[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
Yesterday, at block height 1920000, many elements of the Ethereum community coordinated a purposeful hardfork.
After several weeks of debate and just over a couple weeks of preparation, key stakeholders in the community — namely miners and exchanges — attempted to create a smooth transition from Ethereum Prime (sometimes referred to as Ethereum Classic) into Ethereum Core (Ethereum One).1
Users of exchange services such as Kraken were notified of the fork and are now being allowed to withdraw ETH to Ethereum Core, which many miners and exchanges now claim as “mainnet.”
Was the hardfork a success? To answer that question depends on which parallel universe (or chain) you resided on. And it also depends on the list of criteria for what “failure” or “success” are measured by.
For instance, if you ended up with ETH on the “unsupported” fork (Classic), who was financially responsible for this and who could attempt to file a lawsuit to rectify any loses?
Maybe no one. Why? Because public blockchains intentionally lack terms of service, EULA, and service level agreements, therefore it is difficult to say who is legally liable for mistakes or loses.
For instance, if financial instruments from a bank were sent to miners during the transition phase and are no longer accessible because the instruments were sent to the “unsupported” chain, who is to blame and bears responsibility? Which party is supposed to provide compensation and restitution?
De facto versus de jure
This whole hardfork exercise visualizes a number of issues that this blog has articulated in the past.
Perhaps the most controversial is that simply: there is no such thing as a de jure mainnet whilst using a public blockchain. The best a cryptocurrency community could inherently achieve is a de facto mainnet.2
What does that mean?
Public blockchains such as Bitcoin and Ethereum, intentionally lack any ties into the traditional legal infrastructure. The original designers made it a point to try and make public blockchains extraterritorial and sovereign to the physical world in which we live in. In other words, public blockchains are anarchic.
As a consequence, lacking ties into legal infrastructure, there is no recognized external authority that can legitimately claim which fork of Bitcoin or Ethereum is the ‘One True Chain.’ Rather it is through the proof-of-work process (or perhaps proof-of-stake in the future) that attempts to attest to which chain is supposed to be the de facto chain.3
However, even in this world there is a debate as to whether or not it is the longest chain or the chain with the most work done, that is determines which chain is the legitimate chain and which are the apostates.45
And this is where, fundamentally, it becomes difficult for regulated institutions to use a public blockchain for transferring regulated data and regulated financial instruments.
For instance, in March 2013 an accidental, unintended fork occurred on what many participants claimed as the Bitcoin mainnet.
To rectify this situation, over roughly four hours, operators of large mining pools, developers, and several exchanges met on IRC to coordinate and choose which chain they would support and which would be discarded. This was effectively, at the time, the largest fork-by-social-consensus attempted (e.g., proof-of-nym-on-IRC).
There were winners and losers. The losers included: OKPay, a payment processor, lost several thousand dollars and BTC Guild, a large mining pool who had expended real capital, mined some of the now discarded blocks.
In the Bitcoin world, this type of coordination event is slowly happening again with the never ending block size debate.
One team, Bitcoin Classic, is a small group of developers that supports a hardfork to relatively, quickly increase the block size from 1 MB to 2 MB and higher. Another group, dubbed Bitcoin Core, prefers a slower role out of code over a period of years that includes changes that would eventually increase the block size (e.g., segwit). 6
Yet as it lacks a formal governance structure, neither side has de jure legitimacy but instead relies on the court of public opinion to make their case. This is typically done by lobbying well-known figureheads on social media as well as mining pools directly. Thus, it is a bit ironic that a system purposefully designed for pseudonymous interactions in which participants were assumed to be Byzantine and unknown, instead now relies on known, gated, and trusted individuals and companies to operate.
Note: if the developers and miners did have de jure legitimacy, it could open up a new can of worms around FinCEN administrative requirements. 7 Furthermore, the miners are always the most important stakeholders in a proof-of-work system, if they were not, no one would host events just for them.
I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.
That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology!9 Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.
With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!
This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.
I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.
As I have discussed previously, public blockchains intentionally lack hooks into off-chain legal identification systems.
Why? Because as Sams noted above: a KYC’ed public blockchain is effectively an oxymoron. Arguably it is self-defeating to link and tie all of the participants of the validation (mining) process and asset transfer process (users) to legal identities and gate them from using (or not using) the network services. All you have created is a massively expensive permissioned-on-permissionless platform.
But that irony probably won’t stop projects and organizations from creating a Kimberely Process for cryptocurrencies.
I cannot speak on behalf of the plethora of “private chain” or “private ledger” projects (most of which are just ill-conceived forks of cryptocurrencies), but we know from public comments that some regulators and market structures might only recognize blockchains and distributed ledgers that comply with laws (such as domestic KYC / AML regulations) by tying into the traditional legal infrastructure.10 This means tying together off-chain legal identities with on-chain addresses and activity.
There are multiple reasons, but partly due to the need to reduce settlement risks: to create definitive legal settlement finality and identifying the participants involved in that process.11
As illustrated with the purposeful Ethereum One hardfork and the accidental Bitcoin fork in 2013, public blockchains by design, can only provide probabilistic settlement finality.
Sure, the data inside the blocks itself is immutable, but the ordering and who does the ordering of the blocks is not.
What does this mean? Recall that for both Ethereum and Bitcoin, information (usually just private keys) are hashed multiple times by a SHA algorithm making the information effectively immutable.12 It is unlikely given the length of time our star is expected to live, that this hash function can be reversed by a non-quantum computer.
However, blocks can and will be reorganized, they are not immutable. Public blockchains are secured by social and economic consensus, not by math.
As a consequence, there are some fundamental problems with any fork on public blockchains: they may actually increase risks to the traditional settlement process. And coupled with the lack of hooks for off-chain identity means that public blockchains — anarchic blockchains — are not well-suited or fit-for-purpose for regulated financial institutions.
After all, who is financially, contractually, and legally responsible for the consequences of a softfork or hardfork on a public blockchain?
If it is no one, then it might not be used by regulated organizations because they need to work with participants who can be held legally accountable for actions (or inactions).
If it is someone specifically (e.g., a doxxed individual) then you have removed the means of pseudonymous consensus to create censorship resistance.
In other words, public blockchains, contrary to the claims of social media, are not “law” because they do not actually tie into the legal infrastructure which they were purposefully designed to skirt. By attempting to integrate the two worlds — by creating a KYC’ed public blockchain — you end up creating a strange hydra that lacks the utility of pseudonymity (and censorship resistance) yet maintains the expensive and redundant proof-of-work process.
These types of forks also open up the door for future forks: what is the criteria for forking or not in the future? Who is allowed and responsible to make those decisions? If another instance like the successful attack and counter-attack on The DAO takes place, will the community decide to fork again? If 2 MB blocks are seen as inadequate, who bears the legal and financial responsibility of a new fork that supports larger (or smaller) blocks? If any regulated institution lose assets or funds in this forking process, who bears responsibility? Members of IRC rooms?
If the answers are caveat emptor, then that level of risk may not be desirable to many market participants.
Who are you going to sue when something doesn’t go according to plan? In the case of The DAO, the attacker allegedly threatened to sue participants acting against his interests because he claimed: code is law. Does he have legal standing? At this time it is unclear what court would have accepted his lawsuit.
But irrespective of courts, it is unclear how smart contract code, built and executed on an anarchic platform, can be considered “legal.” It appears to be a self-contradiction.
As a consequence, the fundamental need to tie contract code with legal prose is one of the key motivations behind how Richard Brown’s team in London approached Corda’s design. If you cannot tie your code, chain, or ledger into the legal system, then it might be an unauthoritative ledger from the perspective of courts.13
And regulated institutions can’t simply just ignore regulations as they face real quantifiable consequences for doing so. To paraphrase George Fogg, that’s akin to putting your head in the sand.
We continue to learn from the public blockchain world, such as the consequences of forks, and the industry as a whole should try to incorporate these lessons into their systems — especially if they want anyone of weight to use them. Anarchic blockchains will continue to co-exist with their distributed ledger cousins but this dovetails into a conversation about “regtech,” which is a topic of another post.
This doesn’t mean that regulators and/or financial institutions won’t use public blockchains for various activities; perhaps some of them will be comfortable after quantifying the potential risks associated with them. [↩]
Ethereum developers plan to transition Ethereum from proof-of-work to proof-of-stake within the next year. [↩]
See Arthur Breitman’s interview on Epicenter Bitcoin and Mike Hearn’s interview on Money & Tech [↩]
Philosophically when Bob connects to “The Bitcoin Network” — how does Bob know he is actually connected to the “real” Bitcoin network? One method is to look at the block header: it should take a specific amount of time to recreate the hash with that proof-of-work. This proves which network has the most work done. However, in the meantime, Bob might connect to other ‘pretenders’ claiming to be “The Bitcoin Network.” At this time, there does not appear to be any legal recognition of a specific anarchic chain. [↩]
The Bitcoin Core fork, which is euphemistically called a softfork, is basically a hardfork spread over a long period of time. [↩]
For proof-of-work mining, Ethereum uses ethash instead of SHA256. For hashing itself, Ethereum uses SHA-3 which is part of the Keccak family (some people use the terms interchangeably but that isn’t technically correct). [↩]
[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
It’s the beginning of a new quarter so that means its time to look at the last quarter and find out where public blockchain traction and usage is taking place, or not. After all, we are continually bombarded by cryptocurrency enthusiasts each day telling us that exponential growth is occurring. Or as GIF party posters like to say, “It’s Happening!” — so in theory it should be easy to find.
For more background, see previous posts from January and April.
P2SH usage: above are two charts from P2SH.info which illustrates the movement of bitcoins into what most assume are multi-sig wallets of some kind. There has been a visible increase over the past quarter, with about 200,000 or so more bitcoins moving into P2SH addresses. Year-on-year, bitcoins held in P2SH addresses has increased from 8% to 13%.
OP_RETURN: above is a line chart from Opreturn.org which illustrates various 3rd party applications that typically use the OP_RETURN field in Bitcoin as a type of datastore (e.g., watermarked tokens). It is hard to see it on this time scale but the average transactions during Q1 were roughly 1,500-2,500 per day whereas in Q2 it was a bit higher, between 2,500 to 3,500 per day.
While Blockstack (Onename) still rules the roost, Colu has jumped ahead of the other users. This is slightly interesting because the Colu team has publicly stated it will connect private chains that they are developing, with the Bitcoin network. The term for this is “anchoring” and there are multiple companies that are doing it, including other Bitcoin/colored coin companies like Colu. It is probably gimmicky but that’s a topic for a different post.
Incidentally the 5 largest OP_RETURN users account in Q2 for 75.8% of all OP_RETURN transactions which is roughly the same as Q1 (76%).
Above is a weekly volume chart denominated in USD beginning from March 2013 for LocalBitcoins.com. As discussed in previousposts, LocalBitcoins is a site that facilitates the person-to-person transfer of bitcoins to cash and vice versa.
While there is a lot of boasting about how it may be potentially used in developing countries, most of the volume still takes place in developed countries and as shown in other posts, it is commonly used to gain access to illicit channels because there is no KYC, KYCC, or AML involved. Basically Uber for cash, without any legal identification.
Over the past 6 months, volumes have increased from $10 million and now past $13 million per week. For comparison, most VC-backed exchanges do several multiples more in volume during the same time frame.1
In April, several Bitcoin promoters were crowing about how “stable” Bitcoin was. Not mentioned: cryptocurrencies can’t simultaneously be stable and also go to the moon. People that like volatility include: traders, speculators, GIF artisans, pump & dumpers. And people who don’t like volatility: consumers and everyday users.
What articles and reporters should do in the future is actually talk to consumers and everyday users to balance out the hype and euphoria of analysts who do not disclose their holdings (or their firms holdings) of cryptocurrencies.2
As we can see above, volatility measured relative to both USD and EUR hit a five month high this past quarter. The average user probably would not be very happy about having to hedge that type of volatility, largely because there are few practical ways to do so. Consumers want boring currencies, not something they have to pay attention to every 10 minutes.
And ether (ETH) was even more volatile during the same time frame: doubling relative to USD during the first half of the quarter then dropping more than 50% from its all-time high by mid-June.
Counterparty is a watermarked token platform that, as shown in previous quarters, has hit a plateau and typically just sees a few hundred transactions a day. Part of this is due to the fact that the core development team has been focused on other commercial opportunities (e.g., building commercial products instead of public goods).3
Another reason is that most of the public interest in “smart contract” prototyping and testing has moved over to Ethereum.
As shown in the chart above, on any given day in Q2 the Ethereum blockchain processed roughly 40,000 transactions. In Q1 that hovered between 15,000-30,000 transactions. Note: the large fluctuations in network transactions during the spring may coincide with issues around The DAO (e.g., users were encouraged to actively ‘spam’ the network during one incident).
In addition, according to CoinGecko, Counterparty has lost some popularity — falling to 14th from 10th in its tables from last quarter. Ethereum remained in 2nd overall.
Another trend observed in the last quarterly review remains constant: Ethereum has significantly more meetups than Counterparty and is 2nd only to Bitcoin in that measure as well.
We’ve discussed “long chain” transactions ad nausem at this point but I have noticed on social media people still talk about the nominal all-time high’s in daily transactions as if it is prima facie evidence that mega super traction is occurring, that everyday users are swarming the Bitcoin network with commercial activity. Very few (anyone?) digs into what those transactions are. Perhaps there is genuine growth, but what is the break down?
As we can see from the chart above, while non-long chain transactions have indeed grown over the past quarter, they are still far outpaced by long chain transactions which as discussed in multiple articles, can be comprised of unspendable faucet rewards (dust), gambling bets and a laundry list of other non-commercial activity.
Furthermore, and not to wade into the massive black hole that is the block size debate: even with segwit, there will be an upperbound limit on-chain transactions under the current Core implementation. As a consequence some have asked if fee pressure would incentivize moving activity off-chain and onto other services and even onto other blockchains.
This may be worth looking into as the block size reaches its max limit in the future. As far as we can tell right now, it doesn’t appear users are moving over to Litecoin, perhaps they are moving to Ethereum instead? Or maybe they just pack up and leave the space entirely?
We have looked at wallets here multiple times. They’re a virtually meaningless metric because of how easy it is to inflate the number. What researchers want to know is Monthly Active Users (MAU). To my knowledge no one is willing to publicly discuss their monthly or daily user number.
For instance, two weeks ago Coinbase reached 4 million “users.” But it is almost certain that they do not actually have 4 million daily or monthly active users. This number is likely tied to the amount of email-based registrations they have had over the past four years (circa May 12, 2012).
Similarly, Blockchain.info has seen its “users” grow to just over 7.8 million at the time of this writing. But this is a measure of wallets that have been created on the site, not actual users.
Any other way to gauge usage or traction?
Let’s look in the Google Play Store and Apple App Store.
Source: GoAbra / Google Play
Last October Abra launched its GoAbra app and initially rolled it out in The Philippines. This past May, when CoinDesk ran a story about the company, I looked in the Google Play Store and it says the app had been downloaded 5,000 times. Last week, Abra announced it was officially launching its app into the US. As of this writing, it was still at 5,000 downloads.
“Wait,” you might be thinking to yourself, “Filipinos may prefer the iOS app instead.”
Perhaps that is the case, but according to data as of October 2015, Android has a ~81.4% market share in The Philippines. Furthermore, the iOS version for some reason doesn’t appear on App Annie. So it is unlikely that Abra has seen traction that isn’t reflected in these download numbers yet, perhaps it will in the future.
Anything else happening in the stores?
As of this writing, the top 5 Bitcoin wallets in the Google Play Store in order of appearance are:
Andreas Schildbach’s Bitcoin Wallet (1 million downloads)
Mycelium Bitcoin Wallet (100,000 downloads)
Coinbase (500,000 downloads)
Blockchain.info (100,000 downloads)
Airbitz (10,000 downloads)
The Apple App Store does not publicly state how many times an application has been downloaded. It does rank apps based on a combination of user ratings and downloads. The top 6 on the iPhone in order of appearance:
Interestingly however, the order is slightly different in the App Store on an iPad. The top 6 are:
It may be worth revisiting these again next quarter. If you want to burn some time, readers may be interested in looking at specific rank and activity via App Annie.
Most new cohorts and batches at startup accelerators and incubators usually only stay 3-4 months. A typical intake may see 10-15 companies each get a little bit of seed funding in exchange for a percentage of the equity. During the incubation period the startup is usually provided mentorship, legal advice, office space, access to social networks and so forth. It is common place to hear people of all stripes in Silicon Valley state that 9 out of 10 of these startups will burn out within a couple years — that the incubator relies on one of them having a big exit in order to fund the other duds.4
500 Startups, Boost.VC, Plug and Play, YCombinator and other incubators have added and removed startups from their websites and marketing material based on the traction startups have had. And cryptocurrency startups are not too different from this circle of life. 5
For instance, at YCombinator, Bitcoin-specific mentions on applications has declined by 61% over the past year.
Based on pubic information, as of this writing, it appears that out of the roughly 100 Bitcoin-related startups that have collectively come and gone through the incubators listed above, just a handful have gone on to raise additional funding and/or purportedly have active users and customers. Unfortunately, no one has consistently published user numbers, so it is unclear what the connection between funding and growth is as this time.
In fact, in an odd twist, instead of measuring success by monthly active users, customers, or revenue, many Silicon Valley-based companies are measuring success based on how much money they raised. That’s probably only a good idea if the business model itself is to always be raising.
For example, 21inc regularly boasts at being the “best funded company in Bitcoin” — but has not stated what traction four separate rounds of funding have created. How many bitcoins did it mine prior to its pivot into consumer hardware? How many 21 computers were sold? How many users have installed 21? And what are its key differences relative to what Jeremy Rubin created in 2014 (Tidbit)?
Again, this is not to single out 21inc, but rather to point out if companies in the public blockchain space were seeing the traction that they generally claim to on social media and conferences — then as discussed in previous posts, they would probably advertise those wins and successes.
With funding comes hiring. Since it is very difficult to find public numbers, there is another way to gauge how fast companies are growing: who and how many people they are publicly hiring.
The last Bitcoin Job Fair was last held in April 2015. Of its 20 sponsors, 6 are now dead and ~7 are either zombies and/or have have done major pivots. It is unclear how many people that were hired during that event still work for the companies they worked for.
Where else can we look?
Launched in 2014, Coinality is a job matching website that connects employers with prospective employees with the idea that they’d be compensated in cryptocurrencies such as bitcoin and dogecoin. Fun fact: Coinality is one of the few companies I interviewed for Great Chain of Numbers that is still alive today and hasn’t pivoted (not that pivoting in and of itself is a bad thing).
It currently lists 116 jobs, 105 of which were posted in the past 2 months.
A number of VC-backed companies and large enterprises (or head hunters recruiting on their behalf) have listed openings in the past month. For example: WellsFargo, Blockchain.info, Circle, Fidelity, IBM, KeepKey, itBit, BNYMellon and SAP logos pop up on the first couple pages of listings.
Among the 67 job listed in June, twenty-six of the positions were freelance positions cross-listed on Upwork (formerly known as Elance / oDesk).
Notable startups that are missing altogether: many cryptocurrency-centered companies whose executives are very vocal and active on social media. Perhaps they use LinkedIn instead?
According to CoinATMRadar there are now 690 Bitcoin ATMs installed globally. That is an increase of 78 ATMs since Q1. That comes to around 0.86 ATM installations per day in Q2 which is a tick higher than Q1 (0.84).
Bitwage launched in July 2014 starting out with zero signups and zero payroll.
Fast-forward to January 2016: Bitwage had 3,389 cumulative user signups and cumulative payroll volumes of $2,456,916
Through June 2016 it has now reached 5,617 cumulative signups and cumulative payroll volumes of $5,130,971
While growing a little faster than ATM installations, this is linear not exponential growth.
Open Bazaar is a peer-to-peer marketplace that officially launched on April 4, 2016. It had been in beta throughout the past year. The VC-backed team operates a companion website called BazaarBay which has a stats page.
It may be worth looking at the “New Nodes” and “New Listings” sections over the coming quarters as they are both currently declining.6
It is unclear what the root cause(s) of the volatility were above. According to social media it can be one of two dozen things ranging from Brexit to the upcoming “halvening.” Because we have no optics into exchanges and their customer behavior, speculation surrounding the waxing and waning will remain for the foreseeable future.
Based on process of elimination and the stats in this post, the likely answer does not appear to be consumer usage (e.g., average Joe purchasing alpaca socks with bitcoins). After all, both BitPay and Coinbase have stopped posting consumer-related stats and they are purportedly the largest merchant processors in the ecosystem.
Most importantly, just because market prices increase (or decreases), it cannot be inferred that “mass adoption” is happening or not. Extraordinary claims requires extraordinary evidence: there should be ample evidence of mass adoption somewhere if it were genuinely happening.
For instance, the price of ether (ETH) has increased 10x over the past 6 months but there is virtually no economy surrounding its young ecosystem. Mass consumer adoption is not happening as GIF artisans might says. Rather it is likely all speculation based — which is probably the same for all other cryptocurrencies, including Bitcoin.
About a year ago we began seeing a big noticeable pivotaway from cryptocurrencies to non-cryptocurrency-based distributed ledgers. That was largely fueled by a lack of commercial traction in the space and it doesn’t appear as if any new incentive has arisen to coax those same businesses to come back. After all, why continue building products that are not monetizable or profitable for a market that remains diminutive?
Let’s look again next quarter to see if that trend changes.
For instance, Mirror closed its Series A round 18 months ago, but was removed from Boost’s website because it no longer is involved in Bitcoin-related activities. Boost currently lists the following companies out of the 50+ Bitcoin-companies it has previously incubated: BlockCypher, BitPagos, Abra, Stampery, Fluent, SnapCard, Verse. 500 Startups has removed a number of startups as well and currently lists the following on its website: HelloBit, Melotic, Coinalytics, BTCJam, Bonafide, CoinPip. [↩]
Since it has only been “launched” for a quarter, it is probably a little unfair to pass judgement at this time. But that hasn’t stopped me before. OpenBazaar has a lot of growing pains that its developers are well aware of including UX/UI issues. But beyond that, it is unclear that the average consumer is actually interested in using peer-to-peer marketplaces + cryptocurrencies versus existing incumbents like Alibaba, Amazon and eBay — all of whom have customer service, EULAs, insurance policies and accept traditional currencies. I had a chance to speak with one of their investors at Consensus in May and do not think their assumptions about network operating costs were remotely accurate. Furthermore, where is the market research to support their thesis that consumers will leave incumbents for a platform that lacks insurance policies and live customer service? Note: OB1 developers and investors insist that their reputation management and arbitration system will increase consumer confidence and customer protection. [↩]
[Note: the views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
I have spent the past few weeks in East Asia, primarily in China visiting friends and relatives. Because the connection to the outside world was limited, the upside was that the cacophonous noise of perma cryptocurrency pumpers was relatively muted. I have had a chance to reflect on a number of ideas that are currently being discussed at conferences and on social media.
The first idea is not new or even unique to this blog as other companies, organizations and individuals have proposed a type of digital signature analytics + KYC tracking process for cryptocurrencies. A type of Kimberley Process but for cryptocurrencies.1
For instance, the short lived startup CoinValidation comes to mind as having the first-to-market product but was notably skewered in the media. Yet its modus operandi continues on in about 10 other companies.2
A Formal Kimberley Process
For those unfamiliar with the actual Kimberley Process, it is a scheme enacted in 2003 to certify where diamonds originated from in order to help prevent conflict diamonds from entering into the broader mainstream diamond market.
The general idea behind proving the provenance of diamonds is that by removing “blood diamonds” from the market, it can cut off a source of funding of insurgencies and warlord activity.3
What does this have to do with cryptocurrencies? Isn’t their core competency allowing non-KYC’ed, pseudonymous participants to send bearer assets to one another without having to provide documentation or proof of where those assets came from? Why would anyone be interested in enabling this?
Some may not like it, but a de facto Kimberley Process is already in place.
For instance, in many countries, most of the on-ramps and off-ramps of venture-backed cryptocurrency exchanges are actively monitored by law enforcement, compliance teams and data analytic providers who in turn look at the provenance of these assets as they move across the globe.4
On the fiat side, while many jurisdictions in North America and Western Europe currently require domiciled cryptocurrency exchanges and wallets to enforce KYC and AML compliance requirements, several areas of Asia are less strict because the local governments have not defined or decided what buckets cryptocurrencies fall into.5
There are some other noticeable gaps in this system involving crypto-to-crypto exchanges. Irrespective of regions: implementing harmonized KYC/AML standards on the non-fiat side of exchanges appears to be missing altogether. That is to say that very few, if any, exchange does any kind of KYC/AML on crypto-to-crypto.6
What are some examples of why a Kimberley Process would be helpful to both consumers and compliance teams?
Below are three examples:
(1) During my multi-country travel I learned that there are several regional companies that sell debit cards with pre-loaded amounts of cryptocurrency on them. Allegedly two of of the popular use-cases for these cards is: bribery and money laundering. The example I was provided was that it is logistically easier to move $1 million via a thin stack of debit cards than it is to carry and disperse bags of cash with.7
Attaching uniform KYC and legal identities to each asset would aid compliance teams in monitoring where the flow of funds originated and terminated with cryptocurrencies. And it would help consumers shy away from assets that could be encumbered or were proceeds of crime.
(2) Affinity fraud, specifically housewives (家庭主妇), are common targets of predators. This has been the case for long before the existence of computers let alone cryptocurrencies, but it came up several times in conversations with friends. According to my sources, their acquaintances are repeatedly approached and some actually took part in Ponzi schemes that were presented as wealth management products.
The new twist and fuel to these schemes was that there is some kind of altcoin or even Bitcoin itself were used as payout and/or as rails between parties. We have already seen this with MMM Global — which is still an active user of East Asia’s virtual currency exchanges — but two questionable projects that I was specifically shown were OctaCoin and ShellCoin.8
Note: in January 2016 multiple Chinese governmental bodies issued warnings about MMM Global and other Ponzi schemes.
[Video of MMM Global operations in The Philippines. Is that really Manny Pacqiauo?]
Victims who were not tech savvy and lied to, have no recourse because there is no universal KYC / KYCC / AML process to identify the culprits in these regions. Similarly, when these illicit virtual assets are re-sold to exchanges, customers of those exchanges such as Alice and Bob, may receive potentially encumbered assets that are then resold to others who are unaware of the assets lineage (much like a stolen motorcycle being resold multiple times). This creates a massive lien problem.
But property theft is not a new or unknown problem, why is it worth highlighting for cryptocurrencies?
Many of the original victims in East Asia are not affluent, so these scams have a material impact on their well being. The average working adult in many provinces is still less than $500 per month. Thus not only do they lack a cushion from scams but any price volatility — such as the kind we continue to see in cryptocurrencies as a whole, can wipe out their savings.
