A panel on smart contracts with industry developers and educators

Earlier today I participated in a virtual panel covering smart contracts called, “Let’s Talk Smart Contracts.”

The panel included: Adam Krellenstein (Counterparty), Oleg Andreev (CoreBitcoin), Pamela Morgan (Empowered Law), Stefan Thomas (Codius, Ripple Labs), Stephan Tual (Ethereum), Tim Swanson (Of Numbers), Yurii Rashkovskii (Trustatom) and it was moderated by Roman Snitko with Straight.

Below are some transcribed notes of my own statements.

Introduction starting at 09:06:

Hey guys, great to be here.  Thanks for the invite, thanks for organizing this.  So I’m here because you guys needed another white guy from Europe or something like that (that’s a joke).  So the definition I have of smart contracts, I have written a couple books in this space, and the definition I use is a smart contract is “a proposed tool to automate human interactions: it is a computer protocol – an algorithm – that can self-execute, self-enforce, self-verify, and self-constrain the performance of a contract.”  I think I got most of that definition from Nick Szabo’s work.  For those of you who are familiar with him, look up some of his past writings.  I think that the primary work he is known for is the paper, “Formalizing and Securing Relationships on Public Networks.”  And he is basically considered the [intellectual] grandfather of this space.  I’m here basically to provide education and maybe some trolling.

From 22:02 -> 24:15

I think I see eye-to-eye with Adam here.  Basically the idea of how we have a system that is open to interpretation, you do have reversibility, you do have nebulousness.   These are things that Nick Szabo actually discussed in an article of his called “Wet code and dry” back in 2008.  If you look back at some of the earlier works of these “cypherpunks” back in the ’90s, they talked about some of these core issues that Oleg talked about in terms of being able to mitigate these trusted parties.  In fact, if you look at the Bitcoin whitepaper alone, the first section has the word “reverse” or “reversibility” around 5 times and the word “trust” or “trusted” appears 11 times in the body of the work.  This was something that whoever created Bitcoin was really interested in trying to mitigate the need for any kind of centralized or third party involved in the process of transactions to reduce the mediation costs and so forth.

But I suppose my biggest criticism in this space, it is not pointed to anyone here in particular, is how we have a lot of “cryptocurrency cosplay.”  Like Mary Sue Bitcoin.  I’m not sure if you guys are familiar with who Mary Sue is: she is this archetype who is this kind of idealized type of super hero in a sense.  So what happens with Bitcoin and smart contracts is that you have this “Golden Age” [of Comics] where you had the limited ideas of what it could do.  Like Superman for example, when he first came out he could only jump over a building and later he was pushed to be able to fly because it looks better in a cartoon.  You have only a limited amount of space [time] and it takes too long to jump across the map.  So that’s kind of what I see with Bitcoin and smart contracts.  We can talk about that a little bit later, just how they have evolved to encompass these attributes that they’re probably not particularly good at.  Not because of lack of trying but just because of the mechanisms of how they work in terms of incentives for running mining equipment and so on.  So, again we can talk about that later but I think Adam and Oleg have already mentioned the things that are pretty important at this point.

40:18 -> 41:43

I’m the token cynic, huh?  So actually before I say anything, I would like to mention to the audience other projects that you might be interested in looking at: BitHalo; NotaryChains is a new project that encompasses some of these ideas of Proof of Existence created by Manuel Araoz, he is the one who did POE.  NotaryChains is a new project I think that sits on top of Mastercoin.  The issue that people should consider is that proof of existence/proof of signature: these are just really hi-tech forms of certification.  Whether or not they’re smart contracts I guess is a matter of debate.

There is another project: Pebble, Hyperledger, Tezos, Tendermint, Nimblecoin.  With Dogethereum their project is called Eris which apparently is the first DAO ever.  A DAO for the audience is a decentralized autonomous organization, it’s a thing apparently. SKUChain is a start-up in Palo Alto, I talk about them in chapter 16.  They have this interesting idea of what they call a PurchaseChain which is a real use-case for kind of updating the process from getting a Letter of Credit to a Bill of Lading and trying to cut out time and mediation costs in that process.  There are a few others in stealth mode.  So I really don’t have a whole lot to add with cynicism at this point, we can go on and come back to me in a little bit.

59:41 -> 1:02:35

The go to deficiency guy, huh?  They’re not really saying anything particularly controversial, these things are fundamentally — at least from an engineering perspective — could be done.  The problem though I think runs into is what Richard Boase discussed in — if listeners are interested — he went to Kenya and he did a podcast a few weeks ago on Let’s Talk Bitcoin #133.  I really recommend people listen to it.  In it he basically talks about all of these real world issues that run into this idealized system that the developers are building.  And as a result, he ended up seeing all of these adoption hurdles, whether it was education or for example tablets: people were taking these tablets with bitcoin, and they could just simply resell it on a market, the tablet itself was worth more than they make in a year basically; significant more money.  He talked about a few issues like P2P giving, lending and charity and how that doesn’t probably work like we think it does.

I guess the biggest issue that is facing this space, if you want issues, is just the cost benefit analysis of running these systems.  There is a cost somewhere to run this stuff on many different servers, there is different ways to come up with consensus for this: for example, Ripple, Stellar, Hyperledger, they’re all using consensus ledgers which require a lot less capital expenditures.  But when you end up building something that requires some kind of mining process itself, that costs money.  So I think fundamentally in the long-run it won’t be so much what it can do but what can it economically do.

So when you hear this mantra of let’s decentralize everything, sure that’s fine and dandy but that’s kind of like Solutionism: a solution looking for a problem.  Let’s decentralize my hair — proof of follicle — there is a certain reductio ad absurdum which you come to with this decentralization.  Do you want to actually make something that people are actually going to use in a way that is cheaper than an existing system or we just going to make it and throw it out there and think they’re going to use it because we designed [wanted] it that way.  So I think education is going to be an issue and there are some people doing that right now: Primavera De Fiillipi, she’s over at Harvard’s Berkman Center — she’s got something called the Common Accord program.  And also Mike Hearn; listeners if you’re interested he’s made about 7 or 8 use-cases using the existing Bitcoin blockchain including assurance contracts — not insurance contracts — assurance contracts.  And he’s got a program called Lighthouse which hopes to build this onto the actual chain itself.  So there are things to keep in mind, I’m sure I’ll get yelled at in a minute here.

1:23:58 -> 1:28:10

Anyone listening to this wanting to get involved with smart contracts: hire a lawyer, that’s my immediate advice.  I will preface by saying I don’t necessarily agree with policies that exist and so on; I don’t personally like the status quo but there is no reason to be a martyr for some crusade led by guys in IRC, in their little caves and stuff like that.  That’s not towards anyone here in this particular chat but you see this a lot with “we’re going to destroy The Fed” or “destroy the state” and the reality is that’s probably not going to happen.  But not because of lack of trying but because that’s not how reality works.

Cases right now are for example: DPR, Shavers with the SEC, Shrem now with the federal government, Karpeles [Mt. Gox] went bankrupt.  What’s ended up happening is in 2009, with Bitcoin for example, you started with a system that obviated the need of having trusted third parties but as users started adopting it you ended up having scams, stolen coins, people losing coins so you ended up having an organic growth of people wanting to have insurance or some way to mediate these transactions or some way to make these things more efficient.  And I think that it will probably happen — since we’re guessing, this is speculative — I think that this will kind of happen with smart contracts too.  That’s not to say smart contracts will fail or anything like that.  I’m just saying that there will probably just be a few niche cases initially especially since we don’t have much today, aside I guess from Bitcoin — if you want to call it a smart contract.

