Friday, February 13, 2015

Crypto 2.0--And Other Misconceptions

Discuss this on Hacker News

"It's the Blockchain, not Bitcoin that's the real killer app."

I've been hearing that more and more from prominent tech visionaries. And it's so incredibly wrong.

But before I begin, I want to make sure I'm interpreting it the way people actually mean it. To wit, when I hear the above, I interpret it more precisely as:
A decentralized consensus system using Merkle trees and based on proof of work (or maybe even stake) is the killer app. Furthermore, the specific implementation of a blockchain that we call Bitcoin will die and be replaced by a superior implementation.
But after reviewing a draft of this post, a colleague of mine pointed out to me that another interpretation might be more along the lines of:
Any Bitcoin-like proof of work-based Merkle tree that is meant to be used as a decentralized consensus system is doomed to failure...but (!) there is some sort of undiscovered idea out there that we can't describe and we don't know how it will actually work, but we'll be able to use it as a decentralized consensus system, and it will be awesome, and even though it will only have as much in common with a blockchain as does a platypus with a chicken, we're going to call it a blockchain anyway.
Maybe that is what people mean, and if it is, I can't really argue with that. It's like saying that "low cost energy" is the killer app. No shit. But that tells us absolutely zero about if and how we'll ever get there.

Setting the latter interpretation aside, I will now do my best to debunk the former and give it a proper burial. After all, I didn't earn the nickname "the undertaker" for nothing.

The misconception underlying the idea of "Blockchain good, Bitcoin bad" was most saliently captured for me in an exchange during an Econtalk podcast with none other than Silicon Valley gatekeeper Sam Altman, who is the president of the Y-Combinator startup accelerator.

When the podcast arrived at the topic of Bitcoin, Altman stated, "I think the most interesting piece of Bitcoin is this idea of the Blockchain." And just to make clear that in this instance he did indeed intend to poopoo on Bitcoin while holding up the beautiful idea of the Blockchain, note that he also stated "I own, like, not that many Bitcoins, and I have them as a hedge in case it does win. But I think it still is looking unlikely."

As they began, like, exploring Altman's reasoning for that, Econtalk's host Russ Roberts said "the only that thing I understand about [the Blockchain] is it's the thing that enables Bitcoin to work its magic."

Unfortunately, Russ got it exactly wrong. I don't mean to pick on him--his domain is economics, not cryptography or software--but his mischaracterization of the relationship between Bitcoin and the Blockchain was not corrected by Altman, whose job it is to understand these things, especially when he's going to take a public stance on them.

Let's break down why it's actually Bitcoin that allows the Blockchain to "work its magic" and not the other way around.

First of all, let's agree that the ideas of Bitcoin as a currency or the Blockchain as a consensus mechanism are revolutionary if and only if each's decentralized nature is preserved. The moment one becomes centralized, whether due to a flaw in the protocol or the concentration of mining power, it is no better (and probably worse in fact) than fiat money, e-gold, or any other monetary scheme which is vulnerable to capture by a minority, and therefore vulnerable to abusive seigniorage and capital controls.

Given the crucial requirement to preserve decentralization, the problem Satoshi had to solve while designing Bitcoin was how to incentivize network participants to expend resources transmitting, validating, and storing transactions. The first step in solving that is the simple acknowledgement that it must provide them something of economic value in return.

The next part was figuring what of economic value could be used. Maybe Satoshi considered sending each new block's miner a hand-written thank you note with a picture of a cat. But probably not. Maybe he could have offered them something that's universally marketable, like a fixed amount of gold bullion. And since this scheme was going to live on the internet, he would have naturally made it a digital IOU for gold, perhaps held in trust in a vault.

Oops, there goes the decentralization. We've just reinvented e-gold. Ankle bracelets here we come.

After searching around for some pre-existing object of value to use as an incentive, we eventually realize that Satoshi could not have used anything pre-existing. The incentive had to be created and exist entirely within the network itself!1

Given that the consensus tool's incentive had to live inside the network, its form therefore had be pure information, as that's the only thing that can be transmitted through the internet. Private keys that represent some sort of token are an obvious solution, and when we combine them with two cups of economic scarcity, a Merkle tree root, a spoonful of clever bootstrapping, and a dash of HashCash, we end up with, you guessed it, Bitcoin!

To put the above more plainly, any instance of a blockchain and its underlying tokens are inextricably bound together. The token provides the fuel for the blockchain to operate, and the blockchain provides consensus on who owns which tokens. No amount of engineering can separate them.

So what does that mean for Bitcoin the currency? For blockchain technology in general?

Not only is it the case that the Bitcoin Blockchain cannot win without Bitcoin as a currency winning too, but if the Bitcoin price languishes, the incentive mechanism backstopping the Blockchain will be weak and therefore unreliable, and Bitcoin as we know it will likely live out its days like video games from 80's and 90's, relegated to a corner of the internet where the hipsters of the 2030's will trade them with one another just to be ironic.