(3) Due to continual usage of botnets and stolen electricity — which is still a problem in places like China — the lack of identification from coin generation onward results in a environment in which ‘virgin coins’ sell at a premium because many exchanges don’t investigate where machines are located, who owns them, who paid for the opex and capex of those operations (e.g., documentation of electric bills).9
Unfortunately, the solutions proposed by many cryptocurrency enthusiasts isn’t to create more transparency and identification standards enabling better optics on coin provenance but rather to make it even harder to track assets via proposals like Confidential Transactions.10
Heists, thefts and encumbered coins
I am frequently asked how is it possible to know who received potentially encumbered cryptocurrencies? For amateur sleuths, there is a long forum thread which lists out some of the major heists and thefts that occurred early on in Bitcoinland.
Above is a video recording of a specific coin lineage: transactions that came from the Bitcoinica Theft that ended up in the hands of Michael Marquardt (“theymos”) who is a moderator of /r/bitcoin and owner of Bitcoin Talk.11
Recall that in July 2012, approximately 40,000 bitcoins were stolen from the Bitcoinica exchange.12 Where did those end up? Perhaps we will never know, but several users sued Bitcoinica in August 2012 for compensation from the thefts and hacks.
How are consumer protections handled on public blockchains?
In short, they do not exist by design. Public blockchains intentionally lack any kind of native consumer protections because an overarching goal was to delink off-chain legal identities from the pseudonymous interactions taking place on the network.
Thus, stolen cryptocurrencies often recirculate, even without being mixed and laundered.13
Consequently a fundamental problem for all current cryptocurrencies is that they aren’t exempt from nemo dat and have no real fungibility because they purposefully were not designed to integrate with the legal system (such as UCC 8 and 9).14 Using mixers like SharedCoin and features like Confidential Transactions does not fundamentally solve that legal problem of who actually has legal title to those assets.1516
Why should this matter to the average cryptocurrency enthusiast?
If market prices are being partially driven by predators and Ponzi schemes, wouldn’t it be in the best interest of the community to identity and remove those?17
Perversely the short answer to that is no. If Bob owns a bunch of the a cryptocurrency that is benefiting from this price appreciation, then he may be less than willing to remove the culprits involved of driving the prices upward.
For example, one purported reason Trendon Shavers (“pirateat40”) was not immediately rooted out and was able to last as long as he did — over a year — is that his Ponzi activity (“Bitcoin Savings & Trust”) coincided with an upswing in market prices of bitcoin.18 Recall over time, BS&T raised more than 700,000 bitcoins. Why remove someone whose activity created new demand for bitcoins? 19
But this incentive is short-sighted.
If the end goal of market participants and enthusiasts is to enable a market where the average, non-savvy user can use and trust, then giving them tools for provenance could be empowering. Ironically however, by integrating KYC and provenance into a public blockchain, it removes the core — and very costly — characteristic of pseudonymous, censorship-resistant interaction.
Thus there will likely be push back for implementing a Kimberley Process: doxxing every step of provenance back to genesis (coin generation) with real world identities removes pseudonmity and consequently public blockchains would no longer be censorship-resistant. And if you end up gating all of the on-ramps and off-ramps to a public chain, you end up just creating an overpriced permissioned-on-permissionless platform.
Despite this, Michael Gronager, CEO of Chainalysis, notes that:
Public ledgers are probably here to stay – difficult KYC/AML processes or not. I probably see this as a Nash equilibrium – like in the ideal world all trees would be low and of equal height but there is no path to that otherwise optimal equilibrium. We believe that fighting crime on Blockchains will both build trust and increase their use and value.
One way some market participants are trying to help law enforcement fight crime is through self-regulating organizations (SRO).
For instance, because we have seen time and time again that the market is not removing these bad actors from the market, several companies have created SROs to help stem the tide. However, as of right now, efforts like the US-based “Blockchain Alliance” — a gimmicky name for a group of venture-backed Bitcoin companies — has limited capabilities.20 They have monthly calls to discuss education with one another in the West (e.g., what is coin mixing and how does it work?) but currently lack the teeth to plug the KYC/AML gaps in Asia. Perhaps that will change over time.
And as one source explained: consider this, has any Bitcoin thief been caught? Even when there is decent evidence, we are not aware of a Bitcoin thief that was actually found guilt of stealing bitcoin, yet.21 Thus an open to question to people who argue that cryptocurrencies are great because of transparency: a lot of bitcoin has been stolen, and no one has been found guilty for that crime. Why not?
Process of elimination
Over the past six weeks, there has been very little deep research on why market prices have risen and fallen. Usually it is the same unfounded narratives: emerging market adoption; hedge against inflation; hedge against collapse of country X, Y or Z; hedge against Brexit; etc. But no one provides any actual data, least of all the investors financing the startups that make the claims.
Perhaps the research that has been done on the matter was from Fran Strajnar’s team at BNC. For instance, on June 1st they noted that:
I reached out to Fran and according to him, in early June, “Somebody dropped many many millions ($) across 4 different Chinese Exchanges in a 2 hour period, without moving price – 4 days before the price rise started last week. Because it was over multiple exchanges and these trades were filled, we are digging into it further.”
If there was a standardized Kimberley Process used by all of these exchanges, it would be much easier to tell who is involved in this process and if those funds were based on proceeds of illicit activity.
Furthermore, barring such a Process, we can only speculate why journalists haven’t looked into this story:
(1) many of them do not have reliable contacts in East Asia
(2) those that do have contacts with exchange operators may not be getting the full story due to exchanges lacking KYC / KYCC / AML standards themselves
(3) some reporters and exchange operators own a bunch of cryptocurrencies and thus do not want to draw any negative attention that could diminish their net worth
Third parties such as Wedbush Securities and Needham have also published reports on price action, but these are relatively superficial in their analysis as they lack robust stats needed to fully quantify and explain the behavior we have seen.
Strangely enough, for all the pronouncements at conferences about how public blockchains can be useful for data analysis, very few organizations, trade media or analysts are publishing bonafide stats.
After all, who are the customers of these virtual currency exchanges? Because of reporting requirement we know who uses Nasdaq and ICE, why don’t we know who uses virtual currency exchanges still?
Two months ago I had a chance to speak with Marcus Swanepoel, CEO of BitX, about his experiences in Africa. BitX coordinates with a variety of compliance teams to help block transactions tied to scams and Ponzi schemes. In the past, BitX has managed to help kill off two ponzi schemes and has tried to block MMM Global which has spread to Africa.
Earlier this spring, some MMM users that were blocked by BitX just moved to another competing local exchange that didn’t block such transactions. As a result, over the course of 8 weeks this exchange did more than 3x volume than BitX during same time frame.22 BitX has subsequently regained part of this market share partly due to MMM fading in popularity.
Why is MMM so successful? Users are asked to upload videos onto Youtube of why MMM Global is great and why you should join and are then paid by MMM as a reward. This becomes self-reinforcing in large part because of the unsavvy victims who are targeted.
But MMM isn’t to blame for everything.
For instance, in China there have been a variety of get-rich-quick Ponzi schemes that rose and blew up, such as an ant farm scheme in 2007. And earlier this year, Ezubao, the largest P2P lending platform in China fell apart as a $7.6 billion Ponzi scam.23 No cryptocurrency was involved in either case.
Yet as Emin Gün Sirer pointed out, some of the activities such as The DAO, basically act as a naturally arising Ponzi.
In fact, one allegation over the past couple weeks is that The DAO attacker placed a short of 3,000 bitcoin on Bitfinex prior to attacking The DAO (which was denominated in ether).24 If there was a Kimberley Process in which all traders on all exchanges had to comply with a universal KYC / KYCC / AML standard, it would be much easier to identify the attackers as well as compensate the victims.
Similarly, because ransomware remains a “killer app” of cryptocurrencies such that companies, police stations, hospitals, elementary schools and even universities are now setting up Coinbase accounts and stockpiling cryptocurrencies to pay off hackers. What is the aggregate demand of all of this activity? If it is large, does it impact the market price? And how would a Kimberley Process help provide restitution to the victims of this ransom activity?
A strawman Kimberley Process
How can you or your organization get involved in creating a Kimberley Process for cryptocurrencies?
Right now there is no global, industry standard for “best practices” in mutualizing, implementing, or carrying out KYC / AML provisions for cryptocurrencies.25
In writing this post, several sources suggested the following process to kick-start an effort:
(1) organize an industry-level event(s) which brings together:
(a) AML analytics companies
(b) representatives from regulatory bodies and law enforcement (e.g., FATF, FinCEN)
(c) KYC/AML practitioners
(d) existing market structures and utilities such as SIFMA, ROC, Swift (e.g., KYC registry, LEI)
(e) compliance teams from cryptocurrency exchanges and wallets
(2) at the event(s) propose a list of baseline standards that exchanges and wallets can try to implement and harmonize:
(a) what documentation is required for KYC / KYCC / AML
(b) other financial controls and accountability standards that can assist exchange operators (e.g., remove the ability for an operator to naked short against its own customer base)
(3) tying these standards together with a uniform digital identity management system could be the next step in this process.
On that last point, Fabio Federici, CEO of Skry (formerly Coinalytics), explained:
In general I believe the biggest unsolved problem is still identity and information sharing. Obviously you don’t want all your PII and transaction meta data on a public blockchain, as this information could not only be leveraged by profit seeking organizations, but also malicious actors. So the question becomes what’s the right framework for sharing the right amount of information with only the people that need access to it (maybe even only temporarily).
PII stands for personal identifying information. In theory, Zcash (or something like it) has the potential to solve some of Fabio’s concerns: relevant info can be encoded in the transaction, and only the relevant parties can read it. But this delves into “regulated data” which is a topic for another post.26
Similarly, Ryan Straus, an attorney at Riddell Williams and adjunct professor at Seattle University School of Law explained that:
Identity is central to the legal concept of property. Property systems are information systems: they associate identified entities with identified rights. With the sole exception of real currency, possession or control is not conclusive indicia of ownership.
Factual fungibility simply makes it harder to prove that you have a better claim to a specific thing than the person who now possesses or controls it. The hard part about what you have written about is that it is difficult to avoid conflating KYC (which involves identity of people) and the Kimberley Process (which involves identifying things).
In order to enable participants to share information without being unduly hounded by social media, it was also suggested that the presence of: investors, cryptocurrency press and cryptocurrency lobbying groups should kept to a minimum for the initial phase.
In addition to implementing additional financial controls and external audits, cryptocurrency exchanges and wallets adopting a Kimberley Process would help provide transparency for all market participants.
While it is probably impossible to remove all the bad actors from any system, reducing the amount of shadows they have to hide could provide assurances and reduce risks to market participants of all shapes and sizes.
However, the trade-off of implementing such a Process is that it negates the core utility that public blockchains provide, turning them into expensive permissioned gateways. And if you are permissioning activity from the get-go, you might as well use a permissioned blockchain which are cheaper to manage and operate and also natively bake-in the KYC, KYCC and AML requirements. But that is a topic for another post as well.
One reviewer argued that analytics may be superior to KYC. In the event of a compromised account — so goes the argument — analytics can help provide linkage between the flow of funds whereas KYC of compromised accounts would be “illusory.” [↩]
This includes but is not limited to: Chainalysis, Blockseer, Skry, Elliptic, Netki and ScoreChain. [↩]
Incidentally there is a UK-based startup called Everledger which works with insurance companies and tracks a catalogue of diamonds vis-à-vis a blockchain. [↩]
See: Flow of Funds; KYSF; KYSF part 2; and bitcoin movements. To actively monitoring transactions at these entry and exit points, based on anecdotes, up to 20% of all nodes on the Bitcoin network may be managed and operated by these same set of participants as well. [↩]
Note: it bears mentioning that as of this writing, no country has recognized cryptocurrencies as actual legal tender and consequently cryptocurrencies are not exempt from nemo dat. This is important as it means the provenance of the cryptocurrencies actually does matter because those assets could be encumbered. [↩]
I asked around and my sources do not know of a single exchange that does KYC/AML on cryptocurrencies that are directly exchanged for other cryptocurrencies (e.g., Shapeshift). Furthermore, as highlighted in the past, there are gaps in compliance when it comes to certain fiat-to-cryptocurrency exchanges such as BTC-e and LocalBitcoins. [↩]
This is in USD equivalence, usually not in USD itself. [↩]
OctaCoin is interesting in that the operators behind it claim that it is financed from revenue streams of 3 online casinos who purportedly payout users on a regular basis. Note: gambling in China is a bit like golf in China: it’s illegal but everywhere. It is only legal in a few internal jurisdictions such as Hainan and Macau and elsewhere on the mainland only a couple of state-run lotteries are given legal status. [↩]
Note: stealing electricity to mine bitcoins has occurred in other areas of the world too, including in The Netherlands. [↩]
The official motivation for developing Confidential Transactions is to enable more user privacy which then leads to more fungibility. As one source pointed out: “At the end of the day it’s a balance between privacy and security. Basically the story goes ‘just because I don’t what anyone to know what I’m buying, doesn’t mean I’m a drug dealer.'” [↩]
Marquardt also allegedly co-owns both Bitcoin.org and Blockexplorer.com, and co-manages the Bitcoin Wiki. [↩]
The Craig Wright / Satoshi saga is interesting because in a recent interview Craig admittedly used Liberty Reserve which was an illicit exchange based in Costa Rica shut down by the US government. According to the interview he also had ties to Ross Ulbricht, the convicted operator of Silk Road. [↩]
See The Law of Bitcoin, Section 1.5 in the United States chapter from Ryan Straus. There are exceptions, see UCC Article 2 – sale of goods. [↩]
Interestingly, SharedCoin.com (sometimes referred to as Shared Send) used to be a mixer run by Blockchain.info, a venture-backed startup. It was recently shutdown without any notice and the domain now redirects to the CoinJoin wiki entry. They also pulled the SharedCoin github repo and any material that links it back to Blockchain.info. [↩]
One reviewer mentioned that: “Ponzi schemes will always exist and should probably be fought not just in the crypto space but where in other industries too; requiring continuous education. It would be way simpler and more effective to shut down domains owned by MMM than it would to be to do anything else, but here you actually meet the pseudonymity feature of the Internet. Try to do that internationally – it is not easy!” [↩]
Note: this is a similar argument that Rick Falkvinge made three years ago. [↩]
There are probably several dozen advocacy groups and non-profit working groups scattered across the world. Each has different goals. For instance, ACCESS in Singapore works with some regulators in SEA. While others are merely trying to create technical standards. [↩]
Most of the criminals that are convicted are found guilty of money laundering and interaction with illicit trade, not theft of bitcoins themselves. [↩]
Two months ago, the Financial Timesbriefly covered this story and Marcus wrote about some of it in March as well. [↩]
There were some early warning signs for that industry. For instance, according to a Bloomberg story in February 2015: “The value of China’s peer-to-peer lending transactions surged almost 13-fold since 2012 to $41 billion last year, according to Yingcan Group, which tracks the data,” notes Bloomberg. However, 275 of the more than 1,500 lending went bankrupt or had trouble repaying money in 2014, an increase from 76 just a year earlier, according to Yingcan. [↩]
[Disclaimer: The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
William Mougayar is an angel investor who has been investigating the cryptocurrency and broader distributed ledger ecosystem over the past several years.
He recently published a book entitled The Business Blockchain that attempts to look at how enterprises and organizations should view distributed ledgers and specifically, blockchains.
While it is slightly better than “Blockchain Revolution” from the Tapscott’s, it still has multiple errors and unproven conjectures that prevent me from recommending it. For instance, it does not really distinguish one blockchain from another, or the key differences between a distributed ledger and a blockchain.
Note: all transcription errors below are my own. See my other book reviews.
On p. xxii he writes:
“These are necessary but not sufficient conditions or properties; blockchains are also greater than the sum of their parts.”
I agree with this and wrote something very similar two years ago in Chapter 2:
While the underlying mathematics and cryptographic concepts took decades to develop and mature, the technical parts and mechanisms of the ledger (or blockchain) are greater than the sum of the ledger’s parts.
On p. xxiv he writes:
“Just like we cannot double spend digital money anymore (thanks to Satoshi Nakamoto’s invention), we will not be able to double copy or forge official certificates once they are certified on a blockchain.”
There are two problems with this:
Double-spending can and does still occur, each month someone posts on social media how they managed to beat a retailer/merchant that accepted zero-confirmation transactions
Double-spending can and is prevented in centralized architectures today, you don’t need a blockchain to prevent double-spending if you are willing to trust a party
[Note: recommend that future editions should include labeled diagrams/tables/figures]
On p. 11 he writes:
“Solving that problem consists in mitigating any attempts by a small number of unethical Generals who would otherwise become traitors, and lie about coordinating their attack to guarantee victory.”
It could probably be written slightly different: how do you coordinate geographically dispersed actors to solve a problem in which one or more actor could be malicious and attempt to change the plan? See also Lamport et al. explanation.
On p.13 he writes compares a database with a blockchain which he calls a “ledger.”
I don’t think this is an accurate comparison.
For instance, a ledger, as Robert Sams has noted, assumes ties to legal infrastructure. Some blockchains, such as Bitcoin, were intentionally designed not to interface with legal infrastructure, thus they may not necessarily be an actual ledger.
To quote Sams:
I think the confusion comes from thinking of cryptocurrency chains as ledgers at all. A cryptocurrency blockchain is (an attempt at) a decentralised solution to the double spending problem for a digital, extra-legal bearer asset. That’s not a ledger, that’s a log.
That was the point I was trying to make all along when I introduced the permissioned/permissionless terminology! Notice, I never used the phrase “permissionless ledger” — Permissionless’ness is a property of the consensus mechanism.
With a bearer asset, possession of some instrument (a private key in the cryptocurrency world) means ownership of the asset. With a registered asset, ownership is determined by valid entry in a registry mapping an off-chain identity to the asset. The bitcoin blockchain is a public log of proofs of instrument possession by anonymous parties. Calling this a ledger is the same as calling it “bearer asset ledger”, which is an oxymoron, like calling someone a “married bachelor”, because bearer assets by definition do not record their owners in a registry!
This taxonomy that includes the cryptocurrency stuff in our space (“a public blockchain is a permissionless distributed ledger of cryptocurrency”) causes so much pointless discussion.
I should also mention that the DLT space should really should be using the phrase “registry” instead of “ledger”. The latter is about accounts, and it is one ambition too far at the moment to speak of unifying everyone’s accounts on a distributed ledger.
Is this pedantic? Maybe not, as the authors of The Law of Bitcoin also wrestle with the buckets an anarchic cryptocurrency fall under.
On p. 14 he writes about bank accounts:
“In reality, they provided you the illusion of access and activity visibility on it. Every time you want to move money, pay someone or deposit money, the bank is giving you explicit access because you gave them implicit trust over your affairs. But that “access” is also another illusion. It is really an access to a database record that says you have such amount of money. Again, they fooled you by giving you the illusion that you “own” that money.”
This is needless inflammatory. Commercial law and bankruptcy proceedings will determine who owns what and what tranche/seniority your claims fall under. It is unclear what the illusion is.
On p. 14 he writes:
“A user can send money to another, via a special wallet, and the blockchain network does the authentication, validation and transfer, typically within 10 minutes, with or without a cryptocurrency exchange in the middle.”
Which blockchain is he talking about? If it is not digital fiat, how does the cash-in/cash-out work? To my knowledge, no bank has implemented an end-to-end production system with other banks as described above. Perhaps that will change in the future.
On p. 18 he writes:
“Sometimes it is represented by a token, which is another form of related representation of an underlying cryptocurrency.”
This isn’t very well-defined. The reason I went to great lengths in November to explain what a “token” is and isn’t is because of the confusion caused by the initial usage of a cryptographic token, a hardware device from companies like RSA. This is not what a “token” in cryptocurrency usage means. (Note: later on p. 91 he adds a very brief explanation)
On p. 18 he cites Robert Sams who is quoting Nick Szabo, but didn’t provide a source. It is found in Seigniorage Shares.
On p. 18 he also writes:
“As cryptocurrency gains more acceptance and understanding, its future will be less uncertain, resulting in a more stable and gradual adoption curve.”
This is empirically not true and actually misses the crux of Sams’ argument related to expectations.
On p. 20 he writes:
“As of 2016, the Bitcoin blockchain was far from these numbers, hovering at 5-7 TPS, but with prospects of largely exceeding it due to advances in sidechain technology and expected increases in the Bitcoin block size.”
This isn’t quite correct. On a given day over the past year, the average TPS is around 2 TPS and Tradeblock estimates by the end of 2016 that with the current block size it will hover around just over 3 TPS.
What is a sidechain? It is left undefined in that immediate section. One potential definition is that it is a sofa.
On p. 20 he writes:
“Private blockchains are even faster because they have less security requirements, and we are seeing 1,000-10,000 TPS in 2016, going up to 2,000-15,000 TPS in 2017, and potentially an unlimited ceiling beyond 2019.”
This is untrue. “Private blockchains” do not have “less” security requirements, they have different security requirements since they involve known, trusted participants. I am also unaware of any production distributed ledger system that hits 10,000 TPS. Lastly, it is unclear where the “unlimited ceiling” prediction comes from.
On p. 20 he writes:
“In 2014, I made the strong assertion that the blockchain is the new database, and warned developers to get ready to rewrite everything.”
Where did you warn people? Link?
On p. 21 he writes:
“For developers, a blockchain is first and foremost a set of software technologies.”
I would argue that it is first and foremost a network.
On p. 22 he writes:
“The fact that blockchain software is open source is a powerful feature. The more open the core of a blockchain is, the stronger the ecosystem around it will become.”
Some, but not all companies building blockchain-related technology, open source the libraries and tools. Also, this conflates the difference between code and who can validate transactions on the network. A “private blockchain” can be open sourced and secure, but only permit certain entities to validate transactions.
On p. 24 he writes:
“State machines are a good fit for implementing distributed systems that have to be fault-tolerant.”
On p. 25 he writes:
“Bitcoin initiated the Proof-of-Work (POW) consensus method, and it can be regarded as the granddaddy of these algorithms. POW rests on the popular Practical Byzantine Fault Tolerant algorithm that allows transactions to be safely committed according to a given state.”
There are at least two problems with this statement:
The proof-of-work mechanism used in Bitcoin is apocryphally linked to Hashcash from Adam Back; however this does not quite jive with Mougayar’s statement above. Historically, this type of proof-of-work predates Back’s contribution, all the way to 1992. See Pricing via Processing or Combatting Junk Mail by Dwork and Naor
“One of the drawbacks of the Proof-of-Work algorithm is that it is not environmentally friendly, because it requires large amounts of processing power from specialized machines that generate excessive energy.”
This is a design feature: to make it economically costly to change history. It wasn’t that Satoshi conjured up a consensus method to be environmentally friendly, rather it is the hashrate war and attempt to seek rents on seigniorage that incentivizes the expenditure of capital, in this case energy. If the market price of a cryptocurrency such as bitcoin declined, so too would the amount of energy used to secure it.
On p. 29 he writes:
“Reaching consensus is at the heart of a blockchain’s operations. But the blockchain does it in a decentralized way that breaks the old paradigm of centralized consensus, when one central database used to rule transaction validity.”
Which blockchain is he talking about? They are not a commodity, there are several different unique types. Furthermore, distributed consensus is an academic research field that has existed for more than two decades.
On p. 29 he writes:
“A decentralized scheme (which the blockchain is based on) transfers authority and trust to a decentralized network and enables its nodes to continuously and sequentially record their transactions on a public “block,” creating a unique” chain” – the blockchain.”
Mougayar describes the etymology of the word “blockchain” specific to Bitcoin itself.
Note: a block actually is more akin to a “batch” or “bucket” in the sense that transactions are bundled together into a bucket and then propagated. His definition of what a blockchain is is not inclusive enough in this chapter though because it is unclear what decentralization can mean (1 node, 100 nodes, 10,000 nodes?). Also, it is important to note that not all distributed ledgers are blockchains.
On p. 31 he writes:
“Credit card companies charge us 23% in interest, even when the prime rate is only at 1%”
Which credit card companies are charging 23%? Who is being charged this? Also, even if this were the case, how does a blockchain of some kind change that?
On p. 32 he writes:
“Blockchains offer truth and transparency as a base layer. But most trusted institutions do not offer transparency or truth. It will be an interesting encounter.”
This is just a broad sweeping generalization. What does truth and transparency mean here? Which blockchains? Which institutions? Cannot existing institutions build or use some kind of distributed ledger to provide the “truth” and “transparency” that he advocates?
On p. 33 he writes:
“The blockchain challenges the roles of some existing trust players and reassigns some of their responsibilities, sometimes weakening their authority.”
Typo: should be “trusted” not “trust.”
On p. 34 he writes:
“There is a lesson from Airbnb, which has mastered the art of allowing strangers to sleep in your house without fear.”
This is not true, there are many examples of Airbnb houses that have been trashed and vandalized.
On p. 34, just as the Tapscott’s did in their book, Mougayar talks about how Airbnb could use a blockchain for identity and reputation. Sure, but what are the advantages of doing that versus a database or other existing technology?
On p. 37 he writes:
“Enterprises are the ones asking, because the benefits are not necessarily obvious to them. For large companies, the blockchain presented itself as a headache initially. It was something they had not planned for.”
First off, which blockchain? And which enterprises had a headache from it?
On p. 39 he writes: “Prior to the Bitcoin invention…”
He should probably flip that to read “the invention of Bitcoin”
On p. 40 he writes:
“… it did not make sense to have money as a digital asset, because the double-spend (or double-send) problem was not solved yet, which meant that fraud could have dominated.”
This is empirically untrue. Centralized systems prevent double-spending each and every day. There is a double-spending problem when you are using a pseudonymous, decentralized network and it is partially resolved (but not permanently solved) in Bitcoin by making it expensive, but not impossible, to double-spend.
On p. 41 he writes:
“They will be no less revolutionary than the invention of the HTML markup language that allowed information o be openly published and linked on the Web.”
This is a little redundant and should probably be rewritten as “the invention of the hypertext markup language (HTML).”
On p. 43 he writes:
“Smart contracts are ideal for interacting with real-world assets, smart property, Internet of Things (IoT) and financial services instruments.”
Why are smart contracts ideal for that?
On p. 46 he writes: “Time-stamping” and in other areas he writes it without a dash.
On p. 46 he writes:
“And blockchains are typically censorship resistant, due to the decentralized nature of data storage, encryption, and peer controls at the edge of the network.”
Which blockchains? Not all blockchains in the market are censorship resistant. Why and why not?
On p. 48 he mentions “BitIID” – this is a typo for “BitID”
On p. 51 he writes:
“Enter the blockchain and decentralized applications based on it. Their advent brings potential solutions to data security because cryptographically-secured encryption becomes a standard part of blockchain applications, especially pertaining to the data parts. By default, everything is encrypted.”
This is untrue. Bitcoin does not encrypt anything nor does Ethereum. A user could encrypt data first, take a hash of it and then send that hash to a mining pool to be added to a block, but the network itself provides no encryption ability.
On p. 52 he writes:
“Consensus in public blockchains is done publicly, and is theoretically subject to the proverbial Sybil attacks (although it has not happened yet).”
Actually, it has on altcoins. One notable occurrence impacted Feathercoin during June 2013.
On p. 54 he writes:
“The blockchain can help, because too many Web companies centralized and hijacked what could have been a more decentralized set of services.”
This is the same meme in the Tapscott book. There are many reasons for why specific companies and organizations have large users bases but it is hard to see how they hijacked anyone; but that is a different conversation altogether.
