The Problem with Altcoins
TheMisesCircle.org is no longer being updated. Please see the current version of this article at NakamotoInstitute.org.
Why no altcoin can succeed
New ideas attract not only visionaries and pioneers but also charlatans and fools. The former group understands the nature and potential of the new idea and attempts to extend it in new ways. The latter observes the success of the former and expects similar results through blind imitation and empty hope, rather like the Melanesian cargo cults which arose after World War II when the American military abandoned its airports there.
This analogy is absolutely appropriate to characterize the many alternative cryptocurrencies modeled on Bitcoin, which are collectively referred to as altcoins. Technologically, they are all very similar to Bitcoin: there is a block chain to store transactions, a consensus mechanism to build the block chain, and a cryptographic protocol to register transactions. Some prominent examples are PPCoin, Primecoin, Litecoin, and Freicoin.
Some altcoins incorporate interesting new ideas, but there is an essential feature of Bitcoin which they all lack. It is not a matter of its technology, but rather of history and community. Quite simply, a medium of exchange that is more widely accepted on the market is more useful than one which is not. This is known as the network effect. An initial imbalance between two nearly equal media of exchange will benefit whichever is more widely accepted until a single one overwhelms the rest. There is no limit to this effect: ultimately one would always expect a single currency to overcome all its competitors.
Because it was started earlier and has had a greater opportunity to grow and attract users, Bitcoin has a market larger by a wide margin than all the markets of all the altcoins put together, and this makes it vastly more useful as a currency. To defeat Bitcoin, an altcoin would require not just superior technology, but such vastly superior technology as to be an advance over Bitcoin comparable to the advance Bitcoin represents over fiat currency. Furthermore, a truly great innovation would much better serve people by being incorporated into future versions of Bitcoin rather than by requiring them to switch to something else. Indeed, the people who have proposed new ideas that are actually good, such as Zerocoin and mini-blockchain, did not develop their own currencies around them, but have simply described their usefulness as features.1
The Bitcoin community is not just overwhelmingly larger but of overwhelmingly better quality as well. Bitcoin is surrounded by real entrepreneurs working hard to create new and useful services for Bitcoin. Altcoins are surrounded by loud-mouthed pretenders with irrational hopes of duplicating Nakamoto’s success. This does not mean that there is anything intrinsically wrong with altcoins: the problem is simply that once Bitcoin exists, then there is no additional value, from a monetary standpoint, of creating knock-offs. Can anyone really expect to create something of value by rereleasing Bitcoin under a new name and with a few tiny changes to its source code? What makes Bitcoin great cannot easily be duplicated. Thus, while the Bitcoin community matures and grows as more and more entrepreneurs are attracted to its potential, the altcoin communities can only whine for attention.
Motivated reasoning
What is a cryptocurrency actually for? I say that its purpose is to become money. It is obvious that creating altcoins impedes that purpose. Altcoins can only be explained if we believe the purpose of cryptocurrencies is to make money rather than to become money. If you can trick people into investing in your new altcoin, then you can make a profit trading it or mining and selling it. All the arguments of the altcoin promoters serve as misdirection from that basic purpose. They have developed a series of fallacies capable of fooling newcomers into joining them, but they are all disingenuous.
Thus, the altcoin communities are not just embarrassing, but dangerous. Desperately wishing to be taken seriously despite having nothing worthwhile to offer, they will say absolutely anything to convince other people to join them. They persist in saying things easily refuted by economic logic, common sense, or verifiable facts. They become belligerent when challenged. This is all they can do because they have nothing of value to offer. They are great at conning people because they have succeeded in conning themselves, and it is impossible to tell where self-deception ends and outright lies begin. This is bad for Bitcoin and bad for the people who are fooled.
The claims of the altcoin promoters deserve refutation not because they are intelligent but because they are repeated ad nauseam. Ultimately their content is secondary and the real problem is the foregone conclusion to which they are all directed. If the arguments I discuss here are eventually discredited completely, the altcoin promoters will just grope for new ones rather than admit to being wrong. Thus, it is quite possible that in the future, what I say here will no longer correspond to what they are saying. Because of what I have said above, however, it is safe to assume, whatever they are, they are all wrong.
