2015-05-31

BitShares - probably the first self-sustaining DAO

For over a year, the Bitcoin world has been intrigued with the concept of Decentralized Autonomous Organizations - quasi-corporations following known and predictable set of business rules dictated by the software itself. While in the future we might have AIs running everything, for now human involvement in software development and other functions necessary for the DAOs to sustain themselves.

Vitalik Buterin's Quadrant Chart for Classifying DAOs

While most cryptocurrencies do form a quasi-DAO, to the best of my knowledge BitShares appears to be the first system to be a fully self-sustaining DAO. Lets explore why this might be the case.

What does a DAO need?


While there are a lot of characteristics a DAO has, we should figure out what a DAO, or any decentralized software-based system wants and needs.

While some might see this as anthropomorphizing a non-living piece of software, we can probably agree that any DAO-like system wants to first of all fulfil the role it was created to perform (in the case of cryptocurrencies - to facilitate transfer of wealth between individuals), and secondly - the system would want to accomplish anything to allow it to continue its first role as long as it is needed.

To accomplish the latter goal, the software needs to be updated, new blocks need to be created, and the system itself needs to become more ubiquitous.

Now, how can a DAO fulfil its needs? Well, it can reward the people that work on the system. If we're talking about cyrptocurrency systems, money is usually a good motivator.

Examining the incentives


We already discussed the problem some systems have with incentives in a previous post. Here, I would like to discuss how various examples of cryptocurrency systems reward its participants.

Bitcoin is probably the most notable early example of a quasi-DAO. It rewards its miners with a block reward and transaction fees, ensuring new blocks are created for years to come. Bitcoin however does not create a direct incentive for software developers to update its software, or for businesses to offer new products on the platform. Sure, there are plenty of non-direct incentives - anyone holding BTC is incentivized to make the value of BTC appreciate so they stand to profit, but that happens external to the Bitcoin software itself.

In a system like Ripple, where the fees are burned and there is no token creation, only the XRP holders are indirectly incentivized to keep the system going - the validators are not paid, nor are the developers.

When looking at a proof-of-stake systems like Peercoin, we have the coin holders that are incentivized to create new blocks, but again, no other direct rewards go to anyone else.

Now, when we look at BitShares and its Delegated Proof of Stake, we see something different. While it's still the block "miners" / delegates that get the reward, who gets to be that delegate is a different story. Unlike proof-of-work or proof-of-stake, anyone that the BitShares coin holders elect can become a delegate and be rewarded for it. If the software needs updating - the core developers will be voted in and paid for their work. If the system needs evangelists - the right people for the job will get the rewards, etc. As it stands, it looks like the system can be fully self-sufficient using this simple reward system.

So while the DPoS implementation in BitShares might not be without its flaws, the concept does lend itself to solving a lot of the problems a cryptocurrency system might have in a simple fashion.

Lastly, this process is no longer unique to BitShares. Stellar introduced a similar method for distributing its token inflation.

Conclusions


While there are a lot of systems out there that act like a quasi-DAO, BitShares seems to be the first one to become fully self-sustaining due to its Delegated Proof of Stake.

2015-05-28

Mining versus Consensus algorithms in Crypto 2.0 systems

Recently, I had the pleasure of talking with David Schwartz, Chief Cryptographer at Ripple Labs about a topic that I haven't heard covered before - the implications of using a Consensus algorithm for ledger creation rather than a Mining approach, such as the one used in Bitcoin. This seemingly insignificant difference can affect the long-term viability of a Crypto 2.0 system as it turns out. But first, some theory...

Mining algorithms


As pretty much everyone knows, new Bitcoin blocks are created through a process called mining. Every miner on the network competes to produce the next Bitcoin block by the use of Proof of Work algorithm. If you find the solution first, you have successfully created the next block and thus get the block reward plus fees for included transactions - pretty simple.

There have been a lot of tweaks made to this simple algorithm in many altcoins out there. A number of different coins use different hashing functions for their Proof of Work, some networks introduce Proof of Stake or Distributed Proof of Stake and so on. What all of those algorithms have in common is that every block is created by a single entity - it might be a lone miner, or perhaps a mining pool aggregating a number of workers, but there is still a singular authority that dictates how a block looks.

Consensus algorithms


The Consensus algorithm as popularized by Ripple and also used in Stellar works on a different principle (some videos on this subject - 1, 2). Instead of performing any mining, a number of validators agree on which transactions should be included in the next ledger. Based on that agreement, every validator creates the same ledger.

While the way the validators are chosen can be a a difficult and important design decision, the result is similar - there is no single entity that creates the next ledger.

Malicious miners - what can they do?


While most people have heard about the dangers of a 51% attack and some are also aware of the Finney attack, today we would be talking about more benign things every miner can do to every block they create.

Any miner that creates a block can:

  • Control which transactions are part of the block, if any
    • They can prevent certain transactions from appearing in the block they mine
    • They can include any number of valid transactions into the block. Even if fees are forced for any such transactions, the miner will earn those fees back
    • If there are multiple conflicting transactions, the miners get to pick which are included in the block, thus invalidating their double-spend counterparts
  • Control the order the transactions are included in the block
  • Decide whether to release the block they created at all
  • Set the various block parameters within some limits (they control the nonce and timestamp)


In the Bitcoin world, pretty much all of those things don't really affect the network performance all that much. Sure, the miners can censor some transactions for a block, but provided the network as a whole is not compromised, those transactions should eventually make it into someone's block. They can also spam the block with any number of their own transactions for free, but in the grand scheme of things it's just an extra megabyte of data that needs to be stored. All in all, due to Bitcoin's straightforward transaction nature and the fact that we're dealing with only one currency, a malicious miner can't really do much.