What has ironically happened, is that we have created — in order to get rid of the middlemen it looks like you’ve got to reintroduce middlemen.  I’m not saying it will always be the case.  In empirical counter-factual it looks like that’s where things are heading and again obviously not everyone will agree with me on that and they’ll call me a shill and so on.  But that’s kind of where I see things heading.

I have a whole chapter in a book, chapter 17.  I interviewed 4 or 5 lawyers including Pamela [Morgan] of different reasons why this could take place.  For example, accredited investor — for those who are unfamiliar just look up ‘accredited investor.’  If you’re in the US, in order to buy certain securities that are public, you need to have gone through certain procedure to be considered a ‘sophisticated investor.’  This is one of the reasons why people do crowdsales outside of the US — Ethereum — because you don’t want to have to interact with the current legal system in the US.  The reason I mention that is because you end up opening yourselves to lawsuit because chains — like SWARM — cannot necessarily indemnify users.  That’s legal terminology for being able to protect your users from lawsuits from third parties; they just do not have the money, the revenue to support that kind of legal defense.  Unlicensed practice of law (UPL) is another issue.  If you end up putting up contracts on a network one of the issues could be, at least in the US, are bar associations.  Bar associations want to protect their monopoly so they go after people who practice law without a license.  I’m not saying it will happen but it could happen.

My point with this is, users, anyone listening to this should definitely do your due diligence, do your education.  If you plan to get involved with this space either as an investor or developer or so on, definitely at least talk to a lawyer that has some inkling of of an idea [on this].  The ones I recommend, in addition to Pamela here are: Ryan Straus, he is a Seattle-based attorney with Riddell Williams; Austin Brister and James Duchenne they’re with a program called Satoshi Legal; and then Preston Byrne, who’s out in London and he’s with Norton Rose Fulbright.

1:52:20 -> 1:54:43

Guys look, I understand that sounds cool in theory and it’s great to have everything in the background, but the reason you have to see these “shrink wrapped” EULAs [end user license agreements] and TOSs [terms of service] is because people were hiding stuff inside those agreements.  So if you hide what’s actually taking place in the contract you end up making someone liable for something they might not actually agree to.  So I’m not sure, I think it’s completely debatable at this point.  If we’re trying to be transparent, then you’re going to have to be transparent with the terms of agreement.

I should point out by the way, check out Mintchalk.com, it’s run by guys named James and Aaron in Palo Alto, they’re doing contract building.  ACTUS is a program from the Stevens Institute, they’re trying to come with codified language for contracts.  Mark S. Miller, he’s got a program over at Google, he does something with e-rights.

I mention all of this because, we already have a form of “polycentric law” if you will in terms of internationally with 200 different jurisdictions vying for basically jurisdiction arbitrage.  Ireland and the Netherlands have a tax agreement that Facebook, Google, Pfizer they take advantage of.  It’s this Double Irish With a Dutch Sandwich.  In fact my own corporation is incorporated in Delaware because of the legal arbitrage [opportunities].  Obviously smart contracts might add some sort of new wrinkle to that, but people who are listening to this, don’t expect to be living in some Galt’s Gulch tomorrow or something like that.

For example, when you have something that is stolen, there is something called Coinprism which is a colored coin project.  They can issue dividends on stock.  The cool thing with that is, “hey, you get to decentralize that.”  The double-edged side of that is if that when that get’s stolen: people steal stuff like bitcoins and so forth, what happens to the performance of that dividend?  If the company continues paying that dividend in knowing that the person had been stolen from: if somebody stole from me and I tell the company, “hey, it was stolen” and they continue paying, then I can sue them for continuing to pay a thief.  If they stop paying then it defeats the purpose of decentralization because anonymity is given up, identity has taken place.  Obviously this moves into another area called “nemo dat” it’s another legal term talking about what can be returned to the rightful owner, that’s where the term “bona fide” comes from.  Anyways, I wanted to get that out there.  Be wary of disappearing EULAs, those have a purpose because people were being sued for hiding stuff in there.

2:10:05 -> 2:12:23

So I think everybody and all these projects are well-intentioned and have noble goals but they’re probably over-hyped in the short-run, just like the Segway was.  It eventually leads to some kind of burnout, or over-promise and under-delivering.  I’m not saying this will happen, I’m just saying it could happen.  I actually think the immediate future will be relatively mundane, such as wills and trusts kind of like Pamela was talking about.

One particular program is in Kenya there is something called Wagenitech which is run by Robin Nyaosi and he is wanting to help farmers move, manage and track produce to market to bypass the middleman.  That doesn’t seem like something really “sexy,” that doesn’t seem like the “Singularity” kind of thing that everyone likes to talk about.  But that is needed for maybe that particular area and I think we might see more of that along with PurchaseChain, NotaryChains, some of these things that we already do with a lot of the paperwork.

Again, blockchains and distributed ledgers are pretty good at certain things, but not everything.  It has real limitations that vocal adopters on the subreddit of Bitcoin like to project their own philosophical views onto it and I think that it does it a very big disservice to this technology long-term.  For example, LEGO’s can be used to make a car but you wouldn’t want to go driving around in one.  A laptop could be used as a paper weight but it’s not particularly cost effective to do that.  And so what I think we’ll end up running into a tautology with smart contracts, it’s going to be used by people who need to use them.  Just like bitcoin is.  So what we’re going to have is a divergence between what can happen, this “Superman” version of Bitcoin and smart contracts, versus the actual reality.

So for example, people say it’s [Bitcoin] going to end war.  You had the War of Spanish Succession, there was a Battle of Denain, a quarter million people fought that in 1712 and it was gold-based [financed by specie].  Everyone that says bitcoin is going to destroy fiat, if the state exists as it does today there’s always going to be these institutions and types of aggression.  I do think smart contracts do add collateral and arbitration competition and it does take away the problem of having trust in the system itself, but the edges are the kryptonite.  And always will be.  So we need to focus on education and creating solutions to real actual problems today with the actual technology and not just some hypothetical “Type 2” civilization where we are using [harvesting] the Sun for all of our energy.

Cryptocurrency in the news #23

Closing tabs.

A few interesting stories, the first of which is from The Economist, “The dollar’s sterling work.”  One notable passage from the article is, “people exaggerate the importance of the yuan. Just $0.3 trillion of Chinese assets are open to foreign investors, compared to $56 trillion of American ones. That makes the yuan a poor candidate for a global reserve currency.”

As I explored in chapter 13, Bitcoin adopters who continue to claim bitcoin will become a reserve currency usually do not understand how or what foreign currency reserves are.  The Chinese RMB, not bitcoins, has a more probable future as a reserve currency and as discussed by The Economist and others cited in chapter 13 (such as Patrick Chovanec), this is not going to happen anytime soon for the RMB, if ever.

I also recommend reading through “Inside Visa’s Data Center” published last year to give you an idea of the quality and security of their network.  Significantly different (42 firewalls, mirrored center in Midwest) than the cartoon caricature that some vocal “decentralize the worlders” claim it as.

Thanks to Izabella Kaminska and others for a couple of the links.


Some costs and pictures of Bitcoin mining in China

Jake Smith has another good article / overview of a large Bitcoin mining operation in China, “Inside one of the world’s largest bitcoin mines.”

The article states that this operation’s output is roughly 5% of the entire network hashrate and the electrical costs for it are about $1 million per month.

A couple guys on reddit did the math and came up with these other two numbers:

  • $1 million electric bill per month = $33000 per day/$500(price of btc) so they need to mine 66 btc/perday just to cover electricity.
  • If they have 5% of the network, then it’s 3600*0.05 = 180 bitcoin per day, or about $90k.