But doesn’t Bitcoin deserve some healthy competition?
First of all, Bitcoin already has competition. It competes with the dollar, with PayPal, and with the banking system as a whole. It has plenty of competition.
Second, there is no reason that competition is necessarily good for its own sake. If people compete to be the most productive, then that is good because the result is more production. If people compete to control the government, then this is bad because the result is that the government will be controlled by the most ruthless and unscrupulous people.2 There is a reason that there can be two competing businesses, even if they follow identical production models: there is a limit to the size an organization can achieve without being more efficient than two parallel organizations. However, in an economy capable of supporting only one business for a given product or service then really there should only be one of that kind of business.
In the case of a currency, it is inherently most useful when it dominates its competition. The less competition a currency has, the more useful it is. If you try to compete with the best currency with another one that’s exactly the same, that makes yours the worse currency, so you really should not have bothered.
Third, a currency is simply a standard that people agree to use as a medium of exchange. For the most part, it is awkward to have competing standards. Do we really need competition between the mile and the kilometer, for example? Suppose automobiles had just been invented and two groups, because of vested financial interests, got into arguments about whether it was better to drive on the left or the right side of the road. The greatest benefit to ordinary people would come not from prolonging such competition, but from its resolution.
Finally, there is competition within the Bitcoin community, and this is the sort of competition that actually benefits people. There are exchanges, payment processors, online stores, and so on. Every time someone starts a new Bitcoin business, he benefits the Bitcoin economy. Every time someone starts an altcoin, he makes it worse.
A related point is the argument that altcoins can be used as experiments to learn about how different ideas might work in practice. This use is completely legitimate and necessary. However, an altcoin that was understood to be an experiment would not be treated as an investment or an independent products. If this is how altcoins are treated, this would be fine. My objection is to the lies and scams. An experiment is worthless if the people running it are constantly lying about it.
Multiple block chains would reduce load on the network
In the Bitcoin network as it works today, all nodes receive all transactions. If Bitcoin grew to be a very large network, that could be a lot of transactions that all need to be communicated to everyone.
Altcoin promoters seem to imagine a world in which their own favorite altcoin has a status very roughly equal to that of Bitcoin, where each currency will be used for different kinds of things. This is impossible because the network effect always favors imbalance.
However, even in the very unstable situation of two roughly equal block chains, it is not necessarily true that there will be reduced network traffic as a result. If people had to work with both networks, they would still have to receive every transaction from both networks. And if people had to exchange their funds often enough from one currency to another to fulfill different purposes, this could easily result in a greater number of total transactions.
In any case, while Bitcoin may experience growing pains over the next few years, there is no reason to expect it to outpace Moore’s law in the long run. Network load is a problem that technology can overcome without requiring us to rely on an inferior system of money.
Altcoins are good for money laundering
This is possibly true today, but there is no guarantee that it will be true in the future. The idea is, you sell bitcoins for some altcoins and then buy bitcoins again. There will then be no connection between the bitcoins you had before and those you have now.
However, because altcoins are inherently unstable, there is no reason to expect them to remain useful for that purpose. In order for a currency to retain value, there must be enough people who want to hold it, not just people who want to quickly trade in and out of it. An altcoin would have to be good for something other than money laundering—something good enough that at least some people would want to hold on to it more than they wanted to hold on to bitcoins—if it is to be good for money laundering.
Thus, if you really want to launder money, support ZeroCoin as an upgrade to Bitcoin. Barring that, you would probably be better off trading through a commodity more likely to retain value, such as gold or silver.
Shouldn’t we let the market decide?
This is by far the most ridiculous argument I hear on this topic. The wisdom of the crowd is superior to any person so people should not presume to tell the market what to think, right? I find this view utterly idiotic. It is wrong to dictate the market’s choices to it by coercion, but to simply express an opinion is to engage in the market process itself. To be consistent the people who make this argument would have to say that Consumer Reports is as tyrannical as Joseph Stalin.
To take this to its logical conclusion, suppose everyone just sat back to let the market decide. Then the market would never decide anything because the market’s decision is just the sum of the decisions of all the individuals that make it up. None of them could make an argument that one product was better than another. There could not even be any consumer reporting to protect people from scams and shoddy products. The free market just wouldn’t work. When a libertarian steps back to let the market decide something on which he has some legitimate insight, then he is preventing the market from working as well as he otherwise might.