Now, lets consider the same scenario on a more sophisticated Crypto 2.0 platform, such as Ripple, BitShares, Ethereum, Omni or the like. The network not only handles their native currency, but also offers a lot of other features - derivative contracts, decentralized exchanges, smart contracts and so on. Suddenly, whether a transaction is included in a given block or a block after can start to matter a lot more.

If a malicious miner sees a big buy order coming into the market that would move the price significantly, they can engage in front running - the buy order could be pushed to the back of the queue or even left out until the next block, while the miner buys up all of the current stock and re-lists it at a higher price to turn a profit. Alternatively, when they see there is a high market pressure coming in, especially in systems that are inefficient by design, they can buy the orders up one by one by using their power to include any number of their own transactions into a block for free, and similarly re-list them for people to buy up.

When we enter into the smart contract world, we have a few more exploits.

Perhaps the system in question is relying on the miners to be smart oracles and report some price data. The miners can misrepresent the price in their favour - perhaps not so blatantly as to report different orders of magnitude, but one could use data that is a bit stale or fudged on the second or third significant digit without it looking too suspicious.

The miners could also try to influence some time-sensitive contracts - maybe someone tried to make a bet on some lottery during the last possible minute, or some contract deadline is about to come up and the miner stalls the transaction by one block? That could change the outcome of the contract.

Lastly, if some smart contracts implement gambling on the blockchain with the random number generator being influenced by the mined blocks, the miners could cheat that system by only releasing blocks favourable to their bets. Say, if we have a virtual coin flip that is heads if the block hash is even and tails if the hash is odd, if the miner stands to gain more by winning the bet rather than creating the next block, they can withhold the blocks that aren't favourable to them. Provided their computing power share in the network is greater than the house edge in the game, the miners would turn a profit in the long run.

All in all, there is a lot more a malicious miner can skew in their favour in a Crypto 2.0 system than they could do in a traditional system like Bitcoin.

Validators


In comparison to the miner-based approach, the consensus model based on validators solves the listed issues in most cases. Provided the validators are not colluding with each other to overtake the network, most of the above listed attacks are reduced if not eliminated altogether.

While a malicious validator might try to do some front-running, their transactions aren't more likely to be included into the next ledger than the transactions anyone else submits. Having multiple validators act as smart oracles could allow one to average out the answer and limit the influence of one malicious report. Time-sensitive contracts could be slightly influenced by trying to stall the consensus mechanism or vote against some transactions being included in a ledger, but since the system is designed to be fault-tolerant, one malicious entity shouldn't be able to do much.

Influencing the ledger hash is possible to some degree - the validator can try predicting what the next ledger will look like and adding which transaction could influence that hash in their favour, but everyone else can do the same. Since all parties are just as likely to influence the ledger hash, the result of this influence could make the outcome just as random as it ought to be, or at least make it very hard to predict whose influence will win in the end.

All in all, a validator-based approach to ledger generation reduces the number of exploits that can be performed in a Crypto 2.0 system.

Conclusions


One could compare the mining approach to block generation to a short-term dictatorship, while the validator approach is more akin to democracy. While both systems can be exploited or used for good (the Roman Republic elected their dictators in times of need, while democracy can spiral into mob rule), the democracy of validators requires more parties to be malicious before the system becomes compromised.

While in the Crypto 1.0 world a malicious miner can't do much to harm the system, in a Crypto 2.0 world there are a lot more exploits that need to be addressed.

As this is a topic I haven't seen properly discussed before, I would love to hear the input from the developers of various Crypto 2.0 systems - Omni, Ethereum, Counterparty, NXT, BitShares and so on as to how they view this issue potentially affecting their networks.

2015-05-25

BitUSD vs USD IOUs

Last Thursday at Decentral Vancouver we were discussing BitShares and BitUSD with Max Wright (I recommend his BitShares 101 series of videos for anyone that wishes to understand how BitShares works). During that hangout, we were comparing BitUSD to USD-denominated IOUs (BitShares calls them User Issued Assets, Ripple - IOUs). The topic is very interesting, so I would like to share my thoughts on it with you.

While we will be talking about BitUSD and USD IOUs, those currencies should only be viewed as a representative of their respective categories. There are many other currencies similar to them, but to keep things simple, we will be using them in this post.

This blog post can be seen as an expansion on "The rise of fiat-denominated cryptos". Other related posts - "Inert versus volatile currencies - pondering an attack on BitUSD", "Thoughts on Delegated Proof of Stake and Bitshares".

What is BitUSD?

BitUSD is a "market pegged asset" on the BitShares Crypto 2.0 platform. It is created as a derivative of the native bitshares currency. As such, it is a "counterparty-less fiat-denominated crypto". Its value is kept at around 1 USD by an open, decentralized market. BitUSDs are created as a derivative with a collateral of three times the current BitUSD value in bitshares.

What are USD IOUs?


An IOU in the sense used in Ripple is a representation of debt from a gateway to its users. It is created when users deposit funds into the Ripple system through the gateway, and extinguished when the funds are withdrawn. USD-denominated IOUs are pegged to the value of 1 USD each by the promise of the gateway to accept them at face value and exchange them for 1USD in cash, wire transfer or similar.

Who is the counterparty?


The first big difference between BitUSD and USD IOU lies in who is the counterparty that guarantees the value of the currency.

With USD IOUs, the matter is simple - the gateway that issues the IOU is the party that guarantees its value. The deposits might be guaranteed by third parties, for example by deposit insurance or perhaps even gateway's competitors in a Voting Pool-esque system, but in most cases at the present that is not the case. If a gateway is operational, like in case of BitStamp, the IOUs will hold value. If the gateway goes out of business, like in case of WeExchange, the IOUs will drop in value.