So they are generating $90,000 in revenue per day yet fully 1/3 of the costs are soaked up by electricity.  Note: Last month, the  bottom line price at a farm like this, to “create” a bitcoin was 2700 RMB ($444).

What this means is that if this is the most efficient set up possible (economies of scale via low labor costs, quick installation from manufacturer, relatively cheap land prices, relatively competitive electrical rates) then to power the rest of the Bitcoin network with similar data warehouses, the global cost for electricity alone would be around $240 million a year.  Obviously this may not be the case as each geographic region and jurisdiction have several variables that could impact and move this final amount up or down, yet that is probably a relevant range.

Similarly, the hardware costs would likely double, triple or perhaps quadruple the costs as well.  Add on costs of maintenance (things break), rent, etc. and this pushes the world wide costs of bitcoin mining upwards into the $1 – $2 billion per year range, which as copiously detailed in Chapter 3, is what theory predicts (MV=MC).  This does not also take into account all the various exceptions to the rule of miners mining at losses to get “virgin” coins, or researchers externalizing costs onto government run computers, etc.

This dynamic could change as market prices for bitcoins fluctuate, see further discussion from Dave Hudson on this.

Dave Hudson explains Bitcoin mining hash rate statistics

Over the past several months I have had a number of conversations with Dave Hudson, proprietor of HashingIt.com; some of these quotes ended up in the book.  A couple months ago he became the VP of software development over at PeerNova; he also has a strong background in both chip design and network graph analysis.

Last week he gave a presentation at the Bitcoin Dev meetup in San Francisco (special thanks to Taariq Lewis for hosting it) where he explains, in minute detail, how to differentiate between noise and signal when analyzing changes in hash rate.

The deck of the presentation is here.  I think his discussion covered on slides 26-30 provide a very cogent argument for what I discussed on page 32; if I update the book I’ll be sure to include his analysis because it is the most probably explanation.

I highly recommend the entire hour long lecture because it is probably the best single source of non-partisan analysis of what mining as a statistical process looks like and why it has evolved to look the way it does today (especially around 43:00m regarding incentives for pooled mining).  His proposed solution, by staggering a hard fork over a period of time to increase block confirmation times by 5x is also interesting because it looks like it may be incentive compatible for current miners, farms and pools to implement.

Below are some transcribed portions starting around 12:00m regarding an explanation for hash rate estimations (slide 26 and 27):

So the other thing that is interesting of course about a logarithmic plot is that if you actually plot a straight line on a logarithmic plot you can actually see if you are seeing an exponential expansion.  There was a period of time where that was almost a straight line.  In fact if you look at the statistics from the end of last year and the early part of this year it was pretty much a straight line; we were seeing a straight logarithmic expansion.  But now in fact, that is slowing down, so in fact there is actual slow down in the hash rate.  And that is likely to continue until there is a significant change in the technology of that is implementing the hashing.

So we’ve reached the limit pretty much in terms of process technology for ASICs.  There are a couple of nodes left that, I have not talked about it in this but there is some stuff on the blog.  We are in 28 nanometers now there is some room to go in 28nm but it is not a huge amount.  The reality is we can get to state-of-the-art around 14 to 16 nanometers and then we are just waiting on the fabs to be able to move to something better than that.  So the amount that we can actually gain from just process technology is diminishing significantly.

The other problem is that from a power efficiency perspective, the power efficiency just doesn’t improving at the same rate it was before.  When you can jump and leverage many years of the process improvements in the course of one generation of ASICs and go from 130 to 65 to 28 then you can see dramatic improvements and dramatic improvements in the power efficiency.  That’s just not possible when you start getting out to 28.  So yes, you can put more capacity online but the amount of power that it is likely to take will go up much more dramatically then what we’ve seen in previous generations.  So this is leading to a slow down.

The other thing of course is you can look at the block mining reward and say ‘well most of the funding for this sort of hash rate expansion has to come from the block mining rewards.’  And given that there isn’t a massive spike in bitcoin price which is driving the ability to pay for more hardware then you’re not going to see those sorts of huge increases.  There is certainly the capacity to do that, if the price of bitcoin were to go up by a factor of 5 then there is a lot more money available for people to throw at hardware and throw at operational costs.  So there is scope for that.  But while things are actually relatively static then things are going to slow down, so we’ll see some slow down.

A month later, what is happening with cryptocurrency mining in China?

I am not one to continually update books, but, since this space is very dynamic I reached out to one of the experts in China, “Bob,” who helped me with chapter 5.  Bob works with large Bitcoin mining farms, specifically helping them source energy but also helps procure mining equipment too.

Here are some of his comments:

I think the value per gigahash is difficult to define. Chip Maker. Assembly. Operator. Electricity Provider. Pool.  Those are five distinct industries. I believe the hashing contracts that you hear about includes one year of electricity and all of the above.  Whereas most mining businesses quote mining solutions to operators who need to buy the machines.  I think it’s not easy to lay out the relationship to a new reader, but at the same time you have to avoid confusing different segments of the mining industries who are normally just concerned with their one segment. A tough middle road.

For instance, earlier today, Guy Corem, CEO of Spondoolies Tech, an Israeli-based Bitcoin mining manufacturer posted several comments on Bitcoin Talk:

We do have large customers. The real threat is that one self-mining ASIC provider will be able to produce a killer ASIC.
Everyone of them are trying. Buying from them help their deployment and R&D efforts. As I wrote short-term gain, scarifying the long-term.

Continuing Corem states:

Spondoolies-Tech have clear technological advantage now. We have much more impressive 3rd and 4th gen under development.
I think that if we wanted to raise funds for mega farms, BitFury style, we could have done that.
KNC is doing that right now for example. So are other players.
BitFury doesn’t need to do that, but fortunately, they are very delayed with their next gens.

I don’t think it’s good for the Bitcoin ecosystem at all.

KNC has proven track record of treating the ecosystem as a retirement fund.
CoinTerra switched to self mining (and selling unprofitable cloud contracts) and exchanges to fiat heavily on the open exchanges, exactly like KNC.
BitFury at least has the sense not to exchange in the exchanges (selling at 5% markup for high net-worth individuals who wants newly mined coins), but BitFury have unclear past and are partly responsible for the CEX.IO fiasco. I don’t think they can be trusted not to harm the ecosystem.

And another notable comment:

Not desperate at all. Just analysed and know all the known competition cost.

The trend is clear if you remove BitFury 2 last DCs (June and August): http://bitcoin.sipa.be/growth.png
At current BTC price and their machine cost, they’re almost loosing money at Georgia and Iceland.

btw: They didn’t need the $20M they raised. I can’t elaborate more.

BitmainTech margins are very, very low.

ASICMiner is selling almost at cost to recoup their $6M wafers gen3 investment.

Cointerra is also probably loosing money on their 1st gen. Their 2nd gen won’t arrive until Q2

Should I continue ?

Please quote this message one month from now. Let see how the growth graph will look.

For comparison, I reached out to Bob and asked him his thoughts on what Corem was stating.  According to Bob, in terms of Chinese manufacturers switching to self-mining:

They’ve already been doing that for the past two months. But not mining themselves, they’re all into coop mode now. The manufacturers issue the machines. The site operators invest on the sites. They split the income between them.

Spoondoolies is no bitmain tech nor bitfury. But those guys have a good chance of being no.2 if either of these guys slip up. Their chip design is highly competitive, they just need a strong hook up to a manufacturing partner in shenzhen.

A lot of the claims in the thread are exagerrated. It is fair play though I think. The fud points I see there are the centralization claims and the mining is more profitable than selling. Retail consistently overestimates the production value which means that as long as your pricing strategy is good, your machines often never ROI. Would you rather sell something that doesn’t ROI or have your capital locked up for the next 6 months?

