problem, which illustrates the same principles and has much more practical importance.)  I believed that the problem introduced in [41] was very important and deserved the attention of computer scientists.  The popularity of the dining philosophers problem taught me that the best way to attract attention to a problem is to present it in terms of a story.

There is a problem in distributed computing that is sometimes called the Chinese Generals Problem, in which two generals have to come to a common agreement on whether to attack or retreat, but can communicate only by sending messengers who might never arrive.  I stole the idea of the generals and posed the problem in terms of a group of generals, some of whom may be traitors, who have to reach a common decision.  I wanted to assign the generals a nationality that would not offend any readers.  At the time, Albania was a completely closed society, and I felt it unlikely that there would be any Albanians around to object, so the original title of this paper was The Albanian Generals Problem.  Jack Goldberg was smart enough to realize that there were Albanians in the world outside Albania, and Albania might not always be a black hole, so he suggested that I find another name.  The obviously more appropriate Byzantine generals then occurred to me.

The main reason for writing this paper was to assign the new name to the problem.  But a new paper needed new results as well.  I came up with a simpler way to describe the general 3n+1-processor algorithm.  (Shostak’s 4-processor algorithm was subtle but easy to understand; Pease’s generalization was a remarkable tour de force.)  We also added a generalization to networks that were not completely connected.  (I don’t remember whose work that was.)  I also added some discussion of practical implementation details.

Different proof-of-work mechanisms and several altcoins that have been hit with a 51% attack

realityJonathan Levin was recently interviewed by CoinTelegraph.  One of the notable remarks was the following:

CT: You also mentioned at CoinSummit that Proof-of-work model may not be here to stay. What would you think would be a viable alternative which could be created should the popularity of Bitcoin explode in the next few years?

JL: I think the concept of proof of work is always going to be here to stay. Whether this proof of work will be running a hashing algorithm like SHA-256 or something different remains to be seen. I am a big fan of other forms of proof of work that can be combined with or replace the proof of work that Bitcoin uses. An example of this could be proof of solar power generation. There are many great minds thinking about this problem and I am sure there will be some interesting developments over the next year.

While I think that most proof-of-work (as seen so far) generally leads towards centralization (due to economies of scale), perhaps there will be solutions in the future (though I suspect that is not the case because of MV=MC).

With that said, there are several different types of proof-of-work mechanisms used in cryptocurrenices today:

  • SHA256d which is used in Bitcoin and numerous clones (good thread on StackExchange) and is based on HashCash
  • scrypt which is used with Litecoin, Dogecoin, Feathercoin and numerous others
  • X11 used notably with Darkcoin
  • Dagger which may be flawed but was intended to be used in Ethereum
  • Kimoto gravity well, which adjusts difficulty, is used with Megacoin (explanation here and here)
  • Other experimental variations include: Scrypt-N, Scrypt Jane, Groestel (Grøestl), Keccak, and Quark

Based on my blockhalving article, I received an email yesterday about the potential for a 51% attack on Bitcoin and other chains:

I’ve been told that the system is secure because anyone with the computational power to conduct a 51% attack would just mine instead. If all coins are mined and there aren’t high enough transaction fees then you lose that argument right?

In theory, you would think that is when the network was the most vulnerable but in practice there are numerous chains that become extinct long before coins (or the money supply) are completely divvied out and are actually never hit with a 51% attack.  A joke I heard last year when I helped build some mining system for a few friends is that most altchains do not survive their second halving.  While no one has yet to actually do the empirical study on this, the truth is (at least back in spring of 2013) probably pretty accurate.  If you spend any amount of time in the announcement alt thread on Bitcoin Talk most new chains are pumped and then dumped by a coordinated few (like Fontas).

When prices enter a prolonged bear market there are fewer incentives for miners to stick around to provide security and thus the chain is abandoned even before halvingday.  While there are several reasons why someone would spend the costs to actually attack a dying chain — to test out their old equipment (or “LULZ”) — I do not think any research has been published yet that categorizes the various empirical examples of such deaths.  If anyone is interested in reading about early attacks, I highly recommend reading through ArtForz‘s posts on Bitcoin Talk.  He figured out all sorts of exploits with some of the early alts like i0coin and SolidCoin.

Below are five chains that have been known to be hit by 51% attacks, I’m sure the actual number is in the dozens at this point:


There are other cheaper ways to attack the network that don’t require achieving 51%.  One is simply with social engineering: since there are only a small number of Bitcoin pools (roughly 12) you could go the old fashioned route and blackmail them, physically attack the locations, regulate them, etc.  But those can happen with other types of information security too.  Dave Babbitt is finishing up his master’s thesis and he has an interesting statistic that I will be sure to post once it is published.

As far as Dogecoin goes, something to keep in mind is even if it is temporarily profitable (or less costly) for Bob’s Litecoin Farm to attack the chain creating a loss-of-confidence in dogecoin, those dogecoin miners that leave the network could end up on Litecoin, creating new competition for Bob.  So while it would hurt the confidence in Dogecoin, those profitably able to hash on Litecoin would likely create more headaches for Bob than is worth the effort.  But not all miners think in these terms.

[Note: as of this writing the Dogecoin hashrate is ~40 gigahash/s versus roughly 220 gigahash/s for Litecoin.]