As for BitUSD, some argue that there is no counterparty, while others say the whole BitUSD derivatives system is the counterparty. The latter is probably more true - if the market becomes destabilized, either through malicious forcing of margin calls or by sudden drop in the value of the BitShares currency, the system as a whole might default. However, if the BitUSD market is working properly, there should be a lot of parties involved in it, and thus there won't be a centralized point of failure in the system.

The flexibility of currency supply


Due to how the currency is created, there is a difference in the flexibility of the currency supply for BitUSD and USD IOUs.

USD IOUs can be created by the gateways at a whim. If they decide they need a few million dollars more, they can create those funds in seconds. There is no limit to how much funds can be created - if someone approached SnapSwap for example with a sum of 1 billion dollars that they wanted to use on the Ripple system, they would be glad to have that business.

Similarly, when the funds are withdrawn, the underlying IOUs are extinguished and the market cap is reduced. The IOUs exist only when they are useful, and can be created and destroyed to adjust to the market.

USD market cap in Ripple

BitUSDs can be created by the market agreeing to enter into a derivatives contract. Provided there are people on both sides of the contract, the market can be expanded as needed. However, there might not be enough counterparties to secure a large expansion of the market cap, and the BitShares market cap itself might not be enough to handle the expansion either (for every BitUSD created, the system requires a collateral of 3USD worth of bitshares).


BitUSD market cap


At its peak, BitUSD had a market cap of 1.2M USD. Today, at the BitShares market cap of $15M, you could have at most about 5M BitUSD in the market. In order to handle more more BitUSD, the value of BitShares would have to increase.

When it comes to extinguishing BitUSD, the derivatives contract has to reach its maturity as well, meaning that for some time there might be more BitUSD in the market than are needed, driving their price down temporarily.

Exchange rate and convertibility


Both BitUSD and USD IOUs are aiming to become a stable currency tracking the value of a dollar as closely as possible.

For BitUSD, it is hard to find an objective resource on how closely it keeps its value. You can look at CoinMarketCap's BitUSD markets, currently reporting a price of $1.14-$1.21 per BitUSD. If you look at BTER's charts, you see the exchange rate of 0.94 BitUSD/USD (so about 1.06 USD / BitUSD). Moreover, BitUSD is convertible to BTS or BTC only on those markets, meaning one also has to convert those currencies into USD before they can withdraw.

For USD IOUs, the matter is simpler - unless a gateway goes out of business as described above, the "exchange rate" for an IOU is usually stable. SnapSwap for example charges a deposit / withdrawal fee of 0.99% with a cap of $5, and an in-Ripple transfer fee of 0.2%. The IOUs are convertible directly into the underlying currency, so they don't suffer from market fluctuation.

Fees


As with any distributed network, there are some fees one needs to pay in order to use the system and its underlying currencies to prevent network spam among other things.

For BitUSD, it looks like the only fees incurred directly by the people transacting in the currency are BitShares transaction fees. When it comes to creating the currency, it is mainly a free market. There are some interest rates expected by people entering the contracts to create those currencies, which are currently around 5%, and there are some penalties for the system executing a margin call (currently around 10%), but for people using the currency directly, those don't really come into effect.

For Ripple-based IOUs, there are likewise transaction fees dictated by the network. Beyond that, any gateway can set their own transfer fees and demurrage fees for using their currencies. The latter is rarely used, and the former is usually around 0.2% of the transfer amount. This creates incentive for gateways to make their IOUs as attractive as possible to use.

Funds' security


Security of one's funds is an important part of a successful currency.

Securing BitUSD largely falls into the hands of the users. Pretty much like Bitcoin - you are your own bank. You can make your BitUSD in your wallet as secure as you wish, but you have to go through the effort. Your funds cannot be seized, frozen, or taken away provided your private key doesn't get compromised. On the flip side, if you lose your private key or someone steals your money, you have no direct recourse. Due to the TITAN technology, it might be very hard or even impossible to track the stolen funds.

Security of USD IOUs are largely up to the gateway. It stored your deposits in a bank or a vault, while giving you an IOU to transact in. You are responsible for securing those IOUs in your wallet, similarly to BitUSD or Bitcoin.

If the gateway's private keys get compromised, an attacker can print any mount of IOUs and spend it on the network, possibly getting some other IOUs or XRP until the market is dry. However, the gateway can create a new account and re-issue the IOUs to the holders of the old IOUs in the same state the accounts were in before the attack took place.

The gateway also has the power to whitelist or blacklist accounts that can use their IOUs. This means that even if you hold the IOUs legitimately, your account might be frozen, able to only withdraw the IOUs into the gateway (not transfer them to anyone else). This can be used for both the good (following regulation, freezing stolen funds), and for bad reasons (shutting down arbitrary accounts).

If one's wallet gets compromised, they can take legal action with the gateway to hope to gain back one's money. The gateway can blacklist the account the funds were transferred to, and reimburse the account that lost the IOUs. This probably would only happen if there was a proper police report filed for the stolen funds, but at least there is some way to recover the funds.

All in all, BitUSD allows one to control the funds more directly, but also makes them responsible for their money. With USD IOUs, the gateway has significantly more say in the matter.

Anonymity and privacy


With BitUSD and BitShares in general, the TITAN technology allows the users of those currencies to remain anonymous and their balances secret.