Spoondoolies is a rare case in that they still have a lot of clout to rely primarily on pre-selling their gear, which means their product might still be quite profitable for the buyer when it comes out. So to them it seems like it is more profitable to self mine, but the fact of the matter remains that without cheap pre-orders, they don’t have the money to start a production run.

And for perspective, to give you an idea of how important this space is in China, be sure to see this new summary, “The 2nd Private Meeting of Bitcoin Mining Industry in China” from Bitell.  It will be interesting to see how many manufacturers and farms can stay afloat while market price hover above cost of production for more than just a few months.

Cryptocurrency in the news #22

Closing tabs.

Two things:

1) I contacted Wedbush Securities about their new report and asked them what their citation for their first point regarding payments was.  They responded by saying they used the Blockchain.info transactional volume chart.  The reason this is interesting is because based on the past 8 months, that chart does not actually support their argument.  Perhaps this will change in the future, but it may not.

2) I have a short article about the unseen costs/subsidies in the mining space, it is mostly a rehash of chapter 3.  I suspect that once we have “Peak Hashrate” prior to the next block reward halving in 2016, some of the hand waivers will begin to realize what the real costs of securing and transacting is: How many bitcoins does it cost to maintain the Bitcoin network?

Jae Kwon on other economic attack challenges

Apropos the responses of BINO and the other responses to Downplaying Risks, Jae Kwon (author of the Tendermint protocol) pointed to an interesting thread on Reddit:

How to double spend PoW coins for fun and profit.

You don’t even need major pools to subvert the security of the blockchain and double spend.

Let’s say that you want to doublespend a transaction that was included at height H. Simply put out a bounty for more than the mining reward for the first miner to mine an alternative block at height H. Then, you reward the (traitor) miner on the existing blockchain. As long as the instigator is trustworthy, rational greedy miners would switch because the expected reward is higher. Then you do the same for height H+1 and so on, until the fork wins.

Jae also had some more comments related to blockchain forks and he gave me permission to have them reposted:

I actually wrote a prototype of an exchange engine, and the hardest part was dealing with logic pertaining to block chain forks.  It’s just so easy to get wrong, and it’s not even clear when a transaction should be deemed “irreversibly committed”.  So I ended up having to write tricky edge cases, where, I can imagine bugs can emerge.  This isn’t something that will connect with most users, so I doubt that people will even “get it”, but my assessment is that Bitcoin has these fundamental design issues that may end up hurting its adoption rate compared to other designs..

Another thought is that we probably want  to see a multi-coin future where no single coin has global dominance.  If you want a future with many multiple competing cryptocurrencies, then you probably want to get away from a consensus algorithm that relies on energy.

And in terms of the speculation surrounding the Ethereum team working together with the BitShares team and potentially using Delegated Proof of Stake (DPOS), Jae thinks that:

I don’t know enough about BitShare’s DPOS scheme to list specific vulnerabilities, but here’s a rule of thumb that I use to evaluate consensus algorithms:

The amount of value at stake that is lost in the event of a fork is roughly the amount of security afforded.

In the PoW vulnerability that I mentioned, what is at stake is the electricity spent mining blocks.  Large transactions need to be vetted by waiting a proportional amount of confirmations, potentially much longer than the original 6 confirmations as cited in Satoshi’s paper for transactions over hundreds of BTC.

In any delegated PoS model, if Carl can delegate his stake to someone without the risk of losing that stake, then Carl can be bribed by Malory to delegate his stake to Malory’s puppet account.  On the other hand if Carl can lose his stake in the event that the delegated signer does something bad (e.g. enable a double spend by forking the blockchain), then Carl probably wouldn’t want to delegate his stake to anyone, and instead would opt out of the consensus process or become a validator himself.  For this reason I don’t find delegation models to be very interesting.  It may provide some utility as long as delegated coins are “at stake”, but the foundational consensus algorithm (minus the delegation part) must be secure first.  Delegation cannot fix a broken algorithm.

Lastly, Peter Todd suggested that I emphasize that there is a difference between hard forks, soft forks and SPV soft forks.  Last fall Todd wrote an overview on this titled On soft-forks and hard-forks.

Robert Sams on rehypothecation, deflation, inelastic money supply and altcoins

The Bitcoin Foundation held a conference in Amsterdam back on May 15-17.  The video of the events was not uploaded until recently.  The one below covers the panel on economic theory.

Panel: Robert Sams (Founder, Cryptonomics) Robin Teigland (Associate Professor, Stockholm School of Economics) Peter Surda (Economist, Economicsofbitcoin.com) Konrad Graf (Author & Investment Research Translator) and moderator Jon Matonis (Executive director of the Bitcoin Foundation)

Over the past several months, Robert Sams has helped act as a non-partisan sounding board to discuss these issues as I did research on these topics.  He also recently launched a start-up in this space called Swiss Coin Group which acts as a liquidity counterparty (see also SCG’s announcement video from Coinsummit last month).

I finally had a chance to watch the panel on economic theory of Bitcoin (above) and below are some transcribed portions of comments by Robert Sams.

Regarding the ‘regression theorem‘:

The idea that something needs to have some underlying use value before it can gain liquidity and become a medium of exchange, first of all it has always struck me as not a derivation of logic and therefore not a theorem but an empirical hypothesis and one that I think that the very existence of Bitcoin has conclusively falsified.

On competing altcoins being sorted out:

I think eventually there is only room for a handful, 3, 4, 5, maybe ten competing cryptocurrencies.  Each filling a niche that satisfies some area of demand, some might have a richer scripting function for smart contracts, one might be embedded in a different kind of protocol.  So there is definitely room for multiple currencies but the very nature of hash-based proof of work, where the security of the network is arrived at by people literally burning money is one that can’t be evenly distributed over a large number of alternative cryptocurrencies.  It’s what you see, eventually most of the altcoins will fail and people will stop mining them, they won’t have any exchange value.  But there will still be room for quite a few.  And you already see it in the distribution of the market capitalization of these things, they follow a power law and I would expect that to continue.

What about altcoins in local communities?

That’s an interesting question.  I think the more local the currency becomes the harder I think it is to use hash-based proof of work as a solution.  Although other types of distributed consensus mechanisms could be used.  Because if as a community currency the overall monetary value of that thing is going to be much much lower, so the amount of seigniorage that comes from the mining award to reward the miners is much lower, so the amount of electricity that is spent securing it, it is something that will be alot easier for someone on the outside to attack it if they wanted to.  On the other hand, the incentive of attacking some small community currency might not be there, so not much of an issue.  So it’s an open question.

Thoughts on fractional reserve banking with bitcoin:

I don’t think it is actually possible to construct fractional reserve banking within Bitcoin.  Because fractional reserve banking, especially in the modern era, it’s one of the great scandals of modern finance is based on an illusion — this 1:1 fungibility between bank deposits and cash.  And you can do that in the conventional analog world because you have this whole institutional framework of deposit insurance, lender of last resort function of the central bank, you can bail out the banks if they fail in order to maintain this illusion that a loan to the bank — an unsecured loan to the bank which is basically what a bank deposit is — is the same thing as cash, and they are not.  And there is not anyway within the crypto space to express such an arrangement.  Sure there will be lending done in Bitcoin, I was talking to a guy last night who is doing just that, that’s fantastic.  But the relationship between the lender and the borrower isn’t one of “well I had some ownership of a pool of loans to people” — that’s something that has a floating net asset value.  It is not treated as a cash equivalent, I can’t use it as a medium of exchange or maybe I could but it would be a medium of exchange that trades like a credit instrument rather than risk free cash.  So I don’t think its even possible to express fractional reserve banking in bitcoin and I think that’s a good thing.