It is a fact that the market makes stupid choices all the time, and there is nothing wrong with me saying so. This is because the “market” is just a collection of people all making decisions that are as foolish as the kinds of decisions that we know people actually make all the time. This in no way means that I do not understand the systematic superiority of market processes over state centralization. If I want the market to win out over the state, it is ridiculous not to engage in a debate over the correct decisions to make such a victory likely.
Scrypt-coins
There is a class of very similar cryptocurrencies that rely on an algorithm called Scrypt as the hash function. I shall refer to them as Scrypt-coins. They also have faster block generation times and a different coin mining schedule. In fact, none of them even have white papers, perhaps they are so unoriginal that there is nothing to write about. Despite this, or perhaps because of it, the Scrypt-coins are surrounded by the loudest, least intelligent, and most obnoxious communities, and the arguments supporting them are either fallacious or detached from reality.
When Bitcoin first came out, it was possible for anyone to mine coins with his CPU. Once software was developed that mined using GPUs, then CPU mining quickly became obsolete. GPU mining remained profitable for some time thereafter because the price of Bitcoin continued to increase as more people became miners. This could not persist indefinitely, and eventually there began work into the development of FPGA and ASIC mining. Once these technologies were developed, GPU mining would become obsolete as well.
However, some miners who had heavily invested in GPUs did not wish to see this happen and didn’t want their investments in GPUs to go sour. Obviously, this was a vain hope. It cannot be expected that it should be possible to run an ordinary computer at a profit for very long. Profits draw more investors, which leads to lower profits as the available opportunities are used up.
Scrypt was designed to be a memory hog and is consequently unsuited to mining with a machine consisting almost entirely of ASIC chips, like those used for Bitcoin, and it was assumed that Scrypt-coin mining would therefore always remain in the hands of the GPU owners. This, by the way, is false. If it ever became profitable enough, an ASIC machine could be produced with a shared memory, and it would make GPUs obsolete for Scrypt-mining too.
The Scrypt-coin phenomenon can thus be likened to the Candlemaker’s Petition3, a brilliant satire by Frédéric Bastiat. It presents a fictional argument purporting to be from candlemakers that all windows should be kept closed by law during the day to prevent unfair competition from the sun. All arguments for Scrypt-coins should be seen in this light. They are masks for the hope that someone’s GPU mining rig should not turn out to be a foolish investment.
The first Scrypt-coin was Litecoin, but soon, other nearly identical Scrypt-coins were developed by people who not only wanted to use GPUs, but who also wanted the additional benefit of being the first movers in a new currency. Feathercoin, Terracoin, CHNCoin, and Yacoin are the others which I can name off the top of my head, but there are new ones every day, which is a reducto ad absurdum of the whole concept of altcoins.
The advent of ASIC mining will put Bitcoin mining in the hands of a small elite
No it won’t, at least not any moreso than would any other mining technology. In the long run, regardless of what sort of technology was required, one would expect the mining difficulty to go up to the point where investment in mining technology produces similar returns to investment in the rest of the economy. And, of course, as I mentioned above, it is false that Scrypt-coins are immune to ASIC mining.
This argument highlights the emphasis from altcoin adherents on mining rather than on monetization. There is no logical reason why any ordinary user of Bitcoin should want to become a miner in the first place. Early on, it was profitable for casual Bitcoin users to be miners because very few knew about Bitcoin. Mining now requires a capital investment, just like everything else in the economy. A transition to lower profitability and greater capital intensiveness is inevitable for any maturing industry. This does not make it elitist; it simply means that the industry is growing increasingly specialized. This is better for everybody and it is just what Bitcoin needs, too. As Bitcoin grows, large investment will be required to ensure that its network can handle the increased traffic. This would not be possible as long as mining remained in the hands of hobbyists.
This is not to say that there are not potential problem from a mining industry dominated by a few large companies. Such a system would be easier to regulate and corrupt. However, this is in no way an argument for altcoins as their mining industry is dominated by two graphics cards manufacturers and fewer individual miners than Bitcoin.