With that said, in reading through some of the comments from the article yesterday, Stephen Gornick posted the following hypothetical:

A 51% attack for the purpose of double spending against the exchanges would need about $5M worth of the new Scrypt ASIC hardware mining away on a private fork of the Dogecoin blockchain. LIkely even less than $5M is necessary as a successful attack will likely involve DDoS’g the existing pools such that the total hashing on the public chain is lowered.

Additionally, the attacker doesn’t need to invest $5M just on this attack. Those Scrypt ASICs are only needed for about an hour — and can go back to mining Litecoin or whatever after the attack. So all that is needed is to direct $5M worth of hardware to the private Dogecoin blockchain fork for a short time until the aim of the attack (sell Dogecoins for bitcoins, litecoins or other non-reversible payment method, then withdraw the funds) is complete.

Stephen is probably correct, though, again a 51% attack is probably best described as an opportunity cost attack.  That is to say, what other more profitable and productive effort could the systems you are using to attack with have been used for instead?

This topic is a never ending and there are many interesting papers, threads, articles, videos and podcasts covering the same topic from multiple angels.  Perhaps Dogecoin will stave off any such attack.

Digital currency wingmen (and women)

save-FerrisI have a new article up over at CoinDesk discussing some of the challenges facing Dogecoin as it relates to block halving rewards:  What Dogecoin Must Do to Survive

There were some edits and a few things were removed, so for those interested I also have my original copy in (pdf) that has one more option, a chart, plus a few more details and links.  The title of the original is “Dogecoin likely needs a wingman to survive” (it also links to the MemoryCoin “death”).

There are a number of potential solutions and many well-intentioned, motivated people are trying to organize a variety of ways to “Save Doge” happen.

For instance, this is/was a very popular Dogecoin thread from yesterday: Here’s your ASICs and pools — one of the developers has purchased ASICs from gridseed and is giving them to randomly selected people with the stipulation that they turn the hashrate towards dogecoin.

There are four problems with this specific proposal:

  1. It will simply increase the difficulty rate, pushing out other marginal miners who cannot profitably provide security on doge towards other more profitable chains (this  has occurred with Bitcoin in the past as well).
  2. From my reading it does not appear that there is any way to control those who receive the ASICs from pointing the ASICs on to another more profitable chain(s).  Whoever is distributing these would need to do some kind of “lock-in” otherwise this will occur.
  3. The question of who pays electricity is not highlighted or answered in the top of the thread.
  4. Nor is the question of who keeps the coins that are generated.  Are the holders of the coins required to keep them, sell them, trade them?  If they have to pay for electricity, taxes, logistics then they will likely need to liquidate those coins.

What this essentially amounts to is temporarily subsidizing hashrate on the doge network but with several unintended consequences that will likely create more challenges down the road.

Again, I think competition and choice is good.  I do not think (and this is just my opinion) that a monopoly-of-ideas behind just one token is an effective way to promote a new innovation that itself was purportedly designed to compete with other forms of payment.  In an open market, market participants decide and their preferences can change based upon economic conditions.  It impossible to predict what the market will decide a priori thus despite these predictions and trends the market may move in a different direction.

However, this reddit plan above ultimately just sends money to the utility companies, postponing the inevitable by writing checks to an electrical money pit.

The “pain point” of payments in the developed world

paymentsVitalik Buterin is one of the smartest writers and developers in the digital currency space. At the ripe age of 20 he has put together a repertoire of code, articles and most importantly challenges that the “cryptocurrency” world faces.

He recently penned an article that argues what Bitcoin needs today is usage by employers, not just more merchants.  That one of the ways to subdue and mitigate the high levels of volatility is for employers to pay employees in the digital currency whereupon employees then can pay for wares from existing merchants whom in turn pay their employees in bitcoin.

This sounds nice in theory — a fully enclosed system — but there are a number of problems with it, namely that in practice bitcoin is treated as a commodity or collectible (not a currency) by market participants and its deflationary allocation + inelastic money supply makes it a poor modern medium of exchange.

This point is argued in a recent paper by Ferdinando Ametrano:

The unfeasibility of a bitcoin loan is similar to that of a bitcoin salary: neither a borrower nor an employer would want to face the risk of seeing their debt or salary liabilities grow hundredfold in few years. A manufacturing firm cannot accept an order in bitcoin with the risk of its value doubling or halving on a single bad day. Even the development of a derivative market could only hedge these risks with an implausibly high price. This is the cryptocurrency paradox: arguably the best ever kind of money by any metrics, marred by the severe inability to serve as reliable unit of account.

Perhaps this will change over time, maybe one solution is through hard forks involving “growthcoin” (as proposed by Robert Sams) and “stablecoin” (as proposed by Ametrano).

However, one of the challenges will always be the “pain point” — what incentive do people have to switch to a competing platform in the first place?  Why should consumers or employers want to adopt bitcoin the currency?  For instance, most users in the developed world do not have to deal with double-spending or rampant inflation.  Credit card fraud rates represent roughly just 7 bps and some cards provide other types of incentive like cash-back rewards or frequent flier miles — something that bitcoin cards (if they existed) would have a uphill task of providing.  Similarly many modern savings accounts provide some form of interest rate plus deposit insurance — trying to on-board these types of users would be difficult because there is no current equivalent with Bitcoin (yet).  [Note: savings is different than speculative hoarding, see discussions here and possibly here.]