Konrad makes a really interesting point about trusted fourth parties and trusted fifth parties.  You know, it’s not just about being fractional reserve banking, the bank deposit versus cash, it’s about all assets within the financial system: the clearing banks, custodians — also play a fractional reserve-like role.  Most people don’t realize that.  Securities that are on deposit with a custodian bank can be lent out to those who want to sell them short; bonds, the same thing happens.  So that something that is called rehypothecation, these assets get lent and relent and relent, they multiply throughout the system.  So like some particular bond that’s in the system, there might be $2 billion of it outstanding, but the actual quantity of people who own that bond on their balance sheet is like a factor of 10 times that.  It’s just like the multiplication of base money in the banking system and the whole thing creates a systemic instability because the lack of clarity about this relationship between the guy who is entrusted his assets for safe keeping in some clearing bank and exactly do what that clearing bank can do with it.  Now the theory you think that it is governed by the law and the like but when Lehman bankrupt, there were a lot of fund managers and hedge fund managers who didn’t actually realize that their clients money which was supposed to be in a segregated client account was actually rehypothecated and they had to queue up in the bankruptcy courts in order to recover that money.  And one of the things that crypto does is make the sure technical nature of the transference being done by digital signature means that there is no way that you can create these rehypothecation arrangements without making them explicit.  And I think that is great.

Would you take out a 5 year loan in bitcoin knowing you had to pay it back in bitcoin?

No.  Well, it depends, I guess if I were selling it short.  But no.  If there was a lending market in bitcoin its most likely to flourish initially as being something that’s denominated in fiat money rather than nominal bitcoin.  Unless the borrower is using it as a vehicle to speculate on a climb in the exchange rate.

On deflation:

I think the deflation criticism of Bitcoin is usually misguided, it usually comes from the economics profession.  The arguments that are made don’t really apply because, the arguments about sticky prices (good’s prices fall faster than wages), about balance sheet effects of debtors being punished because an increase in the purchasing power, none of those really apply in Bitcoin because bitcoin isn’t yet a unit of account.  Contracts and prices are still priced in the fiat currency and expressed in bitcoin by reference to some exchange rate.  So the traditional arguments like, “is deflation is a bad thing” don’t really apply in a bitcoin world.

There is a different reason for why we maybe should be concerned about the appreciation of the exchange rate because whenever you have an economy where the expected return on the medium of exchange is greater than the expected return of the underlying economy you get this scenario, kind of like what you have in Bitcoin.  Where there is underinvestment in the actual trade in goods and services.  For example, I don’t know exactly how much of bitcoin is being held as “savings” in cold storage wallets but the number is probably around $5 billion or more, many multiples greater than the amount of venture capital investment that has gone into the Bitcoin space.  Wouldn’t it be a lot better if we had an economy, where instead of people hoarding the bitcoin, were buying bitshares and bitbonds.  The savings were actually in investments that went into the economy to fund startups, to pay programmers, to build really cool stuff, instead of just sitting on coin.  I think one of the reasons why that organic endogenous growth and investment in the community isn’t there is because of this deflationary nature of bitcoin.  And instead what we get is our investment coming from the traditional analogue economy, of venture capitalists.  It’s like an economy where the investment is coming from some external country where Silicon Valley becomes like the Bitcoin equivalent of People’s Bank of China.  And I would much prefer to see more organic investment within the cryptocurrency space.  And I think the deflationary nature of bitcoin does discourage that.

What about issuing coins after 21 million limit, that would be called Keynes coin?

I wouldn’t call it Keynes coin, not just because of the marketing but conceptually I don’t think it would be either.  This is controversial and difficult.  There are algorithmic, distributed ways of working within cryptocurrency protocol to change the money supply in proportion to the change in its exchange value.  And that can be done, it doesn’t require a central bank, it doesn’t require some cabal of guys deciding what the monetary policy can be, it can be done completely anarchic and distributed way and it would have the property of stabilizing the price of cryptocurrency.

I think the issue if should you have more elastic supply or not it just really comes down to the fact that if you have a fixed supply of something, the only way that changes in demand can be expressed is through the change in price.  And people have expectations of increased demand so that means those expectations, expectations of future demand get translated into present day prices.  And the inelastic supply creates volatility in the exchange rate which kind of undermines the long term objective of something like cryptocurrency ever becoming a unit of account.  And forever it will be a medium of exchange that’s parasitic on the unit of account function of national currencies.  So I do think the issue does need to be addressed.

Audience question on 100% reserve versus fractional banking:

There is a movement underway in the economics profession called limited purpose banking or 100% reserve banking.  It’s not just in the cryptocurrency world that we criticize fractional reserve.  Even Mervyn King before he left his chairmanship with the Bank of England he suggested that this is something that we should look into.  So yes, it is quite possible, there could be consensus — broad base consensus — around taking away the banks ability to create private money.  What do we use to replace that, one side of the argument is going to be that the banks should take the role of issuing the currency they just have to have 100% reserves and ‘gosh those things should be risk free government bonds.’  I think there is an alternative argument that can be made from the cryptocurrency space is that we don’t actually need the banking system to fulfill those functions at all.  And the demand for some medium of exchange in the absence of bank created money will be met spontaneously within the cryptocurrency space.

Audience question, does buying bitcoin and holding them benefit the community?

It’s an interesting question.  I don’t think so.  You could argue indirectly the fact that people buy and hold bitcoin, the price goes up and that attracts all the interest into this space and to some extent that’s true.  So yes, it does provide some investment.  But I think it doesn’t provide as much investment as would be the case in the alternative world where Satoshi implemented the exact same thing but had a different money supply rule.  My view counterfactual is that we would actually see a lot more underlying economic activity in the cryptocurrency space and a lot more investment.

Cryptocurrency in the news #21

Closing tabs.  Links do not constitute an endorsement of the service or coin.

Downplaying statistically possible double-spending risks

My LTB article yesterday spawned a number of comments.  A few notable ones are discussed below.

One interesting proposal came from Zooko Wilcox O’Hearn (inventor/innovator/guru):

One thing that you could do to strengthen this argument is to broaden the discussion of “things a Dominant Miner (or coalition of miners) could do” from just double-spending.

From the perspective of a Dominant Miner who wants to maximize profits, there are a lot of downsides to double-spending as a strategy. To double-spend profitably requires victim-specific manipulation surrounding the double-spent transaction itself. Double-spends are eminently detectable by the public. They defraud a particular set of victims, who are motivated to defend and retaliate. Finally, double-spends also dramatically demonstrate to everyone else that they are in danger of being defrauded in the same way. This could galvanize opposition.

What else could you do if you were a Dominant Miner or a coalition that collectively has dominance? (Note: I’m saying “Dominance” instead of saying “51%” here because of the “self mining attack” from Sirer et al. which allows effective dominance at 34% with some assumptions.)

Another possibility would be to start giving a 50ⓑ reward to the miner instead of 25ⓑ (or 12.5ⓑ), every 10th block. This would increase the rate of wealth transfer from all holders of Bitcoin to the miners, but it would be a small cost against any individual holder of Bitcoin, thus taking advantage of the “dispersed costs and concentrated benefits” effect to blunt opposition.

It would also be hard to oppose this with any patch to the protocol. Instead, the opposition would probably simply have to effectively abandon the concept of mining and adopt a centralized+federated model, like Ben Laurie’s design for a Bitcoin alternative (http://www.links.org/files/dis… ), the “Sovereign Keys” design from Peter Eckersley (https://www.eff.org/sovereign-… ), the “Agile Tokens” idea from Joe Bonneau (https://docs.google.com/docume… ), etc.