The Ripple system is a lot less anonymous. While it uses addresses similar to Bitcoin, users of the system generally reuse the same address all the time. Moreover, since Ripple Labs is focusing on bringing more KYC onto the system and the general requirements of gateways to perform KYC on their customers, there is a lot of potential to link one's identity to that Ripple address and all the transaction history associated with it. As it stands, Ripple and the IOUs on it offer little to no anonymity or privacy.

Regulatory compliance


A long-term success of a system cannot be guaranteed if it goes against the laws of the land. While a decentralized system cannot be shut down per-se, it can certainly be hindered if its developers or users are persecuted.

As mentioned in the previous section, Ripple gateways are generally focused on being KYC compliant in their issuance of USD IOUs and similar. As such, they might be more appealing to customers that require to perform KYC on the people they are dealing with, such as currency exchangers, market makers and so on. With the recent Ripple Labs fines, we might see the Ripple system being pushed more to being regulatory compliant, for the better or worse.

BitUSD and BitShares at the moment don't appear to be dealing with regulatory compliance. Exchanges that convert BTS or BitUSD of course can perform their own KYC and other thigns required of them, but with the high anonymity of the system, the distributed exchange on BitShares might not be able to comply. Whether people creating BitUSD through the derivatives contracts or people trading those currencies for anything else on the system would fall under say, FinCEN regulations and be required to register as a money transmitter - that's still up to debate.

Universality


The more universally accepted the currency is, the better.

BitUSD is by definition derived from BitShares and thus is only usable on that platform. Anyone wishing to send BitUSD to another platform would either have to go through a gateway (a singular entity or perhaps a voting pool of gateways), or perhaps in the future through some cross-chains connected to BitShares.

USD IOUs from a given gateway can be put on any system that allows for creation of IOUs (currently - Ripple, Stellar, BitShares, Omni). In this fashion, say, SnapSwap USD IOUs can be more universally accepted than BitUSD, allowing users to easily convert from one network to another.

IOUs also tie nicely to the idea of bridges - easy way to send money from a system into another system (both Ripple and BitShares support the idea of bridges). For example, you can use BTC2Ripple to send BTC IOUs directly from a Ripple account into a Bitcoin account, and Ripple Union allows you to send Interacs into the Canadian banking network.

Flexibility


This one deals with how easy it is for a given system to adapt and start supporting new currencies.

BitShares' market pegged assets are hard-coded into the system. Currently, it looks like the system supports BitUSD, BitCNY, BitEUR, BitGold, BitSilver and BitBTC. If one wanted to create BitCAD, it would require the code to be changed. The currencies in the system are uniform and fungible.

When it comes to IOU-based systems like Ripple, one can easily create new currencies at a whim. There are gateways for about 14 different currencies (BRL, BTC, CAD, CNY, EUR, GBP, JPY, KRW, MXN, SGD, STR, USD, XAG, XAU), and there is nothing stopping people from creating one's own currency (like DYM, a currency backed by silver dimes). Moreover, since every gateway is different from the next (a USD from SnapSwap is not the same as USD from MtGox), every currency offered by every gateway is its own currency, distinct from everything else on the system.

Conclusions


BitUSD and USD IOUs are very different currencies tackling the same problem. BitUSD aims to create a system for transfer of value independent from the current banking world, while IOU-based systems like Ripple work best in conjunction with the banking world. Each have their own use cases, and ignoring the current maturities and adoption of their respective systems, they both stand a chance of carving out their own niche.

2015-05-23

Inert versus volatile currencies - pondering an attack on BitUSD

When thinking about a currency on a simple exchange as a fairly inert object. You can throw money at the market, swing it up or down, but without other actors taking an action by themselves, the market will remain the way you left it. You might cause a panic, or your order might be eaten up by traders with strong confidence in the current price.

Now, consider a derivatives market like BitUSD. While you may have the same market as in a simple exchange, there will also be a lot of collateral in that market waiting to be called upon if one would need to make a margin call. Depending on how the market is structured and how much money is potentially available for margin calls, someone wishing to exploit the market could have a powerful force multiplier waiting to be unleashed. You could call such currencies "volatile" - not in a sense of finances where the price fluctuates a lot, but more of a chemical sense - that there is a latent force in those currencies that could be unleashed for one's benefit.

BitUSD - quick recap


BitUSD is a "market pegged asset" on the BitShares Crypto 2.0 platform. It is created as a derivative of the native bitshares currency. As such, it is a "counterparty-less fiat-denominated crypto". Its value is kept at around 1 USD by an open, decentralized market. BitUSDs are created as a derivative with a collateral of three times the current BitUSD value in bitshares.

The snowball effect


Under normal conditions, the futures market should be stable. You might see some spikes every now and then and perhaps some margin calls being made on an infrequent basis, but the market should track the proper values.

However, it is also possible that a market might have a tipping point - a price at which a snowball effect might take place. Lets say the current market is like this:

  • The current price is 100 BTS per BitUSD
  • It takes:
    • 10k BTS to move the price from 100 to 200 BTS per BitUSD
    • 10k BTS to move the price from 200 to 300 BTS per BitUSD
    • 10k BTS to move the price from 300 to 400 BTS per BitUSD
  • When the price:
    • Reaches 200, 5k BTS will be used on margin calls
    • Reaches 300, 15k BTS will be used on margin calls
    • Reaches 400, 25k BTC will be used on margin calls
If we throw 5k BTS into the market, not much happens - we moved the price a bit. If we throw 10k BTS, we force the market to spend another 5k BTS. We moved the price by 100, and the margin calls moved it further, multiplying the strength of our move by 1.5.

If we throw 15k BTS into the market, we first force the 5k BTS to execute margin calls, adding to a total of 20k BTS. This is enough to trigger the next wave of margin calls - another 15k BTS is pushed through the market on margin calls. This in turn is more than enough to trigger a third wave of margin calls adding another 25k BTS into the market.