Two days ago Ben Edelman explained how in most circumstances, customers pay more just to use bitcoin yet without gaining any additional benefits.  By “use” he means using it for actual commerce and not holding on to it for speculative purposes.  Because of this friction, because bitcoin users typically need to spend more than the alternative forms of payment, despite the large increase in adoption by merchants over the past 6 months there has been very little corresponding transactional volume.  Instead it is being treated as a novelty, a speculative collectible.

Or as a friend of mine, Bob, calls it a “My Little Pony” toy.  In a nutshell Bob compares the bitcoin currency system with the My Little Pony collectible.  Bob has a daughter and according to her each Pony has its own story in its own little special universe filled with cartoons, video games, clothes and toys and that’s how bitcoin the currency is treated: many early bitcoin adopters enjoy the ever grander mythos and backstory, that it was created by an anonymous developer, the ledger entry cannot be double-spent, its distribution and promotion involves volunteers organically threaded together via Meet-ups and bulletin boards and is purportedly impervious to political whims.  This brings it to life in a more colorful way that other systems like Square or Stripe have not similarly created (see Seth Godin’s Purple Cow).  And according to Bob, My Little Pony characters can also have plight-filled adventures, though none involving subpoenas (yet).  See also: Bitcoin: a Money-like Informational Commodity

Perhaps Buterin’s solution will gather momentum over the coming years, however unless the average consumer needs to spend less (not more) to gain the same level of advantages and protections that current platforms have, it is unlikely that a snowball effect in payments will take place anytime soon.  Incidentally, one crowdfunded innovation that could likely move beyond “toy” phase soon is the Trezor hardware wallet because it fulfills a real pain point today, horribad security issues with protecting private keys.

The advantages and challenges of mining bitcoins in China

I received some feedback from a veteran of the mining subindustry in China regarding my previous research on this space.

According to him there are a number of other moving pieces at play that are fluid will not necessarily last.

For instance, providers such as HashRatio have succeeded, not by designing their own chip but by figuring out the best combination of system and power configurations.  Going from chip to working system is non-trivial.   The end result are systems which are not necessarily pretty to look at, but they work.

One of the issues this new source had with my report was that because of guanxi is relatively hard to quantify, knowing whether or not you have the best price of a particular resource (like energy) is always a lingering question.  That is to say, even if Alice knows the boss of a coal mine, another competitor, Bob, may know his bosses boss which gives Bob even cheaper rates than what you thought you were receiving.  Improving guanxi is a millennia old Herculean task.

Some other highlights according to the source:

  •        If Alice’s metric is purely dollars per ghash, the analysis was correct. This is because there are two important figures: Alice’s new ASIC kWh/hash multiplied by her electricity cost / kWh.
  •        While Moses Lake is quoted in many news reports at being 1.7 cents per kWh, there are many other parts of the state which are very low, some averaging 2.3 cents per kWh.  And Washington has a much better infrastructure (both for electricity and internet) than China which makes it a very competitive geographic region.
  •        Similarly, Russia is 1 to 1.2 cents per kWh, though, you would be in Russia.
  •        China is cheap relative to a lot of countries, but relative to Washington and Russia the community capacity is still limited by State Grid, a large state owned enterprise (SOE) with a flat rate of 0.3 RMB kWh buying in any power station linked to it.  Miners will likely be unable to go under that.
  •        While Alice can do some meter fiddling or go off grid power, those options are hard to find and probably will not last long.
  •        State Grid has likely heard of bitcoin mining, but the wattage usage is not big enough to pique their interest or oversight.
  •        Inner Mongolia, as part of China, has overinvested in wind farms.  Yet there are large areas that are not linked to the grid yet.  And due to the unstable nature of wind, as well as poor internet infrastructure, none of the mining pools has gone there yet.  And it is sparsely populated which leads to potential difficulties in sourcing human capital and talent to run a pool.
  •        Mongolia, the country, imports roughly 10-20% of its electricity from Russia, so Bob might as well go to Russia if he is willing to set up a facility in Mongolia.

Interesting posts to add to your reading stack

  • I highly recommend re-reading Robert Sams’ post from earlier this year, The Marginal Cost of Cryptocurrency.  Through many exchanges I have incorporated several of his thoughts into my own writings and think he is one of the top thought leaders in this space.  He was on the Economic panel last week in Amsterdam too.
  • I came across a new blog that deals with block reward incentives and network costs and one particular post in particular stuck out: Megawatts Of Mining.  All of Dave’s posts there and on Bitcoin Talk are thought provoking.
  • I will probably get some hate mail from some friends, but I thought Ben Dyson’s post, Bitcoin’s 3 Fatal Design Flaws made a couple of good points.  I’m not swayed by point 3 but his first 2 are pretty accurate.  Bitcoin was supposed to be an electronic peer-to-peer payment platform, in fact, according to Mike Hearn, Satoshi originally was working on building a P2P marketplace.  Based on some cryptic notes at the Amsterdam conference last week, Hearn purportedly said, “when Satoshi launched bitcoin he was working on a p2p marketplace and you would be able to rate buyers and sellers and the weight would be according to how much mining they had done.”

Irrespective of what Satoshi’s plan was, in practice, what has happened is the token has turned it into a speculative asset, a store of value with little velocity.  And we see that in actual blockchain behavior.  So, Dyson’s first two points are worth thinking over once again.