Basically, a handful of the largest Bitcoin companies (in terms of number of users and in terms of amount of Bitcoin controlled) would agree to form a coalition to sign the blockchain, to refuse to sign blocks that violate certain rules (such as the size of the block reward differing from the original Satoshi plan), and to use Bitcoin clients that treat signatures from a majority of that coalition as over-riding the “longest chain” rule.

This is perhaps the protocol-layer change that matches the business and governance layer change which you’re suggesting (embracing the trusted third parties who represent large numbers of users).

If the opposition couldn’t muster that massive, system-wide change and bring a critical mass of the economy along with them, then instead the Bitcoin (BINO) economy would settle into the “new normal” where miners effectively get to choose the rate at which they siphon wealth from Bitcoin holders.

There are even subtler attacks that a Dominant Miner could do. Here’s one that is so subtle that it may even be below the threshold of unambiguously detectable: start requiring an extra “transaction fee” as a side-payment directly to you (not to “whoever mines this transaction first”), and discriminate against payers who refuse to play ball. Your discrimination could even include small forks, e.g. starting a fork one block back from the current head because the current head has a transaction from one of your intended victims who didn’t pay you the side payment. Those are more detectable, but you may be able to do only a few of them to prove the point to your victims without exposing your existence to the world.

You might be able to get away this while staying completely under the radar — effectively extorting a few of the richest and most vulnerable payers while maintaining deniability or even secrecy from the public. You can layer on the secrecy and extortion by punishing your victims if they try to expose you, or if you detect that they have attempted to evade your net by submitting their transactions directly to other miners (not part of your coalition) without first paying you your extortionate extra transaction fee.

Ghash.io appears to have indicated a possible future strategy that would be compatible with this extortion, when they announced escrow, micro-payment aggregation, and low- or no- confirmation transactions in the same breath as admitting to controlling 51% of the mining power: https://ghash.io/ghashio_press…

I haven’t spent that much time trying to figure out all the evil things that a Dominant Miner could do, so there may well be other strategies available beyond these ones.

P.S. I got the “big players sign the blockchain” idea from L.M. Goodman. The Tezos inventor, not the journalist.


Stephen Gornick (@bitcoinminer), who actually emailed me a few things back in April about ArtForz, disagreed with my position stating:

Tim, you ignorant slut.

That’s like saying that to rob a bank you simply just get yourself inside the bank vault, stuff your bag full of the loot, and voila — you’ve robbed a bank! Double spending of confirmed transactions, too, is just not that simple.

Just having 51% of all mining capacity that exists doesn’t help you until you apply that capacity to a separate, private fork of the Bitcoin blockchain. Additionally to succeed a number of conditions need to exist and certain actions taken need to have a successful outcome.

To begin with, let’s consider that a pool (or cartel of pools) wants to attempt this attack. Doing so will be something nearly instantly obvious to anyone observing the blockchain. Suddenly blocks on the Bitcoin blockchain begin taking at least twenty minutes (as at least 50% of the hashing capacity has stopped mining on the public blockchain) and, coincidentally, none of the new blocks solved will be solved by the attacking pool (or cartel members). This is because the hashing capacity they have available will be used for mining on the private fork.

Now with most medium and larger Bitcoin businesses (e.g., exchanges, payment processors, hosted E-Wallets, etc.) there are business rules that complicate things for the attacking pool (or cartel). What the attacker wants is to be able to succeed at double spending. This is attempted by sending one transaction on the public Bitcoin blockchain and including a double spend of that transaction on the attacker’s private fork of the blockchain. The attacker would need to do this, upon commencing the mining on the private fork, immediately by sending transactions on the public Bitcoin blockchain with large amounts of coins going to exchanges, E-Wallets, and other targets. This attack only works if these exchanges, E-Wallets and other targets actually credit the attacker’s account for those Bitcoin deposit transactions once they confirm and then in turn also allows those newly deposited funds to be withdrawn in another form of value that too is non-reversible. So after the attacker broadcasts the first transactions a waiting game begins. With less than 50% of the hashing capacity remaining on the public Bitcoin blockchain, more than two hours will pass before the attacker’s transactions will confirm (assuming six block confirmations).

So, for this attack to be successful:

– Individuals and organizations doing the hashing work for the attacking pool (or cartel) need to continue doing the hashing work even though the signature of an attack underway is apparent (due to blocks slowing to 20 minutes each and none of them are from the leading pool or cartel members).

– Exchanges, payment processors, and hosted E-Wallets actually credit the attacker’s accounts with these large deposits, allow these funds to be converted to some other form of value, and then the value post-conversion be withdrawn (e.g., sell bitcoins, buy litecoins and then withdraw them).

If the attacker can’t get the non-reversible funds out of the exchanges, payment processors, E-Wallets, etc. then ultimately that’s a failed double spend attempt — regardless of how many confirmations the Bitcoin transactions that were “reversed” had gotten. That’s probably why Gavin Andresen suggested 120+ confirmations as the number necessary for a “huge amount of value” [where you don’t have recourse]: http://thegipster.blogspot.com…

A response to Gornick

Generally speaking today, Gornick is correct: executing a double-spend attack is not a trivial task and on the surface might not be economically feasible (this is assuming that an attack costs more than what will be gained).

However, economic feasibility is a floating target: an attacker might execute it at a loss, because a target’s competitor compensated for the difference.  An attacker might also execute it to create market panic, while holding leveraged short position in BTC.
I am not saying that the double-spend problem is a mortal blow to the Bitcoin model, it is just one of many things that are downplayed by some Bitcoin proponents (as an aside, three months ago, Gornick incidentally argued that 51% attacks on Dogecoin were relatively trivial).  Yet as Zooko pointed out above, having more than 25% of the hash rate is a problem (which I discuss at length in chapter 6).

It also bears mentioning that in that same article I actually did mention a long wait workaround (tens of confirmations), and that actual attack with small number of confirmation actually happened at least once, when a user on GHash.io attacked Satoshi Dice last November.

Additionally, even with 5-6 confirmations, a double-spend is still possible with non-negligible success rate with something like 30% of hash rate.  For instance, in chapter 14, I point out that Greg Maxwell, a Bitcoin core developer, created a probability of attack success calculator that illustrates the concern of one entity having certain large portions of the hashrate and its ability to successfully conduct a double-spend attack:

  • 40% of hashrate, successful probability of ~50%
  • 49% of hashrate, successful probability of ~96%
  • 51% of hashrate, successful probability of 100%

And a hash rate failure of 30% will not be immediately visible on short intervals because block timings deviate.  So basically if I make a series of deposits and withdrawals, and my fees are negligible, there could be a non-negligible amount of profit (though in a 30% attack, and 13.2% success rate, the cost of lost opportunities might be higher).

Most businesses have some mitigation mechanisms in place (e.g. multiple confirmations).  These mitigation’s hopefully lower the risks enough, for these businesses to exist.  Yet the attack is probabilistic by definition, Gornick implies that in his current situation this attack will not make money for an attacker.  But this is not so straight forward.  Let us assume that Bob can double-spend and that it will cost him 1000 BTC, but Bob will only recover 800, so he is at a 20% loss if this attack plays out.  However, he could find another party (Alice) that wants to inflict a 1000 BTC damage to Bob’s target, and pay Bob 200 BTC (e.g., if Bitfinex wants to ‘attack’ BTC-e, they could spend 200 bitcoins to inflict 1000 bitcoins in damage).