On p. 54 he writes:
“We can also think of blockchains as shared infrastructure that is like a utility. If you think about how the current Internet infrastructure is being paid for, we subsidize it by paying monthly fees to Internet service providers. As public blockchains proliferate and we start running millions of smart contacts and verification services on them, we might be also subsidizing their operation, by paying via micro transactions, in the form of transaction fees, smart contract tolls, donation buttons, or pay-per-use schemes.”
This is a very liberal use of the word subsidize. What Mougayar is describing above is actually more of a tax than a charitable donation.
The design behind Bitcoin was intended to make it such that there was a Nash equilibrium model between various actors. That miners would not need to rely on charity to continue to secure the network because as block rewards decline, the fees themselves would in the long run provide enough compensation to pay for their security services.
It could be argued that this will not happen, that fees will not increase to offset the decline in block rewards but that is for a different article.
As an aside, Mougayar’s statement above then intersects with public policy: which blockchains should receive that subsidy or donation? All altcoins too? And who should pay this?
“Blockchains are like a virtual computer somewhere in a distributed cloud that is virtual and does not require server setups. Whoever opens a blockchain node runs the server, but not users or developers.”
This is untrue. The ~6,400 nodes on the Bitcoin network are all servers that require setup and maintenance to run. The same for Ethereum and any other blockchain.
On p. 58 he writes:
“It is almost unimaginable to think that when Satoshi Nakamoto released the code for the first Bitcoin blockchain in 2009, it consisted of just two computers and a token.”
A couple issues:
There is a typo – “first” should be removed (unless there was another Bitcoin network before Bitcoin?)
Timo Hanke and Sergio Lerner have hypothesized that Satoshi probably used multiple computers, perhaps more than a dozen.
On p. 58 he writes:
“One of the primary differences between a public and private blockchain is that public blockchains typically have a generic purpose and are generally cheaper to use, whereas private blockchains have a more specific usage, and they are more expensive to set up because the cost is born by fewer owners.”
This is not true. From a capital and operation expenditure perspective, public blockchains are several orders of magnitude more expensive to own and maintain than a private blockchain. Why? Because there is no proof-of-work involved and therefore private blockchain operators do not need to spend $400 million a year, which is roughly the cost of maintaining the Bitcoin network today.
In contrast, depending on how a private blockchain (or distributed ledger) is set up, it could simply be run by a handful of nodes on several different cloud providers – a marginal cost.
On p. 68 he writes:
“Taken as an extreme case, just about any software application could be rewritten with some blockchain and decentralization flavor into it, but that does not mean it’s a good idea to do so.”
Yes, fully agreed!
On p. 68 he writes:
“By mid-2016, there were approximately 5,000 developers dedicated to writing software for cryptocurrency, Bitcoin or blockchains in general. Perhaps another 20,000 had dabbled with some of that technology, or written front-end applications that connect to a blockchain, one way or the other.”
Mougayar cites his survey of the landscape for this.
I would dispute this though, it’s probably an order of magnitude less.
The only way this number is 5,000 is if you liberally count attendees at meetups or all the various altcoins people have touched over the year, and so forth. Even the headcount of all the VC funded “bitcoin and blockchain” companies is probably not even 5,000 as of May 2016.
On p. 71 he writes:
“Scaling blockchains will not be different than the way we have continued to scale the Internet, conceptually speaking. There are plenty of smart engineers, scientists, researchers, and designers who are up to the challenge and will tackle it.”
This is a little too hand-wavy. One of the top topics that invariably any conversation dovetails into at technical working groups continues to be “how to scale” while keeping privacy requirements and non-functional requirements intact. Perhaps this will be resolved, but it cannot be assumed that it will be.
On p. 72 he writes:
“Large organizations, especially banks, have not been particularly interested in adopting public blockchains for their internal needs, citing potential security issues. The technical argument against the full security of public blockchains can easily be made the minute you introduce a shadow of a doubt on a potential scenario that might wreak havoc with the finality of a transaction. That alone is enough fear to form a deterring factor for staying away from public blockchain, although the argument could be made in favor of their security.”
This is a confusing passage. The bottom line is that public blockchains were not designed with the specific requirements that regulated financial institutions have. If they did, perhaps they would be used. But in order to modify a public blockchain to provide those features and characteristics, it would be akin to turning an aircraft carrier into a submarine. Sure it might be possible, but it would just be easier and safer to build a submarine instead.
Also, why would an organization use a public blockchain for their internal needs? What does that mean?
On p. 78 he writes:
“Targeting Bitcoin primarily, several governments did not feel comfortable with a currency that was not backed by a sovereign country’s institutions.”
Actually, what made law enforcement and regulators uncomfortable was a lack of compliance for existing AML/KYC regulations. The headlines and hearings in 2011-2013 revolved around illicit activities that could be accomplished as there were no tools or ability to link on-chain activity with real world identities.
On p. 87 he writes:
“The reality is that customers are not going to the branch as often (or at all), and they are not licking as many stamps to pay their bills. Meanwhile, FinTech growth is happening: it was a total response to banks’ lack of radical innovation.”
There are a couple issues going on here.
Banks have had to cut back on all spending due to cost cutting efforts as a whole and because their spending has had to go towards building reporting and compliance systems, neither of which has been categorized as “radical innovation.”
Also, to be balanced, manyh of the promises around “fintech” innovation still has yet to germinate due to the fact that many of the startups involved eventually need to incorporate and create the same cost structures that banks previously had to have. See for instance, financial controls in marketplace lending – specifically Lending Club.
On p. 88 he writes:
“If you talk to any banker in the world, they will admit that ApplePay and PayPal are vexing examples of competition that simply eats into their margins, and they could not prevent their onslaught.”
Any banker will say that? While a couple of business lines may change, which banks are being displaced by either of those two services right now?
On p. 89 he writes:
“Blockchains will not signal the end of banks, but innovation must permeate faster than the Internet did in 1995-2000.”
Why? Why must it permeate faster? What does that even mean?
On p. 89 he writes:
“This is a tricky question, because Bitcoin’s philosophy is about decentralization, whereas a bank is everything about centrally managed relationships.”
What does this mean? If anything, the Bitcoin economy is even more concentrated than the global banking world, with only about a dozen exchanges globally that handle virtually all of the trading volume of all cryptocurrencies.
On p. 89 he writes:
“A local cryptocurrency wallet skirts some of the legalities that existing banks and bank look-alikes (cryptocurrency exchanges) need to adhere to, but without breaking any laws. You take “your bank” with you wherever you travel, and as long as that wallet has local onramps and bridges into the non-cryptocurrency terrestrial world, then you have a version of a global bank in your pocket.”
This is untrue. There are many local and international laws that have been and continue to be broken involving money transmission, AML/KYC compliance and taxes. Ignoring those though, fundamentally there are probably more claims on bitcoins – due to encumbrances – than bitcoins themselves. This is a big problem that still hasn’t been dealt with as of May 2016.
On p. 95 he writes:
“The decentralization of banking is here. It just has not been evenly distributed yet.”
This is probably inspired by William Gibson who said: ‘The future is already here — it’s just not very evenly distributed.’
On p. 95 he writes:
“The default state and starting position for innovation is to be permissionless. Consequently, permissioned and private blockchain implementations will have a muted innovation potential. At least in the true sense of the word, not for technical reasons, but for regulatory ones, because these two aspect are tie together.”
This is not a priori true, how can he claim this? Empirically we know that permissioned blockchains are designed for different environments than something like Bitcoin. How can he measure the amount of potential “innovation” either one has?
On p. 95 he writes:
“We are seeing the first such case unfold within the financial services sector, that seems to be embracing the blockchain fully; but they are embracing it according to their own interpretation of it, which is to make it live within the regulatory constraints they have to live with. What they are really talking about is “applying innovation,” and not creating it. So, the end-result will be a dialed down version of innovation.”
This is effectively an ad hominem attack on those working with regulated institutions who do not have the luxury of being able to ignore laws and regulations in multiple jurisdictions. There are large fines and even jail time for ignoring or failing to comply with certain regulations.
On p. 95 he writes:
“That is a fact, and I am calling this situation the “Being Regulated Dilemma,” a pun on the innovator’s dilemma. Like the innovator’s dilemma, regulated companies have a tough time extricating themselves from the current regulations they have to operate within. So, when they see technology, all they can do is to implement it within the satisfaction zones of regulators. Despite the blockchain’s revolutionary prognosis, the banks cannot outdo themselves, so they risk only guiding the blockchain to live within their constrained, regulated world.”
“It is a lot easier to start innovating outside the regulatory boxes, both figuratively and explicitly. Few banks will do this because it is more difficult.”
“Simon Taylor, head of the blockchain innovation group at Barclays, sums it up: “I do not disagree the best use cases will be outside regulated financial services. Much like the best users of cloud and big data are not the incumbent blue chip organizations. Still their curioisity is valuable for funding and driving forward the entire space.” I strongly agree; there is hope some banks will contribute to the innovation potential of the blockchain in significant ways as they mature their understanding and experiences with this next technology.
An ending note to banks is that radical innovation can be a competitive advantage, but only if it is seen that way. Otherwise innovation will be dialed down to fit their own reality, which is typically painted in restrictive colors.
It would be useful to see banks succeed with the blockchain, but they need to push themselves further in terms of understanding what the blockchain can do. They need to figure out how they will serve their customers better, and not just how they will serve themselves better. Banks should innovate more by dreaming up use cases that we have not though about yet, preferably in the non-obvious category.
The fundamental problem with his statement is this: banks are heavily regulated, they cannot simply ignore the regulations because someone says they should. If they fail to maintain compliance, they can be fined.
But that doesn’t mean they cannot still be innovative, or that the technology they are investigating now isn’t useful or helpful to their business lines.
In effect, this statement is divorced from the reality that regulated financial institutions operate in. [Note: some of his content such as the diagram originated from his blog post]
On p. 102 he writes:
“Banks will be required to apply rigorous thinking to flush out their plans and positions vis-à-vis each one of these major blockchain parameters. They cannot ignore what happens when their core is being threatened.”
While this could be true, it is an over generalization: what type of business lines at banks are being threatened? What part of “their” core is under attack?
On p. 103 he writes:
“More than 200 regulatory bodies exist in 150 countries, and many of them have been eyeing the blockchain and pondering regulatory updates pertaining to it.”
Surely that is a typo, there are probably 200 regulatory bodies alone in the US itself.
On p. 105 he writes:
“Banks will need to decide if they see the blockchain as a series of Band-Aids, or if they are willing to find the new patches of opportunity. That is why I have been advocating that they should embrace (or buy) the new cryptocurrency exchanges, not because these enable Bitcoin trades, but because they are a new generation of financial networks that has figured out how to transfer assets, financial instruments, or digital assets swiftly and reliably, in essence circumventing the network towers and expense bridges that the current financial services industry relies upon.”
This is a confusing passage.
Nearly all of the popular cryptocurrency exchanges in developed countries require KYC/AML compliance in order for users to cash-in and out of their fiat holdings. How do cryptocurrency exchanges provide any utility to banks who are already used to transferring and trading foreign exchange?
In terms of percentages, cryptocurrency exchanges are still very easy to compromise versus banks; what utility do banks obtain by acquiring exchanges with poor financial controls?
And, in order to fund their internal operations, cryptocurrency exchanges invariably end up with the same type of cost structures regulated financial institutions have; the advantage that they once had effectively involved non-compliance – that is where some of the cost savings was. And banks cannot simply ignore regulations because people on social media want them to; these cryptocurrency sites require money to operate, hence the reason why many of them charge transaction fees on all withdrawals and some trades.
On p. 115 he mentions La’Zooz and Maidsafe, neither of which – after several years of development, actually work. Perhaps that changes in the future.
On p.118 he writes:
“There is another potential application of DIY Government 2.0. Suppose a country’s real government is failing, concerned citizens could create a shadow blockchain governance that is more fair, decentralized and accountable. There are at least 50 failed, fragile, or corrupt states that could benefit from an improve blockchain governance.”
Perhaps this is true, that there could be utility gain from some kind of blockchain. But this misses a larger challenge: many of these same countries lack private property rights, the rule of law and speedy courts.
On p. 119 he writes about healthcare use cases:
“Carrying a secure wallet with our full electronic medical record in it, or our stored DNA, and allowing its access, in case of emergency.”
What advantage do customers gain from carrying this around in a secure wallet? Perhaps they do, but it isn’t clear in this chapter.
On p. 126-127 he makes the case for organizations to have a “blockchain czar” but an alternative way to pitch this without all the pomp is simply to have someone be tasked with becoming a subject-matter expert on the topic.
On p. 131 he writes:
“Transactions are actually recorded in sequential data blocks (hence the word blockchain), so there is a historical, append-only log of these transaction that is continuously maintained and updated. A fallacy is that the blockchain is a distributed ledger.”
It is not a fallacy.
On p. 149 he writes: “What happened to the Web being a public good?”
Costs. Websites have real costs. Content on those websites have real costs. And so forth. Public goods are hard to sustain because no one wants to pay for them but everyone wants to use them. Eventually commercial entities found a way to build and maintain websites that did not involve external subsidization.
On p. 150 he writes:
“Indeed, not only was the Web hijacked with too many central choke points, regulators supposedly continue to centralize controls in order to lower risk, whereas the opposite should be done.”
This conflicts with the “Internet is decentralized” meme that was discussed throughout the book. So if aspects of the Internet are regulated, and Mougayar disagrees with those regulations, doesn’t this come down to disagreements over public policy?
On p. 153 he writes:
“Money is a form of value. But not all value is money. We could argue that value has higher hierarchy than money. In the digital realm, a cryptocurrency is the perfect digital money. The blockchain is a perfect exchange platform for digital value, and it rides on the Internet, the largest connected network on the planet.”
Why are cryptocurrencies perfect? Perhaps they are, but it is not discussed here.
On p. 153 he also talks about the “programmability” of cryptocurrencies but doesn’t mention that if fiat currencies were digitally issued by central banks, they too could have the same programmable abilities.
On p. 160 he predicts:
“There will be dozens of commonly used, global virtual currencies that will be considered mainstream, and their total market value will exceed $5 trillion, and represent 5% of the world’s $100 trillion economy in 2025.”
Perhaps that occurs, but why? And are virtual currencies now different than digital currencies? Or are they the same? None of these questions are really addressed.
This book is quick read but unfortunately is weighed down by many opinions that are not supported by evidence and consequently, very few practical applications for enterprises are explained in detail.
For regulated businesses such as financial institutions, there are several questions that need to be answered such as: what are the specific cost savings for using or integrating with some kind of blockchain? What are the specific new business lines that could be created? And unfortunately the first edition of this book did not answer these types of questions. Let us look again at a future version.
[Disclaimer: The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
A couple weeks ago I joked that while containment is impossible, it would be nice to know who patient-zero was for using the term “blockchain” without an article preceding it. The mystery of who exactly removed the “a” before “blockchain” is probably residing on the same island that Yeti, Sasquatch, and the New England Patriot’s equipment team are now located.
Don and Alex Tapscott, a Canada-based father-son duo, co-authored a new book entitled Blockchain Revolution that not only suffers from this grammatical faux pas but has several dozen errors and unproven assertions which are detailed in this review.
Below is a chapter-by-chapter look into a book that should have baked in the oven for a bit more time.
Note: all transcription errors are my own. See my other book reviews.
On p. 5 the authors write:
“A decade later in 2009, the global financial industry crashed. Perhaps propitiously, a pseudonymous person or persons named Satoshi Nakamoto outlined a new protocol for a peer-to-peer electronic cash system using a cryptocurrency called bitcoin.”
Ignoring the current drama surrounding Craig Wright — the Australian who claims to be Satoshi — during the initialthreads on Metzdowd, Satoshi mentioned he had been working on this project for 18 months prior; roughly mid-2007. So it was more coincidental timing than intentional.
And much like other books on the same topic, the authors do not clarify that there are more than one type of blockchain in existence and that some are a type of distributed ledger.
For instance, on p. 6 they write:
“At its most basic, it is an open source code: anyone can download it for free, run it, and use it to develop new tools for managing transactions online.”
With the ‘it’ being a ‘blockchain.’ The problem with this grammatical issue is that we know empirically that there many different types of distributed ledgers and blockchains currently under development and not all of them are open sourced. Nor does being open source automagically qualify something as a blockchain.
On p. 6 they write:
“However, the most important and far-reaching blockchains are based on Satoshi’s bitcoin model.”
That’s an opinion that the authors really don’t back up with facts later on.
In addition, on the same page they make the “encryption” error that also plagues books in this space: the Bitcoin blockchain does not use encryption.
For example, on page 6 they write:
“And the blockchain is encrypted: it uses heavy-duty encryption involving public and private keys (rather like the two-key system to access a safety deposit box) to maintain virtual security.”
Incorrect. Bitcoin employs a couple different cryptographic processes, but it doesn’t use encryption. Furthermore, the example of a ‘two-key system’ actually illustrates multisig, not public-private key pairs.
On p. 8 they write:
“Bankers love the idea of secure, frictionless, and instant transactions, but some flinch at the idea of openness, decentralization and new forms of currency. The financial services industry has already rebranded and privatized blockchain technology, referring to it as distributed ledger technology, in an attempt to reconcile the best of bitcoin — security, speed, and cost — with an entirely closed system that requires a bank or financial institution’s permission to use.”
There is a lot of assumptions in here:
(1) it is unclear which “bankers” they are speaking about, is it every person who works at a bank?
(2) the term ‘openness’ is not very well defined, does that mean that people at banks do not want to have cryptographically proven provenance?
In addition, in order for something to be privatized it must have been public at first. Claiming that the “blockchain” toolkit of ideas and libraries was privatized away from Bitcoin is misleading. The moving pieces of Bitcoin itself are comprised of no less than 6 discrete elements that previously existed in the cryptography and distributed systems communities.
The Bitcoin network itself is not being privatized by financial institutions. In fact, if anything, empirically Bitcoin itself is being carved away by entities and efforts largely financed by venture capital — but that is a topic for another article. Furthermore, research into distributed computing and distributed consensus techniques long predates Bitcoin itself, by more than a decade.
Lastly, and this is why it helps to clearly define words at the beginning of a book, it is important to note that some blockchains are a type of distributed ledger but not all distributed ledgers are blockchains.
On page 9 they write that:
“In 2014 and 2015 alone more than $1 billion of venture capital flooded into the emerging blockchain ecosystem, and the rate of investment is almost doubling annually.”
This is only true if you conflate cryptocurrency systems with non-cryptocurrency systems. The two are separate and have completely different business models. See my December presentation for more details about the divergence.
On p. 9 they write:
“A 2013 study showed that 937 people owned half of all bitcoin, although that is changing today.”
First off, this is a typo because the original article the authors cite, actually says the number is 927 not 937. And the ‘study’ showed that about half of all bitcoins resided on addresses controlled by 937 on-chain entities. Addresses does not mean individuals. It is likely that some of these addresses (or rather, UTXOs) are controlled and operated by early adopters (like Roger Ver) as well as exchanges (like Bitstamp and Coinbase).
Furthermore, it is unclear from the rest of the book how that concentration of wealth is changing — where is that data?
On p. 18 they write about Airbnb, but with a blockchain. It is unclear from their explanation what the technical advantage is of using a blockchain versus a database or other existing technology.
On p. 20 they write:
“Abra and other companies are building payment networks using the blockchain. Abra’s goal is to turn every one of its users into a teller. The whole process — from the funds leaving one country to their arriving in another — takes an hour rather than a week and costs 2 percent versus 7 percent or higher. Abra wants its payment network to outnumber all physical ATMs in the world. It took Western Union 150 years to get to 500,000 agents worldwide. Abra will have that many tellers in its first years.”
There are at least 3 problems with this statement:
the authors conflate a blockchain with all blockchains; empirically there is no “the” blockchain
Abra’s sales pitch relies on the ability to convince regulators that the company itself just make software and doesn’t participate in money transmission or movement of financial products (which it does by hedging)
Fast forward to May 2016 and according to the Google Play Store and Abra has only been downloaded about 5,000 times.
Perhaps it will eventually reach 500,000 and even displace Western Union, but the authors’ predictions that this will occur in one year is probably not going to happen at the current rate.
Furthermore, on p. 186 they write that “Abra takes a 25-basis-point fee on conversion.”
Will this require a payment processing license in each jurisdiction the conversion takes place?
On page 24 they write:
“Other critics point to the massive amount of energy consumed to reach consensus in just the bitcoin network: What happens when thousands or perhaps millions of interconnected blockchains are each processing billions of transactions a day? Are the incentives great enough for people to participate and behave safely over time, and not try to overpower the network? Is blockchain technology the worst job killer ever?”
There are multiple problems with this statement:
on a proof-of-work blockchain, the amount of energy consumed is notconnected with the amount of transactions being processed. Miners consume energy to generate proofs-of-work irrespective of the number of transactions waiting in the memory pool. Transaction processing itself is handled by a different entity entirely called a block maker or mining pool.
as of May 2016, it is unclear why there would be millions of interconnected proof-of-work blockchains. There are perhaps a couple hundred altcoins, at least 100 of which are dead, but privately run blockchains do not need to use proof-of-work — thus the question surrounding incentives is a non sequitur.
while blockchains however defined may displace workers of some kind at some point, the authors never really zero in on what “job killing” blockchains actually do?
On p. 25 they write:
“The blockchain and cryptocurrencies, particularly bitcoin, already have massive momentum, but we’re not predicting whether or not all this will succeed, and if it does, how fast it will occur.”
Nowhere do the authors actually cite empirical data showing traction. If there was indeed massive momentum, we should be able to see that from data somewhere, but so far that is not happening. Perhaps that changes in the future.
The closing paragraph of Chapter 1 states that:
“Everyone should stop fighting it and take the right steps to get on board. Let’s harness this force not for the immediate benefit of the few but for the lasting benefit of the many.”
Who is fighting what? They are presumably talking about a blockchain, but which one? And why should people stop what they are doing to get on board with something that is ill-defined?
On p. 30 they write that:
“Satoshi leveraged an existing distributed peer-to-peer network and a bit of clever cryptography to create a consensus mechanism that could solve the double-spend problem as well as, if not better than, a trusted third party.”
The word “trust” or variation thereof appears 11 times in the main body of the original Satoshi whitepaper. Routing around trusted third parties was the aim of the project as this would then allow for pseudonymous interaction. That was in October 2008.
What we empirically see in 2016 though is an increasingly doxxed environment in which it could be argued that ‘trusted’ parties could do the same job — movement of payments — in a less expensive manner. But that is a topic for another article.
On p. 33 they write:
“So important are the processes of mining — assembling a block of transactions, spending some resource, solving the problem, reaching consensus, maintaining a copy of the full ledger — that some have called the bitcoin blockchain a public utility like the Internet, a utility that requires public support. Paul Brody of Ernst & Young thinks that all our appliances should donate their processing power to upkeep of a blockchain: “Your lawnmower or dishwasher is going to come with a CPU that is probably a thousand times more powerful than it actually needs, and so why not have it mine? Not for the purpose of making you money, but to maintain your share of the blockchain,” he said. Regardless of the consensus mechanism, the blockchain ensures integrity through clever code rather than through human beings who choose to do the right thing.”
Let’s dissect this:
the process of mining, as we have looked at before, involves a division of labor between the entities that generate proofs-of-work – colloquially referred to as miners, and those that package transactions into blocks, called blockmakers. Miners themselves do not actually maintain a copy of a blockchain, pools do.
while public blockchains like Bitcoin are a ‘public good,’ it doesn’t follow how or why anyone should be compelled to subsidize them, at least the reasons why are not revealed to readers.
the only reason proof-of-work was used for Bitcoin is because it was a way to prevent Sybil attacks on the network because participants were unknown and untrusted. Why should a washing machine vendor integrate an expensive chip to do calculations that do not help in the washing process? See Appendix B for why they shouldn’t.
because proof-of-work is used in a public blockchain and public blockchains are a public good, how does anyone actually have a “share” of a blockchain? What does that legally mean?
On p. 34 they write:
“The blockchain resides everywhere. Volunteers maintain it by keeping their copy of the blockchain up to date and lending their spare computer processing units for mining. No backdoor dealing.”
There are multiple problems with this:
to some degree entities that run a fully validating node could be seen as volunteering for a charity, but most do not lend spare computer cycles because they do not have the proper equipment to do so (ASIC hardware)
to my knowledge, none of the professional mining farms that exist have stated they are donating or lending their mining power; instead they calculate the costs to generate proofs-of-work versus what the market value of a bitcoin is worth and entering and exiting the market based on the result.
this is a contentious issue, but because of the concentration and centralization of both mining and development work, there have been multiple non-public events in which mining pools, mining farms and developers get together to discuss roadmaps and policy. Is that backdoor dealing?
On p. 35 they write:
“Nothing passes through a central third party; nothing is stored on a central server.”
This may have been true a few years ago, but only superficially true today. Most mining pools connect to the Bitcoin Relay Network, a centralized network that allows miners to propagate blocks faster than they would if they used the decentralized network itself to do so (it lowers the amount of orphan blocks).
On p. 37 they write:
“The paradox of these consensus schemes is that by acting in one’s self-interest, one is serving the peer-to-peer (P2P) network, and that in turn affects one’s reputation as a member of the economic set.”
Regarding cryptocurrencies, there is currently no built-in mechanism for tracking or maintaining reputation on their internal P2P network. There are projects like OpenBazaar which are trying to do this, but an on-chain Bitcoin user does not have a reputation because there is no linkage real world identity (on purpose).
On p. 38 they write:
“Trolls need not apply”
Counterfactually, there are many trolls in the overall blockchain-related world, especially on social media in part because there is no identity system that links pseudonymous entities to real world, legal identities.
On p. 39 the authors list a number of high profile data breaches and identity thefts that took place over the past year, but do not mention the amount of breaches and thefts that take place in the cryptocurrency world each year.
On p. 41 they write:
“Past schemes failed because they lacked incentive, and people never appreciated privacy as incentive enough to secure those systems,” Andreas Antonopoulos said. The bitcoin blockchain solves nearly all these problem by providing the incentive for wide adoption of PKI for all transaction of value, not only through the use of bitcoin but also in the shared bitcoin protocols. We needn’t worry about weak firewalls, thieving employees, or insurance hackers. If we’re both using bitcoin, if we can store and exchange bitcoin securely, then we can store and exchange highly confidential information and digital assets securely on the blockchain.”
There are multiple problems with this statement:
it is overly broad and sweeping to say that every past PKI system has not only failed, but that they all failed because of incentives; neither is empirically true
Bitcoin does not solve for connecting real world legal identities that still will exist with our without the existence of Bitcoin
there are many other ways to securely transmit information and digital assets that does not involve the use of Bitcoin; and the Bitcoin ecosystem itself is still plagued by thieving employees and hackers
On p. 41 they write:
“Hill, who works with cryptographer Adam Back at Blockstream, expressed concern over cryptocurrencies that don’t use proof of work. “I don’t think proof of stake ultimately works. To me, it’s a system where the rich get richer, where people who have tokens get to decide what the consensus is, whereas proof of works ultimately is a system rooted in physics. I really like that because it’s very similar to the system for gold.”