This way, our initial push of 15k BTS has forced the market to execute additional 45k of orders (60k in total), thus multiplying the strength of our move by a factor of 4.

A similar scenario was described by James Rickards in his book Currency Wars.

In a centralized world, you would expect the exchange facilitating such trades to trigger a trading curb, perhaps even reverse some trades if they suspect malicious intent. However, a decentralized, anonymous marketplace might have a problem trying to unwind what has happened.

How to benefit from such an attack?


There are several ways one can benefit from executing such an attack. Of course, some preparation is needed.

First of all, one could go to a separate exchange or a prediction market and bet on the price of BTS going down. If the market is well established and has enough participants with open positions, it might be easier or harder to earn some money this way.

Secondly, one could position the open trades on the BitShares market itself in such a way as to benefit the most from the margin calls. In our example, we could slowly build up the price of BTS in preparation for the attack, while also amassing a good portion of BitUSD and creating open sales at over 400 BTS per BitUSD. This way when the final wave of margin calls is executed, we will be able to sell our BitUSD for 4 times as many BTS as they were initially exchangeable for. The amount of BTS amassed could be then used to manipulate the delegate market.

Lastly, there is always a room for competitors to employ some malicious tactics against BitShares. At the current market cap of 12M USD, competing 2.0 platforms like for example Ripple might dwarf the market twice over with their Series A financing to strengthen their own position in the market. While I don't believe any of the Crypto 2.0 platforms would even plan to employ such tactics in the near future, there is nothing you can rule out.

Conclusions


While BitUSD is an innovative creation with a big potential, I would still like to see some practical analysis of how robust the market is. Does it have a tipping point, and if so - what is it? Since all transactions are public, the attackers wouldn't have a problem figuring it out.

In the end, this discussion brings to mind a field of mousetraps - they can be "diffused" or triggered safely in low concentrations, but if you have too many clustered in one place...


2015-05-21

Much ado about nothing - pondering 21Inc

In the last few months a lot of people have been talking about the "mysterious 21 Inc" - a Bitcoin startup that raised $116M in recent funding to work on their secret technology. Everyone was speculating on what it could be based on the little information that we had from their job offers looking for ASIC engineers. People were guessing they could be making space heaters that earn money, or perhaps an ASIC-powered toaster. Well, the wait is over and we finally know that their big plan was... to put Bitcoin miners into phones...

Lets ponder for awhile how feasible this approach could be.

What are the current rates?


As with all analysis related to Bitcoin mining and profitability, everything is in the state of flux. So here are some current numbers we will be using for those of you who might be reading this in the future.


Based on that, we can do some calculations. That chip is currently mining about 0.000037BTC per day, earning about 0.013540 BTC or $3.17 per year if you run it at no cost. If you take the cheapest electricity cost of say, India or China at $0.08 / kWh, your annual profit is about $1.28, so you break even for the cost of a single $1.5 chip after 428.5 days of mining.


The current standard transaction fee in Bitcoin is about 0.1mBTC per 1000 bytes. The chip could make this much in about half a week.

Currently the difficulty on the Bitcoin network has slowed down its growth. It currently is about 48B, 5 months ago at the start of the year it was 40B, it was 23B in September of last year, and 13B in July of last year. So the difficulty has grown by roughly a factor of 4 since last year, but currently it looks like it slowed down to under a factor of 3 annually.

Estimating how much bandwidth a Bitcoin miner takes can be a bit tricky. Some people have reported it using about 20MB per day.

The difficulty approach, versus the simple approach


Looking at all those numbers, it looks like the mining doesn't scale all too well. In order to mine a dollar of bitcoins using a single chip it would take a phone non-stop 4 months of work. During that time, the phone would need to be connected to the Internet, powered up and heating up from the mining. Subtract from that the cost of electricity, mobile data and so on, and you might be operating at a loss in most situations. This is not to mention the decreased battery life from higher heat exposure and so on.

All in all, ASICs operate the best with economics of scale in mind - producing chips in bulk, cramming them into well-ventilated chassis, putting those in a data warehouse and so on. Perhaps instead of cramming a cellphone with an ASIC chip, it could come with some cloud mining subscription for life where a given datacenter would mine for BTC in the device's name and send those coins to the address bound to the phone over the years?

Alternatively, do away with mining and just buy some coins up front. Add $5-$10 to the phone's price up-front, but BTC with that money and trickle the coins into the device say, once a week or whenever the balance is getting low. Heck, if you notice a device's balance is still positive, you can always keep the coins for longer and perhaps even cash the coins after a year of inactivity of a potentially dead phone. This solution is much simpler and elegant. Best of all, since all Bitcoin balance data is public, you can top people's phones up without checking with them - you will know when their balance is running low.

Conclusions


Sometimes the first solutions might be the most obvious, but there are more elegant solution to solving the same problem. Cramming Bitcoin mining into devices in a way that detracts from their primary usage doesn't make sense. If you want a device augmented with Bitcoin mining, make sure its primary function is generating heat - this way even if the toaster or the space heater doesn't earn any money, it will still be a useful source of heat, rather than a hotplate for a phone that just eats your bandwidth.

2015-05-20

Digital identities and the blockchain

In the recent years there have been a few attempts at creating digital identities using cryptography and the blockchain. We had BitID using the cryptography behind Bitcoin for secure website login, Synero creating a decentralized social network where everyone owned their own identity, and Passcard allowing you to put your information into a blockchain. All of these are attempting to solve similar problems - creating a decentralized system of identities. An interesting goal for sure, but the approaches they take might not be enough to be a game-changer.