If and when bitcoin-based ETFs are approved, short-term sabotage and other types of economic attacks on network participants (pools, exchanges, large merchants) could
be executed if there was an option to create a short big enough with a reliably trusted counterparty.  It could even become formalized through multisig and smart contracts — a “51% attack contract” (to my knowledge, Virgil Griffith is the one who suggested this first).

Other comments

Anton Bolotinsky (a developer) suggested that “Proof of Idle” probably has at least one vulnerability:

The part with “I’ll pay you if you don’t mine” is exploitable by unrelated miner which starts mining and invalidates payout for others. And proof if mining capacity: me and my friend collude, and we both show twice the capacity we actually have. If I have a lot of friends, we show enormous hashing capacity together. Basically, if my friends and I, each has 1Th/s, I show 1*number of friends, and each of my friends show 1*number of friends. To disprove, system will have to force us to mine in parallel.

Jae Kwon, author of the Tendermint whitepaper, posted another possible attack on a blockchain such as Bitcoin:

You don’t even need major pools to subvert the security of the blockchain and double spend. Let’s say that you want to doublespend a transaction that was included at height H. Simply put out a bounty for more than the mining reward for the first miner to mine an alternative block at height H. Then, you reward the (traitor) miner on the existing blockchain. As long as the instigator is trustworthy, rational greedy miners would switch because the expected reward is higher. Then you do the same for height H+1 and so on, until the fork wins.

A few readers may also be interested in a short debate between myself and Peter Todd on Twitter yesterday that covers economies of scale and killer apps.

Why do prices fluctuate?

Yesterday I was asked by CoinDesk for some comments on the recent drop in bitcoin prices.  At first I referred them to a good friend, Raffael Dannielli, who I worked with in China and who helped me on all three of my books.  Raffael wrote a very interesting post yesterday about margin trading squeezes: Bitfinex: cascading margin calls resulting in flash crash

Later I sent CD some comments for a new article they published moments ago.  They were not used, but may be of interest to readers here.

Why did prices fluctuate?  Making a testable hypothesis with prices is a crap shoot.

For example:

Hypothesis: “Prices declined because of negative news”
Test: “Look around for negative news”
Falsifiable: “Yes”
Potential falsification: “Finding bad news”
Truth status: “False” (there is bad news)

But it’s unclear if the news itself is leading it because it is hard to quantify and qualify; how do we know it is not manipulated via coordination by whales, Willy bots or exchanges?  And complicating matters, in the example above, you could do the same kind of “test” with good news.

Prices fluctuate and then news organizations try to make sense out of it by assigning news events to it to justify the movement, thereby ignoring that at the point of the price fluctuation there is often contradicting news.  However, in retrospect due to time constraints news organizations are left with presenting the news that “makes sense” to justify the price movement.  This does not mean that news has no influence, it is just that the market moves really fast in incorporating events. Even events that have not been reported in the news or are out of the spotlight for some reason.

This is one of the reasons why Coinometrics is trying to spearhead the Compare The Exchange (CTE) transparency effort, by surveying exchanges to find out what kind practices they implement.  Despite enormous amounts of scams and thefts over the past several years, the counterparty risk for Bitcoin exchanges is huge.  In one study published last year, between 2010-2013, 18 out of 40 exchanges shut down, some of which absconded with customer funds. And it does not seem to go away by itself: as long as an exchange has volume people will go there to trade and the exchange will have no incentive to improve.  One example is BTC-e, even though its management is obscure, people go there because of the volume.  As long as people still trade at them, exchange managers have no incentive to change.

While it is unclear what immediate impact regulatory compliance proposals such as Bitlicenses from New York may have on exchanges (e.g., are all fiat-based exchanges depository institutions?), in the long-run the first two generations of exchanges may be living on borrowed time. That is to say, if the first generation was Mt. Gox and, 2nd generation exchanges are Bitfinex and Bitstamp, then the rise of a 3rd generation, potentially regulated or consortium of “self-regulated” exchanges, could eventually implement some of the suggested CTE “best-practices.”

Cryptocurrency in the news #20

Closing tabs, below are some stories and links that at least tangentially intersect with this space.  Also, great post by Richard Brown: A simple explanation of fees in the payment card industry

Bitcoin’s PR challenges


Source: agmarketing.com.au

What kind of feedback has my book received over the past week?  Here are a few threads on reddit:

I am called any number of names on these threads and stylistically was equated with “Gish Gallop” and a “word soup” thesauri.

Hass McCook (“Bit_by_Bit”) weighs in at one point in the first thread saying that these claims are only valid in August 2014.  McCook had similar sentiments as noted in Chapter 3.  However, no word on the MV=MC issue that was brought up in that same chapter, it will always apply no matter what the efficiency of the mining equipment.  This cost basis was also independently confirmed by a miner.

Today a friend pointed to a new post by Mircea Popescu which takes aim at me (not my book): “No, you don’t have something to say on the topic.”  In it he claims I am a “boneheaded teenaged male approach to learning.”  Not a word about the marginal costs of mining.  In fact, he also claims that there is no data “per se” in the book which is curious since there is actually a lot of data in the book.

This is a common rejoinder; some vocal advocates not looking at actual data from the blockchain.  In some ways their timeline looks like this:

  • 2007: First lines of BTC code written
  • 2008: Whitepaper revised and published
  • 2009: Blockchain put into production
  • 2009 – 2014: data created, but the only valid data is fiat prices, the rest is not real data “per se”

Other responses

Aside from the ad hominem’s above what has been the criticism?

Peter Surda, a researcher, disagreed with my points on inelastic versus elastic money supply but didn’t go into many details in a short email exchange.

I received a number of encouraging emails from a variety of readers and was named one of thirteen “Big Thinkers” in this space, though I doubt some of the other candidates would like me to remain in company with them.

I have had some responses with a couple others, including L.M. Goodman (creator of Tezos), on Twitter this past weekend — though this is largely unrelated to the book itself.

What does this mean?

Partisanship may be impacting scholarship, especially the Myth of Satoshi variety.

No, Leah Goodman did not uncover who Satoshi was.  But one thing was clear from that episode in February was that some partisans do not want the individual who created Bitcoin to be taken down from the pedestal they have put him on; they want their caricature to be immutable.  Just like some historians have tried to revise history to make their heroes look impeachable, so to has the veneration of Satoshi.  If Bram Cohen had anonymously released BitTorrent a decade ago, would BitTorrent have had a similar following due to its mysterious beginnings?

I hold no ill-will to the person or group that comprised Satoshi, but it is clear from the evidence cited in chapters 9 and 10 that he, she or they did not consult an actual economist or financial professional before they created their static rewards and asymptote money supply.  This is a mistake that we see in full force today in which the quantity of money available has shrunk due to theft, scams, purposeful burning, accidental destruction, etc.  Satoshi recreated a deflationary inelastic economy and much to the chagrin of the self-appointed purity police, it is not being used the way he expected it to (actual commerce) and is instead being used for things it is relatively useful for (e.g., donating to Wikileaks, gambling).

What other economic and environmental issues are still being ignored?

Jake Smith, creator of Coinsman recently published a new article on mining in China.  Yet despite being, in his own words, a “true believer” and interviewing other “true believers” in the mining space, he missed the unseen calculation, the economics of extracting and securing rents on this ledger unit which consume scarce resources from the real economy.  This is not something that it is unknown, there is an economic formula to explain it: MV=MC (as described copiously in Chapter 3).  There is nothing magical or mysterious about mining as other people in the reddit thread point out how mining is currently an environmental albatross or as Fred Trotter dubs it, a “black hole.”

Moving forward

Today the Consumer Financial Protection Bureau (CFPB) issued its Consumer advisory: Virtual currencies and what you should know about them.  The advisory (PDF) gives a cursory look, in layman’s terms of what are the challenges and risks of participating in this space.