Update: Mike Hearn sent me a note and mentioned that the marketplace was never finished and Satoshi deleted the code.

  • Lastly, two notes about exchanges.  Caleb Chen had a good post on the HKCEx scam and the WSJ noted today that a couple exchanges (Mt. Gox and BitInstant) are under investigation for ties to illicit trade (through Silk Road).  Again, if Bitcoin is considered a developing economy, historically the successful ways to grow an economy is to take the existing capital stock and make it more productive.  The sale of drugs does not create engines of growth.  And scams are not helping the average person trust the safety and security of the ecosystem.  The solutions to these involve creating real on-chain utility beyond gimmicky entertainment apps.  There are also a lot of good wallets either being developed or in production now, I’ll likely post a round-up of those at some point this year.  I do not think paper wallets are the solution as you need to be a genius to use them and it defeats the purpose of having or using an electronic asset.

Questions related to mining rewards in Bitcoin

A user, Bob, on Bitcoin Talk sent me some question in response to my article:

1) why does one assume transaction fees will substitute decreasing block rewards. are users not equivalent in choosing the operating software in the Bitcoin network why not just charge a mandatory 0.01% charge on all coins that are younger than X blocks and limit free transactions to say 30%. When the thermodynamic limit is achieved economic friction in Bitcoin will be just 0.01% of all energy consumed in the the economy.

2)the thermodynamic limit is not a limit in that there is entropy, the waste heat just becomes an input for a new system, eg. water can be desalinated, cooling as we know it today is a wasteful activity.

3) I also don’t seem to understand why when ASIC chips reach the thermodynamic limit they’ve wouldn’t start decentralizing in location (not ownership). There will always be centralized mining where energy is cheep but there will always be a need for heating at the very least everywhere and that is potentially a free energy input.

The free market is the perfect motivation for innovations not explored in your analysis.  Still you leave me in awe as to how alts are going to evolve as the energy equilibrium evolves.

My responses to Bob are the following:

1) In practice, users of the Bitcoin network do not like including transaction fees and there are endless threads on Bitcoin Talk of people complaining about fees.  In fact, one of the purported — wildly incorrect — selling points with Bitcoin is that it is somehow “free.”  Obviously this is incorrect, utilizing scarce resources is not free.  Someone has to pay.  The people who pay in this case are all bitcoin holders as roughly every 8-10 minutes new bitcoins are minted, diluting the shares of everyone through inflation.

But let us assume that we fast forward 100 years into the future when there are no longer block rewards, that miners will continue providing labor solely for transaction fees.  If these fees are floated and chosen by miners, it is impossible to say a priori what the actual market clearing fee will be.  Will it be 0.1%, 1%, 10%?  Or something in between?

One issue in Bob’s scenario is the “30% free transactions” — this is completely arbitrary.  Miners still have to bear a real cost to transacting and securing the network and only do so today because of block rewards.  If there are no block rewards and they want to continue providing “free” transactions, then they will be doing so out of charity which is not a sustainable business model.

2) The thermodynamic limit is something Andrew Poelstra has written about.  For the purposes of Bob’s specific point, Poelstra’s document can be ignored for the moment because it is still necessary to actually describe what is happening today.  If a bitcoin is worth $1,000, then an economically rational miner will only spend (capital costs + operating costs + taxes, etc.) no more than $1,000 to extract rents on that token.

In practice this is not the case as there are numerous examples of people and companies operating at losses for a variety of reasons, primarily because of price expectations: they believe that the token will eventually appreciate in value and the market value of the token will eventually cover their operating losses.  Thus today, the network is being “oversecured.”

As far as “waste,” that is how Proof-of-work works.  Someone, somewhere has to “burn” (or dissipate) something in order to secure the network.  Irrespective of what part of the supply chain or logistical operations it takes place, market participants are provided signals by token value (e.g. a $1,000 bitcoin) to turn off or on their hashing systems.  It doesn’t matter what the energy source is or how efficient ASICs are, market participants will simply use a calculator to find out if their inputs (capital costs + operating costs, taxes, etc.) allow them to profitably provide their labor.  The same goes for a $1 million bitcoin.

3) Let’s assume that tomorrow several chip manufacturers announced that they were now shipping chips with fabrication node spacing that reaches the Planck limit (see this interesting paper).  That essentially, irrespective of who you bought from, their hardware design was the most maximum efficient chip possible.  We will call this the Alice design.  What would happen in this case is that whoever was able to get a hold of Alice first would profit from it disproportionally at first (as other competing farms were using older less efficient designs).  But over the months, the distribution of Alice became widespread and you could go to a store and buy Alice off the shelf from a neighborhood retailer.

What would happen then is, since everyone is competing with the same hardware, the only variables to profitability would be land costs (plus taxes and compliance costs in your jurisdiction) and operating costs (electricity).  As a consequence, there would be global arbitrage, a dance in which miners would gravitate towards the cheapest region of the globe with favorable tax policies and cheapest electricity prices.

We already observe this happening today, which are discussed in that article.

The benefits that heating may play could be a factor, but if history of cloud computing is any guide, it is relatively unimportant — Google does not put employee housing within the middle of its data center to warm them with a Carnot engine of some kind (yet).  But again, this is unimportant.  All mining facilities, just like any data center, will have a profitability calculator.  Irrespective of how they displace or use the energy they have a bottom line of whether or not they can continue providing the service (via their computational labor) at a profitable rate.