Related post - "Governments - do your job. Give us unique digital signatures!"

Value of disposable identities


When talking about online identities, we generally can put them into two categories - disposable and non-disposable. The first kind are cheap or free to create and don't carry a lot of value in themselves, such as email addresses, throwaway accounts and handles. We create them at a whim and throw them away once we're done. The second kind either cost a substantial enough amount of money to create, or they take a lot of time to grow, such as SSL certificates, personal social media accounts and similar accounts we tend to keep and grow for years.

All of BitID, Synero and Passcard accounts start as disposable identities, with the Synero network aiming for their users to keep their accounts long enough for them to become non-disposable. Even though the identities are essentially free to create, they can still be useful not verifying real-world identities, but for keeping a consistent online identity ("I am 1PiachuEVn6sh52Ez7o6Fymvw54qvQ4RBm and I log in with the same identity as last week").

Problems with crypto-based identities


While identities based on cryptography are certainly an interesting approach, there are some problems they have that traditional ways of logging into online accounts don't have.

First of all, there is the problem of keeping the private keys used for identity verification safe while at the same time being able to use them whenever one needs to log in. It's all well and good if you have your smart device handy, provided it doesn't get compromised, lost, stolen or otherwise becomes unavailable. You can keep your private keys in an online wallet like Blockchain.info, or perhaps some password-storing solution like LastPass, but then your security is usually dictated by the strength of your password.

Another problem with crypto-based identities is that they lack provisions for what happens if you forget your password or your account gets compromised. If your Gmail gets hacked, there are ways you can get it back. If you forget your Facebook password, you can reset it. With crypto-based identities, the problem gets harder. You could store your password mnemonic in a secure location and the protocol could allow for setting of some fail-safe recovery methods, but it is very unlikely casual users would be able to use these methods effectively.

Identities on the blockchain - no silver bullet


When I heard about Passcard, I was sceptical about the usefulness of their approach to put your identity on the blockchain. Since the information is publicly available for anyone to see and there is no cost associated in copying the information verbatim, at best this serves as a name tag anyone can write on:



As discussed before, such identities aren't too useful without some central authority to verify them. At that point, the system stops being completely distributed.

One could also ponder a similar approach with the data encoded into the blockchain being encrypted first. This way copying the data wouldn't be too useful since you would still need some key to decrypt it. If you combined this method with identity verification you could achieve some pseudo-anonymous identity verification, but it wouldn't prevent your identity from being leaked after the first time you decrypt it.

Conclusions


Identity verification and online identities appear to be following the bandwagon of "lets put everything on the blockchain and see if it sticks". While some of the approaches might be useful for some use cases, it is very unlikely we will see mass consumer adoption of such technologies in the near future. There are too many use cases that still need to be resolved.

2015-05-14

Non-fungible currencies - gold bars and art

Fungibility is one of the desired properties of money. You want every unit of money to be worth exactly its face value and be interchangeable for any other unit of money you have. Even if one coin is shiny and new, while another coin is old and worn down, you don't want people to be valuing them at different rates - currency as a physical representation of money should not have value in itself, it should represent value.

However, what do you do if you want to use something non-fungible as a basis of your currency? Whether it's weak non-fungibility like serialized gold bars (you want to identify each bar uniquely, but the properties of the actual bars are pretty similar), or very strong non-fungibility like unique art? In other words, is there some sane way to transact in a Mona Lisa "coin"? Lets explore that today!

The current state - cash, Bitcoin and 2.0s


In our current world, pretty much every currency is fungible. One dollar bill is pretty much the same as another dollar bill. However, if one really wanted to, you could try tracking each individual bill with its serial number. It might not be very practical in the real world, but if we're talking about "digital cash", some people had a similar idea.

We discussed the issues relating to "Bitcoin redlists" awhile back. To sum everything up quickly, Bitcoin is like cash - you should accept it at face value and treat it as a fungible currency, but every Bitcoin transaction inherits the history of its predecessors. In this sense, it's similar to tracking banknote serial numbers - if someone claims a certain note was stolen and it turns out in your pocket at some time in the future, there may be some legal precedents to be set there as to whether you should forfeit those bitcoins or not. So while bitcoins are fairly fungible, the radical transparency of the system may make it less fungible, for better or for worse.

When we go ahead and consider the Crypto 2.0s out there, we generally see two approaches. One is "the blockchain approach" - to act like Bitcoin with each transaction spending the outputs of a previous transaction (like Colored Coins). The second one is "the ledger approach" - to track individual balances and changes in those balances, rather than individual inputs and outputs of a transaction (like Ripple). The latter approach appears to be more fungible - you're not spending any specific outputs, but at the same time any tainted transaction could be a proverbial polish "łyżka dziegciu w beczce miodu" (or english equivalent - "a fly in the ointment") - one bad transaction could make the whole account balance tainted in some way.

Weak non-fungibility - digital gold bars


When we're talking about gold-backed currencies, we're generally talking about fungible currencies like the ones from Ripple Singapore or BitGold. This is perhaps the easiest approach - gold is stored in a number of vaults and is audited on regular basis. Those audits work as a proof of reserves that are used to back the currency. There might be some difference between gold held at various locations, and one could account for that by issuing different currencies for different locations with some fixed or free market between them. These can be aggregated into national or global currencies as needed:

Hierarchical gold currency

This local / national / global currency IOUs can be easily mapped in the existing Crypto 2.0 systems such as Ripple. The individual gold bars in each reserve form a currency basket that is used to back the IOUs. National and Global IOUs are backed by the individual IOUs. 