A shorter confirmation time is a better safeguard against double-spend attacks
This is true in an extremely misleading way.
The issue here is the risk of a double-spend attack. If you receive notice of a payment from someone, there is the possibility that he has made a second, conflicting payment using the same bitcoins. In this case, there is the chance that the other payment will be accepted into the block chain rather than yours, and yours will be considered invalid. This is a theoretical means of scamming Bitcoin merchants.4
Since Scrypt-coins have shorter block generation times, one will see more quickly in a Scrypt-coin network which of two conflicting transactions will end up in the block chain (unless there is a malicious attempt to manipulate the block chain—see below). Furthermore, a double-spend attack is only possible if the two conflicting transactions occur within a few seconds of one another, so the best defense against double spending is simply to watch the network for a few seconds after receiving a payment. If no conflicting payments appear then there is nothing to fear from double spending. This feature is a planned upgrade for Bitcoin 0.9, so it will not be long before any slight benefit to shorter confirmation times will be eliminated.
Moreover, no recorded case of any successful double spend attack in the history of Bitcoin, although it has been rarely achieved under special or controlled conditions as an experiment. Therefore, it is not a real risk under present circumstances and not a valid argument to use Scrypt-coins.
Scrypt-coins are more secure against a 51% attack
No, they aren’t.
Performing a 51% attack means to control enough computational power to generate blocks faster than the rest of the network put together. The attacker can then generate a block chain fork from some earlier period and eventually grow it until it is longer than the main one and other nodes in the network will begin to recognize the new branch as the legitimate one.
Deriving the likelihood of a successful 51% attack is a difficult problem that requires the theory of random walks.5
However, ultimately the derivation is not necessary because the attack only succeeds if the other miners go along with it. There is nothing preventing the rest of the network from ignoring the attacker and declaring his branch invalid. If the attacker’s branch is clearly malicious, then this should not be a difficult decision. The other miners would also stand to lose a significant amount of cash if they should submit. In fact, the Bitcoin community has already successfully responded to an incident like this in March of 2013, in which a software bug caused a fork in the block chain and it was necessary to come to a consensus over which branch should be considered the correct one.
Moreover, the Bitcoin network is enormous and growing exponentially. Performing a 51% attack against it would require a vastly greater cost than for any other altcoin network, so the question is academic because Bitcoin in reality offers much greater security. The cost of a 51% attack against Bitcoin is unknown because to perform it would require a continual and exponential investment in order to keep up with the rest of the network.
There is one way that a Scrypt-coin does come out ahead, however. Consider an attacker who owned 49% of the network rather than 51%. This attacker’s branch would be expected to grow more slowly than the main branch, but there is still a real probability of producing a longer branch in a given amount of time just by chance. If two attackers each have 49% control over the Bitcoin network and a Scrypt-coin network, and can both afford to continue their attack for the same amount of time, then the attacker against the network with the shorter block generation time has a much lower probability of success. This, however, is not a reason that any sane person would consider Scrypt-coins to be superior.
PPCoin
I have already discussed PPCoin6 and the proof-of-stake from a theoretical standpoint. Proof-of-stake encourages people to hold coins, which is necessary for a currency to gain an initial value. However, that most important for a currency’s early stages. Because people lose their proof-of-stake as they create blocks, proof-of-stake discourages a specialized class of miners with the incentive to keep the network running at as high a capacity as possible.
One thing to be said for PPCoin, however, is that altcoins are a product of the proof-of-work system. Proof-of-stake would not have led to them. If Bitcoin had transitioned to a proof-of-stake system before it was valuable enough for ASIC mining to develop, perhaps there would be no altcoins.
Primecoin
Primecoin7 is a cryptocurrency whose proof-of-work is based on finding various sequences of prime numbers rather than on a hash algorithm. Its existence is based on the fallacy that Bitcoin mining is not useful.
However, as I have shown in The Proof-of-Work Concept, this is not true. Bitcoin’s proof-of-work system is consensus mechanism. It is essentially a means of overcoming a Prisoner’s Dilemma scenario among Bitcoin users. This cannot be done without some demonstration of spent resources that produced no individual benefit.