Also, in practice, data centers typically receive subsidies from a variety of sources (like local tax breaks).  Even if you removed all of the subsidies and all geographical regions were “pure free markets” — there are still areas on the planet with better infrastructure, cheaper energy resources, better property rights, etc.  Those are the same locations capital moves to on a yearly basis.

Visualizing UTXO patterns on the blockchain

I have a new piece up over at CoinDesk: What Block Chain Analysis Tells Us About Bitcoin.  Note: the title of this blog post was the original title of the CD article (we switched it so that the average reader would find it more of interest).

I really have to thank John Ratcliff for his time, effort and talent for fusing blockchain data with a visualization engine.  Also special thanks to Jonathan Levin for his analysis of what is going on (I have quoted him several times now, including my recent mining piece regarding China).

My own view (not necessarily anyone else’s) is that this data shows that while bitcoin was, on paper, built to be an electronic cash system (a payments system), that in practice it is primarily used as a store-of-value.  Yet in a twist, even the run-up of a $1,000 token last fall did not bring the long-term savers out of their cold sleep.  And more to the point, it is doubtful that even if some of these old holders wanted to sell that in practice they could not because liquidity is very thin and they would likely create huge pay walls in order books that would take days and weeks to plough through.

Thus the question is, what could incentivize long-term holders to actually use the network as a payment platform, to exchange their tokens for wares?  My own view is nothing will in the short-run.  BitPay, Circle and Coinbase are all neat, innovative and have smart people working for them but in their current form they basically just serve early adopters with large quantities of bitcoins to dispose of.  The transactional volume only spikes during price rallies which essentially means that on-chain bitcoins only move in the midst of large market movements.  What this likely means is that, sans the black market, very few people buy bitcoins to spend on conventional goods and services; real economic activity and commerce is still quite low.

As a consequence, if entrepreneurs are looking to capitalize somewhere in this market segment, they may want to incorporate this thesis into their business plan: that most activity involves savings, thus you should build products and financial instruments to hedge the savings from volatility.

Perhaps this is just a temporary phenomenon.  Maybe, as some advocates hypothesize, if and when prices reach a stable value at several thousand dollars this behavior will change.  Fortunately for all interested parties, the blockchain shows us what is actually happening.  It is the real asset.

Update:  Here is John Ratcliff’s latest pie chart based on the same methodology from the article:


How much energy is used to secure a $1 million bitcoin?

I have a new article over at Bitcoin Magazine called, Bitcoin: Made in China.

It’s based off a paper (pdf) I have been working on and is the culmination of numerous exchanges and conversations I have had over the past couple of weeks.

Another interesting article on this subject of capital costs is this recent one by Dario Di Pardo, $46K Spent on Mining Hardware: What Happened Next?

There are several people to keep your eye on for analysis in this space (such as those in the acknowledgements portion of the piece).  Dave Babbitt is working on his master’s thesis on this specific issue (hence his up-to-date numbers), Jonathan Levin is about to defend his thesis (which goes into several mining models), Robert Sams is brilliant with both econometrics and with understanding incentives and Cal Abel speaks in a whole new different league.  I also had some illuminating exchanges with John Ratcliff (he posted some subsequent comments over here).  Andrew Poelstra has a very critical eye and sharp mind for any logical errors and Bryan Vu is both articulate and provided some good counter-points to the hypothetical trend lines.  Dan Forster and Karl Holmqvist helped spark the initial barage of questions, Joseph Chow helped tweak the responses and Petri Kajander made sure my writing was coherent.  Also, thanks to Ruben Alexander, editor at Bitcoin Magazine for his encouraging words.

Lastly, my sources in China including Weiwu are without a doubt, resourceful and survivors.  That region of the world is a very tough market and unfortunately doesn’t receive the respect it deserves.

For instance, below is a Figure 4 from the new U.S.-China Economic and Security Review Commission (pdf) by Lauren Gloudeman.


Thus the next time you hear someone on reddit complain about China in relation to Bitcoin or tell you how Chinese demand did not impact prices, show them this diagram.  Who will replace the Chinese whale?  Maybe Wall Street.

Also send them here: Fairweather fans in bitcoinland disowning China

Interest rates and currency appreciation in China

My friend Mark DeWeaver, author of Animal Spirits with Chinese Characteristics (and who wrote the foreword to my book on China) has a very insightful op-ed over at the WSJ today: Overvaluing the ‘Undervalued’ View of the Yuan

If you’re interested on unbiased, objective information about China without theatrics and hysteria I recommend tuning into the following people:

Massimo Ceccarelli also has a good round-up of China-related stories each day.

Future Opportunites and Economic Challenges for Cryptoledgers

On March 27, 2014 I gave a presentation at the Institute for the Future in Palo Alto.

I covered a number of topics including some of the governance challenges surrounding the protocol, the tragedy of the commons surrounding the development of the system as well as how the network pays for itself through token dilution (seigniorage).

This is based on the following research paper:

  • Bitcoin Hurdles: the Public Goods Costs of Securing a Decentralized Seigniorage Network which Incentivizes Alternatives and Centralization (pdf)

I made at least one error in the presentation.  Regarding microtransactions, this was not specifically stated in the original 2008 white paper but was subsequently discussed by adopters as an area for potential opportunities.  Here is one thread at StackExchange that discusses this further.

