Brief overview of cryptoeconomics Wading into the weeds
Aug 13, 2015
Brief overview of cryptoeconomics
Wading into the weeds
Quick overview
• Was asked to go over a few frequently talked about topics:
• What is a cryptocurrency system• Early crypto/virtual currencies• Brief history of Bitcoin• Deterministic money supply• Mining (CPU, GPU, ASICs)• Block rewards• Mt. Gox
Zamfir defining consensus
• “Consensus protocols are used to make one reliable computer out of many unreliable or untrusted computers”• In his model, blockchains are more decentralized than traditional
consensus protocols• Have “fork-choice rule” • In the case of “permissionless” cryptocurrency networks, designers attempt
to use game theory to align incentives to incentivize (or disincentivize) forks• There are other potential methods of achieving and incentivizing decentralized
consensus such as proof-of-stake (also called “Cow systems”), but beyond the scope of this
Zamfir: distributed cryptoeconomic consensus• [This term is preferable over “distributed consensus” because
academics have used it for over a decade and has different meanings]• According to him:• A cryptoeconomic mechanism with the Nash equilibrium of assuring
distributed byzantine fault tolerant consensus• We should be able to assert and prove the cryptoeconomic
assurances of any consensus mechanism• Distributed consensus mechanisms can create a pure cryptoeconomy.
Even the execution of the mechanisms is has a measurable assurance.
Zamfir cont’d
• Cryptoeconomics: economics for cryptography rather than cryptography for economics• Economic mechanisms can give guarantees that a program will run in
a particular way that cryptography alone cannot provide.• Incentives are forward facing, cryptography is a function of already-
existing information• How do we provide custom cryptoeconomic guarantees?
Virtual currencies and cryptocurrencies prior to Bitcoin• DigiCash (1990)• e-gold (1996)• WebMoney (1998)• PayPal (1998)
• “Bitcoin is the opposite of PayPal, in the sense that it actually succeeded in creating a currency.” -- Peter Thiel
• Beenz (1998)• Flooz (1999)• Liberty Reserve (2006)• Frequent flyer points / loyalty programs• WoW gold, Linden Dollars, Nintendo Points, Microsoft Points
Gwern: pre-requisites to Bitcoin’s blockchain• 2001: SHA-256 finalized• 1999-present: Byzantine fault tolerance (PBFT etc.)• 1999-present: P2P networks (excluding early networks like Usenet or FidoNet;
MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, i2p etc.)• 1998: Wei Dai, B-money• 1997: HashCash; 1998: Nick Szabo, Bit Gold; ~2000: MojoNation/BitTorrent; ~2001-
2003, Karma, etc• 1992-1993: Proof-of-work for spam• 1991: cryptographic timestamps• 1980: public key cryptography• 1979: Hash tree
Short history of Bitcoin
• Final version of white paper released on Metzdowd cryptography / cypherpunk mailing list on October 31, 2008• Earlier drafts circulated to smaller number of people• Adam Back suggested to Satoshi to include Wei Dai “B-Money” reference
• Genesis block “established” on January 3, 2009• Version 0.1 code released on Metzdowd listserve on January 9, 2009• Satoshi explains that he has been working on it for the past 18 months• According to Nathaniel Popper, Hal Finney was one of a few who was given
earlier versions of the code prior to its release; was also the first known person to receive a bitcoin transaction (block 170)
Biggest difference to pre-Bitcoin ccy’s
• So if cryptocurrencies existed before Bitcoin and if distributed consensus mechanisms such as PBFT (1999) existed before Bitcoin, what does Bitcoin do that DigiCash and others did not?