If Bitcoin does win, that probably means it displaces the Dollar as the foremost unit of saving (which is what money is in a post-digital age, not the foremost medium of exchange, which was one of its chief functions prior and I suspect what 99% of people mistakenly think is still why money is valuable).

Another source of confusion in this discussion that likely comes from misunderstandings about the nature of money is the idea that there can stably exist multiple blockchains, competing with one another to provide the most reliable and feature-rich consensus tool. But there cannot.

Just like a monetary standard, a blockchain experiences network effects. Any resources being poured into mining one blockchain are resources not being poured into another. Multiple blockchains, like money, will therefore tend to experience the Highlander effect, where weakly-mined (and therefore insecure) blockchains will fizzle out and other blockchains will absorb their mining power, as well as the latent demand for tokens.

But wait. What about merged mining you say. For those who are unfamiliar, merged mining means allowing a miner to essentially use a single nonce for each hash attempt, and if the resultant value is over the required difficulty, multiple blockchains will accept it as a valid hash for a new block.

Namecoin, for example, implements a unidirectional version of this. It allows any miner of a Bitcoin block to simultaneously also produce a new Namecoin block, but not the other way around.

I confess I haven't explored it fully, but my understanding so far is that bi-directional merged mining of the Bitcoin blockchain with another is unfeasible without Bitcoin "consenting" to it before the fact, presumably through a BIP that gets accepted and deployed by a majority of the network.

Unsurprisingly, early steps toward such a modification to Bitcoin are already being put forward by the, as far as I can tell, well-meaning team at Blockstream. They're brilliant and ambitious no doubt, although the one thing their team is missing as of this writing is the presence of John Meriwether. One can only hope they'll read this post and reach out to him.

Blockstream advocates the concept of Sidechains, which they believe will allow for multiple competing yet interoperable stand-alone blockchains, creating sandboxes of sorts to promote experimentation and innovation. If you don't like the way Bitcoin is doing things but you think Sidechain A is really onto something, you can "burn" your Bitcoins in exchange for a certain amount of Sidechain A's tokens and cross your fingers that Sidechain A is in fact the blockchain that Sam Altman has always been dreaming of.

When I read the Sidechains white paper, the first thing that came to my mind was that if blockchains wore funny hats and lived in a royal court, what Blockstream is doing would be what's commonly referred to as a "coup." As established above, any so-called feature that allows Bitcoin to play nice with competing tokens only serves to make it more vulnerable to being usurped.

The argument that Sidechains will promote a vibrant innovative cryptocurrency ecosystem is misguided at best and disingenuous at worst. Thus far, I've yet to see any charges of treason being discussed by Bitcoin's collective mind of core developers and mining pool decision makers. We'll see if it becomes wise before it's too late.

Pondering the implications of Sidechains for a moment, it's interesting to note that, in a vacuum, those who own mining equipment indeed ought to be indifferent to which blockchain they're pointing it at, as the yield to be gotten from their assets is not existing coins, but only those yet to be mined in the future (assuming lock time is not a significant factor). So if Sidechain A's tokens take off in value, and SHA-256 ASICs are somehow still valuable in mining it, miners will gladly point at at the new blockchain instead. Miners have no allegiance to Bitcoin.

Except that miners don't exist in a vacuum. If Cryptocurrency 2.0 ever replaces Bitcoin and all Bitcoins become worthless, confidence in the category of cryptocurrencies in general will be, I believe, irreparably damaged. If Cryptocurrency 2.0 just replaced Bitcoin, there's nothing stopping Cryptocurrency 3.0 from replacing Cryptocurrency 2.0 and sending the value of its tokens to zero. Ad infinitum.

Once the precedent is set that cryptocurrencies are transitory, the end game is known and no critical mass of rational actors will continue to hold the tokens. You've got to remember that, by definition, a cryptocurrency is decentralized and relies on consent. When fiat currencies fail, they can rely on hegemony to get back on their feet. Cryptocurrencies do not have that privilege.

To sum up, Bitcoin was the first mover of proof-of-work-based blockchain cryptocurrencies. It is way out in front of its competition, and it will be a formidable challenge for any other currently-existing cryptocurrencies to overtake it, from the straight-clone Litecoins and theortically elegant Ethereums to the well-marketed but lacking in substance Paycoins and banal Dogecoins.

By design, Bitcoin can be adapted and improved without destroying the value of its tokens. If an undeniably superior method to operate a blockchain is discovered, it's far more likely that Bitcoin Core will implement it and its miners will deploy the patch than it is that they all sit back and watch Bitcoin die while another blockchain passes them.

It remains unclear whether the concept of a proof-of-work blockchain will win at all, but if it does it will be fueled by an underlying token, and I am presently incapable of seeing how any token other than Bitcoin will be the one that wins.

1 This almost certainly wasn't how Satoshi actually created Bitcoin. Given his citation of Wei Dai's B-Money proposal, it's pretty clear that the Bitcoin egg came first and the POW blockchain was spawned afterward. But the argument holds.