There are multiple problems with this as well:
people that own bitcoins typically try to decide what the social consensus of Bitcoin is — by holding conferences and meetings in order to decide what the roadmap should or should not be and who should and should not be administrators
the debate over whether or not a gold-based economy is good or not is a topic that is probably settled, but either way, it is probably irrelevant to creating Sybil resistance.
On p. 42 they write:
“Satoshi installed no identity requirement for the network layer itself, meaning that no one had to provide a name, e-mail address, or any other personal data in order to download and use the bitcoin software. The blockchain doesn’t need to know who anybody is.”
The authors again conflate the Bitcoin blockchain with all blockchains in general:
there are projects underway that integrate a legal identity and KYC-layer into customized distributed ledgers including one literally called KYC-Chain (not an endorsement)
empirically public blockchains like Bitcoin have trended towards being able to trace and track asset movement back to legal entities; there are a decreasing amount of non-KYC’ed methods to enter and exit the network
On p. 43 they write:
“The blockchain offers a platform for doing some very flexible forms of selective and anonymous attestation. Austin Hill likened it to the Internet. “A TCP/IP address is not identified to a public ID. The network layer itself doesn’t know. Anyone can join the Internet, get an IP address, and start sending and receiving packets freely around the world. As a society, we’ve seen an incredible benefit allowing that level of pseudonymity… Bitcoin operates almost exactly like this. The network itself does not enforce identity. That’s a good thing for society and for proper network design.”
This is problematic in a few areas:
it is empirically untrue that anyone can just “join the Internet” because the Internet is just an amalgamation of intranets (ISPs) that connect to one another via peering agreements. These ISPs can and do obtain KYC information and routinely kick people off for violating terms of service. ISPs also work with law enforcement to link IP addresses with legal identities; in fact on the next page the authors note that as well.
in order to use the Bitcoin network a user must obtain bitcoins somehow, almost always — as of 2016 — through some KYC’ed manner. Furthermore, there are multiple projects to integrate identity into distributed ledger networks today. Perhaps they won’t be adopted, but regulated institutions are looking for ways to streamline the KYC/AML process and baking in identity is something many of them are looking at.
On p. 44 they write:
“So governments can subpoena ISPs and exchanges for this type of user data. But they can’t subpoena the blockchain.”
That is not quite true. There are about 10 companies that provide data analytics to law enforcement in order to track down illicit activity involving cryptocurrencies all the way to coin generation itself.
Furthermore, companies like Coinbase and Circle are routinely subpoenaed by law enforcement. So while the network itself cannot be physically subpoenaed, there are many other entities in the ecosystem that can be.
On p. 46 they write:
“Combined with PKI, the blockchain not only prevents a double spend but also confirms ownership of every coin in circulation, and each transaction is immutable and irrevocable.”
The public-private key technology being used in Bitcoin does not confirm ownership, only control. Ownership implies property rights and a legal system, neither of which currently exist in the anarchic world of Bitcoin.
Furthermore, while it is not currently possible to reverse the hashes (hence the immutability characteristic), blocks can and have been reorganized which makes the Bitcoin blockchain itself revocable.
On p. 47 they write:
“No central authority or third party can revoke it, no one can override the consensus of the network. That’s a new concept in both law and finance. The bitcoin system provides a very high degree of certainty as to the outcome of a contract.”
This is empirically untrue: CLS and national real-time gross settlement (RTGS) systems are typically non-reversible. And the usage of the word contract here implies some legal standing, which does not exist in Bitcoin; there is currently no bridge between contracts issued on a public blockchain with that of real world.
On p. 50 they write:
“That was part of Satoshi’s vision. He understood that, for people in developing economies, the situation was worse. When corrupt or incompetent bureaucrats in failed states need funding to run the government, their central banks and treasuries simply print more currency and then profit from the difference between the cost of manufacturing and the face value of the currency. That’s seigniorage. The increase in the money supply debases the currency.”
First off, they provide no evidence that Satoshi was actually concerned about developing countries and their residents. In addition, they mix up the difference between seigniorage and inflation – they are not the same thing.
In fact, to illustrate with Bitcoin: seigniorage is the marginal value of a bitcoin versus the marginal cost of creating that bitcoin. As a consequence, miners effectively bid up such that in the long run the cost equals the value; although some miners have larger margins than others. In contrast, the increase in the money supply (inflation) for Bitcoin tapers off every four years. The inflation or deflation rate is fully independent of the seigniorage.
On p. 56 they quote Erik Vorhees who says:
“It is faster to mail an anvil to China than it is to send money through the banking system to China. That’s crazy! Money is already digital, it’s not like they’re shipping palletes of cash when you do a wire.”
This is empirically untrue, according to SaveOnSend.com a user could send $1,000 from the US to China in 24 hours using TransFast. In addition:
today most money in developed countries is electronic, not digital; there is no central bank digital cash yet
if new distributed ledgers are built connecting financial institutions, not only could cross-border payments be done during the same day, but it could also involve actual digital cash
On p. 59 they write:
“Other blockchain networks are even faster, and new innovations such as the Bitcoin Lightning Network, aim to dramatically scale the capacity of the bitcoin blockchain while dropping settlement and clearing times to a fraction of a second.”
This is problematic in that it is never defined what clearing and settlement means. And, the Bitcoin network can only — at most — provide some type of probabilistic settlement for bitcoins and no other asset.
On p. 67 they write:
“Private blockchains also prevent the network effects that enable a technology to scale rapidly. Intentionally limiting certain freedoms by creating new rules can inhibit neutrality. Finally, with no open value innovation, the technology is more likely to stagnate and become vulnerable.”
Not all private blockchains or distributed ledgers are the same, nor do they all have the same terms of service. The common theme has to do with knowing all the participants involved in a transaction (KYC/KYCC) and only certain known entities can validate a transaction.
Furthermore, the authors do not provide any supporting evidence for why this technology will stagnate or become vulnerable.
On p. 70 they write:
“The financial utility of the future could be a walled and well-groomed garden, harvested by a cabal of influential stakeholders, or it could be an organic and spacious ecosystem, where people’s economic fortunes grow wherever there is light. The debate rages on, but if the experience of the first generation of the Internet has taught us anything, it’s that open systems scale more easily than closed ones.”
The authors do not really define what open and closed means here. Fulfilling KYC requirements through terms of service at ISPs and governance structures like ICANN did not prevent the Internet from coming into existence. It is possible to have vibrant innovation on top of platforms that require linkage to legal identification.
On p. 72 the authors quote Stephen Pair stating:
“Not only can you issue these assets on the blockchain, but you can create systems where I can have an instantaneous atomic transaction where I might have Apple stock in my wallet and I want to buy something or you. But you want dollars. With this platform I can enter a single atomic transaction (i.e., all or none) and use my Apple stock to send you dollars.”
This is currently not possible with Bitcoin without changing the legal system. Furthermore:
this is probably not safe to do with Bitcoin due to how colored coin schemes distort the mining incentive scheme
from a technological point of view, there is nothing inherently unique about Bitcoin that would enable this type of atomic swapping that several other technology platforms could do as well
On p. 73 they write:
“Not so easy. Banks, despite their enthusiasms for blockchain, have been wary of these companies, arguing blockchain businesses are “high-risk” merchants.”
Once again this shows how the authors conflate “blockchain” with “Bitcoin.” The passage they spoke about Circle, a custodian of bitcoins that has tried to find banks to partner with for exchanging fiat to bitcoins and vice versa. This is money transfer. This type of activity is different than what a “blockchain” company does, most of whom aren’t exchanging cryptocurrencies.
On p. 74 they write:
“Third, new rules such as Sarbanes-Oxley have done little to curb accounting fraud. If anything, the growing complexity of companies, more multifaceted transactions, and the speed of modern commerce create new ways to hide wrongdoing.”
This may be true, but what are the stats or examples of people violating Sarbanes-Oxley, and how do “blockchains” help with this specifically?
On p. 78 they write:
“The blockchain returns power to shareholders. Imagine that a token representing a claim on an asset, a “bitshare,” could come with a vote or many votes, each colored to a particular corporate decision. People could vote their proxies instantly from anywhere, thereby making the voting process for major corporate actions more response, more inclusive, and less subject to manipulation.”
First off, which blockchain? And how does a specific blockchain provide that kind of power that couldn’t otherwise be done with existing non-blockchain technology?
On p. 80 they quote Marc Andreessen who says:
“PayPal can do a real-time credit score in milliseconds, based on your eBay purchase history — and it turns out that’s a better source of information than the stuff used to generate your FICO score.”
But what if you do not use eBay? And why do you need a blockchain to track or generate a credit rating?
On p. 81:
“This model has proven to work. BTCjam is a peer-to-peer lending platform that uses reputation as the basis for extending credit.”
BTCjam appears to have plateaued. They currently have a low churn rate on the available loans and they exited the US market 2 months ago.
On p. 83 they write:
“The blockchain IPO takes the concept further. Now, companies can raise funds “on the blockchain” by issuing tokens, or cryptosecurities, of some value in the company. They can represent equity, bonds, or, in the case of Augur, market-maker seats on the platform, granting owners the right to decide which prediction markets the company will open.”
From a technical perspective this may be possible, but from a legal and regulatory perspective, it may not be yet. Overstock has been given permission by the SEC to experiment with issuance.
On p. 86 they write:
“Bitcoin cannot have bail-ins, bank holidays, currency controls, balance freezes, withdrawal limits, banking hours,” said Andreas Antonopoulos.
That’s not quite true. Miners can and will continue to meet at their own goals and they have the power to hard fork to change any of these policies including arbitrarily increasing or decreasing the issuance as well as changing fees for faster inclusion. They also have the ability to censor transactions altogether and potentially — if the social value on the network increases — “hold up” transactions altogether.
Also, this doesn’t count the subsidies that miners receive from the utilities.
On p. 98 they write:
“To this last characteristic, Antonopoulos notes: “If there is enough financial incentive to preserve this blockchain into the future, the possibility of it existing for tens, hundreds, or even thousands of years cannot be discounted.”
It can arguably be discounted. What evidence is presented to back up the claim that any infrastructure will last for hundreds of years?
On p. 100 they write:
“And just imagine how the Uniform Commercial Code might look on the blockchain.”
Does this mean actually embedding the code as text onto a blockchain? Or does this mean modifying the UCC to incorporate the design characteristics of a specific blockchain?
On p. 102 they write:
“What interests Andreas about the blockchain is that we can execute this financial obligation in a decentralized technological environment with a built-in settlement system. “That’s really cool,” he said, “because I could actually pay you for the pen right now, you would see the money instantly, you would put the pen in the mail, and I could get a verification of that. It’s much more likely that we can do business.”
I assume that they are talking about the Bitcoin blockchain:
there is no on-chain settlement of fiat currencies, which is the actual money people are settling with on the edges of the network
since it is not fiat currency, it does not settle instantly. In fact, users still have a counterparty risk involving delivery of the pen versus the payment.
if a central bank issued a digital currency, then there could be on-chain settlement of cash.
On p. 103 they write:
“If partners spends more time up front determining the terms of an agreement, the monitoring, enforcement, and settlement costs drop significantly, perhaps to zero. Further, settlement can occur in real time, possibly in microseconds throughout the day depending on that deal.”
The DTCC published a white paper in January that explains they can already do near real-time settlement, but T+3 exists due to laws and other market structures.
On p. 105 they write that:
“Multisig authentication is growing in popularity. A start-up called Hedgy is using multisig technology to create futures contracts: parties agree on a price of bitcoin that will be traded in the future, only ever exchanging the price difference.”
As an aside, Hedgy is now dead. Also, there are other ways to illustrate multisig utility as a financial control to prevent abuse.
On p. 106 they wrote that:
“The trouble is that, in recent business history, many hierarchies have not been effective, to the point of ridicule. Exhibit A is The Dilbert Principle, most likely one of the best-selling management books of all time, by Scott Adams. Here’s Dilbert on blockchain technology from a recent cartoon…”
The problem is that the cartoon they are citing (above) was actually a parody created by Ken Tindell last year.
The original Scott Adam’s cartoon was poking fun of databases and is from November 17, 1995.
On p. 115 they write:
“But the providers of rooms receive only part of the value they create. International payments go through Western Union, which takes $10 of every transaction and big foreign exchange off the top.”
Western Union does not have a monopoly on international payments, in fact, in many popular corridors they have less than 25% of market share. In addition, Western Union does not take a flat $10 off every transaction. You can test this out by going to their price estimator. For instance, sending $1,000 from the US to a bank account in China will cost $8.
On p. 117 they write about a fictional blockchain-based Airbnb called bAirbnb:
“You and the owner have now saved most of the 15 percent Airbnb fee. Settlements are assured and instant. There are no foreign exchange fees for international contracts. You need not worry about stolen identity. Local governments in oppressive regimes cannot subpoena bAirbnb for all its rental history data. This is the real sharing-of-value economy; both customers and service providers are the winner.”
The problem with their statement is that cash settlements, unless it is digital fiat, is not settled instantly. Identities can still be stolen on the edges (from exchanges). And, governments can still issue subpoenas and work with data analytics companies to track provenance and history.
On p. 119 they write:
“Along comes blockchain technology. Anyone can upload a program onto this platform and leave it to self-execute with a strong cryptoeconomical guarantee that the program will continue to perform securely as it was intended.”
While that may have been the case when these cryptocurrency systems first launched, in order to acquire ether (for Ethereum) or bitcoin, users must typically exchange fiat first. And in doing so, they usually dox themselves through the KYC requirements at exchanges.
On p.123-124 they write about a ‘Weather decentralized application’ but do not discuss how its infrastructure is maintained let alone the Q-o-S.
On p.127 they write:
“Using tokens, companies such as ConsenSys have already issued shares in their firms, staging public offerings without regulatory oversight.”
The legality of this is not mentioned.
On p. 128 they write:
“Could there be a self-propagating criminal or terrorist organizations? Andreas Antonopolous is not concerned. He believes that the network will manages such dangers. “Make this technology available to seven and a half billion people, 7.499 billion of those will use it for good and that good can deliver enormous benefit to society.”
How does he know this? Furthermore, the Bitcoin network itself is already available to hundreds of millions, but many have chosen not to use it. Why is this not factored into the prediction?
On p.131 they write:
“What if Wikipedia went on the blockchain — call it Blockpedia.”
The total article text of English Wikipedia is currently around 12 gigabytes. If it is a public blockchain, then how would this fit on the actual blockchain itself? Why not upload the English version onto the current Bitcoin blockchain as an experiment? What utility is gained?
From p. 129-144 they imagine seven ideas that are pitched as business ideas, but in most instances it is unclear what the value proposition that a blockchain provides over existing technology.
On p. 148 they write that:
“The Internet of Things cannot function without blockchain payment networks, where bitcoin is the universal transactional language.”
What does that mean? Does that mean that there are multiple blockchains and that somehow bitcoin transactions control other blockchains too?
On p. 152 they write:
“Last is the overarching challenge of centralized database technology — it can’t handle trillions of real-time transactions without tremendous costs.”
What are those costs? And what specifically prevents databases from doing so?
On p. 153 they write:
“Other examples are a music service, or an autonomous vehicle,” noted Dino Mark Angaritis, founder of Smartwallet, “each second that the music is playing or the car is driving it’s taking a fraction of a penny out of my balance. I don’t have a large payment up front and pay only for what I use. The provider runs no risk of nonpayment. You can’t do these things with a traditional payment networks because the fees are too high for sending fractions of a penny off your credit card.”
Depositing first and having a card-on-file are types of solutions that currently exist. “Microtipping” doesn’t really work for a number of reasons including the fact that consumers do not like to nickel and dime themselves. This is one of the reasons that ChangeTip had difficulties growing.
Furthermore, the tangential market of machine-to-machine payments may not need a cryptocurrency for two reasons:
M2M payments could utilize existing electronic payment systems via pre-paid and card-on-file solutions
The friction of moving into and out of fiat to enter into the cryptocurrency market is an unnecessary leg, especially if and when central bank digital currency is issued.
On pages 156-169 nearly all of the examples could use a database as a solution, it is unclear what value a blockchain could provide in most cases. Furthermore, on p. 159 they discuss documentation and record keeping but don’t discuss how these records tie into current legal infrastructure.
On p. 172 they write:
“We’re talking billions of new customers, entrepreneurs, and owners of assets, on the ground and ready to be deployed. Remember, blockchain transactions can be tiny, fractions of pennies, and cost very little complete.”
Maybe some transactions on some blockchains cost fractions of pennies, but currently not Bitcoin transactions.
On p.177 they write that “David Birch, a cryptographer and blockchain theorist, summed it up: “Identity is the new money.”
“Financing a company is easier as you can access equity and debt capital on a global scale, and if you’re using a common denominator — like bitcoin — you need not worry about exchange rates and conversation rates.”
Unless everyone is using one currency, this is untrue.
On p.185 they write:
“Sending one bitcoin takes about 500 bits, or roughly one one-thousandth the data consumption of one second of video Skype!”
But users still need to cash out on the other side which requires different infrastructure than Skype, namely money transmitter licenses and bank accounts.
On p. 192 they write that:
“Second, it can mean better protection of women and children. Through smart contracts, funds can be donated into escrow accounts, accessible only by women, say, for accessing food, feminine products, health care, and other essentials.”
How can a smart contract itself detect what gender the user is?
On p.194 they write:
“In jurisdictions like Honduras where trust is low in public institutions and property rights systems are weak, the bitcoin blockchain could help to restore confidence and rebuild reputation.”
How does Bitcoin do that? What are the specific ways it can?
On p. 202 they write:
“People can register their copyrights, organize their meetings, and exchange messages privately and anonymously on the blockchain.”
Which blockchain does this? There are external services like Ascribe.io that purportedly let creators take a hash of a document (such as a patent) and store it into a blockchain. But the blockchain itself doesn’t have that feature.
On p.214 they write:
“But surely a more collaborative model of democracy — perhaps one of that rewards participation such as the mining function — could encourage citizens’ engagement and learning about issues, while at the same time invigorating the public sector with the keen reasoning the nation can collectively offer.”
On p. 255 they mention that Greek citizens during 2015 would’ve bought more bitcoins if they had better access to ATMs and exchanges. But this is not true, empirically people typically try to acquire USD because it is more universal and liquid. Perhaps that changes in the future, but not at this time.
On p. 260 they write:
“The cost for having no central authority is the cost of that energy,” said Eric Jennings, CEO of Filament, an industrial wireless sensor network. That’s one side of the argument. The energy is what it is, and it’s comparable to the cost incurred in securing fiat currency.”
Where is the citation? The reason the costs of securing the Bitcoin network are currently around $400 million a year is because that is roughly the amount of capital and energy expended by miners to secure a network in which validators are unknown and untrusted. If you know who the participants are, the costs of securing a network drop by several orders of magnitude.
On p. 261 they write about the BitFury Group, a large mining company:
“Its founder and CEO, Valery Vavilov, argued the view that machines and mining operations overall will continue to get more energy efficient and environmentally friendly.”
Actually what happens is that while the ASIC chips themselves become more energy efficient, miners in practice will simply add more equipment and maintain roughly the same energy costs as a whole. That is to say, if a new chip is 2x as efficient as before, miners typically just double the acquisition of equipment — maintaining the same amount of energy consumption, while doubling the hashrate. There is no “environmental friendliness” in proof-of-work blockchains due to the Red Queen Effect.
On p. 274 they write:
“There will be many attempts to control the network,” said Keonne Rodriguez of Blockchain. “Big companies and governments will be devoted to breaking down privacy. The National Security Agency must be actively analyzing data coming through the blockchain even now.”
With thousands of copies being replicated around the world, it’s unclear who actually is storing it, perhaps intelligence agencies are. We do know that at least 10 companies are assisting compliance teams and law enforcement in tracking the provenance of cryptocurrency movements.
On p. 282 they write:
“Indeed, Mike Hearn, a prominent bitcoin core developer, caused a quite a stir in January 2015 when he wrote a farewell letter to the industry foretelling bitcoin’s imminent demise.”
“Licensed exchanges, such as Gemini, have gained ground perhaps because their institutional clientele know they’re now as regulated as banks.”
Actually, Gemini hasn’t gained ground and remains relatively flat over the past ~5 months. Even adding ether to their list of assets didn’t move the dial.
Overall the book was published a little too early as there hasn’t been much real traction in the entire ecosystem.
The content and perspective is currently skewed towards telling the cryptocurrency narrative and seemingly downplays the important role that institutions and enterprises have played over the past year in the wider distributed ledger ecosystem.
If you are looking for just one book to read on the topic, I would pass on this and wait for a future edition to rectify the issues detailed above. See my other book reviews.
Three years since the current wave began and $1 billion later, cryptocurrency / public blockchain ecosystem is experiencing such a level of “fast growth” that no one is able to publish any real usage numbers.1
Sarcasm aside, despite copious amounts of news coverage, interviews and conferences, very few VC-backed cryptocurrency-related startups are divulging any non-gamable numbers.
I had hoped to do a regular quarterly update (see previous January post regarding usage numbers) but there just isn’t much public data to go on. In fact, there is less data today than 3 months ago.
For instance, at some point in the past couple of months, Coinbase removed its wallet transaction volume chart from its chart site. This coincides with a public announcement made in February that ‘Coinbase is not a wallet.’ As Brian Armstrong, CEO of Coinbase stated:
Over the next year or so, you’ll see the Coinbase brand shift from being a hybrid wallet/exchange to focusing on purely being a retail and institutional exchange. It will take some time to update, but the transition will happen.
Interestingly, this somewhat conflicts with another statement made in a Forbespiece this past week covering Coinbase and Blockchain.info, stating:
Currently, 80% of Coinbase’s customers buy bitcoin as an investment, and 20% transact with it, though that balance is currently shifting more toward transactions.
Perhaps transaction volume overall is increasing, but if so, why remove the wallet transaction volume chart? Or is it solely related to transaction volume on the exchange?
The same Forbes article also mentioned another specific aggregate number:
“Startups play a pretty integral role in the sense that we represent most of the end. If you look at users of Bitcoin on the network, most of them are represented by one of the major Bitcoin companies,” says Peter Smith, chief executive of Blockchain, adding that five or six companies, including Coinbase and Blockchain, represent about 80% of transaction volume on the network. Numerous startups are also using Bitcoin to enable their users to more easily send remittances, cross-border payments and peer-to-peer payments, as well as make mobile in-app purchases.
Maybe this is true, maybe there are 5 or 6 companies that represent the lionshare of volume on the Bitcoin network itself. If so, we should be able to see that.
This is a simplified, color coded version of a tool that Chainalysis provides to its customers such as compliance teams at exchanges. The thickness of a band accurately represents the volume of that corridor, it is drawn to scale. The names of certain entities are redacted.
The image is based on data for the first quarter of 2016 and is an update to the chart I published in an article back in January.
Based on the chart above, there are in fact 5-6 organizations that represent 80% of the volume; both Coinbase and Blockchain.info are among them (Blockchain.info also operates SharedCoin).
In fact, Chainalysis recently updated their methodology and found that Coinbase transactions represent every 6th or 7th transaction on the Bitcoin blockchain. 2 This specific area of data science is continuously undergoing refinement and should be looked at once again in the coming months.
The same Forbes article says that Coinbase has 3.5 million users and Blockchain.info has 6.5 million wallet holders.
But as we have looked at before, what does that even mean? Few companies publicly define what a user or wallet actually represents. I have looked at this twice in the past:
The bottom line is that “monthly active users” (MAU) — which is one of the standard methods for measuring real growth (and success) of an application, is still largely unreported by any cryptocurrency-related company that has raised a Series A or higher.3
Other public data
Where can we find data that is still be published and could reflect usage numbers of public blockchains?
According to CoinATMRadar, the ‘number of Bitcoin ATMs installed by Bitcoin machine type’ increased from 536 at the beginning of January to 612 at the end of March. This comes to roughly 0.84 ATMs installed per day or a rate slightly higher than the past 2 years (it is on pace for 308.2 installations altogether this year compared with 275 per year for 2014 and 2015).
In terms of market prices, there were some relatively big swings in volatility (about $100 from peak to trough) in the first quarter due in part to the continued block size debate which still remains unresolved.9
Some venture funding bounced back from the dearth in Q4 2015.
According to the venture capital aggregation at CoinDesk there was $148 million of publicly announced rounds for both Bitcoin-related and Blockchain-related startups spread among 14 deals in Q1 2016. Though two investments alone (DAH and Blockstream) accounted for more than two-thirds of that funding tranche.
However, the list is probably not complete as two investments into Kraken’s Japanese subsidiary were for undisclosed amounts (first from SBI in January and then by Money Partners Group in March). Similarly, Ripple also received capital from SBI in January (for a reported 3 billion yen or ~$25 million).
In addition, last week, CB Insights (a venture tracking firm) held a webinar that covered the “Bitcoin / Blockchain” ecosystem (deck) (recording).
While providing a good general overview, I think it lacks a number of recent developments in the overall “Blockchain” capital markets world.10
For instance, Tradeblock recently launched Axoni (a private / permissioned blockchain) and Peernova isn’t really a “Blockchain” company now. 11 The webinar is a little outdated on the cryptocurrency side of things too. For example, Mirror is completely out of the ecosystem altogether, 21inc is basically a software company at this point, Buttercoin is bankrupt and Blockscore shouldn’t be included in either bucket.
I would be remiss to not include Counterparty, a platform has effectively plateaued (see image above) and has now been eclipsed by Ethereum based on multiple measurements including transaction growth (which actually may be eventually be gamed via “long chains” just like some Bitcoin transactions are).
Ignoring the liquidity and market cap sections (basically all cryptocurrencies are illiquid and easily manipulable) there is a marked difference in terms of terms of social media engagement and interest between the two platforms. For example, in terms of public interest, one measure that could be added to the Coingecko list is the amount of organized Meetup’s: Ethereum has roughly a hundred globally and Counterparty has about 10.
As an aside, I attended two Ethereum meetup’s last month: one hosted by Coinbase in San Francisco and another one hosted by IFTF in Palo Alto. Both were well-attended with roughly 120 people showing up for the latter.
[Note: I do not own, control or hold any cryptocurrency nor do I have any trading position on them either.]
Why is no one actively publishing numbers?
It could be the case that some of the startups feel that any user / usage number is commercially important and therefore treat it like a trade secret.
Is there really less transparency in this market compared to other tech markets?
Maybe, maybe not. What about public markets?
Last spring, Blizzard Entertainment announced it would no longer publish World of Warcraft subscription numbers. This was done because of the continual decline in subscriptions (more than halving from its 12 million peak). Similarly, last fall, Microsoft said it would no longer publish Xbox One unit sales and would instead share Xbox Live usership. ((Disclosure: I own an Xbox One)) At the time this move was seen as a way to downplay the growing gap in sales between Sony’s PS4 and the Xbox One.
An exception to this rule is Zynga — the mobile / social gaming company — which has seen continual drop offs in monthly active users for over three years, but still publishes numbers. 12
Back to the public blockchain sphere: why would 40+ companies that have closed a Series A or higher as a whole decide not to publish user / usage numbers in a market that claims to always be growing by leaps and bounds?