Now, what happens when we want to be able to identify each gold bar individually and transact in a currency based on that, rather than a basket of gold bars? The best approach available with the current 2.0 systems is to create an individual currency for each individual bar and set some redemption rules (for example - anyone holding 60% of the IOUs can pay the remaining holders the market value of the remaining IOUs and redeem the bar in its entirety). The system is fairly straightforward when we're dealing in whole bars rather than letting people split them up, but both options have their advantages.

That being said, this solution isn't elegant. The problem calls for a new type of approach based on storing arbitrary data, rather than trust-debt relationship.

What matters to a physical gold bar to be used as a currency? Transparency, its current location, as well as who owns it at this moment. This could be encapsulated in a straightforward JSON:

{
    BarID: "12345",
    Location: "Vancouver",
    Owner: "Alice"
}

If rules on how this information is updated are encoded in a smart contract and all transactions go through a distributed blockchain system for transparency and verifiable history, you achieve a much more elegant solution. While I don't know of any publicly released Crypto 2.0 system that can achieve that natively without relying on any "hacks", it does appear that the upcoming Ethereum platform might be an ideal candidate to achieve this goal.

Strong non-fungibility - art


Some pieces of art are valuable. Some in fact, are very valuable. The most expensive painting ever sold (at ~$300M) eclipses the market cap of any cryptocurrency asides Bitcoin (at the moment of writing - Bitcoin has the market cap of $3.3B, Ripple - $211M, Litecoin - $56M). Criminals already use pieces of art as a form of currency, since anything that can be used as a currency will be used as a currency if the need arises.

Now, what would happen if someone decided to create a currency backed by an expensive piece of art in a legitimate fashion? In other words, could we have some form of "Mona Lisa Coin"?


The issuance of the coin is probably the easiest part of this process. The real challenge comes in determining what rules the coin itself should follow, especially when it comes to redeeming the piece of art. Similar to the gold example, the rules could be that the piece of art remains in a museum until such time that someone purchases a majority / super majority of the tokens and decides to buy back the remaining tokens at the current market value to obtain the physical piece of art.

You could also govern the piece of art through a Decentralized Autonomous Organization - everyone holding the art token could vote on renting the piece out to other museums for a fee shared with the DAO, as well as other matters of importance.

If an individual painting is not significant enough, perhaps a collection of pieces of art could be bundled together in an "art basket" and tokens could be issued for the entire collection. In this example the role of DAO could be to govern the rules of acquiring and selling individual pieces of art from the collection - perhaps X amount of tokens would need to be burned in order to buy one art piece from the collection, and new tokens could be created to pay a new shareholder depositing their piece of art into the basket.

Conclusions


Using various approaches and appropriate Crypto 2.0 systems, it is possible to create fungible currencies out of non-fungible commodities. 

2015-05-06

On FinCEN fines and regulations - the fate of token IPOs

Yesterday the news about Ripple Labs being fined by FinCEN for their sale of XRP without an MSB license came out. While some have rejoiced in this development since Ripple has been getting some bad press lately (1, 2), some of us are weary of what precedent this might set for other token IPOs. Lets ponder some of the possibilities.

(Disclosure: I am not a lawyer, nor do I have any formal education in law-related fields. I am a software developer, so take anything stated here with a grain of salt)

FinCEN regulations


FinCEN came out with some definitions and regulations back in 2014. Some of the most important parts of that document are:

  • "FinCEN's regulations define currency (also referred to as "real" currency) as “the coin and paper money of the United States or of any other country that [i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and accepted as a medium of exchange in the country of issuance.”"
  • "In contrast to real currency, “virtual” currency is a medium of exchange that operates like a currency in some environments, but does not have all the attributes of real currency. In particular, virtual currency does not have legal tender status in any jurisdiction."
  • "The guidance addresses “convertible” virtual currency. This type of virtual currency either has an equivalent value in real currency, or acts as a substitute for real currency."
  • "An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency. An administrator is a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency."
  • "The guidance makes clear that an administrator or exchanger of convertible virtual currencies that (1) accepts and transmits a convertible virtual currency or (2) buys or sells convertible virtual currency in exchange for currency of legal tender or another convertible virtual currency for any reason (including when intermediating between a user and a seller of goods or services the user is purchasing on the user’s behalf) is a money transmitter under FinCEN's regulations, unless a limitation to or exemption from the definition applies to the person."
Which seems to be pretty straightforward - cryptocurrencies without a fiat peg are virtual currencies and doesn't appear to fall under FinCEN's regulation. Cryptos with a fiat peg, such as Tether or various Ripple IOUs are convertible virtual currencies and therefore fall into this category.

However, if we look at "Statement of facts and violations":
  • "From at least March 6, 2013, through April 29, 2013, Ripple Labs sold convertible virtual currency known as “XRP.” "
I don't know about you, but the last time I checked XRPs were a free market currency like Bitcoin (minus being "premined" and mostly owned by a single entity). This might indicate that any virtual currencies sharing the characteristics of XRPs might be under scrutiny soon...

Token IPOs - are the days numbered?


In our short crypto history, there have been a few notable token presales / IPOs (and a lot more less notable ones). We had:
All of those presales have been done in a similar fashion - people could freely send their coins to a given Bitcoin address and they would in turn receive the tokens they paid for. Fast, easy and hassle-free - an elegant solution for the Internet age.

Now, imagine if those companies had to account for every token sold and verify each of their customers. People would have to sign up for some services, verify their identities and so on. In essence, an elegant presale would turn into something akin to going onto an exchange - more centralized and not as frictionless.

So the question remains - are those tokens virtual currencies, or convertible virtual currencies? If the former, the presales might continue unhindered. If the latter - the current IPO model might need to change...