Primecoin disrupts this process by attempting to make its proof-of-work accomplish something of value. This inherently disrupts its value as a consensus mechanism. Thus, it is false to claim that Primecoin’s proof-of-work is “useful” whereas Bitcoin’s is not. Primecoin’s method is, in fact, less useful because it introduces an inherent conflict of interest not present in Bitcoin. Although, to be fair, generating prime sequences is almost useless, so I do not believe that it is likely to cause any real-life problems.
Primecoin is a wuzzle. It tries to do two unrelated things at once, which, generally speaking, is the opposite of a good design. Its prime-based proof-of-work is nothing but another gimmick to make people forget that altcoins are a waste of time. This is not to say that distributed computations are not a great thing; but there are probably better ways of implementing one with cypherpunk technology without the pretense of also being a currency.
Freicoin
Unlike other altcoins, Freicoin8 appears to have been created in good faith and is not supported with disingenuous arguments. The arguments are still wrong, but nonetheless Freicoin deserves more respect than the rest.
This is not the place to refute the economic theory behind Freicoin, but essentially it is based on the idea that the interest rate is a purely monetary phenomenon rather than a result of time preference. Instead of charging a transaction free, Freicoin imposes a fee for holding coins. Freicoins decay at a rate of 5% and transactions are free. Miners are paid out of the decayed Freicoins from out of all the nonempty wallets.
Thus, by design, Freicoin discourages hoarding and encourages spending. It is touted as a currency for the working class rather than the wealthy because it supposedly can’t be used for making loans. Actually, however, Freicoin loans would be given out at the same interest rate as the rest of the economy because they would be in competition with loans given out in terms of more durable goods, such as Bitcoin. There would be no reason for a lender to accept a different interest rate with freicoins because there is nothing requiring him to hold freicoins. He could just convert from bitcoins just before the loan is given out and back to bitcoins as soon as it is returned.
The 5% decay rate would have the effect of a tax on capital, like a property tax. This means that the price would be lower than otherwise by a proportion determined by the overall interest rate of the economy. Say, for example, that I wish to hold x freicoins. This would incur a fee of x/20 freicoins a year due to Freicoin decay. The present value of all the fees would be an infinite sum that decays according to the overall interest rate of the economy. If the interest rate is i, then present value of all the fees would be one fee multiplied by (1 – i) /i. If the interest rate were 10%, say, and I wished to hold 20 freicoins, the value of the fees would be 9 freicoins. Thus, in this example, I would have to pay 9 freicoins to hold 20, and thus freicoins would be less valuable by a factor of 20/29 then they would be if they did not decay.
Now, if something is created with the express intention of providing an incentive to get rid of it, then it stands to reason that they will all the more not want to buy it in the first place. Thus, Freicoin is actually made to discourage investment in itself, which is the very thing that gives a currency value in the first place.
Freicoin is an idea whose time will never come. Since it rebukes buyers, it resists ever having value. Freicoin is thus not so much a scam but more an abortion. Its ideals are so refined that they eschew the merest chance of affecting the real world. Perhaps it could be taken as some sort of absurdist parody, which would be brilliant. I hope that is true because otherwise it is just too sad.
Conclusion
The overwhelming reason that Bitcoin is superior to its altcoin competitors is that it is overwhelmingly more popular. Some of its competitors might have worked as well or better had they been invented first, but given the history that led us here, none of them should be considered remotely competitive to Bitcoin. If an altcoin were somehow to beat the odds and end up more popular than Bitcoin, then I would have to change my allegiance. However, if that did happen, I think it would call into question the viability of cryptocurrencies in general. If they can rise and fall like fads, then it is hard to justify investing in any of them or believing that any has staying power. I take Bitcoin’s past success as evidence of its future prospects, but if it can be overtaken by an initially tiny competitor for no logical reason, then the previous success of any other does not necessarily mean anything.
In short, the altcoin phenomenon is the product of greed and bounded rationality. They deserve nothing but scorn, and anyone who wishes cryptocurrencies to improve the world should avoid them entirely.
[Update 8/25/2013: the Freicoin was altered from an earlier version to correct an economic error.]
[Update 8/28/2013: two citations added. Last paragraph added to section on competition.]
[Update 8/26/2014: two citations added. Last paragraph added to section on competition.]