Currently only off-chain solutions like Coinbase support the ability to transact at the satoshi level.

[Note: this presentation was made prior to the announcement of “Sidechains” which is a Blockchain 2.0 company that could ameliorate some of the governance issues]

Max Levchin and Counterparty discuss digital currencies

Zavain Dar is an investor with Innovation Endeavors and adjunct lecturer at Stanford teaching a Symbolic Systems course which covers the burgeoning segment of digital currencies and decentralized applications.

Today he had three guest speakers, Max Levchin (one of the original founders of PayPal, now with Affirm) and Matt & Robby from Counterparty (I wrote about Counterparty in Chapter 3).

Below are some notes from their discussions.  All errors are my own.  These are mostly paraphrased statements they made (i.e., these are not 100% word-for-word statements).

Mmax2ax Levchin

Max presented both a bullish and bearish case for cryptocurrencies such as Bitcoin.

On the bearish side he did not consider it a viable currency because of its continual volatility [note: David Evans published a paper last month that found BTC was 18x more volatile than the Euro in 1Q 2014] and because it does not have any government backing yet (he discussed a hypothetical future scenario later below).

On the bullish side, he thinks the underlying protocol was interesting because it solved the Byzantine General’s problem in an elegant way vis-a-vis a distributed ledger which creates a trustless system of interaction.

One subsequent hurdle he saw with the mining aspect is that it consumed enormous amounts of energy (he compared “miners” as a type of Congress and the core dev team as a type of Federal Reserve — or in other words, neophytes perhaps without the necessary experience or background in economics and international politics).  Again, he was not trying to be antagonistic but descriptive.  He also did not find the code quality that he has looked at to be particularly high.

He observed that the scripting language it used (comparing it to Forth and Lua) as interesting and concise and found the m-of-n transaction system to be innovative (he cited Shamir’s Secret Sharing concept and two-man rule).

One area he found of future interest is that of a “smart agent” (which is essentially what Mike Hearn would call an “agent” and Vitalik Buterin calls a “decentralized autonomous organization”).  Max foresees a period in the future — perhaps not necessarily with the Bitcoin protocol itself — in which a smart agent sells a service in bitcoin and receives bitcoin as revenue for service; propagating and cloning itself based on its performance through AWS clusters.  He mentioned reading about some of these proto-ideas in scifi literature (name dropped “Game of Life” though this is not really scifi).

Max then segued into a discussion on, how based on actual numbers, Bitcoin as a payments platform will likely not uproot existing players, despite the much ballyhooed “2.5% + $.20” (also called a swipe fee) that anti-establishmentarians like to espouse.

Based on his description, if fraud rates ever reached 1% Visa, MasterCard and others will kick you off their network.  And in practice, they will likely put pressure on a merchant with increasingly higher fraud rates prior to reaching 1% — thus incentivizing merchants to get their house in order… or else.

Fraud itself only accounts for 0.07% (yes, 7 bps — see “Credit Card Issuer Fraud Management, Report Highlights”) of the cost that is factored into this total of 2.5% — he noted that this reflects that most people and most customers are quite honest (give yourself a pat on the back society).

He then mentioned that what is concerning are scalable fraud — that most theft is small-time purchases that are written off.  The bigger issues that companies like Visa have to be on the lookout for are those originating in Eastern Europe that can scale yet even with that, the actual costs dovetail into the 2.5% cost.

He then mentioned the history of how gambling, or rather the illegal processing of payments related to gambling came into being.  He also touched on the evolution of cashback rewards, VeriFone, the competitive fight with interchange fees, AMEX black card (also called the “Centurion Card” which can be used at new lounges in airports).  None of the credit card companies are on closed loop solutions: AMEX lends their brand to other cards (ala “white labeling”).

Perhaps one notable – hypothetical – point that blockchain enthusiasts may find of interest is CanadaCoin (or Cancoin as he called it).  Basically in his view, a country like Canada could utilize a cryptoledger by experimenting with well-defined revenue segments such as real estate taxes, connecting those moving parts (payments, transfers, etc.) with a distributed ledger.

The tl:dr version of Max’s talk: he finds the Bitcoin protocol to be very interesting, potentially seeing its use-cases emerge with interchanges (not to be confused with fiat exchanges) but finds the actual bitcoin token and its mining/development system to be no bueno.  As a consequence he does not see bitcoin as a payment platform competing against established players who despite opinions to the contrary actually are squeezing out lots of utils — and that most cryptocurrency advocates don’t actually understand how the numbers break down (e.g., what fraud actually accounts for).



Robby and Matt work as volunteers for Counterparty.  Counterparty is a “2.0” platform that sits on top of and uses the Bitcoin blockchain (as described in Chapter 3).

They discussed several capabilities of the platform:

  • Currency creation (creating your own brand)
  • Creating digital assets for crowdfunding (like LTBCoin)
  • Ability to trade any asset peer-to peer (contracts for difference, binary options)

They call themselves an embedded consensus system (because it uses the consensus system of Bitcoin and is embedded onto it).  One new piece of tech they are working on is a “Vennd” (digital vending machine).  Both of them answered a number of questions from the audience related to how the decentralized exchange (which has been active since January) allows order matching and native escrow by the protocol.