Conclusions


Whether you like or hate Ripple Labs, there appears to be much more at play here than just the fine imposed on one company.

2015-05-03

Time banking - economics of sharing economy - pondering Time Republik

Recently at Decentral Vancouver we had a visit from folks from Time Republik, a time banking platform for a sharing economy. We discussed their project, as well as had some talk about the economics aspects of our modern capitalistic economy in comparison to the sharing economy of Time Republik. While I believe the project is very interesting, some assumptions made by this platform as well as LETS, a similar project, appear to fall apart under more scrutiny. I would like to discuss some of the points mentioned with you. But first...

What is Time Republik?


Time Republik is a time banking platform. The basic idea behind it is to create a community economy based on hours of one's time, rather than a national currency. Users of the system would earn time credits by offering their services to the community, and spend those credits with anyone else on the system by paying for their services. In this regard, it operates a bit similar to LETS, except using a different unit of account.

With that information, lets jump into some interesting discussion.

Time is for services


It appears that Time Republik was designed to be mainly used for services, rather than goods. I might mow your lawn for an hour, and in exchange I could have someone help me do my taxes for an hour. While this is all well and good to start, if the time units are going to become a currency, people will want to pay with them for goods as well.

Just like Charlie Shrem illustrated in his blog post, people will make anything that has the properties of money (fungibility, durability, etc.) into money if the need arises. The same principle will apply to the time units. A soft drink might cost a minute, while a car might be worth a few years. I suppose if a system like this would take off, we might see an economy similar to the one found in In Time (perhaps shy of people dying because they ran out of time).

1 hour = 1 hour


Another core principle of the Time Republik strongly held by its developers is that one hour of anyone's time is equal to one hour of anyone else's time. In other words, one hour of raking the leaves is equal to one hour of a doctor diagnosis, or an hour of consulting with a lawyer.

In general, this system is too idealistic if people have any free choice.

First of all, any economic system wants to eliminate or at least limit the free rider problem - you want to punish people that slack off and don't do their jobs too well. If I was to pay for an hour of mowing my lawn and someone did it so carelessly as to leave patches of tall grass everywhere, I would want to have some sort of recourse against them. This is easily done with some basic reputation system, similar to eBay or Amazon.

However, if we introduce reputation into the system, it will lead to another problem - work is no longer fungible. If I have the choice between a few people to do the same job, I would naturally pick the one that is best rated, all other things being equal. Because everyone thinks the same, the demand for highly rated people goes up, and soon there is more demand for them than they can supply. At that moment, they can start charging a bit more for their services, thus lowering the demand down to the point where the supply and demand are equal again. It might be 1.1 hour units per hour of work, perhaps 1.5, 2 or more.

The only way to address this issue would be to force the labourers to be fungible. It could be achieved by a chat-roulette-style system - you choose what job you need done, while the system assigns you a labourer that can do that task at random. However, this brings us back to our free rider problem yet again...

Currency should be local


This concept was strongly expressed in our Decentral chat with the folks from LETS, but was also present in the discussion with Time Republik. The idea is that both of the systems want to create a local economy by creating a currency that should not be traded for other currencies, because that would defeat the point of the system. If a local currency is tradeable on a global marketplace, it stops becoming a local currency and the money leaves the community.

This concept isn't new - pretty much every company hosting MMO games has to address this issue. This is true for CCP and EVE Online, as well as Blizzard and World of Warcraft. If there is no white market for your currency, there will be a grey or black market to fill that void.

While in the old days it might've been enough to print some local paper money that nobody outside of a given area would be interested in to reign in how far the money travels, with today's seamless global Crypto 2.0 systems like Ripple, any currency deployed on that system gets turned into a global currency as soon as someone puts up a trade for it. Money knows no boundaries, and it will find its value.

Distribution problem


Another problem of bootstrapping an economy is how you distribute the currency units. At the moment, Time Republik gives anyone that signs up for their system a few free hours they can spend on the system. While it's a good start, the system might quickly be exploited by mechanical turk-like networks. In the long run, some different token distribution method would need to be devised.

A possible solution to the problem might be to start everyone with zero hours and let them earn the tokens from other people in the network. To add more tokens to the network, Time Republik could organize some projects to benefit the community that anyone could participate in - social media campaigns, cleaning the parks, charity work, etc. This would mean that every hour in the system came from an hour of work and give it some underlying value.

That being said, it is understandable from user experience perspective that a system allowing you to instantly dip your toes in and start spending in the new economy is much more welcoming than the one that requires you to earn your money first.

Money can't buy trust


Another point in our discussion was the idea that money can't buy trust. Thinking about it initially, it seems obvious - giving someone money doesn't make them become your friends and all that. However, if you pause and think about it, maybe there is some way money can buy you trust?

Say I want to borrow your bike for a few hours. If I'm your friend, that's not an issue - you will gladly borrow me the bike, since you know that in the past I could be relied to take good care of borrowed items and return similar favours. If I'm a stranger, you can't really say if I'm an honest or dishonest person, so you would be understandably unlikely to let me borrow your bike.

However, what if I offered you a security deposit for that bike? If I deposited with you more than it would cost you to replace that bike and you were free to use that money for any repairs to the damage I might've caused, you would be more likely to lend me the bike. A similar situation could arise if I had some money reserve at a third party and would agree to put it in escrow with a trusted third party.

While this might not really be a way to buy or earn trust, it can be a useful enough proxy when we're talking about business arrangements.

Conclusions


While Time Republik looks like a really interesting project needed for social change, creating a new economy without understanding how the current model works or without thinking like a malicious person bent on abusing the system can leave a lot of gaps that would need to be filled at some point.