• Bitcoin sidesteps (but does not really “solve”) the double-spend problem by purposefully making it expensive for any one actor to unilaterally change history (also called “the state of the ledger”) • Anonymous/Pseudonymous validators referred to as a dynamic membership multi-party signature
(Back 2014), or the Nakamoto signature (Grigg 2015)• E.g., an attacker – in theory – would need to make a longer chain of “work” which costs real
resources to do so; conversely, if network becomes cheaper to operate it also becomes cheaper to attack• In practice, this “forking” can happen by accident too
• During July 4 - 5, 2015 on two separate occasions, block makers built on top of invalid blocks due to adoption of BIP 66 by some but not all block makers
• Not a real “attack” per se, but it did cost over $50,000 in what are now “orphaned” chains (at least 9 blocks altogether)
Virtual currencies and cryptocurrencies after Bitcoin released• CoinMarketCap currently tracks 592 cryptocurrencies / 59 assets• CoinGecko tracks 225 cryptocurrencies/assets• Ray Dillinger’s “Necronomicon” includes over 100 dead altcoins• These are just publicly known blockchains, likely dozens if not hundreds of private trials,
proof of concepts in academia, institutions and from hobbyists• E.g., Citibank announced in July 2015 that it was testing out three blockchains with a “Citicoin” to better understand use-
cases
• Some of these trials and implementations are not attempting to be censorship-resistant cryptocurrencies – catering to other markets• E.g., financial institutions looking to speed up cross-border payments without having to deal with
volatility or liquidity, create bilateral and multilateral blockchain settling
• Other virtual currencies: Facebook Credits (May 2009), Amazon Coin (2013)
Progeny
Map of Coins is currently tracking 686 derivatives of various cryptocurrencies
This includes all hashing functions (e.g., scrypt, X11, X13)
And includes existing and defunct chains
Deterministic money supply
Impact of losing privkey’s over time with a deterministic money supply
Alternative money supplies
• Three notable proposals for a “stable coin”:• Robert Sams (Seigniorage Shares)• Ferdinando Ametrano (Hayek Money)• Massimo Morini (Inv/Sav Wallet)
• Platforms with developers who have spoken about using it:• Ethereum (Schelling coin), Augur (Truthcoin), Pebble (Openia), Tendermint
• Rebase purchasing power of the currency in a decentralized manner• Can use two metrics: increase and decrease of hashrate as well as increase and decrease in fees to miner as
proxy for whether or not the quantity demanded has increased (or decreased)• Seesaw of currency creation/seigniorage destruction
• Another experiment is Freicoin which uses demurrage (negative interest rates)• Dogecoin was originally a fork of Luckycoin which used randomized rewards for mining a block
• Switched to a deterministic supply which then allotted the remaining 100 billion dogecoins (divvied out within its first year) on a set schedule and finally switched to a permanent reward of 5.256 billion dogecoins per year
The s-curve in hashrate
Eric Mu from HaoBTC in Sichuan• Medium sized hashing farm in Kangding, western Sichuan (near border with
Tibet)• It costs “RMB 1.5 million per petahash excluding running costs”
• Or roughly $242,000 / PH• New hashing facility cost around $600,000 - $700,000 to construct
• 0.2 RMB per kWh electrical rate from nearby $10 million hydro electric dam (25,000 kW output)• Equivalent to ~$0.03 / kWh (during the “wet” season) -- when everything is accounted for ~$0.045 /
kWh• This is around the same price as the Washington State-based hashing facilities which is the cheapest in the US;
(Washington State partly subsidizes hydro)• Rate is slightly more expensive during winter due to less water, 0.4 RMB
• At this price per joule, would cost around ~$90 million to reproduce “work” generated by the ~400 petahash chain• Currently has ~9 PH and they are looking to expand to 10 PH to 12 PH (based on their cost structure)
• At current difficulty level it costs ~$161 to create / mine a bitcoin• Note: ASICs are single use, this hashing equipment cannot run Excel or Google services, or even bitcoind
Fees and block rewards, theory versus practice
Hashrate follows price, amount of resources expended (for POW) is directly proportional to market value of a POW token
“Bitcoin involves proofs-of-work. There is no such thing as an efficient proof-of-work. That's a contradiction in terms. Bitcoin is designed fundamentally so that if people become more efficient at doing the proofs-of-work, the difficulty of proofs-of-work goes up right in tandem with what they're doing. And it ratchets so that your limit it will always be power.”
- Bram Cohen, creator of BitTorrent
Question of longevity is a topic for future presentations, but…
Nicolas Courtois: self-terminating chains?
Namecoin hashrate has declined since its first “halvening”
Dogecoin was losing 20-40% of its hashrate every “halvening”
Will see more regarding BTC next summer
Brief history of Mt. Gox• January 2007 – Jed McCaleb purchases the domain to be used as a website for users of Magic: The
Gathering then scraps the project• July 18, 2010 – McCaleb, a week after learning about Bitcoin, builds and launches the eponymous
Bitcoin exchange• March 6, 2011 – McCaleb announces the sale of Mt. Gox to Mark Karpeles• June 19, 2011 – Mt. Gox is hacked and the resulting breach undermined market confidence, bitcoin
price dropped to $0.01• For the next two years the market price steadily grew, reaching $266 on April 11, 2013• April 11 – 12, 2013 – Mt. Gox, which accounted for about 70% of bitcoin trading marketshare, suspends
trading due to technical issues; price drops over $100 • December 5, 2013 – Market price of bitcoin reaches all-time high of over $1,100 on most exchanges• February 7, 2014 – Mt. Gox halts all bitcoin withdrawals• February 28, 2014 – Mt. Gox files for bankruptcy in Tokyo (files on March 7th in the US) and announces
it may have lost 750,000 bitcoins from users in addition to 100,000 bitcoins of its own
Wizsec on Mt. Gox bitcoins
Summary
• Distributed consensus is a topic dating back multiple decades• Distributed cryptoeconomic consensus is a newer term that relates to decentralized
cryptocurrency systems• Underlying all of these cryptocurrency systems are a type of shared, replicated ledger
(which many call a “blockchain” or “distributed ledger”)• Most common cryptocurrency systems today are proof-of-work-based and are referred
to as “permissionless” in that there is no formal gating process to validate a transaction• Other types of shared, replicated ledgers include permissioned blockchains / distributed
ledgers that are (generally) not attempting to be yet another cryptocurrency• The overall Bitcoin ecosystem continues to teach both types of worlds (permissioned
and permissionless systems) what can and cannot work