One of the problems appears to be that when you raise a lot of money, $50+ million for B2C applications your charts are expected to look a bit like other high-growth companies.
For instance, above is a two-year chart displaying two types of users: daily active and paid for Slack. With 3.5x daily user growth over the past year, Slack announced last week that it has closed its new round, raising $200 million at $3.8 billion post-money valuation. About a third of its daily users which are paid users, a relatively high conversion rate.
Obviously social media commenters will point out that “cryptocurrencies” are not the same thing as communication tools, but the point remains that eventually the aspirations of investors will re-calibrate with the actual growth trajectories of a platform. And as of right now, based on public data it is unclear where that traction is in the cryptocurrency world — perhaps it does exist somewhere but no one is publicly revealing those stats.
It bears mentioning, based on anecdotes there are several cryptocurrency-related startups that have gained relatively large customer bases in certain corridors focused on cross-border payments and remittances involving The Philippines.13 There are also several cash-flow positive companies in this space that have flown under the radar. On the flipside, based on similar anecdotes, multi-level marketing scams like MMM Global also have seen continued traction.14
Where is the growth, where are the numbers? Those are the two questions that continue to drive blog posts on this site. Perhaps startups in the public blockchain ecosystem will be more forthcoming later this year as more capital is deployed. We will try to revisit this topic once more information is publicly available.
It will also be interesting to see how many more cryptocurrency-related companies rebrand or pivot into the “private blockchain” sphere without actually changing how they interact with cryptocurrencies. Thus, my older October post on the Great Pivot should be revisited at some point as well. In addition, if “private blockchain” platforms are eventually flipped on into production mode, they may begin to yield usage numbers worth looking at in a year or so.
And according to other data science companies I have spoken to in the recent past, several confirm this as well. [↩]
A notable exception was in December 2015 when BitPay provided a transaction chart to Forbes. Additionally, BitGo has published numbers from time to time. And while it hasn’t raised a Series A, Blockstack is also fairly open about its userbase. [↩]
Blockstack.org is not the same thing as Blockstack.io — two different groups. [↩]
Flavien Charlon, creator of Open Assets, also maintains Openchain. [↩]
Monegraph is a platform for managing digital artwork. [↩]
During its crowdsale last year, Factom sold about 4.4 million factoid (tokens) for 2,278 bitcoins. [↩]
CoinSciences, the team behind Coinspark, also has another product called MultiChain. [↩]
One interesting stat they mentioned was in terms of ratios: in 2015 there was about $15 billion invested in “fintech” overall and about $450 million in the entire umbrella of “cryptocurrency / blockchain” ecosystem. That amounts to about 3%. [↩]
Peernova has transitioned from being a Bitcoin mining company to creating “Blockchain-inspired” tools for other industries. [↩]
Since then, the paper and portions thereof, have been translated into multiple languages, emailed and downloaded thousands of times, copied word-for-word by many consulting companies and used as a primer for managers and executives at organizations big and small. In short, it helped articulate what was then happening in a new niche industry, one that has grown over the subsequent months.
What has changed and why did it become popular to the point where vendors now use bullet points marketing their product as a “permissioned ledger”?
Before answering these questions I should point out that it was Robert Sams, CEO of Clearmatics, that actually coined the term “permissioned ledger.” He first publicly used it at a Coinscrum event a month before the publication of CaaS. Prior to that he had been using it in private discussions including on a now-defunct mailing list which incidentally involved other notable individuals who still work in the overall “blockchain” space.1
Let’s quickly look at what happened to the market participants that were highlighted in the main body of the report (by alphabetical order):
Clearmatics: in November 2015 they announced they had closed their seed funding; have also publicly announced their pilot “utility settlement coin” with UBS (note: ‘settlement coin’ is not a cryptocurrency)
CryptoCorp: rebranded as Blockstack and were acquired in October 2015 by Digital Asset Holdings (DAH)
Eris Industries: in January 2016 they announced they were selected to be part of the PwC “strategic blockchain portfolio”2
Ripple (Labs): in October 2015 they announced that their Series A had closed at $32 million in funding with the inclusion of Santander. In January 2016 additional funding from SBI Holdings into Ripple’s Japanese subsidiary was also announced.
Tembusu System: they had a co-founder dispute that led to dormancy of the company
Tezos: the project has continued in the background as a part-time project of its creator
Tillit: rebranded as Ldger and is currently focused on market place lending and structured products; no longer uses Ripple.
If we extend the analysis to the tangentially related projects listed in Appendix A:
Blockstream: in October 2015 it announced a cryptocurrency product called “Liquid” for wallets and exchanges and in February 2016 announced it had closed its Series A funding of $55 million
Augur: in October 2015 it concluded its crowdfunding of over $5 million and in March 2016 launched its beta
SKUChain: in January 2016 it announced its seed funding and in March 2016 joined the Plug and Play FinTech Incubator
Ethereum: officially launched its Frontier release at the end of July 2015 and then launched a “production” version called Homestead in March 2016
Pactum: turned from a standalone product into a technology specification and approach – currently being used by ULedger – and being further developed by Bitsapphire
Symbiont: in June 2015 it announced closing a seed round for $1.25 million and then in March 2016 announced it was creating a new company with Ipreo
Vennd: in April 2015 it joined the Startmate accelerator and later moved away from the “vending machine” cryptocurrency creation market
What about the rest of the marketplace?
The non-cryptocurrency distributed ledger marketplace has bifurcated into two distinct areas:
those creating some type of ledger or blockchain; and
those creating some type of application that connects to a ledger, chain or network
[Note: sometimes those creating #1 are also creating #2 but usually not vice versa]
Altogether, since September 2015, at R3 we have been approached or pitched by around 150 vendors of all shapes and sizes who do something orthogonally related to distributed ledgers.
By and large, most of them are uninvolved with cryptocurrencies themselves: that ship seems to have sailed with the Great Pivot. Perhaps that will change again?
We are currently tracking around two dozen companies that have built or are building some kind of distributed ledger and about the same amount of startups trying to build applications on top of a ledger. 4
Many of these can be seen on slides 21 and 23 of the presentation I published in December:
The end of “Proof-of-work maximalism”
What has resonated with people, especially financial institutions regarding this new market?
Part of it for sure is related to hype. Distributed ledgers and blockchains have been sold as silver bullets and panaceas to all the worlds ills. This exuberance will likely lead to another washout cycle which has happened in many other tech segments (most notably cleantech).
Another reason is that as articulated in Appendix B, while there was latent interest in the cryptographic toolkit utilized by Ethereum and Bitcoin, managers were finally afforded an explanation as to why something like proof-of-work is purposefully expensive and why it is unneeded and undesirable in an environment in which trusted intermediaries with legal contracts already operate in (e.g., capital markets).
In short: CaaS began to untie the narrative and fable that “the only secure network is one that involves proof-of-work.”
While they are not the only entities experimenting with blockchains, regulated financial institutions have also spent the past year looking at the consequences of using pseudonymous consensus methods, discovering that platforms like Bitcoin fundamentally lackdefinitive settlement finality which was briefly discussed on page 22 and 23 in CaaS.
The reaction on social media to this over the past year has ranged from acceptance all the way to angry threats. Yet fundamentally it is empirically clear that the marketing spin which proof-of-work maximalists have used — such as “hardening a chain” — is simply a misapplication of Bitcoin’s Sybil protection. But that is a topic for another day.5
This was supposed to be a brief post so we have to pass on dovetailing into the myriad of other interesting changes in the landscape.
Regular readers may have noticed just a few posts on this site over the past few months. Why? Part of this is because the content I do write is typically sent to R3 members only.
What about other discussions?
Even though the capital markets have largely settled on a specific class of ledger — one that is integrated with the existing legal system without any type of cryptocurrency or proof-of-work — the debate around public versus private blockchains will likely continue into the year by enthusiasts.
For those involved in regulated capital markets who are looking at solutions to problems with a set of requirements involving post-trade activities of clearing and settlement, it is worth pointing out that yesterday Richard Brown unveiled the project he has been working on the past 7 months: Corda.
A year from now the distributed ledger landscape will likely look a lot different than what it did in 2016 let alone 2015. It will be interesting to see how many projects are still replicating and reusing older “blockchain” designs versus building systems that are fit-for-purpose like Corda.
Source: I am an advisor to Clearmatics and a member of the mailing list. This included: Vitalik Buterin (Ethereum), Vlad Zamfir (Ethereum), Dominic Williams (Mirror / String), Jae Kwon (Tendermint), Andrew Miller (IC3 / University of Maryland), Nick Szabo (Mirror / Access), Jonathan Levin (Chainalysis), Dave Hudson (Peernova), Richard Brown (R3), Zaki Manian (SKUChain) and about a dozen others. [↩]
According to Dominic Williams: 21.91% of all tweets using the term “marmots” involved Eris Industries and Preston Byrne (its COO). [↩]
I am frequently asked this question because there is some confusion related to the legacy name and the current branding of certain technology. The two are distinct. And how we got there involves a little history.
Hyper, the parent company of Hyperledger, was founded by Dan O’Prey and Daniel Feichtinger in the spring of 2014. Fun fact: one of the alternative names they considered using was “Mintette.com” — after the term coined by Ben Laurie in his 2011 paper.
The simplest way to describe Hyperledger, the technology platform from Hyper, during its formative year in 2014 was: Ripple without the XRP. Consensus was achieved via PBFT.1 There were no blocks, transactions were individually validated one by one.
Hyperledger, the technology platform from Hyper, was one of the first platforms that was pitched as, what is now termed a permissioned distributed ledger: validators could be white listed and black listed. It was designed to be first and foremost a scalable ledger and looked to integrate projects like Codius, as a means of enabling contract execution.
Most importantly, Hyperledger in 2014 was not based off of the Bitcoin codebase.
Note: in the fall of 2014 Richard Brown and I both became the first two advisors to Hyper, the parent company of Hyperledger. Our formal relationship ended with its acquisition by DAH.2
In June 2015, DAH acquired Hyper (the parent company of Hyperledger) which included the kit and caboodle: the name brand, IP and team (the two Dans). During the same news release, it was announced that DAH had acquired Bits of Proof, a Hungary-based Bitcoin startup that had designed a Java-based reimplementation of Bitcoin (which previously had been acquired by CoinTerra).3
It was proposed at that time that Hyperledger, the Hyper product, would become the permissioned ledger project from DAH. It’s product landing page (courtesy of the Internet Archive) uses roughly the same terminology as the team had previously pitched it (see also the October homepage older homepage for DAH as well).
Source: Digital Asset / Internet Archive
On November 9, 2015, on a public blog post DAH announced that it was “Retiring Hyperledger Beta, Re-Open Sourcing Soon, and Other Changes.”
The two most notable changes were:
(1) development would change from the languages of Erlang and Elixir to Java and Scala;
(2) switch to the UTXO transaction model
The team noted on its blog in the same post:
We are also switching from our simplistic notion of accounts and balances to adopt to de facto standard of the Bitcoin UTXO model, lightly modified. While Hyperledger does not use Bitcoin in any way, the Bitcoin system is still extremely large and innovative, with hundreds of millions of dollars invested. By adopting the Bitcoin transaction model as standard, users of Hyperledger will benefit from innovation in Bitcoin and vice versa, as well as making Hyperledger more interoperable.
During this same time frame, IBM was working on a project called OpenChain, which for trademark reasons was later renamed (now internally referred to as OpenBlockchain).4
IBM’s first public foray into distributed ledgers involved Ethereum vis-a-vis the ADEPT project with Samsung (first announced in January 2015). Over the subsequent months, IBM continued designing its own blockchain (see its current white paper here).
In December 2015, the Linux Foundation publicly announced it was creating a new forum for discussion and development of blockchain technology. Multiple names were proposed for the project including Open Ledger (which was the name originally used in the first press release). However, in the end, the name “Hyperledger” was used.
How did that occur?
DAH, one of the founding members of the project, donated two things to the Linux Foundation: (1) the brand name “Hyperledger” and (2) the codebase from Bits of Proof.
Recall that Bits of Proof was the name of a Bitcoin startup that was acquired by DAH in the fall of 2014 (the Chief Ledger Architect at DAH was the co-founder of Bits of Proof). 5 Architecturally, Bits of Proof is a Java-implementation of Bitcoin. 6
In other words: today the term “Hyperledger” represents an entirely different architectural design and codebase than the original Hyperledger built by Hyper.7
The major architectural switch occurred in November 2015, which as noted above involved adopting the UTXO transaction set and Java language that Bits of Proof was built with. Therefore, Hyperledger circa 2016 is not the same thing as Hyperledger circa 2014.
Over the past two months there have been multiple different codebases donated to the Linux Foundation all of which is collectively called “Hyperledger” including the IBM codebase (partly inspired by Ethereum) as well as the DAH and Blockstream codebase (one is a clone of Bitcoin and the other is a set of extensions to Bitcoin). The technical discussions surrounding this can be found on both the public Linux Foundation mailing list and its Slack channel.
How do different, incompatible codebases work as one?
This technical question is being discussed in the Linux Foundation. It bears mentioning that as of now, the codebases are incompatible largely due to the fact that Bitcoin uses the UTXO transaction set and OpenBlockchain uses an “accounts” based method for handling balances. There are other reasons for incompatibility as well, including that they are written in completely different languages: Java/Scala versus Go versus C++ (Blockstream).
How extensive is the reuse of the Bits of Proof Bitcoin codebase donated to the Linux Foundation from the DAH team? According to a quick scan of their GitHub repo:
So when someone asks “what is Hyperledger technology?” the short answer is: it is currently the name of a collective set of different codebases managed by the Linux Foundation and is not related to the original distributed ledger product called Hyperledger created by Hyper. The only tenuous connection is the name.
Timeline in brief: Hyperledger was originally created in Spring 2014 by Hyper; Hyper was acquired in June 2015 by DAH; the original Hyperledger architecture was entirely replaced with Bits of Proof in November 2015; the Hyperledger brand name and Bits of Proof code was donated to the Linux Foundation in December 2015.
Interestingly enough, the current OpenBlockchain project from IBM also uses PBFT for its consensus mechanism and uses an “accounts” based method; two characteristics that the original Hyperledger platform from Hyper had too. [↩]
Following the bankruptcy of CoinTerra, the Bits of Proof team became independent once again. [↩]
CoinPrism launched a project called OpenChain, before IBM did. [↩]
Sometimes there is a confusion between Bits of Proof and Bits of Gold. Bits of Proof was the independent Java-implementation of Bitcoin (which is not the same thing as bitcoinj). Bits of Gold is an Israeli-based Bitcoin exchange. A co-founder of Bits of Gold also works at DAH and is their current CTO. [↩]
In the future it may contain some modifications including Elements from Blockstream. [↩]
What was once the original Hyperledger GitHub repo has been handed over to the Linux Foundation but some of the original code base and documentation from the 2014 project canstill beviewed elsewhere. [↩]
[Note: I neither own nor have any trading position on any cryptocurrency. The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
Below are several questions I recently received from the CFA Institute along with my responses.
Q1. In your book you make a convincing case that Bitcoin has a number of significant structural design flaws that will likely prevent it from ever develop into something of economically meaningful scale. Could you briefly outline the main reasons for your view?
A1. The two fundamental challenges that do not appear surmountable in the short-run are:
(1) An endogenous money-like informational commodity (such as bitcoin or litecoin) that lacks purchasing power stability relative to goods and services which live external to the system. This is a characteristic that is common to contemporary cryptocurrencies that are divorced from external information: how to securely provide information of the exogenous outside world back into the internal network in a trust-minimized manner? There have been multiple proposals over the past 2 years but no production systems in large part because solving this is solving a public goods problem, so where does the funding come from to R&D it?
(2) The second main challenge is sustainable decentralized security. Empirically all proof-of-work based cryptocurrencies have trended towards some form of centralization. Looking at CoinGecko, all of the top PoW cryptocurrencies are currently dominated by a handful of pools. The reason why has to do with the inhomogeneous Poisson process used by these systems which creates variance in payouts. And as we see in the world of traditional finance, one way to reduce risks is to pool capital. Thus, with the origination of the first mining pools in late 2010, we see miners – the security force – acting rationally by pooling hashrate to smooth out the variance in payouts.
Ernie Teo and Dave Hudson are just a handful of researchers who have looked into the long-term implications this has and have shown via simulations that as block rewards decline over time, the labor force declines as fewer participants can profitably compete in the mining process. Thus there is an open question as to whether or not any PoW cryptocurrency can remain robustly decentralized and secure or if they just “self-destruct.” Note: that there are over 100 dead altcoins, so empirically these networks are not automatically self-healing or anti-fragile.
Solving both of these issues – if they are indeed solvable – so far has remained in the realm of posturing on social media: very little real research and statistical modelling has taken place which is very surprising considering many companies have raised funds with the assumption (and promise) that these two issues will be solved.
I remain skeptical that the first is solvable without compromising the integrity of the network: how do you rebase the purchasing power of an endogenous unit of account without needing to trust the external data source? Vitalik Buterin, Robert Sams and a few others have proposed solutions dubbed “stablecoins” but most of the community, especially early adopters of popular cryptocurrencies are against purchasing power stability, preferring volatility with the belief that external market forces will somehow coordinate and permanently smooth it out, usually in a trajectory towards the moon.
Similarly I have yet to see any modelling that shows how POW mining becomes more decentralized over time. There have been companies that claim and market that they will “redecentralize” with embedded ASICs, but when you drill down deeper it is merely decentralizing hashing, not block making (the key part).
Q2. There seems to be a new consensus developing in fintech circles and among incumbents of ‘Bitcoin bad, blockchain good’. Do you agree with this or is it too simplistic – can you truly have one without the other?
A2. I think it is too simplistic and a little unfair to Bitcoin. Satoshi, from his written accounts, did not appear interested in developing software for financial institutions. He had a problem-set in his mind: how to build a censorship resistant payments system without introducing some kind of trusted third party to prevent double spending. In 2007, when he began the project (or so he stated on a mailing list) if he had thought about how to build a distributed ledger for regulated financial institutions, the deliverable would look different than Bitcoin does. We only have the benefit of hindsight to make that “Blockchain good, Bitcoin bad” claim today.
Why? Because quite frankly, Bitcoin itself does not really solve anything for banks.
Banks have seen probably 100-200 proof-of-concept/pilot projects over the last 18 months and have rejected nearly all of them. Not because it involved a cryptocurrency but because the tech didn’t solve their actual problems. I have yet to be in a meeting where someone says “I hate bitcoin because it is bitcoin” — perhaps some banks do, but all of the people I interact with at banks want solutions to their problems and cryptocurrencies in their current form, were not designed to solve problems banks have. So why should they use them?
For instance, if I built some typewriters and then claimed that banks weren’t buying them because they’re anti-typewriter. It’s not because they are anti-typewriter it is because they don’t have a use for typewriters in 2016. Yet the useful parts of typewriters are of course the keyboard which can be repurposed and used with laptops. Similarly, the useful bits of cryptocurrencies are the cryptographic signing and shared data structure elements.
Q3. Incumbent organisations experimenting with blockchain technology seem to be mostly designing permissioned blockchains. Could you elaborate on how these differ from, for example, the Bitcoin blockchain, and some of its advantages and disadvantages?
A3. Since September 2015, R3 has been pitched by over 100 software companies ranging from pre-seed startups to large enterprises. Among them are about 30 different distributed ledger proposals. Some are very much half-baked altcoins. A large number are highly modified derivatives of existing platforms (e.g., Bitcoin, Ethereum, Ripple) and a few others were customized and built from the ground up or with elements of existing systems. Universally they all involve some kind of permissioning: in which the validators on the network are gated and vetted and the users of the network are KYC’ed.
Why are they building these? There are a number of different motives but by and large this has to do with the operating environment their customers exist in: trusted, known relationships. Those relationships, market structures and laws, much to the chagrin of cypherpunk prophecies, are not going to disappear. So if you are building a commercial business and want to actually generate revenue and not permanently live off of venture funding, you will need to deliver products customers want and not just work on public goods problems.
Another advantage of designing these types of permissioned systems is that the validation model – the creation of contracts and service level agreements around who or what validates transactions – typically removes the probabilistic settlement issues found in public blockchains like Bitcoin. Public blockchains cannot provide legal settlement finality of exogenous financial instruments. And introducing new risks into the financial system via probabilistic finality is absurd. Regulated financial institutions cannot and do not want to be in a position in which assets on their balance sheet only have a 95% possibility that they own them or that a block reorganization from a pool in a sanctioned country mines it.
Incidentally there are now Bitcoin mining companies that are pitching themselves as “trusted miners” – which is an oxymoron. In fact, if the validation process (mining) of public blockchains becomes fully trusted, gated and permissioned then users lose the benefit of censorship resistance while they simultaneously have to pay the large operating costs that proof-of-work requires. Or in other words, a permissioned-on-permissionless system that provides more kabuki theater than it does commercial utility.
Q4. Increasingly, financial institutions are trying to figure out whether they can benefit from integrating blockchain technology into their operations, including your organisation R3CEV. What do you see as the main barriers of integrating blockchain into existing financial services?
A4. There are multiple challenges each financial institution has and technology alone probably only solves a fraction of them. For instance, what are the problems a blockchain actually solves for an organization? Maybe there are only a handful if any. What are the switching costs? What are the total costs of operation? How does it plug into their existing legacy systems?
Most startups lack the subject matter expertise or the relationships into the financial services industry to be able to answer those questions, so they end up building tech for tech sake. Science fair projects that remain underutilized and even unused. No amount of marketing can ultimately salvage a platform that does not solve a problem that customers do not have.
[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise.]
Yesterday the following question and comment was made to the previous blog post:
So just to be clear, you consider a company a “blockchain company” even if it runs its platform using Bitcoin’s blockchain as the rails ? For example, I believe Symbiont does this, but they certainly license out their software for a profit.
Yes, technically speaking using any blockchain as a “rail” (e.g., for storing or moving messages between parties) could effectively classify the startup as a “blockchain” company. But I also think it’s worth looking at whether or not this is useful or even a wise decision.
In the short term, maybe: if a company only cares about distributing data to a geographically distributed third party, then using a blockchain as a “rail” could be a solution for a few problems. For instance: Peernova, Chain, DigitalX (AirPocket) and others have built systems/platforms that are independent of a blockchain but then will store a “hash” of information onto a blockchain such as Bitcoin (typically via OP_RETURN). This is a process called “anchoring.”
But you can actually “anchor” in multiple mediums, it just happens that this medium is what they have currently chosen to do in the short run (e.g., could also tweet it, post it on a public mailing list, broadcast it on TV, or if you are paranoid use a numbers station). I wrote about the anchoring idea last month and previously elaborated why users such as banks do not need to use a public blockchain for anchoring.
There is another company called GuardTime that is pitching a “trust anchoring” service as well (called KSI). Their product is similar to Surety which publishes hashes of data into newspapers. If you are interested in this general idea, be sure to look into linked timestamping and “How to time-stamp a digital document” by Haber and Stornetta (and again, this is not an endorsement).
Regarding Symbiont, my understanding is that they are still using “embedded consensus” (based on their blog post) because their core team created Counterparty, which also uses an “embedded consensus mechanism” tied to Bitcoin. Currently I do not think that it is a particularly elegant solution for post-trade but it may have its uses. However that is a topic for another day (see this paper starting at page 5).
Long term, no: I don’t think it is necessarily wise for Bob to rely or depend on Alice’s chain for the security of Bob’s chain. It may be a short term stop-gap occurrence, but network designers should ultimately have to assume that other networks can become compromised and/or are unsustainable. The network needs to be as self-reliant as possible. And it is currently not possible to accurately forecast the security of Bitcoin (or other public blockchains) as it is economically driven – directly proportional to the market price of the tokens.
I think the drama around OP_RETURN size (40 versus 80 bytes) two years ago (see pages 29-30) and even the current block size debate should also serve as a cautionary tale to any organization looking at using a public blockchain. Because of the way “decentralized governance” works (an oxymoron?), the end-users are at the mercy of nebulous governance structure that can arbitrarily nerf or take away a feature (like OP_RETURN) just as much as they gave it without direct feedback or recourse from the users themselves.
As an aside, there are also cross border/remittance companies like Align Commerce that attempt to send bitcoins back and forth between liquidity providers/exchanges and do not rely on the appreciation or depreciation as part of their business model — in fact, they dislike any volatility as it harms their margins (e.g., they lock in a price for their customers for a short window of time). But since they do not rely on bitcoins qua bitcoins, they could just as easily create and use their own proprietary ledger (it doesn’t even need to be decentralized). Whether or not the “rebittance” business model makes sense is also another topic for another day (I recommend this post from Save On Send for starters).
Recall 15-20 years ago people used to attend “Internet conferences” and tell their friends that they were building an “Internet company.” That sounds anachronistic two decades later.
Today a small business owner, Bob, would simply say he operates a small business that happens to have a website, but that doesn’t mean he is operating a website company. Or if Bob accepted payments via Stripe, he wouldn’t say his company is an ACH or Stripe company – Bob is just using these “rails” as a means to an end. Hopefully when all the hype and noise lowers over time we will begin to see the companies that are actually trying to create real commercial businesses that just happen to integrate with DLT, rather than everyone positioning themselves as a DLT company that might also have a commercial product.
[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise.]
Earlier this week a piece appeared on Yahoo with a number of quotes from individuals who are trying to create a new narrative for why “Blockchain” is the cool kid at school right now.
“I can see why banks are interested in using permissioned ledgers, and maybe it will make their back office more efficient,” says Jerry Brito, executive director of digital currency nonprofit Coin Center. “But at the end of the day, it’s not a very exciting innovation. The real innovation is a completely open and global ledger that is permission-less. Having a closed, permissioned ledger run by banks, that might allow for better auditing, but there’s no innovation there, you still have to go through a consortium to use the ledger.” That is, what banks seem to want to do is incongruous to the purpose of the blockchain.
The claim in here is false. In fact, this line of reasoning is literally the No True Scotsman fallacy (or in this case, no true ledger fallacy).
There is a lot of real innovation going on behind the scenes (and a lot of non-innovation going on too) by several dozen companies building new types of applications that couldn’t really work on public blockchains (due to the lack of definitive legal settlement finality, governance, scalability and capacity — among other reasons).
Innovation and ideation are occurring, it just isn’t happening with Bitcoin or with some Bitcoin companies beyond trying to ignore state, federal and international laws (slightly kidding).
Furthermore, not all ledgers are alike. To claim that technology is “incongruous” because it isn’t fixed to the original project is a non sequitur.
Bitcoin visualized how and what one application of distributed ledger technology could look like. It showed, much like the Wright Flyer and the Benz Patent Motor Car previously did, how cobbling together existing pieces could provide a new form of utility. But for something important like regulated capital markets you wouldn’t continue reusing experimental tech just because it already exists. That’s a sunk cost fallacy.
The original Mercedes
But Brito also believes the interest will subside once banks actually learn more about blockchain technology. “I think right now investors are kind of waiting for Wall Street to get through this blockchain phase,” he says. “They have blockchain fever and they need to just get over it. Because if they develop their own closed blockchains, soon they’ll all realize they want to talk to each other, and they’ll be back to square one, doing banking.”