Another point of interest was their discussion of CODA and the various legal issues surrounding the exchange of instruments and potential interaction with organizations like the CFTC and SEC.

One clarification and one correction

Got an email over the weekend from someone that watched my presentation (video).  He was asking me about the specific situation in which someone resells a bitcoin or smart contract that had previously been stolen.

I am not a lawyer, but the underlying principle for this issue is called nemo dat.  In the US there is an exception related to legal tender that has been sold and resold.  If you are concerned about this issue, especially as it relates to digital currencies, smart contracts and smart property be sure to speak with an attorney.  I can recommend some.

The correction in that video is related to remittances, I slipped and said $30 billion for received remittances in China.  The actual number is $60 billion.  I mention more in Chapter 6 (the top three are $71 billion for India, $60 billion for China and $26 billion for the Philippines).

Will Bitcoin ever be used for its intended purpose on a widespread basis?

The original white paper mentions “peer-to-peer electronic cash system” as part of its title and further details this idea in the first section, yet relative to its media exposure there is little on-chain activity and subsequent data that validates this purpose (yet).  Perhaps this will change, more on that later.

In my paper (pdf) which covers this topic, I mention Square as an example of a company that has grown enormously without the benefit of the same “free” publicity that Bitcoin has received over the past 4 years.  I should point out that I am aware that Square itself is in a tight position and may not have a successful exit.1 The example still stands however as shown below:
bitcoin and square
This chart comes from Google trends based on dates between January 2009 and January 2014.  Bitcoin (“the currency”) is in blue and Square, Inc. is in Red.  What this illustrates is the low conversion rate (CVR) that the Bitcoin platform has had thus far.  This is not to say it will fail as a platform, rather that it has enormous adoption and on-ramping challenges (such as edge based security).

Some of the other challenges were issues that Square has faced all along and were concisely described in a post a few years ago (the stats are slightly different but the hurdles remain the same): Square will “do better” than PayPal? Yeah.. and Pigs Fly

The following chart illustrates this issue as it relates to Bitcoin:

blockchain transactions

This chart is based on the past year of on-chain data culled by Blockchain.info: the number of transactions excluding the 100 most popular addresses (such as gambling sites like Satoshi Dice).

What this means is that over the past 6 months, there has been essentially no new on-chain transactional volume.  Despite the tens of thousands of merchants that BitPay and others have on-ramped, most users (or rather holders) of bitcoin are unwilling to actually spend it.  Almost all of the additional activity occurs on the edges, in “trust-me” silos which defeats the purpose of having a blockchain.  I have discussed this issue several times this past month (such as the last section of my paper).

Jason Kuznicki has attempted to describe the lack of growth in on-chain transactions in graphical form.  His chart, above, reflects the daily total transaction value of the bitcoin economy, denominated in U.S. dollars, divided by the total market capitalization of the bitcoin economy on that day, denominated in U.S. dollars. Between December 2012 and December 2013, he points out, the velocity of bitcoins remained within a very narrow band.2 The notable two largest peaks are in April 2013 during enormous global media attention of the platform creating a temporary bubble and at the end of November 2013 when Bitcoin Black Friday (BBF) was held. BBF was the busiest ecommerce day of the year for the network, which achieved 1.5 transactions per second (compared with the average of 0.7 transactions per second and its theoretical maximum of 7 transactions per second).3

Kuznicki notes that:

The key here is that nothing seems to be happening all that dramatically in bitcoin’s velocity of money over time. It’s not circulating more rapidly over time, which is what one should expect if it were taking off as a currency, and if more and more transactions were of the form of people passing bitcoins around for stuff. Instead, most transactions (that is, most that don’t go dollar-to-bitcoin-and-then-stop) are likely to be money-to-bitcoin-to-stuff, after which the merchant reverts to the dollar as soon as possible. If the bitcoin economy were becoming independent, we might expect a takeoff in the velocity of money, but we’re definitely not seeing it yet.

Again, this is not to suggest that Bitcoin will fail as an experiment or that it will not succeed in certain niches (i.e., store of value for Argentinians).  Perhaps it is a chicken-egg problem in which as more merchants enter the space, there will be more incentives to actually spend it.  However, barring the success of sidechains, I am doubtful that Bitcoin itself will be used as a payments platform on par with PayPal or Visa any time soon.

  1. See With IPO Hopes Fading, Square And Box Face Reality Of Commodity Products from TechCrunch and Mobile-Payments Startup Square Discusses Possible Sale from The Wall Street Journal []
  2. One reviewer noted that “Velocity analysis is really important. For something that purports to be a currency, it is the key metric of success with respect to its role as a medium-of-exchange. There is likely a correlation between the fx rate and tx volume due to speculative demand. However it is uncertain that the price chart of fx and USD tx volume proves that. In the future, a researcher could equally tell the story that the fx rate is being driven by increasing tx demand. Without a way to distinguish block tx due to fx settlements and block tx due to trade in real goods (and of course estimating tx due to change, same-person wallet transfers, etc), these series are likely ambiguous.” []
  3. BitPay alone processed 6,926 bitcoin-based transactions on November 29th last year up from 99 transactions on the same day the year before, see BitPay Drives Explosive Growth in Bitcoin Commerce from BusinessWire []

Fairweather fans in bitcoinland disowning China

fair weatherWhile I am not endorsing bitcoin as an investment (I don’t actually), a vocal minority of English-speaking Bitcoin adopters on reddit and Bitcoin Talk are proverbial bandwagon fans.