What does this mean?

While it is unclear as to the motivations of some of the “true believers” are, they collectively did underestimate the costs of consumer protection and/or did not put it as a top priority for mass consumer adoption.  But why would they?  Consumer protection is usually expensive, its unglamorous and its centralized (which apparently is a “no-no”).

For example, generally speaking, most people do not like having their possessions stolen.  And in the event something is stolen, in practice, individuals prefer to take out insurance and even sue those responsible for damage (torts). If instead of promoting and building illicit markets (like Dark Market and Dark Wallet), these same developers and early investors had funded a start-up that helped track down these stolen funds, or start a non-profit to help get stolen coins, it would have been an amazing public relations coup.

To be balanced, theft takes place across the spectrum of services.  It also happens on the edges of Visa’s network. The difference is Visa offers insurance which is built into their cost structure (highly recommend reading Richard Brown’s recent post).  Insurance alone is just another product and has nothing to do with the protocol.  And this specific point (for the individual user) could be resolved sooner or later (e.g. Xapo already offers some home-made insurance).  However, insurance does not change the economics behind Bitcoin, especially since lost coins are permanently and constantly removed from the money supply.

Then again, there is a built in incentive to allow this theft to occur — stolen coins need mixers and exits which could potentially benefit developers and investors of those services; and simultaneously as more coins drop out of circulation this increases the value for those holding the remaining supply.

In addition, a vocal group of these “true believers” do not think Bitcoin has an image problem.  Yet it has a massive PR problem, for similar (albeit smaller) reasons that Tylenol had in 1982: customers and their families do not like getting burnt.  The only group I am aware of that tried to immediately help the victims of the Mt. Gox debacle was Goxcoin (here’s the LTB interview of it).  In contrast, thread after thread on reddit was filled with bullies saying “no big deal.”   It is a big deal to normal people with real responsibilities beyond downvoting skeptics on reddit and pumping stories about Bitcoin curing cancer and ending wars.  And Mt. Gox liabilities won’t be resolved for at least another year.  Instead of cyber bullying merchants into adopting bitcoin payments, these same hectors could have created a company catering towards recovering stolen property (e.g., loss recovery specialists).  It was a lost opportunity.

my wallet transaction volume

Source: Blockchain.info

In contrast, Blockchain.info has a mixing service called SharedCoin based off the CoinJoin feature from Greg Maxwell.  Blockchain.info recently crossed the 2 million ‘My Wallet’ mark but as I noted in Chapter 4, the vast majority of these likely go unused.  This past spring, one of their representatives claimed that they receive about 15 million visitors a day, but what this actually is, is largely API traffic (external websites pulling charts from their site). They probably do not have close to 2 million users let alone 15 million visitors.

How few?  We have an idea based on their own internal numbers, MyWallet transactions is flat over the past 12 months.  If there were 2 million or 15 million users, we would probably see a gigantic uptick in usage elsewhere on the blockchain (e.g., TVO would skyrocket, tx fees to miners would skyrocket, etc.).

What this all means is that, while they do not release actual user numbers, that at least a minority of wallets are probably ‘burner wallets,’ dumped immediately by individuals wanting to mix coins.  This is great for those who need to mix coins but not so great for consumers who just had their coins stolen.  How to resolve this going forward?

Incidentally in May, Roger Ver (an angel investor including in Blockchain.info) was extorted by a hacker who had figured out a vulnerability in Ver’s security.  Ver put a 37.6 bitcoin bounty on the hacker and the hacker eventually backed down; Wired and CoinDesk each did an article on it.  Yet during the same month, coins were stolen from others and when the users came to reddit for help, they were ridiculed for not having done the 27 steps to make a paper wallet.  No Wired article was written for them and in turn — speculatively — their coins could have been mixed on a site like Blockchain.info.  As a result, why would normal consumers ever want to use Bitcoin after that experience?

Perhaps user behavior and therefore the data will change in the future.  Consequently blockchains in general will probably find other niches beyond what Bitcoin is being shoehorned to do today.  This includes, other chains and platforms that may be able to help firms like Wageni Tech accomplish its goals in Kenya by helping farmers move, manage and track produce to market in an attempt to bypass middlemen and introduce transparency.  Bitcoin may be able to do that one day, but maybe not at the current $40 per transaction cost structure.  Start-ups such as Pebble, Hyperledger, Tezos, Tendermint, Dogethereum (Eris), Salpas, SKUChain, Stellar and several other funded projects in stealth mode may be able to as well (remember, Google was the 15th search engine and the iPod was at least the 9th MP3 player).

This is not to say that “Bitcoin” has collapsed or will collapse, nor is this to single out Ver (he has done a lot to try and create value in this space and even donated 1,000 bitcoins to FEE last year).  Instead it may continue to evolve into is something called Bitcoin-in-name-only, (or BINO as I refer to it in chapter 16) and it probably will continue to be used for what most risk-tolerant consumers use it for today: as a speculative commodity and as a way to pay for things that credit cards cannot be used for.

Cryptocurrency in the news #19

sunny-gaspricesClosing a bunch of my tabs, I only posted a few of these links in my book.

First link must have been inspired from the picture by Mac in It’s Always Sunny in Philadelphia.

Thanks to Dave Harrison and others for a couple links below:

My thoughts on Stellar

Yesterday Wired magazine asked me a few questions for an article they ran this afternoon about Stellar, a new startup (non-profit) in San Francisco: New Digital Currency Aims to Unite Every Money System on Earth

I suspect for brevity they had to boil down everyone’s comments to a few nuggets, which is an unenvious job to have, after all, most readers don’t have time to read hundreds of pages each day.

For those that are interest, here are the comments I provided them:

My interactions with people on the Stellar team has been positive, they are genuinely passionate.

I think the major limitation long term, and this is what Bitcoin startups continually run into, will be establishing relationships in the banking and financial industries as well as complying with whatever digital currency licensing requirements each jurisdiction has.  Those are not going away.  Stripe, its lead investor, has been very successful as a payments processor, but financial relationships take months and years to build — it is not something that can be replicated with a viral link that is upvoted or emailed.

I think the fact that they decided to go with a consensus ledger instead of proof-of-work was a wise but double-edged decision.  On the one hand it avoids the Red Queen treadmill and environmental issues that Bitcoin and its progeny have. And is a vote of confidence in the code base that Jed and his cofounders at Ripple put together.  But on the other hand identity fraud and preventing Sybil attacks are a hard nut to crack for distributing coins; incidentally proof-of-work was one way to resolve that (though not the only way to do so).

For instance, while it is still early on, one challenge they are currently facing is fighting identity abuse.  KYC is essentially done through Facebook, which is clever way to also distribute tokens but is vulnerable to fake accounts from Mechanical Turk; Everett Forth racked up 2 million stellar in one day alone. It’s worth pointing out that this is a problem that Ripple Labs tried to solve with Computing For Good, but botnets abused this faucet and Ripple Labs shut it down at the end of April.

Consumer facing products in retail will be hard to do in the developed world, in the OECD because of the competitive forces from Visa and Mastercard.  It’s very capital intensive and hard to compete against their POS integration and margins (Richard Brown has good article about this hurdle).

Yet, the more competition, the merrier.  Consumers globally will have more choices — the market will end up deciding the best solution and we will all be better off.

Published new book: The Anatomy of a Money-like Informational Commodity: A Study of Bitcoin

After several weeks of editing, I have finished compiling all of my previous research from this past spring into a new book.  It also includes a considerable amount of new content as well.

It is all available for free in PDF and Scribd formats (there is also a Kindle version).

The Anatomy of a Money-like Informational Commodity