This is also untrue. There have been between 150-200 pilots and proof-of-concepts for banks that utilize some type of cryptocurrency (or fork thereof), nearly all of which have been rejected. Not because the banks are “anti-bitcoin” or “don’t get the blockchain” but because Bitcoin doesn’t solve the actual problems banks actually have — it wasn’t designed to.
Furthermore, as I have repeatedly explained — as early as September — in both public and private venues that:
1) the ledger/network/fabric will be open sourced
2) that recreating lots of silos probably isn’t very productive
There has been a lot of backlash from some members of the cryptocurrency because their bet hasn’t paid off but it’s disingenuous to create a narrative that is factually untrue.
I certainly cannot speak on behalf of banks, but if the goal is to get banks and other financial institutions to actually use a product then the product needs to actually provide a solution for them; cryptocurrencies as they currently exist weren’t built with their needs or requirements in mind, so why would they use them?
[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise.]
Last April, May and August I wrote three posts that attempted to look at the flow of funds: where bitcoins move to throughout the ecosystem.
Thanks to the team at Chainalysis we can now have a more granular view into specific transfer corridors and movements (not necessarily holdings) between miners, exchanges, darknet markets, payment processors and coin mixers.
The first three charts are backwards looking.
Above is a simplified, color coded version of a tool that Chainalysis provides to its customers such as compliance teams at exchanges. The thickness of a band accurately represents the volume of that corridor, it is drawn to scale.
What is the method used to generate the plot?
The chord-plot shows all bitcoin transactions in 2015 traced down all the way back to a known entity. This means that the connection between the entities can be any number of hops away.
So for instance, for the exchanges it will include direct arbitrage, but also the modus operandi for bitcoin: individuals buying bitcoins at an exchange and then doing peer-to-peer transfers. Again this can be any number of hops and then perhaps later end at an exchange again where someone is cashing out.
According to Chainalysis, by hiding all the intermediate steps we can begin to learn how most of the Bitcoin ecosystem is put together (e.g., can it be split into sub systems?, is there a dark and a lit economy?, and what is bitcoin actually used for?).
Blue: virtual currency exchanges
Red: darknet markets
Pink: coin mixers
Green: mining pools
Yellow: payment processors
Altogether there are 14 major exchanges tracked in blue including (in alphabetical order): Bitfinex, Bitreserve (now Uphold), Bitstamp, BitVC (subsidiary of Huobi), BTCC (formerly BTC China), BTC-e, Circle, Coinbase (most), Huobi, itBit, Kraken, LocalBitcoins, OKCoin and Xapo.
The identity of 12 exchanges were removed with the exception of BTC-e and LocalBitcoins.
BTC-e was founded in July 2011 and is one of the oldest operating exchanges still around. It does not require users to provide KYC documentation nor has it implemented AML processes. This has made it an attractive exchange for those wanting to remain anonymous.
LocalBitcoins was founded in June 2012 and is a combination of Craigslist and Uber for bitcoin transfers. It enables users to post trade requests on its site and provides escrow and reputation services for the facilitation of those trades. Like BTC-e, it does not require users to provide KYC documentation nor has it implemented AML processes. As a result it is a popular service for those wanting to trade bitcoins anonymously.
SharedCoin (depicted in pink above) is a product / service from Blockchain.info that allows users to mix their coins together with other users. It is one of about a dozen services that attempt to — depending who you talk to — delink the history or provenance of a bitcoin.
Founded in the spring of 2013, Agora (depicted in red above) was the largest known darknet market operating in 2015.
For each of the entities labeled on the charts below there is a ‘send to self’ characteristic which in fact are the UTXOs that originate from that entity and ends in unspent funds without first hitting another service. So it can be both cold storage owned by the service or someone hoarding (“hodling”) coins using that service.
Interestingly enough, the deposits held at one VC-backed intermediary almost all stay cold.
Above is LocalBitcoins.
Above is BTC-e.
Above is SharedCoin.
Questions and Answers
I also spoke with the Chainalysis team about how their clustering algorithm worked.
Q: What about all the transactions that did not go between central parties and intermediaries? For instance, if I used my wallet and sent you some bitcoins to your wallet, how much is that in terms of total activity?
A: The analysis above is intended to isolate sub-economies, not to see who is directly trading with who. The Chainalysis team previously did a Chord of that roughly a year ago which shows the all-time history (so early days will be overrepresented) and it was based only on one hop away transactions and normalized to what the team can ascribe to a known service.
The new chord above is different as it continues searching backwards until it locates an identified entity – this means it could have passed through an other either unidentified or less perfectly described service – but as it is same for everything and we have the law of large numbers it will still give a pretty accurate picture of what subeconomies exist. It was made to identify if the Bitcoin network had a dark economy and a lit economy (e.g. if the same coins were moving in circles e.g. dark-market->btc-e->localbitcoin->dark-market and what amount of that loop would include the regulated markets too).
So, for example, the transfers going between the regulated exchanges, many will be multihop transfers, but they start and end in regulated exchanges and as such could be described as being part of the lit economy.
Q: What specific exchange activity can you actually identify?
A: It varies per service but Chainalysis (and others) have access to some “full wallets” from clients. Also newer deposits are often not known so the balance in a wallet will be underestimated due to how the current algorithms work.
Further, some services require special attention and special analytics to be well represented due to their way of transacting – this includes some of the regional dark markets and Coinbase (due to how the company splits and pools deposits, see below). By looking at all the known entities and how many addresses they contain as a percentage of all addresses ever used for bitcoin in all time, Chainalysis has significant coverage and these are responsible for more than half of all transactions ever happened.
Q: And what was the motivation behind building this?
A: The initial purpose of the plot was to identify subsystems and pain points in the ecosystem – the team was at first uncertain of the possibility that every Bitcoin user simply bought bitcoins from exchanges to buy drugs but that does not seem to be the case. Most drug buyers use LocalBitcoins and sellers cash-in via mixers on LocalBitcoins or BTC-e (for the larger amounts).
Q: How large is SharedCoin and other mixers?
A: SharedCoin is currently around 8 million addresses and Bitcoin Fog is 200,000 addresses; they are the two largest.1
Based on the charts above, what observations can be seen?
With a forward tracing graph we can see where all the unspent bitcoins come from (or are stored). One observation is that intermediaries, in this case exchanges, are holding on to large quantities of deposits. That is to say that many users (likely traders) — despite the quantifiable known risks of trusting exchanges — still prefer to store bitcoins on virtual currency exchanges. Or to look at it another way: exchanges end up with many stagnant bitcoins and what this likely means is that users are buying lots of bitcoins from that exchange and not moving them and/or the exchange itself is holding a lot of bitcoins (perhaps collected via transaction fees or forfeited accounts).2
A lot of the activity between exchanges (as depicted in blue lines) is probably based on arbitrage. Arbitrage means if Exchange A is selling bitcoins for a higher price than Exchange B, Alice will buy bitcoins on Exchange B and transfer them to Exchange A where they are sold for a profit.
Despite the amount of purported wash trading and internal bot trading that several Chinese exchanges are believed to operate, there is still a lot of on-chain flows into and out of Chinese-based exchanges, most likely due to arbitrage.
An unknown amount of users are using bitcoin for peer-to-peer transactions. This may sound like a truism (after all, that’s what the whitepaper pitches in its title), but what this looks like above is that people go to exchanges to transfer fiat currencies for virtual currencies. Then users, using the P2P mechanic of bitcoin (or other virtual currencies), transfer their coins to someone else. We can see this by counting hops between the exchanges.
A potential caveat
Because of how certain architectures obfuscate transactions — such as Coinbase and others — it can be difficult for accurate external data analysis. However with their latest clustering algorithm, Chainalysis’s coverage of Coinbase now extends to roughly the same size of the size of Mt. Gox at its height.3
Why can this be a challenge? Coinbase’s current design can make it difficult for many data analytics efforts to clearly distinguish bitcoins moving between addresses. For instance, when Bob deposits bitcoins into one Coinbase address he can withdraw the deposit from that same address up to a limit. After about two bitcoins are withdrawn, Bob then automatically begins to draw out of a central depository pool making it harder to look at the flow granularly.
Other secondary information also makes it unclear how much activity takes place internally. For instance, in a recent interview with Wired magazine, Coinbase provided the following information:
According to Coinbase, the Silicon Valley startup that operates digital bitcoin wallets for over 2.8 million people across the globe, about 20 percent of the transactions on its network involve payments or other tasks where bitcoin is used as a currency. The other 80 percent of those transactions are mere speculation, where bitcoin is traded as a commodity in search of a profit.
In a subsequent interview with New York Business Journal, Coinbase stated that it “has served 2.9 million people with $3 billion worth of bitcoin transactions.”
It is unclear at this time if all of those transactions are just an aggregation of trades taking place via the custodial wallet or if it also includes the spot exchange it launched last January.
Publishing cumulative bitcoin balances and the number of addresses for different entities such as exchanges could help compliance teams and researchers better understand the flows between specific exchanges. For instance, a chart that shows what percentage of the 15 million existing bitcoins everyone holds at a given moment over different time intervals.
This leads to the second area: rebittance, a portmanteau of remittance and bitcoin. Last year it was supposed to be the “killer app” for cryptocurrencies but has failed to materialize due in part, to some of the reasons outlined by Save on Send.4 Further research could help identify how much of the flows between exchanges and the peer-to-peer economy is related to cross-border value transfer as it relates to rebittance activity.
And as the market for data analysis grows in this market — which now includes multiple competitors including Coinalytics, Blockseer, Elliptic and Scorechain — it may be worth revisiting other topics that we have looked at before including payment processors, long-chains and darknet markets and see how their clustering algorithms and coverage are comparable.
For compliance teams it appears that the continued flow between illicit corridors (darknet markets) is largely contingent on liquidity from two specific exchanges: BTC-e and LocalBitcoins. In addition, coin mixing is still a popular activity: from this general birds-eye view it appears as if half of the known mixing is directly related to darknet market activity and the motivation behind the other half is unknown.
Based on the information above other economic activity is still dwarfed by arbitrage and peer-to-peer transactions. And lastly, based on current estimates it appears that several million bitcoins are being stored on the intermediaries above.
[Note: special thanks to Michael Gronager and the Chainalysis team for their assistance and feedback on this post.]
There are many regional smaller projects in, for example, smaller European countries whose flows may be underrepresented as they are less known in part because they do not use commonly used languages. However most are likely a part of the long tail of coin distribution. [↩]
There is a spectrum of intermediaries in which bitcoins are stagnant (or active). For instance, in an interview last May, Wences Casares, founder and CEO of Xapo stated:
Still, Casares indicated that Xapo’s customers are most often using its accounts primarily for storage and security. He noted that many of its clientele have “never made a bitcoin payment”, meaning its holdings are primarily long-term bets of high net-worth customers and family offices.
“Ninety-six percent of the coins that we hold in custody are in the hands of people who are keeping those coins as an investment,” Casares continued. [↩]
[Note: opinions expressed below are solely my own and do not represent the views of my employer or any company I advise. Today is the 7th anniversary of the Genesis block.]
With over $900 million invested in cryptocurrency startups over the past couple of years, what does adoption and usage numbers look like?
Unfortunately very few of the companies that have received funding have publicly divulged actual numbers, primarily because consumer uptake has been lower than expected (or promised).
For instance, Coinbase recently published five charts it says reflect growth.
The first chart they show is transactions per day.
However, since we know that most transactions are “long-chain” transactions (comprised of spam, wallet shuffling, coin mixing, mining payouts, faucets, etc.), this is a poor indicator of actual on-chain trade and commerce or adoption.
As illustrated in the chart above, once long-chains are removed, growth (as highlighted in the pink region) is roughly linear since 2014, at ~0.5x per year.
What about Coinbase itself?
Coinbase doesn’t typically divulge much about specifics, however it’s older pitch deck (from September 2014) does give a few details about its users, such as 40% of all Coinbase users are from three states: California, New York and Texas; as well as the amount of deposits that Coinbase holds for each customer.
While this number likely has changed in the past 15 months, ignoring the fluctuation in token prices it may be the case that the average deposit per customer has not increased significantly. Why might that be?
Above is a 1-year chart produced by Coinbase showing the daily amount of off-chain transactions. Or rather, transactions that take place on their own internal system. As we can see, the volume is roughly the same across all of 2015. If usage actually was increasing or user numbers were growing substantially, then we should be able to see some visible changes upward. This has not occurred.
P2SH, or pay to script hash, is probably the most common method for securing bitcoins (or UTXOs) via multisig. As shown in the two charts above, over the course of 2015 the percentage of existing bitcoins held in P2SH addresses increased from 6% to around 10% today. Though over the past 5 months the amount has effectively plateaued.
According to marketing material, BitGo processes more than 50% of all P2SH transactions (more than all other service providers combined). So this may also be an upward bound indicator of people who are savvy enough to secure their bitcoins via multisig (note: many custodial wallets such as Coinbase and Xapo purportedly secure certain layers of “cold wallets” via multisig and P2SH is just one method of doing so).
The chart above visualizes the percent of bitcoins owned by each address balance range.
As of block height 390,000 approximately 98.16% of all bitcoins reside on 513,648 addresses. This is not to say there are only half a million bitcoin users on the planet, as some of the addresses are owned or controlled by multiple people (such as a custodial wallet or exchange). But it is probably a pretty good proxy of on-chain users — users who actually control the private key and do not use an intermediary.
This is roughly twice as many on-chain users as twenty-one months ago (in April 2014) — at block height 295,000 — when I first started looking at this source.1
One interesting trend that ties in with the multisig window above is that at one point as recently as April 2014, none of the Top 500 addresses were using multisig. But over the past year, as seen by the “3” prefix at the start of addresses, we can visibly see several dozen Top 500 addresses that now use multisig (note: some of the other addresses may use hardware wallets such as Trezor, Ledger or Case and not use multisig).
I once heard a Bitcoin reporter tell me in the August 2014 that BitAccess was on track to be the first billion dollar Bitcoin company. Whoops!
As we know empirically, the ATM industry in general is very low margin; companies make it up on volume which none of these startups have been able to thus far. Despite the hype, over the past a grand total of 536 Bitcoin ATMs have been installed, roughly 275 per year.
For comparison, according to the ATM Association there are roughly 3 million ATMs globally.
Can’t this change in the future? Perhaps, but recall that the average two-way (roundtrip) Bitcoin ATM fee is ~11% and there are only a handful located in emerging markets. Why is the fee relatively high? Because ATM owners are not operating charities and want to turn a profit. If Bitcoin adoption truly was going gang busters you would expect this number to be growing exponentially and not linearly.
Admittedly this chart doesn’t have to deal with adoption. There is no scientific correlation between the amount of usage or users of cryptocurrencies and the volatility of its trading pairs.
The reason I have included this is because in the Coinbase post above they state that bitcoin volatility is decreasing… relative to the Russian ruble and Brazilian real. Yet from the volatility chart above, it is clear that volatility has not really decreased. The BTC/USD volatility may be less than what it was in 2012, but on any given day it is still 10x more volatile than CNY/USD and 6x more volatile than USD/EUR — trading pairs that represent the real lionshare of global economic activity.
What it shows is that VC investment in cryptocurrency-related startups peaked in Q1 2015. Yet, the bulk of the Q1 investments came from the 21inc announcement which itself was an aggregation of its previous rounds that had taken place over the previous 18 months. So funding may have actually peaked in Q4 2014.2
What this probably illustrates is that aside from a couple of permabull investors (such as Boost and Pantera), most serious venture capital has decided to wait and see how the dust settles before investing anything in this space. Why? Basically there has been no product market fit and few viable business models.3 Sure there has been a lot of publicity, but as Kevin Collier recently explored, there does not appear to be any permanent impact of say: Bitpay sponsoring a college bowl game last year.4
The two charts above both come from Bitwage, a startup that converts payrolls into bitcoins. Ignoring the drop-off in January 2016 (it is the beginning of a new month), for most of 2015 there were roughly 200-300 new user signups each month and about $250,000 in salaries converted as well.
Again, this is not to say that Bitwage’s service is not useful, rather that if there was increased bitcoin growth and adoption, then one proxy could be through payroll conversion. However, as shown above, growth is linear not exponential.
Above is a 2-year, nearly linear line chart from Blockchain.info depicting the “My Wallet” Number of Users. It bears mentioning that many people still use Blockchain.info wallets like a “temporary” wallet (or burner wallet) for coin mixing, yet despite the rapid creation rate for this purpose even if we look just at the last 6 months, it is not close to being exponential.
But what about hash rate? It has continually gone up and to the right the last few months, surely this is an indicator of mass adoption?
All hash rate is measuring is the amount of work being generated by an unknown amount of computers (typically ASICs) somewhere on the planet. Hash rate typically rises when the price of bitcoins rise and falls when the price of bitcoins fall (see Appendix B). Since prices have nearly doubled over the past four months then it stands to reason that hash rate would correspondingly increase as hashing farms deploy new capital.5
Unless each site is inspected, it’s difficult to tell if there are more hashing farms and equipment and therefore “more users.” However, what we do know is that there are roughly the same amount of pools today (~20) as there were three years ago.6
Counterparty is an embedded consensus system (see section 1): an asset issuance platform that effectively staples itself onto the Bitcoin blockchain.
As shown above, on a given day roughly 500-1000 transactions take place through the platform. According to Laurent MT, the spikes may be related to the weekly distribution of LTBCoins. And again, despite turnkey services and vending machines such as Tokenly and CoinDaddy (and CounterpartyChain), overall growth on the ECS has effectively plateaued over the past year.
Bitcoin is a solution and service provider for those who hold bitcoins. Despite the fanfare, the conferences and the perpetual feel-good op-eds in Techcrunch, the only people who seem to use it regularly seven years later are a niche demographic group: young, white, tech-savvy men in North America and Western Europe. Many of whom have access to multiple other payment networks and asset classes for investment.
As a result, it is probably not a surprise that instead of using bitcoins to pay for coffee on-chain each day, most private key owners prefer to “hodl” or use intermediaries. This may make sense for those with low time preferences, but it shouldn’t then come as a surprise that there are few, if any metrics that show wide-scale adoption beyond this core demographic. Will this change in 2016 or will the “great pivot” continue?
Spam and dust (such as “tips”) likely represents the remaining 1.84% of all bitcoins (located on 99% of all addresses). [↩]
Funding has instead switched over to the fledgling non-cryptocurrency distributed ledger industry. [↩]
Anecdotally, it appears that Coins.ph, BitX and Align Commerce have each gained actual traction in their respective regions. [↩]
Stephen Pair provided a new chart for Forbes which purportedly shows a large uptick in transactions processed. This “surge” occurred during the same month as Bitcoin Black Friday and should be looked at again in the following months to see if it was a one-off event. [↩]
There are also stories of new chips supposedly being deployed. In practice hashing farms do the Red Queen race: replace a machine… with another machine that uses the same amount of energy. [↩]
The claim that 21inc or other mining chip manufacturers will “redecentralize mining” is a misnomer. Mining and hashing are not the same thing. Unless a hashing operator also runs a fully validating node, then they are part of the outsourcing process. More people may be hashing as part of the 21inc botnet, but not mining (mining is defined as selecting transactions to include in blocks; hashers do not do this activity, pools do). [↩]
One comment I have noticed continually re-appear on social media over the last couple months is roughly the following:
If you’re building a new blockchain you should regularly take a hash of the network state and “anchor” it (write it) into another blockchain, for redundancy purposes.
This “anchor” idea has appeared in public material from BitFury, Factom, Tierion, Gil Luria and now 21inc (a VC-backed botnet operator).
Part of the current popularity in the anchoring meme is that some cryptocurrency enthusiasts and Bitcoin maximalists in particular want other non-cryptocurrency distributed ledgers to rely on existing cryptocurrency networks — networks that some enthusiasts own tokens to and hope that price appreciation will take place in the event that the network is used.
Ignoring the hypothetical monetary incentives, let’s assume that writing/storing network states externally is useful and it is the goal of every blockchain designers such as Bob and Alice. Are other blockchains the only relevantly secure places that all blockchain designers should look at using?
For instance, if the goal is to publish a hash of a state in a media that is difficult to censor and widespread enough to retrieve over time, then there are several “old school” newspapers and magazines that can be used for such purposes (which is what Guardtime does).
In the UK, both The Sun and Daily Mirror have a circulation of over 1.5 million
Similarly, in the US, there are three companies: USA Today, The New York Times and The Wall Street Journal that also have a circulation of over 1.5 million
The question for the paranoid is, what is more likely: someone deliberately destroying and/or replacing 1.5 million newspapers which contain the hash of the network state, or someone knocking out 5,728 network nodes?
While “anchoring” the hash of state into other media may be useful, leaving it in just one blockchain — such as the Bitcoin blockchain — does not fully reduce the risk of a well-funded attacker trying to revise history. Safety in this case comes in numbers and if it is redundancy Bob and Alice are looking for (and paranoid about), it may be worth it to publish hashes in multiple venues and media.
Similarly, if sustainability is a key concern then public goods such as cryptocurrencies have a question mark on them as well. Why? Because there are over 100 dead altcoins now. Convincing users — and more importantly miners — to maintain a network when it is no longer profitable to do so is an uphill challenge.1
Lastly, a well designed network (or distributed ledger in this case) that is robust and mature should not necessarily rely on “anchoring” at all. But this dovetails into a different conversation about how to design a secure network, a topic for another post. Either way, hash-storage-as-service, is probably not the next big trillion dollar idea for 2016.
It’s a challenge for any public good, not just Bitcoin, that eventually relies solely on altruism and charity. [↩]
Slide 15: Field of Dreams image in reference to the model that you build it first with the hope that customers come
Slide 19: One example of this euphemism is from Adam Draper (and a similar reference point on Twitter). Each of these five companies has a couple product lines, one of which focuses on cryptocurrencies in a non-marginal manner.
Slide 21: This list could include a number of others including Tezos (DLS) and a handful of other startups including a couple in Japan
Slide 23: Collective head count for these companies is just under 100 and total funding raised (that is publicly announced) is around $10 million. There are still more companies trying to build foundational layers (some proprietary, others open) than teams building applications on top. Legend in parenthesis: E=Ethereum, R=Ripple, CP=Counterparty, OA=OpenAssets, TM=Tendermint
Slide 24: Most of the large non-bank financial institutions such as clearing houses and exchanges all have working groups focused on distributed ledger technology (e.g., CLS, SWIFT, LSEG, CME, Nasdaq, Deutsche Borse, DTCC). The Linux Foundation project is in its formative stage.
In a nutshell: despite recent efforts to modify public blockchains such as Bitcoin to secure off-chain registered assets via colored coins and metacoins, due how they are designed, public blockchains are unable to provide secure legal settlement finality of off-chain assets for regulated institutions trading in global financial markets.
The initial idea behind this topic started about 18 months ago with conversations from Robert Sams, Jonathan Levin and several others that culminated into an article.
The issue surrounding top-heaviness (as described in the original article) is of particular importance today as watermarked token platforms — if widely adopted — may create new systemic risks due to a distortion of block reorg / double-spending incentives. And because of how increasingly popular watermarked projects have recently become it seemed useful to revisit the topic in depth.
What is the takeaway for organizations looking to use watermarked tokens?
The security specifications and transaction validation process on networks such as the Bitcoin blockchain, via proof-of-work, were devised to protect unknown and untrusted participants that trade and interact in a specific environment.
Banks and other institutions trading financial products do so with known and trusted entities and operate within the existing settlement framework of global financial markets, with highly complex and rigorous regulations and obligations. This environment has different security assumptions, goals and tradeoffs that are in some cases opposite to the designs assumptions of public blockchains.
Due to their probabilistic nature, platforms built on top of public blockchains cannot provide definitive settlement finality of off-chain assets. By design they are not able to control products other than the endogenous cryptocurrencies they were designed to support. There may be other types of solutions, such as newer shared ledger technology that could provide legal settlement finality, but that is a topic for another paper.
This is a very important issue that has been seemingly glossed over despite millions of VC funding into companies attempting to (re)leverage public blockchains. Hopefully this paper will help spur additional research into the security of watermarking-related initiatives.
I would like to thank Christian Decker, at ETH Zurich, for providing helpful feedback — I believe he is the only academic to actually mention that there may be challenges related to colored coins in a peer-reviewed paper. I would like to thank Ernie Teo, at SKBI, for creating the game theory model related to the hold-up problem. I would like to thank Arthur Breitman and his wife Kathleen for providing clarity to this topic. Many thanks to Ayoub Naciri, Antony Lewis, Vitalik Buterin, Mike Hearn, Ian Grigg and Dave Hudson for also taking the time to discuss some of the top-heavy challenges that watermarking creates. Thanks to the attorneys that looked over portions of the paper including (but not limited to) Jacob Farber, Ryan Straus, Amor Sexton and Peter Jensen-Haxel; as well as additional legal advice from Juan Llanos and Jared Marx. Lastly, many thanks for the team at R3 including Jo Lang, Todd McDonald, Raja Ramachandran and Richard Brown for providing constructive feedback.
[Note: the following views were originally included in a new paper but needed to be removed for space and flow considerations]
While most academic literature has thus far narrowly focused under the assumption that proof-of-work miners such as those used in Bitcoin will behave according to a “goodwill” expectation, as explored in this paper, there may be incentives that creative attackers could look to exploit.
Is there another way of framing this issue as it relates to watermarked tokens such as colored coins and metacoins?
Below are comments from several thought-leaders working within the industry.
When it comes to cryptocurrency, as with any other situation, an attacker has to balance the cost of attacking the network with the benefit of doing so. If an attacker spends the minimum amount required to 51% attack bitcoin, say $500 million, then the attacker needs to either be able to short $500 million or more worth of BTC for the attack to be worth it, or needs to double spend $500 million or more worth of BTC and receive some irreversible benefit and not get caught (or not have consequences for getting caught), all while taking into consideration the loss of future revenues from mining honestly. When you bring meta-coins into the equation, things get even murkier; the cost is less dependent on the price of bitcoin or future mining revenues, and depends more on the asset being attacked, whether it’s a stock sale or company merger that’s being prevented, or USD tokens being double-spent.
There’s no easy answer, but based on the economics of the situation, and depending on the asset in question, it doesn’t seem wise to put more value on chain than the market cap of BTC itself (as a rough benchmark – probably not that exact number, but something close to it).
Not a single study has been publicly published looking at this disproportionalism yet it is regularly touted at conferences and social media as a realistic, secure, legal possibility.
According to Vitalik Buterin, creator of Ethereum:2
There are actually two important points here from an economics perspective. The first is that when you are securing $1 billion on value on a system with a cryptoeconomic security margin that is very small, that opens the door to a number of financial attacks:
Short the underlying asset on another exchange, then break the system
Short or long some asset at ultrahigh leverage, essentially making a coin-flip bet with a huge amount of money that it will go 0.1% in one direction before the other. If the bet pays off, great. If it does not pay off, double spend.