In November, when Chinese consumers exploded onto the Bitcoin scene, many commentators cheered them on, welcoming them into the big leagues.

Ever since bitcoin prices peaked in early December (corresponding with the December 5th notice (Chinese) from the PBOC), many of these same armchair commanders / evangelical adopters have thrown all of China under the bus.

For instance, on Friday CoinDesk published a story about FXBTC (a Chinese bitcoin exchange) closing down next week.  The very first comment was the following:

The rest of the world would be better to ignore these PBOC reports. Bitcoin will go stronger once that happens.

Throughout each week similar such comments are posted on reddit (here) and Bitcoin Talk (here). The truth is, Chinese consumers created enormous demand that drove up the prices in late November and early December.  And the price has fallen measurably since the peak five months ago a peak which corresponded with the first “crack down.”

This may not be something you want to hear as an investor, but it is the truth of the matter.  While some claim that Chinese exchanges were fudging their volume and liquidity, extraordinary claims require extraordinary evidence.  I wrote an article 4 months ago (that was republished by Business Insider) that discussed several ways to purportedly fake the volume, yet even I do not have a smoking gun (yet).  In fact, post-December 5th I think most of the big exchanges (like Huobi and OKCoin) were probably posting real numbers. And in all likelihood, correlation is causation: the PBOC is a force to be reckoned with, they enacted (caused) new regulations and guidance which scared both smart money and Chinese day traders away which correlates with the continual drop in prices.

To compound this issue are enthusiastic Bitcoin advocates in China, especially exchange and merchant developers who spread their own counter-propaganda that is wholly without evidence.  The fact of the matter is, there has been a cat and mouse game going on for months now and while exchange operators have found temporary workarounds, the writing is on the wall: Bitcoin exchanges are for the time being persona non grata on the mainland.  There may be a few other loopholes and workarounds (which are quickly removed), but to believe otherwise is wishful thinking.  No amount of marketing spins or gimmicks like ATMs will likely change that in the short-run.1

Perhaps these types of inflammatory we-love-you-now-we-hate-you comments only represent a vocal minority, but it is pretty clear that most tokenholics do not care about utilizing a trustless consensus mechanism to empower the underbanked in developing countries such as China.2

Instead of loathing China, the community as a whole should sympathize with the loss of a comrade.  I do not expect this to happen though.  I briefly mentioned this in my Q/A at Stanford on Monday.  The Chinese government is opaque but the worst thing they could do is go all draconian (like blocking websites or arresting entrepreneurs) which they haven’t and egging them on, as endless threads on reddit do, is only hurting the very people Bitcoin was purportedly designed to help.

Will Hong Kong be the saving grace?

Most Chinese operations now have accounts in Hong Kong but they cannot operate as bitcoin businesses; the Hong Kong Monetary Authority (HKMA) has asked Hong Kong banks to report any account related to cryptocurrencies so most of the accounts are usually not open about the true nature of the operations.  Some are still openly related to bitcoin but for mining investments (hardware purchases) or merchant investments and there is still pressure on those.

If you only care about the value of the token, the ledger entry, the UTXO, etc. then you are going to need a bigger whale.  China was a huge whale.  Perhaps in a bit of irony, this summer funds from Wall Street (from bitlicensed firms) could end up driving up the price once again, effectively bailing out some of the reddit bitcoin holders who are now underwater.  Cui bono.

[Note: Weiwu Zhang has been posting some interesting analysis over the past few months at a German Bitcoin site.  His prediction are not always correct, but it is a fresh perspective that seems more grounded than the typical “invest on hope” mantra.]

Update: Just found out that all of the Bitcoin exchanges in China have pulled out of the upcoming Global Conference in Beijing on May 10th.  They are taking the PBOC notification / guidance very seriously and do not want to irk policy makers.  So they will not give presentations or show up in any official capacity (their sponsorship continues though — money has already been paid).  This is sad news.

Update 2: I have had three different independent confirmations to the first update.  The Global Conference website is slow to update the changes to the schedule. This article (Chinese) is apparently the one that asymmetrically influenced the entire segment a week ago.  Its message of “don’t irritate the PBOC” went viral with about 30,000 hits (which is probably a decent estimate of how many people actually use bitcoin on-chain in China).  The exchanges met later and then decided not to attend in official capacity.  The article mentions that the PBOC does not want China to be the largest market (as it has been) and actually mentions an upperbound target of 3000-8000 BTC daily volume for the entire country.  The actual number is unimportant, the attitude is.  The PBOC (and China) does not want to be a leader but rather as a follower based on the regulations and outcomes from the US and other jurisdictions (like Germany and Canada).

Update 3: the big exchanges just issued a joint statement (Chinese) saying they will adhere to the new PBOC guidance. They did not clearly say what that exactly means and will continue to operate (function as an exchange).

Update 4: CoinDesk just published a new story on the exchanges that pulled out of the conference.

  1. Bitcoin ATMs are likely underutilized globally, many are probably unprofitable too, hence the lack of public boasting by ATM operators. []
  2. The title of the white paper and the first section of the white paper are specifically identify peer-to-peer payments as a way to reduce friction and trust of the traditional banking system. []