Join in and take up 60%+ of the hashrate without anyone noticing. Then, front-run everyone. Suppose that person A sends an order “I am willing to buy one unit of X for at most $31”, and person B sends an order “I am willing to sell one unit of X for at least $30”. As a front-runner, you would create an order “I am willing to sell one unit of X for at least $30.999” and “I am willing to buy one unit of X for at most $30.001”, get each order matched with the corresponding order, and earn $0.998 risk-free profit. There are also of course more exotic attacks.
In fact, I could see miners even without any attacks taking place front-running as many markets as they can; the ability to do this may well change the equilibrium market price of mining to the point where the system will, quite ironically, be “secure” without needing to pay high transaction fees or have an expensive underlying currency.
The second is that assets on a chain are in “competition” with each other: network security is a public good, and if that public good is paid for by inflation of one currency (which in my opinion, in a single-currency-chain environment, is economically optimal) then the other currencies will gain market share; if the protocol tries to tax all currencies, then someone will create a funky meta-protocol that “evades taxes by definition”: think colored coins where all demurrage is ignored by definition of the colored coin protocol. Hence, we’ll see chains secured by the combination of transaction fee revenue and miner front running.
Unsolved economics question: would it be a good thing or a bad thing if markets could secure themselves against miner frontruns? May be good because it makes exchanges more efficient, or bad because it removes a source of revenue and reduces chain security.
Cryptoeconomics is a nascent academic field studying the confluence of economics, cryptography, game theory and finance.3
Piotr Piasecki, a software developer and independent analyst explained:4
If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running – the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Alternatively, when they see there is a high market pressure coming in, especially in systems that are inefficient by design, they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.
Or in other words, because miners have the ability to order transactions in a block this creates an opportunity to front run. If publicly traded equities are tracked as a type of colored coin on a public blockchain, miners could order transaction in such a way as to put certain on-chain transactions, or trades in this case, to execute before others.
Robert Sams, co-founder of Clearmatics, previously looked at the bearer versus registered asset challenge:5
One of the arguments against the double-spend and 51% attacks is that it needs to incorporate the effect a successful attack would have on the exchange rate. As coloured coins represent claims to assets whose value will often have no connection to the exchange rate, it potentially strengthens the attack vector of focusing a double spend on some large-value colour. But then, I’ve always thought the whole double-spend thing could be reduced significantly if both legs of the exchange were represented on a single tx (buyer’s bitcoin and seller’s coloured coin).
The other issue concerns what colour really represents. The idea is that colour acts like a bearer asset, whoever possesses it owns it, just like bitcoin. But this raises the whole blacklisted coin question that you refer to in the paper. Is the issuer of colour (say, a company floating its equity on the blockchain) going to pay dividends to the holder of a coloured coin widely believed to have been acquired through a double-spend? With services like Coin Validation, you ruin fungibility of coins that way, so all coins need to be treated the same (easy to accomplish if, say, the zerocoin protocol were incorporated). But colour? The expectations are different here, I believe.
On a practical level, I just don’t see how pseudo-anonymous colour would ever represent anything more than fringe assets. A registry of real identities mapping to the public keys would need to be kept by someone. This is certainly the case if you ever wanted these assets to be recognised by current law.
But in a purely binary world where this is not the case, I would expect that colour issuers would “de-colour” coins it believed were acquired through double-spend, or maybe a single bitcoin-vs-colour tx would make that whole attack vector irrelevant anyway. In which case, we’re back to the question of what happens when the colour value of the blockchain greatly exceeds that of the bitcoin monetary base? Who knows, really depends on the details of the colour infrastructure. Could someone sell short the crypto equity market and launch a 51% attack? I guess, but then the attacker is left with a bunch of bitcoin whose value is…
The more interesting question for me is this: what happens to colour “ownership” when the network comes under 51% control? Without a registry mapping real identities to public keys, a pseudo-anonymous network of coloured assets on a network controlled by one guy is just junk, no longer represents anything (unless the 51% hasher is benevolent of course). Nobody can make a claim on the colour issuer’s assets. So perhaps this is the real attack vector: a bunch of issuers get together (say, they’re issuers of coloured coin bonds) to launch a 51% attack to extinguish their debts. If the value of that colour is much greater than cost of hashing 51% of the network, that attack vector seems to work.
On this point, Jonathan Levin, co-founder of Chainalysis previously explained that:6
We don’t know how much proof of work is enough for the existing system and building financially valuable layers on top does not contribute any economic incentives to secure the network further. These incentives are fixed in terms of Bitcoin – which may lead to an interesting result where people who are dependent on coloured coin implementations hoard bitcoins to attempt to and increase the price of Bitcoin and thus provide incentives to miners.
It should also be noted that the engineers and those promoting extensibility such as colored coins do not see the technology as being limited in this way. If all colored coins can represent is ‘fringe assets’ then the level of interest in them would be minimal.
Time will tell whether this is the case. Yet if Bob could decolor assets, in this scenario, an issuer of a colored coin has (inadvertently) granted itself the ability to delegitimize the bearer assets as easily as it created them. And arguably, decoloring does not offer Bob any added insurance that the coin has been fully redeemed, it is just an extra transaction at the end of the round trip to the issuer.
Personal correspondence, August 10, 2015. Bitseed is a startup that builds plug-and-play full nodes for the Bitcoin network. [↩]
[Note: the following overview on known Bitcoin mining farms was originally included in a new paper but needed to be removed for space and flow considerations]
Several validators on the Bitcoin network, as well as many watermarked token issuers, are identifiable and known.1 What does this mean? Many Bitcoin validators are drifting usage outside the pseudonymous context of the original network due to their use of specialty equipment that creates a paper trail. In other words, pseudonymity has given way to real world identity. Soon issuers of color will likely follow because they too have strong ties to the physical, off-chain world.
For instance, on August 4, 2015, block 368396 was mined by P2Pool. This is notable for two reasons.
The first is that the block included a transaction sent from Symbiont.io, a NYC-based startup building “middleware” that enables organizations and financial institutions to create and use ‘smart securities’ off-chain between multiple parties and have the resulting transaction hashed onto a blockchain, in this case, the Bitcoin blockchain.2
Several weeks later, Symbiont announced that it would begin using their “stack” to provide similar functionality on a permissioned ledger.3 This follows a similar move by T0.com – a wholly owned subsidiary of Overstock.com – which initially used Open Assets to issue a $5 million “cryptobond” onto the Bitcoin blockchain, but have subsequently switched to using a “blockchain-inspired” system designed by Peernova.456
The second reason this was notable is that the block above, 368396, included at least one transaction from Symbiont which was mined by a small pool called P2Pool.7Unlike other pools discussed in this paper, P2Pool is not continually operated in a specific region or city.
It is decentralized in that all participants (hashers) must run their own full Bitcoin nodes which stand in contrast with pools such as F2Pool, KnC mining pool and BTCC (formerly called BTC China), where the pool operator alone runs the validating node and the labor force (hashers) simply search for a mid-state that fulfills the target difficulty.8
Due to this resource intensive requirement (running a full node requires more bandwidth and disk space than merely hashing itself), P2Pool is infrequently used and consequently comprises less than 1% of the current network hashrate.
P2Pool’s users are effectively pseudonymous. Due to the intended pseudonymity it is also unclear where the transaction fees and proceeds of hashing go. For instance, do the hashers comprising this pool benefit from the proceeds of illicit trade or reside in sanctioned countries or who to contact in the event there is a problem? And unlike in other pools, there is no customer service to call and find out.
Bitcoin’s – and P2Pool’s – lack of terms of service was intentionally done by design (i.e., caveat emptor). And in the event of a block reversal, censored transaction or a mere mistake by end-users, as noted above there is no contract, standard operating procedure or EULA that mining pools (validators) must adhere to. This is discussed in section 3.
This pseudonymous arrangement was the default method of mining in 2009 but has evolved over the years. For example, there are at least two known incidents in which a miner was contacted and returned fees upon request.
Launched in late summer of 2012 and during the era of transition from GPUs and FPGA mining, ASICMiner was one of the first publicly known companies to create its own independent ASIC mining hardware. Its team was led by “FriedCat,” a Chinese businessman, who custom designed and integrated ASIC chips called Block Eruptors, ASICMiner operated their own liquid immersion facility in Hong Kong.9
At its height, ASICMiner (which solo-mined similar to KnC and BitFury do today) reached over 10% of the network hashrate and its “shareholders” listed its stock on GLBSE (Global Bitcoin Stock Exchange), GLBSE is a now defunct virtual “stock market” that enabled bitcoin users to purchase, trade and acquire “shares” in a variety of listed companies.10 GLBSE is notable for having listed, among other projects, SatoshiDice which was later charged by the Securities and Exchange Commission (SEC) for offering unregistered securities to the public.1112
While unregistered stock exchanges catering to cryptocurrency users and China-based mining pools may be common sights today, on August 28, 2013, a bitcoin user sent a 200 bitcoin fee that was processed by ASICMiner.13 Based on then-market rates, this was approximately worth $23,518.14 The next day, for reasons that are unknown, ASICMiner allegedly sent the errant fee back to the original user.15At the time, one theory proposed by Greg Maxwell (a Bitcoin Core developer) was that this fee was accidentally sent due to a bug with CoinJoin, a coin-mixing service.16
Liquid cooled hashing equipment at ASICMiner in 2013. Source: Xiaogang Cao
The second notable incident involved BitGo, a multisig-as-a-service startup based in Palo Alto and AntPool, a large China-based pool (which currently represents about 15% of the network hashrate) operated by Bitmain which also manufacturers Antminer hardware that can be acquired directly from the company (in contrast to many manufacturers which no longer sell to the public-at-large). On April 25, 2015 a BitGo user, due to a software glitch, accidentally sent 85 bitcoins as a mining fee to AntPool. Based on then-market rates, this was worth approximately $19,197.17
The glitch occurred in BitGo’s legacy recovery tool which used an older version of a library that causes a 32-bit truncation of values and results in a truncation of outputs on the recovery transaction.18 To resolve this problem, the user “rtsn” spent several days publicly conversing with tech support (and the community) on Reddit.19
Eventually the glitch was fixed and Bitmain – to be viewed as a “good member of the community” yet defeating the purpose of a one-way-only, pseudonymous blockchain – sent the user back 85 bitcoins.
Fee to Bitmain (Antpool) highlighted in red on Total Transaction Fee chart. Source: Blockchain.info
On September 11, 2015 another user accidentally sent 4.6 bitcoins (worth $1,113) as a fee to a mining pool, which in this instance was AntPool.20 Bitmain, the parent company, once again returned the fee to the user.
HaoBTC is a newly constructed medium-sized hashing farm located in Kangding, western Sichuan, near the Eastern border with Tibet.22 It currently costs around 1.5 million RMB per petahash (PH) – or $242,000 – to operate per year. This includes the infrastructure and miner equipment costs. It does not include the operating costs which consists of: electricity, labor, rent and taxes (the latter two are relatively negligible).
The facility itself cost between $600,000 – $700,000 to build (slightly less than the $1 million facility BitFury built in 2014 in the Republic of Georgia) and its electrical rate of 0.2 RMB per kWh comes from a nearby hydroelectric dam which has a 25,000 kW output (and cost around $10 million to construct).23
In dollar terms this is equivalent to around $0.03 / kWh (during the “wet” or “summer” season). For perspective, their electric bill in August 2015 came in at 1.4 million RMB (roughly $219,000); thus electricity is by far the largest operating cost component.
When all the other costs are accounted for, the average rises to approximately $0.045 per kWh. The electricity rate is slightly more expensive (0.4 RMB or $0.06) during winter due to less water from the mountains. The summer rate is roughly the same price as the Washington State-based hashing facilities which is the cheapest in the US (note: it bears mentioning that Washington State partly subsidizes hydroelectricity).
HaoBTC staff installing hashing equipment. Source: Eric Mu
At this price per joule it would cost around $105 million to reproduce “work” generated by the 450 petahash Bitcoin blockchain. Due to a recent purchase of second-hand ASICMiner Tubes, HaoBTC currently generates just over 10 PH and they are looking to expand to 12 PH by the end of the year.24The key figure that most miners are interested in is that at the current difficulty level it costs around $161 for HaoBTC’s farm to create a bitcoin, giving them a nearly 100% margin relative to the current market price.
The ASIC machines they – and the rest of the industry uses – are single use; this hashing equipment cannot run Excel or Google services, or even bitcoind. Thus common comparisons with university supercomputers is not an apples-to-apples comparison as ASIC hashing cannot do general purpose computing; ASIC hashing equipment can perform just one function.25
There is also a second-hand market for it. For instance, hashing facilities such as HaoBTC actively look to capitalize off their unique geographical advantages by using older, used hardware. And there is a niche group of individuals, wanting to remain anonymous, that will also purchase older equipment.26
Although individual buyers of new hashing equipment such as Bob, do typically have to identify themselves to some level, both Bob can also resell the hardware on the second-hand market without any documentation. Thus, some buyers wanting to buy hashing equipment anonymously can do so for a relative premium and typically through middlemen.2728
While Bitbank’s BW mining farm and pool have been in the news recently29, perhaps the most well-known live visual of mining facilities is the Motherboard story on a large Bitcoin mining farm in Dalian, Liaoning:30
Incidentally, while Motherboard actually looked at just one farm, the foreigner helping to translate for the film crew independently visited another farm in Inner Mongolia which during the past year Bitbank apparently acquired.31
Are there any other known facilities outside of China?32
Genesis Mining is a cloudhashing service provider that purportedly has several facilities in Iceland.33According to a recent news story the company is one of the largest users of energy on the island and ignoring all the other costs of production (aside from electricity), it costs about $60 to produce a bitcoin.34 However, when other costs are included (such as hardware and staffing) the margin declines to — according to the company — about 20% relative to the current bitcoin price. At the time of the story, the market price of a bitcoin was around $231.
The four illustrations above are among a couple dozen farms that generate the majority of the remaining hashrate.
What does this have to do with colored coins?
The network was originally designed in such a way that validators (block makers) were pseudonymous and identification by outside participants was unintended and difficult to do. If users can now contact validators, known actors in scenic Sichuan, frigid Iceland or rustic Georgia, why not just use a distributed ledger system that already identifies validators from the get go? What use is proof-of-work at all? Why bother with the rhetoric and marginal costs of pseudonymity?
The social pressure type of altruism noted above (e.g,. Bitmain and BitGo returning fees) actually could set a nebulous precedent: once block rewards are reduced and fees begin to represent a larger percentage of miner revenue, it will no longer be an “easy” decision to refund the user in the event there is a mistake.35 If Bitmain did not send a refund, this backup wallet error would serve as a powerful warning to future users to try and not make mistakes.
While there have been proposals to re-decentralize the hashing process, such as a consumer-device effort led by 21inc which amounts to creating a large corporate operated botnet, one trend that has remained constant is the continued centralization of mining (block making) itself.3637 The motivation for centralizing block making has and continues to be about one factor: variance in payouts.38 Investors in hashing prefer stable payouts over less stable payouts and the best way to do that with the current Poisson process is to pool capital (much like pooling capital in capital markets to reduce risk).
Whether or not these trends stay the same in the future are unknown, however it is likely that the ability to contact (or not contact) certain pools and farms will be an area of continued research.
Similarly one other potential drawback of piggy backing on top of a public blockchain that could be modeled in the future is the introduction of a fat tail risk due to the boundlessness of the price of the native token.39 In the case of price spikes even if for short time can create price distortions or liquidity problem on the off-chain asset introducing a correlation between the token and the asset that theoretically was not supposed to be there.
For instance, the staff of Let’s Talk Bitcoin issues LTBCoin on a regular basis to listeners, content creators and commenters. [↩]
One reviewer likened the Overstock “cryptobond” proof of concept as a large wash trade: ”Basically it’s a cashless swap of paper and thus no currency settlement. And the paper has no covenants and thus very easy to digitally code. Basically Overstock is paying FNY a spread of 4% for doing this deal. And if the bond and loan are called simultaneously, say in the next month, that means that Overstock paid FNY about $16,667.00 to do this trade. And since there was no cash exchanged, I am presuming, then this is smoke and mirrors. But they actually did it. However, I don’t see much of a business model where the issuer of a bond has to simultaneously fund the investor with a loan to buy the bond and pay him 33 basis points to boot!” [↩]
In (Rosenfeld 2012) the author noted that one of the risks for running an “alternative to traditional markets” – such as GLBSE – were the regulatory compliance hurdles. Overview of Colored Coins by Meni Rosenfeld, p. 4. [↩]
Personal correspondence with Eric Mu, August 10, 2015 [↩]
One common talking point by some Bitcoin enthusiasts including venture capitalists is that Google’s computers, if repurposed for mining Bitcoin, would generate only 1-2% of the network hashrate – that the Bitcoin network is “faster” than all of Google’s data centers combined. This is misleading because these Bitcoin hashing machines cannot provide the same general purpose utility that Google’s systems can. In point of fact, the sole task that ASIC hashing equipment itself does is compute two SHA256 multiplications repeatedly. [↩]
Some academic literature refers to miners on the Bitcoin network as “anonymous participants.” In theory, Bitcoin mining can be anonymous however by default mining was originally a pseudonymous activity. Participants can attempt to remain relatively anonymous by using a variety of operational security methods or they can choose to identify (“doxx”) themselves as well. See The Bitcoin Backbone Protocol: Analysis and Applications by Garay et al. [↩]
This is similar to the “second-hand” market for bitcoins too: bitcoins originally acquired via KYC’ed gateways sometimes end up on sites like LocalBitcoins.com (akin to “Uber for bitcoins”) – where the virtual currency is sold at a premium to those wanting to buy anonymously. [↩]
While it is beyond the scope of this paper, there are a couple of general reasons why medium-sized farms such as HaoBTC have been erected in China. Based upon conversations with professional miners in China one primary reason is that both the labor and land near energy generating facilities is relatively cheap compared with other parts of the world. Furthermore, energy itself is not necessarily cheaper, unless farms managers and operators have guanxi with local officials and power plant owners. And even though it is common to assume that due to the capital controls imposed at a national level – citizens are limited to the equivalent of $50,000 in foreign exchange per year – there have been no public studies as to how much capital is converted for these specific purposes. There are other ways to avoid capital controls in China including art auctions and pawn shops on the border with Macau and Hong Kong. See also How China’s official bank card is used to smuggle money from Reuters and What Drives the Chinese Art Market? The Case of Elegant Bribery by Jia Guo See On Getting Paid From China. Is There Really A $50,000 Yearly Limit? from China Law Blog and Bitcoins: Made in China [↩]
It is unclear how much hashrate they actually operate or control, a challenge that plagues the entire cloudhashing industry leading to accusations of fraud. [↩]
And this is also a fundamental problem with public goods, there are few mechanisms besides social pressure and arbitrary decision making to ration resources. As described in (Evans 2014), since miners are the sole labor force, they create the economic outputs (bitcoins) and security, it is unclear why they are under any expectation to return fees in a network purposefully designed to reduce direct interactions between participants. See Economic Aspects of Bitcoin and Other Decentralized Public-Ledger Currency Platforms by David Evans [↩]
In 2014 the state of New Jersey sued a MIT student, Jeremy Rubin, for creating a web-based project that effectively does the same thing as the silicon-based version proposed by 21inc. See Case Against Controversial Student Bitcoin Project Comes to Close from CoinDesk. In addition, the FTC, in its case against Butterfly Labs also looked at BFL not informing customers properly regarding difficulty rating changes. According to the FTC’s new release on this case: “A company representative [BFL] said that the passage of time rendered some of their machines as effective as a “room heater.” The FTC charged that this cost the consumers potentially large sums of money, on top of the amount they had paid to purchase the computers, due to the nature of how Bitcoins are made available to the public.” [↩]
This issue was cited in the CryptoNote whitepaper as one motivation for creating a new network. On p. 2: “This permits us to conjecture the properties that must be satisfied by the proof-of-work pricing function. Such function must not enable a network participant to have a significant advantage over another participant; it requires a parity between common hardware and high cost of custom devices. From recent examples , we can see that the SHA-256 function used in the Bitcoin architecture does not possess this property as mining becomes more efficient on GPUs and ASIC devices when compared to high-end CPUs. Therefore, Bitcoin creates favourable conditions for a large gap between the voting power of participants as it violates the “one-CPU-one-vote” principle since GPU and ASIC owners possess a much larger voting power when compared with CPU owners. It is a classical example of the Pareto principle where 20% of a system’s participants control more than 80% of the votes.” [↩]
I would like to thank Ayoub Naciri for providing this example. [↩]
The underlying motivations for writing them was that Bitfury is trying to assure the world that public blockchains can still be used in “proprietary contexts.” While they provide a good frame for the issue, there are several leaps in logic, or direct contradictions to established theory that necessarily weaken their argument.
Below is my discussion of them. Note: as usual, this only represents my opinion and does not necessarily represent the views of the organizations that I advise or work for.
Overall I thought the two papers did not seem to have been reviewed by a wider audience including lawyers: specifically they should have sent them to commercial and securities lawyers to see if any legal issues should be considered. Much of their pitch basically amounts to mining for the sake of mining.
One final note: for additional commentary I also reached out to Dave Hudson who is proprietor of HashingIt and an expert as it relates to Bitcoin mining analysis. He is unaffiliated with Bitfury.
Notes for Part 1:
On p. 2, Bitfury wrote the following statement:
The key design element of blockchains – embedded security – makes them different from ordinary horizontally scalable distributed databases such as MySQL Cluster, MongoDB and Apache HBase. Blockchain security makes it practically impossible to modify or delete entries from the database; furthermore, this kind of security is enforced not through the central authority (as it is possible with the aforementioned distributed databases), but rather through the blockchain protocol itself.
Is this a problematic summary?
According to Dave Hudson:
As a network protocol engineer of many years I tend to find the concept of a “blockchain protocol” somewhat odd. Here’s a link to definitions of “protocol.”
What do we mean by protocol here? It’s not actually a network protocol because there is no “blockchain protocol”, there are many different ones (each altcoin has its own and there are many more besides). At best the idea of a “blockchain protocol” is more a meta-protocol, in that we say there are some things that must be done in order for our data to have blockchain-like characteristics. It’s those characteristics that provide for non-repudiation.
Also on p. 2, Bitfury uses the term “blockchain-based ledger.” I like that because, as several developers have pointed out in the past, the two concepts are not the same — distributed ledgers are not necessarily blockchains and vice versa.
On p. 4 and 5 they list several objections for why financial institutions are hesitant to use a public blockchain yet leave a couple noticeable ones off including the lack of a service level agreement / terms of service between end users and miners. That is to say, in the event of a block reorg or 51% attack, who calls who?
On p. 7, I don’t think that censorship resistance can be generalized as a characteristic for “all blockchains.”
In Dave Hudson’s view:
Moreover, censorship resistance makes absolutely no sense in many instances. Who would be censoring what?
I’m actually not convinced that censorship resistance is actually a “thing” in Bitcoin either. Plenty of well-formed transactions can be censored by virtue of them being dust or having non-standard scripts. If anything the only thing that Bitcoin does is provide a set of conditions in which a transaction is probabilistically going to be mined into blocks in the network.
If a blockchain database is completely opaque for clients (i.e., they have no access to blockchain data), the security aspect of blockchain technology is diminished. While such system is still protected from attacks on the database itself, interaction with clients becomes vulnerable, e.g. to man-in-the middle attacks. As a built-in protocol for transaction authorization is one of core aspects of blockchain technology, its potential subversion in favor of centralized solutions could negatively influence the security aspect of the system. Additionally, as transactions are accessible to a limited set of computers, there exists a risk of human factor intervening into the operation of the blockchain with no way for clients to detect such interference. Thus, the opaque blockchain design essentially undermines the core aspects of blockchain technology:
• decentralization (absence of a single point of failure in the system)
• trustlessness (reliance on algorithmically enforced rules to process transactions with no human interaction required).
I think trustlessness is a red herring that cypherpunks and Bitcoiners have been perpetually distracted by. It may be an end-goal that many would like to strive for but trust-minimization is a more realistic intermediate characteristic for those operating within the physical, real world.
Why? Because existing institutions and legal infrastructure are not going to disappear tomorrow just because a vocal group of cryptocurrency enthusiasts dislikes them.
According to Dave Hudson:
As with so many things-Bitcoin, I think this is an implementation necessity being seen as a innately desirable characteristic. Bitcoin requires “trustlessness” because it’s non-permissioned, yet in truth it totally relies on trust to work. We trust that Sybil attacks aren’t happening and that network service providers are not colluding to support such attacks. We trust that a large body of miners are not colluding to distort the system. We trust that changes to the software (or updates to compilers and operating systems) have not rendered old, non-recently-used keys are still able to support signing of transactions. We trust that Satoshi (and other large holders) will not drop 1M, or worse 10M coins onto exchanges crashing the price to a few cents per coin! There’s no “too big to fail” here!
In truth real-world people actually like to trust things. They want to trust that their national governments will ensure services work and that invaders are kept out. They want to trust that law enforcement, fire and medical services will keep them safe. I’m not sure that I like the idea of a trustless Police force?
What people do like is the ability to verify that the entities that they actually do trust are in fact doing what they should. Blockchain designs allow us to do just this.
That last statement in particular succinctly summarizes some of the motivations for financial institutions looking to use a shared ledger that is not the Bitcoin blockchain.
On p. 12, I disagree with this statement:
While the permissioned nature of blockchains for proprietary applications may be a necessary compromise in the medium term because of compliance and other factors, read access to blockchain data together with the publicly available blockchain protocol would remove most of vulnerabilities associated with opaque blockchain designs and would be more appealing to the clients of the institution(s) operating the blockchain. As evidenced by Bitcoin, simplified payment verification softwarecan be used to provide a direct interface to blockchain data that would be both secure and not resource intensive.
The reason I disagree with this statement is because the term “opaque” is loaded and ill-defined.
For instance, several groups within the Bitcoin ecosystem have spent the last several years trying to delink or obfuscate transaction history via zk-SNARKs, stealth addresses, mixing via Coinjoin and Coinshuffle and other methods. This type of activity is not addressed by Bitfury — will they process Bitcoin transactions that are obfuscated?
Granular permissions — who is allowed to see, read or write to a ledger — is a characteristic some of these same Bitcoin groups are not fans of but is a needed feature for financial institutions. Why? Because financial institutions cannot leak or expose personal identifiable information (PII) or trading patterns to the public.
Securely creating granular permissions is doable and would not necessarily reduce safety or transparency for compliance and regulatory bodies. Operating a non-public ledger is not the same thing as being “opaque.” While hobbyists on social media may not be able to look at nodes run by financial institutions, regulators and compliance teams can still have access to the data.
It also bears mentioning that another potential reason some public blockchains have and/or use a token is as an anti-spam mechanism (e.g., in Ripple and Stellar a minute amount is burnt).1
On p. 13, I disagree with this statement:
The problem is somewhat mitigated if the access to block headers of the chain is public and unrestricted; however, convincing tech-savvy clients and regulators that the network would be impervious to attacks could still be a difficult task, as colluding operators have the ability to effortlessly reorganize the arbitrary parts of the blockchain at any given moment. Thus, the above consensus protocol is secure only if there is no chance of collusion among blockchain operators (e.g., operators represent ideal parties with conflicting interests). Proof of work provides a means to ensure absence of collusion algorithmically, aligning with the overall spirit of blockchain technology.
This is untrue. People run pools, people run farms. Earlier this year Steve Waldman gave a whole presentation aptly named “Soylent Blockchains” because people are involved in them.
As we have seen empirically, pool and farm operators may have conflicting incentives and this could potentially lead to collusion. Bitcoin’s “algorithms” cannot prevent exogenous interactions.
On p. 14 I disagree with this statement:
There is still a fixed number of miners with known identities proved by digital signatures in block headers. Note that miners and transaction processors are not necessarily the same entities; in the case that mining is outsourced to trusted companies, block headers should include digital signatures both from a miner and one or more processing institutions.
Having a “trusted company” run a proof-of-work mining farm is self-defeating with respect to maintaining pseudonymity on an untrusted network (which were the assumptions of Bitcoin circa 2009). If all miners are “trusted” then you are now operating a very expensive trusted network. This also directly conflicts with the D in DMMS (dynamic-membership multi-party signature).
According to Dave Hudson:
If the signing is actually the important thing then we may as well say there’s a KYC requirement to play in the network and we can scale it all the way back to one modest x86 server at each (with the 1M x reduction in power consumption). Of course this would kill mining as a business.
On p. 14 I think the Bitfury proposal is also self-defeating:
The proposed protocol solves the problem with the potentially unlimited number of alternative chains. Maintaining multiple versions of a blockchain with proof of work costs resources: electricity and hashing equipment. The hashing power spent to create a blockchain and the hashing power of every miner can be reliably estimated based on difficulty target and period between created blocks; an auditor could compare these numbers with the amount of hashing equipment available to operators and make corresponding conclusions.
The authors go into detail later on but basically they explain what we can already do today: an outside observer can look at the block headers to see the difficulty and guess how much hashrate and therefore capital is being expended on the hash.
On p. 15 they present their proposal:
Consequently, $10 million yearly expenses on proof of work security (which is quite low compared to potential gains from utilizing blockchain technology, estimated at several billion dollars per year ) correspond to the hash rate of approximately 38 PHash / s, or a little less than 10% of the total hash rate of the Bitcoin network.
This is entirely unneeded. Banks do not need to spend $10 million to operate hardware or outsource operation of that hardware to some of its $100 million Georgia-based hydro-powered facilities.
According to Dave Hudson:
Precisely; banks can use a permissioned system that doesn’t need PoW. I think this also misses something else that’s really important: PoW is necessary in the single Bitcoin blockchain because the immutability characteristics are derived from the system itself, but if we change those starting assumptions then there are other approaches that can be taken.
In section 3.1 the authors spend some time discussing merged mining and colored coins but do not discuss the security challenges of operating in a public environment. In fact, they assume that issuing colored coins on a public blockchain is not only secure (it is not) but that it is legal (probably not either).2
On p. 16 they mention “transaction processors” which is a euphemism that Bitfury has been using for over a year now. They dislike being called a mining company preferring the phrase “transaction processors” yet their closed pool does not process any kind of transactions beyond the Bitcoin variety.
On page 17 they wrote:
[M]aintenance of the metachain could be outsourced to a trusted security provider without compromising confidential transaction details.
If taken to the logical extreme and all of the maintenance was “outsourced” to trusted security providers they would have created a very expensive trusted network. Yet in their scenario, financial institutions would have to trust a Republic of Georgia-based company that is not fully transparent.
Also on page 17 they start talking about “blockchain anchors.” This is not a new or novel idea. As other developers have spoken about the past and Guardtime puts anchors into newspapers like The New York Times (e.g., publishes the actual hashes in a newspaper). And, again, this could easily be done in other ways too. Why restrict anchoring to one location? This is Bitcoin maximalism at work again.
On p. 20 they wrote:
Bitcoin in particular could be appropriate for use in blockchain innovations as a supporting blockchain in merged mining or anchoring due to the following factors: • relatively small number of mining pools with established identities, which allows them to act as known transaction validators by cooperating with institutions
This is self-defeating for pseudonymous interactions (e.g., Bitcoin circa 2008). Proof-of-work was integrated to fight Sybil attacks. If there are only a few mining pools with established identities then there are no Sybil’s and you effectively have an extremely expensive trusted network.
Notes on Part 2:
On p. 3 they wrote:
If an institution wants to ensure that related Bitcoin transactions are mined by accredited miners, it may send transactions over a secure channel directly to these miners rather than broadcasting them over the network; accepting non-broadcast transactions into blocks is a valid behavior according to the Bitcoin protocol.
An “accredited miner” is a contradiction.
On p. 4 the first paragraph under section 1.3 was well written and seems accurate. But then it falls apart as they did not consult lawyers and financial service experts to find out how the current plumbing in the back-office works — and more importantly, why it works that way.
On p.4 they wrote:
First, the transfer of digital assets is not stored by the means of the Bitcoin protocol; the protocol is unaware of digital assets and can only recognize and verify the move of value measured in bitcoins. Systems integrating digital assets with the Bitcoin blockchain utilize various colored coin protocols to encode asset issuance and transfer (see Section 2.2 for more details). There is nothing preventing such a protocol to be more adapted to registered assets.
Second, multisignature schemes allow for the creation of limited trust in the Bitcoin environment, which can be beneficial when dealing with registered assets and in other related use cases. Whereas raw bitcoins are similar to cash, multisignature schemes act not unlike debit cards or debit bank accounts; the user still has a complete control of funds, and a multisignature service provides reputation and risk assessment services for transactions.
This is the same half-baked non-sense that Robert Sams rightly criticized in May. This is a centralized setup. Users are not gaining any advantage for using the Bitcoin network in this manner as one entity still controls access via identity/key.
On p. 5 they wrote:
One of the use cases of the 2-of-3 multisignature scheme is escrow involving a mediator trusted by both parties. A buyer purchasing certain goods locks his cryptocurrency funds with a multisignature lock, which requests two of the three signatures: the buyer’s, the seller’s, and the mediator’s.
This is only useful if it is an on-chain, native asset. Registered assets represent something off-chain, therefore Bitcoin as it exists today cannot control them.
On p. 6 they talk about transactions being final for an entire page without discussing why this is important from a legal perspective (e.g., why courts and institutions need to have finality). This paper ignores how settlement finality takes place in Europe or North America nor are regulatory systems just going to disappear in the coming months.
On page 7 they mention that:
To prevent this, a protocol could be modified to reject reorganizations lasting more than a specified number of blocks (as it is done in Nxt). However, this would make the Bitcoin protocol weakly subjective , introducing a social-driven security component into the Bitcoin ecosystem.
There is already a very publicly known, social-driven security component: the Bitcoin dev mailing list. We see this almost daily with the block-size debate. The statement above seems to ignore what actually happens in practice versus theory.
On p. 7 and 8 they write:
The security of the Bitcoin network in the case of economic equilibrium is determined by the rewards received by block miners and is therefore tied to the exchange rate of Bitcoin. Thus, creating high transaction throughput of expensive digital assets on the Bitcoin blockchain with the help of colored coin protocols has certain risks: it increases the potential gain from an attack on the network, while security of the network could remain roughly the same (as there are no specific fees for digital asset transactions; transaction fees for these transactions are still paid in bitcoins). The risk can be mitigated if Bitcoin fees for asset transactions would be consciously set high, either by senders or by a colored coins protocol itself, allowing Bitcoin miners to improve security of the network according to the value transferred both in bitcoins and in digital assets.
There is no way to enforce this increase in fee. How are “Bitcoin fees for asset transactions … consciously set high”? This is a question they never answer, (Rosenfeld 2012) did not answers it, no one does. It is just assumed that people will start paying higher fees to protect off-chain securities via Bitcoin miners.
There is no incentive to pay more and this leads to a hold-up problem described in the colored coin “game” from Ernie Teo.
On p. 8 they wrote:
As there is a relatively small number of Bitcoin mining pools, miners can act as known processors of Bitcoin transactions originating from institutions (e.g., due to compliance reasons). The cooperation with institutions could take the form of encrypted channels for Bitcoin transactions established between institutions and miners.
This is silly. If they are known and trusted, you have a trusted network that lacks a Sybil attacker. There is no need for proof-of-work mining equipment in such a scenario.
On p. 8 they wrote:
In the ideal case though, these transactions would be prioritized solely based on their transaction fees (i.e., in a same way all Bitcoin transactions are prioritized), which at the same time would constitute payments for the validation by a known entity. Thus, this form of transaction processing would align with the core assumption for Bitcoin miningthat miners are rational economic actors and try to maximize their profit.
It cannot be assumed that miners will all behave as “rational economic actors.” They will behave according to their own specific incentives and goals.
On p. 9 they wrote:
Additionally, partnerships between institutions and miners minimize risk in case transactions should not be made public before they are confirmed.
Registered and identifiable miners is the direct anti-thesis of pseudonymous interactions circa Bitcoin 2008. That type of partnership is a win-lose interaction.
On p. 10 they wrote:
One of the interesting financial applications of colored coins is Tether (tether.to), a service using colored coins to represent US dollars for fast money transfer. Several cryptocurrencies such as Nxt and BitShares support custom digital assets natively.
As it exists today, Tether.to is similar in nature to a Ripple gateway such as SnapSwap: both are centralized entities that are subject to multiple regulatory and compliance requirements (note: SnapSwap recently exited its USD gateway business and locked out US-based users from its BTC2Ripple business).
According to FinCEN’s MSB Registrant Search Web page, Tether has a registration number (31000058542968) and one MSB. While they have an AML/CTF program in place, it is unclear in its papers how Bitfury believes the Bitcoin network (which Tether utilizes) can enforce exogenous claims (e.g., claims on USD, euros, etc.).
Furthermore, there has been some recent research looking at how the Federal Reserve and the Bank of England could use distributed ledgers to issue digital currency.3
If a central bank does utilize some kind of distributed ledger for a digital currency they do not need proof-of-work mining or the Bitcoin network to securely operate and issue digital currency.
Ignoring this possible evolution, colored coins are still not a secure method for exogenous value transfers.
On page 10 they wrote:
Colored coins are more transparent for participants and auditors compared to permissioned blockchains
This is untrue and unproven. As Christopher Hitchens would say, what can be asserted without evidence can be dismissed without evidence.
On page 10 they wrote:
As colored coins operate on top of permissionless blockchains, systems using colored coins are inherently resistant to censorship – restrictions on transactions are fully specified by a colored coins protocol instead of being enforced by a certain entity
This is also untrue. This is a bit like trying to have their cake and eat it too.
On page 11 they have a diagram which states:
Figure 2: Using colored coins on top of the Bitcoin blockchain to implement asset transactions. For compliance, financial institutions may use secure communication channels with miners described in Section 2.1 to place asset transactions on the blockchain
Again this is self-defeating. As the saying goes: be careful what you wish for. If Bitfury’s proposal came true, their pool(s) could become payment service providers (PSP) and regulated by FinCEN.
On page 12 and 13 they wrote:
Bitcoin and other public permissionless blockchains could be a part of the interconnected financial environment similarly to how cash is a ubiquitous part of the banking system. More concretely, cryptocurrencies could be used as: • one of the means to buy and sell assets on permissioned blockchains • an instrument that enables relatively fast value transfer among permissioned blockchains • an agreed upon medium for clearing operations among blockchains maintained by various institutions (Fig. 4).
Bitcoins as a permanent store-of-value are effectively a non-starter as they lack any endogenous self-stabilizing mechanism.4
According to Dave Hudson:
The systemic risks here just make this idea farcical. The Internet is somewhat immune to this because there are technology providers all over the world who can independently choose to ignore things in regulatory domains that want to do “bad things”. There is no such safety net in a system that relies on International distributed consensus (the Internet has no such problem, although DNS is a little too centralized right now). Even if it could somehow be guaranteed that things can’t be changed, fixed coin supply means artificial scarcity problems are huge (think Goldfinger trying to irradiate the gold in Fort Knox) – you wouldn’t need a nuclear weapon, just a good piece of malware that could burn coins (if they’re not stolen then there’s no way to trace who stole them). There’s also the 1M coins dropped onto exchanges problem.
The discussion over elastic and inelastic money supplies is a topic for another post.
On page 15 they wrote:
If a blockchain is completely opaque for its end users (e.g., a blockchain-based banking system that still uses legacy communication interfaces such as credit cards), the trustless aspect of blockchains is substantially reduced. End users cannot even be sure that a blockchain system is indeed in use, much less to independently verify the correctness of blockchain data (as there is no access to data and no protocol rules to check against). Human factor remains a vulnerability in private blockchain designs as long as the state of the blockchain is not solely based on its protocol, which is enforced automatically with as little human intervention as possible. Interaction based on legacy user authentication interfaces would be a major source of vulnerabilities in the case of the opaque blockchain design; new interfaces based on public key cryptography could reduce the associated risk of attacks.
While mostly true, there are existing solutions to provide secure verification. It is not as if electronic commerce did not or could not occur before Bitcoin came into existence. Some private entities take operational security seriously too. For instance, Visa’s main processing facility has 42 firewalls and a moat.
On page 15 they wrote:
Proprietary nature of private blockchains makes them less accessible; open sourced and standardized blockchain implementations would form a more attractive environment for developers and innovations. In this sense, blockchains with a public protocol are similar to open Internet standards such as IP, TCP and HTTP, while proprietary blockchain designs could be similar to proprietary Internet protocols that did not gain much traction. A proprietary blockchain protocol could contain security vulnerabilities that remain undiscovered and exploited for a long time, while a standardized open blockchain protocol could be independently studied and audited. This is especially true for protocols of permissionless blockchains, as users have a direct economic incentive to discover vulnerabilities in the system in order to exploit them.
This is just scaremongering. While some of the “blockchain” startups out there do in fact plan to keep the lower layers proprietary, the general view in October 2015 is that whatever bottom layer(s) are created, will probably be open-sourced and an open-standard. Bitcoin doesn’t have a monopoly on being “open” in its developmental process.
On page 15 they wrote:
As the Bitcoin protocol has been extensively studied by cryptographers and scientists in the field, it could arguably form the basis for the standardized blockchain design.
This is untrue, it cannot be the backbone of a protocol as it is not neutral. In order to use the Bitcoin network, users are required to obtain what are effectively illiquid pre-paid gift cards (e.g., bitcoins). Furthermore, an attacker cannot collect “51%” of all TCP/IP packets and take over the “internet” whereas with Bitcoin there is a real “majoritarianism” problem due to how network security works.
A truly neutral protocol is needed and there have been at least two proposals.5
On page 15 they wrote:
The key design element of blockchains is “embedded economy” – a superset of embedded security and transaction validation. Each blockchain forms its own economic ecosystem; a centrally controlled blockchain is therefore a centrally controlled economy, with all that entails.
This is untrue. If we are going to use real-world analogies: Bitcoin’s network is not dynamic but rather disperses static rewards to its labor force (miners). It is, internally, a rigid economy and if it were to be accurately labeled, it is a command economy that relies on altruism and VC subsidies to stay afloat.6
On page 16 they wrote:
It is not clear how the blockchain would function in the case validators would become disinterested in its maintenance, or how it would recover in the case of a successful attack (cf. with permissionless blockchains, which offer the opportunity of self-organization).
The statement above is unusual in that it ignores how payment service providers (PSPs) currently operate. Online commerce for the most part has and likely will continue to exist despite the needed maintenance and profit-motive of individual PSPs. There are multiple motivations for continued maintenance of maintenance transfer agreements — this is not a new challenge.
While it is true that there will likely be dead networks in the futures (just like dead ISPs in the past), Bitcoin also suffers from a sustainability problem: it continually relies on altruism to be fixed and maintained and carries with it an enormous collective action burden which we see with the block-size debate.
There are over a hundred dead proof-of-work blockchains already, a number that will likely increase because they are all public goods that rely on external subsidies to exist. See Ray Dillinger’s “necronomicon” for a list of dead alt coins.
If Bitfury’s proposal for having a set of “fixed” miners arises, then it is questionable about how much self-organization could take place in a static environment surrounding a public good.
Despite the broad scope of the two papers from Bitfury neither was able to redress some of the most important defects that public blockchains have for securing off-chain assets:
how is legal settlement finality resolved
how to incentivize the security of layers (such as colored coins) which distort the mining process
how to enforce the security of merged mining which empirically becomes weaker over time
If Bitfury is truly attempting to move beyond merely processing Bitcoin transactions in its Georgian facilities, it needs to address what constraints and concerns financial institutions actually face and not just what the hobbyist community on social media thinks.
About six weeks ago I mentioned a dollar figure during a panel at the Consensus event in NYC: $6 million. Six million USD is a loose estimate — for illustrative purposes — of the amount of engineering time representing thousands of man hours over the past 7-9 months that has gone into a productivity black hole surrounding the Bitcoin block size debate.
A little recent history
While there had been some low intensity discussions surrounding block size(s) over the past several years, most of that simmered in the background until the beginning of 2015.
On January 20th Gavin Andresen posted a 20 MB proposal which was followed over the subsequent weeks by a number of one-and-done counterpoints by various developers.
About four months later, beginning on May 4, Gavin posted a series of blog articles that kicked things up a notch and spurred enormous amounts of activity on social media, IRC, web forums, listservs, podcasts and conferences.
The crescendo of public opinion built up over the summer and reached a new peak on August 15th with a post from Mike Hearn, that Bitcoin would fork into two by the beginning of next year.
The passionate enthusiasts on all sides of the spectrum took to social media once again to voice their concerns. During the final two weeks of August, the debate became particularly boisterous as several moderators on reddit began to bandiscussions surrounding Bitcoin XT (among other forks and proposals). There was even an academic paper published that looked at the sock puppets involved in this period: Author Attribution in the Bitcoin Blocksize Debate on Reddit by Andre Haynes.
Ignoring the future evolution of block size(s), with respect to the opportunity costs of the debate itself: investors and consumers have unintentionally funded what has turned out to be a battle between at least two special interest groups. 1
So where does the $6 million figure come from?
Of the roughly $900 million of VC funding related to Bitcoin itself that has been announced over the past 3 years, about half has been fully spent and went towards legal fees, domain names, office rent, conference sponsorship’s, buying cryptocurrencies for internal inventory and about a dozen other areas.2
At the current burn rate, Bitcoin companies collectively spend about $8-$10 million a month, perhaps more. And since the debate is not isolated to development teams, because upper management at these companies are involved in letter writing campaigns (and likely part of the sock puppet campaigns), then it could be the case that 5-10% of on-the-clock time at certain companies was spent on this issue.
Consequently, this translates into about $400,000 to $1 million each month which has been redirected and spent funding tweets, reddit posts, blog posts, conferences, research papers and industryconferences.3
What about specific numbers?
For instance, with around 150-200 attendees the Montreal scalability conference likely absorbed $250,000 from everyone involved (via travel, lodging, food, etc.). Similarly, one independent estimate that Greg Maxwell mentioned at the same Consensus event was his back-of-the-envelope projection of the opportunity costs: a few hundred thousand USD in the first couple weeks of May alone as engineers were distracted with block sizes instead of shipping code.
While a more precise number (+/-) could probably be arrived at if someone were to link individual developer activity on the dev mailing list/reddit/twitter with their estimated salaries on Glassdoor — since this past spring roughly $6 million or so has probably gone towards what has amounted to basically two diametrically opposed political campaigns.
And the issue is still far from resolved as there are more planned scalability conferences, including one in Hong Kong in early December.
Why is it a black hole though? Surely there is utility from the papers and projects like Lightning, right?
It’s a money pit because it doesn’t and cannot resolve the coordination problem that decentralized governance creates. I have an upcoming paper that briefly touches on this issue (in Appendix A): the key point is that any time decision making is decentralized then specific trade-offs occur.
In this case, due to an intentional power vacuum in which there is no “leader,” special interest groups lobby one another for the de facto right to make decisions. Some decisions, like raising the minimum transaction relay fees involve less tweets and downvotes and are for various reasons considered less important as others. Yet ultimately, de jure decision making remains out of reach.
Not the first time to a rodeo
Because decentralized governance (and external social consensus) was/is a key feature for many cryptocurrencies, this type of political activity could happen again with say, increasing the money supply from 21 million or if KYC becomes mandatory for all on-chain interactions.
Again, this was bound to happen because of the tragedy of the commons: because the Bitcoin network is a public good that lacks an explicit governance structure. Anytime you have a lack of formal governance you often end up with an informal power structure that makes it difficult to filter marketing fluff from sock puppets like Cypherdoc (aka Marc Lowe) from actual fact-filled research.
And this subsequently impacts any project that relies on the Bitcoin network as its security mechanism. Why? According to anecdotes, projects from new organizations and enterprises have reconsidered using public blockchains due to the aforementioned inherent governance hurdles alone.
After all, who do they call when the next Mexican standoff, block reorg or mutually assured destruction situation arises? There is no TOS, EULA or service-level agreement and as a result they look at other options and platforms.4
It is probably too simplistic to say that, with $6 million in funding, these same developers could have simply created a new system, like Ethereum, from scratch that factors in scalability challenges from day one. It is unlikely that these same developers would have come to agreement on what to spend those funds on as well. [↩]
About a year ago I briefly explored the PR and branding challenges of Bitcoin, a topic that has been independently discussed by others.
Over the past 6 months there has been a visible trend in the overall “Bitcoin” space to rebrand or not use the term “Bitcoin” on corporate material. This has been done for a variety of reasons.
Some startups simply are no longer touching or interfacing with bitcoins or the Bitcoin network. Others do not want to be affiliated with the term preferring the alternative “Blockchain” as a catch-all euphemism.
For instance, below are 10 companies which raised their Series A (and sometimes more) and were originally affiliated with “Bitcoin” in some manner but are no longer publicly positioning themselves as such:
Abra ($14 million): originally launched as a “rebittance” company, still claims to use the Bitcoin network but the word Bitcoin does not appear on its homepage
BitGold ($5.3 million): pivoted from Bitcoin last December
Bitreserve ($14.6 million): rebranded as Uphold and now vocally moving away from Bitcoin
ChangeTip ($4.25 million): removed the word Bitcoin from its frontpage, now focused on USD-denominated tips
Chain ($43.7 million): after closing its recent B round, remarketed from Bitcoin-only and removed the word Bitcoin from its frontpage except in the headlines of past news articles
Circle ($76 million): rebranded after receiving a Bitlicense; neither its frontpage nor its new 60 second ad use the word Bitcoin
Cryex ($10 million): the word Bitcoin does not appear on its frontpage
Mirror, formerly Vaurum ($12.8 million): the word Bitcoin does not appear on its frontpage (but does on some older blog posts)
Peernova ($19 million): originally a Bitcoin mining company that is no longer affiliated with Bitcoin at all
Vogogo ($21 million): the word Bitcoin does not appear on its frontpage
A few others who have done marketing changes (some more substantive than others):
BTC China ($5 million): still focused on its virtual currency exchange renamed itself as BTCC to move further abroad into the international marketplace
itBit ($28.25 million): in addition to running its virtual currency exchange, they also launched the Bankchain initiative this past summer
DAH: originally planned on using the Bitcoin blockchain but broadened its scope during the summer after acquiring Hyperledger; the word Bitcoin does not appear on its homepage although it still uses the network for product launches (like Pivit)
Symbiont: originally used the Counterparty platform and the Bitcoin network as part of its financial service, but has now built a permission-based system
Align Commerce, Serica and many others do not use the word Bitcoin on their homepages yet still use the Bitcoin network for some lines of business
Coindesk renamed their quarterly report: “State of Bitcoin and Blockchain”
Inside Bitcoins (the conference circuit) added “with Blockchain Agenda” prominently at the top of their homepage
As visualized in the chart above, Bitcoin-related investments have declined the past two quarters.
However, the chart is not fully accurate as CBI includes 21inc funding as “one” round in Q1 2015. According to Nathaniel Popper, 21inc did not raise its war chest in one round but rather over the course of 3 rounds. So it is likely that Q1 2015 probably was altogether around $175 million as the other ~$60 million were raised in 2013 and 2014. Similarly Q3 2015 should be less as Chain.com is no longer a Bitcoin-specific company.
What about other changes in the VC world?
Crypto Currency Partners: renamed itself Blockchain Capital
Boost VC: while the word Bitcoin does appear on its homepage, in his most recent writeup of its portfolio, Adam Draper does not use the word Bitcoin but instead uses “block chain” to describe his investments
Pantera: while it remains publicly committed to Bitcoin, based on its most recent newsletter the team likely views the word “blockchain” as more palatable to investors and LPs.
For instance, the year-over-year comparison of word frequency between two Pantera Capital newsletters:
DCG: launched its website during the summer, prominently display the word “blockchain technology” instead of Bitcoin, despite the fact that nearly all of its portfolio is Bitcoin-reliant or Bitcoin-specific.
In fact it appears that the trend by some VC-backed Bitcoin-heavy portfolio’s adopting the term “blockchain” is a marketing gimmick as neither DCG, Pantera nor Boost have purposefully invested in non-Bitcoin blockchain companies. In fact, individuals such as Barry Silbert (founder of DCG) are outspoken in their dismissal of non-Bitcoin blockchains.
What are some reasons for the decline shown in the CBI numbers?
Part of it has to do with the fact that consumer-facing Bitcoin companies have found muted traction, if any at all. For instance, BitPay (which raised $32.5 million) recently laid off most of its staff, liquidated a large portion of its bitcoin holdings, raised its fees in order to stay afloat and did a (non-pivot) pivot towards catering to other enterprises. This looks bad for other Bitcoin-branded companies looking to try and raise funds for consumer-facing products.
Another reason is that some of the buzz and froth simmered down with the price of bitcoin itself. It seems common parlance to hear people at conferences say “the price of bitcoin doesn’t matter” but that is very untrue for fundraising. If prices were on a tear into orbit or were managing some stability higher than it was 2 years ago, it’d be easier for entrepreneurs to convince new investors (not just the same 4-5 funds) to deploy new capital in Bitcoin-specific products. Maybe Gemini will change that?
So where has some capital been deployed instead?
Into that amorphous catch-all term: “blockchain.”
There are just over a dozen “blockchain” / distributed ledger startups collectively trying to raise $200 million at over a $1 billion valuation.
And incidentally, there are a couple companies in each of the VC portfolio’s above that have now built non-Bitcoin blockchains or ledgers.
Some of them are currently raising while others recently closed funding rounds.
This includes: Symbiont, Chain, Peernova, Ripple, Eris, Setl, Credits, Tradeblock, itBit, Tembusu, Clearmatics, MultiChain, BlockStack, DAH, Blockstream (via Liquid) and a few others in stealth that well, are in stealth.
The term “blockchain technology” is basically a catch-all term at this point.
In many cases, when someone at a fintech conference now says they’re interested in “blockchain technology” it typically means they are interested in common elements like public/private key signing, resolutions to double-spending and permission-based multitenancy environments. Bitcoin, as described by Gwern Branwen, was not the creator of those elements.
What will next year look like? Will there be a new term that is co-opted? Or are we stuck using a word that never appeared in the original Satoshi white paper (it had a demarcated space between “block chain”) and has now become an umbrella term for many different neat ideas?