Enjoy this article? Please support Daniel’s writing by donating bitcoins!
He can be contacted at Bitmessage address BM-GuBgS6fRkyndWfvkUQa1C77knbcBxHpj
The Mises Circle is proceeding ever more boldly and electronically. Help us maintain our online presence, through our website and audio/visuals, by donating Bitcoin today.
- See Miers, I., Garman, C., Green, M., Rubin, A., “Zerocoin: Anonymous Distributed E-Cash from Bitcoin”, 9 Apr 2013 to learn about Zerocoin, a proposal that would greatly improve Bitcoin’s anonymity. It would be wonderful if this could be made to work, but it would require a substantial coordinated effort to implement because it would involve an incompatible change to the Bitcoin protocol. This is actually one way an altcoin might be useful—its could implement Zerocoin as practice for doing the same to Bitcoin later.
See J.D.Bruce, “Purely P2P Crypto-Currency With Finite Mini-Blockchain”, Apr 2013 for a proposal to limit the size of the block chain. Right now, the block chain becomes more costly to store as it grows and there is no built-in means to compensate for that. This paper shows that it is possible to split the functions of the block chain among three different data structures whose total size increases far more slowly. It is already possible for users (but not miners) to store shortened versions of the block chain, a feature which has been implemented in clients like MultiBit. However, the shortened block chain requires the client to make some assumptions about the validity of the full block chain which are not necessary with the Mini-Blockchain. ↩
- See Hayek, F., The Road to Serfdom, Routledge Classics, 2006, “Why the Worst Get On Top” and Hoppe, H., Democracy: The God That Failed, Transaction Publishers, 2007, “On Time Preference, Government, and the Process of Decivilization” for discussions of the bad sort of competition. ↩
- Bastiat, F., Petition of the Manufacturers of Candles, Waxlights, Lamps, Candlelights, Street Lamps, Snuffers, Extinguishers, and the Producers of Oil, Tallow, Resin, Alcohol, and, Generally, of Everything Connected with Lighting, vol. 1, The Ludwig von Mises Institute, 2007. ↩
- O.Karame, G., Androulaki, E., Capkun, S., “Two Bitcoins for the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin”, Cryptology ePrint Archive, 2012. ↩
- See Grinstead, C., Snell, J., Introduction to Probability, American Mathematical Society for a pleasant discussion of random walks. See if you can solve the problem of the 51% attack yourself! ↩
- King, S., Nadal, S., “PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake”, 19 Aug 2012. ↩
- King, S., “Primecoin: Cryptocurrency with Prime Number Proof-of-Work”, 7 Jul 2013. ↩
- Freicoin Developers, “Freicoin: About”, 2013. ↩
Bitcoin address? That doesn’t help me. Gimme a place to tip you litecoin.
ChinaCoin only, please.
Come on. Junkcoin is even better. I sold all my bitcoin and loaded up with Junkcoin.
I’ve got 100 BBQCoins for this one if you are hungry…
Litecoin ? … You are a fool! The best altcoin of the future is the SuperCoolAlternateMoneyCoin (SCAMCoin)! You shoud change your BTC to SCAM before it is too late!! Tip me at my SCAM Address with your useless BTC: 1NnAeuT6ERGfbcZsj14ebq5cUM9ta2zA1
This is a valuable contribution.
And Namecoins? i like the tech behind it, (not as a currency)
“If it’s used for something else, it’s not an altcoin. You can use a block chain for something other than a medium of exchange, and in that case it would actually add value.” – Daniel Krawisz
http://www.reddit.com/r/Bitcoin/comments/1kw2n0/new_mises_circle_article_the_problem_with_altcoins/cbt9hoa
thanks.
“Bitcoin’s current proof of work algorithm will not survive the year.” – Dan Kaminsky, 2013
Write another article once you understand what he’s talking about.
He already did: http://themisescircle.org/blog/2013/06/24/the-proof-of-work-concept/
I found the source of that quote and watched the video. http://bitcoinnews.io/dan-kaminsky-predicts-the-end-of-the-current-proof-of-work-function/
No matter what algorithm anybody comes up with, it’s always possible to built specialized computers for it. The problem of bitcoin mining being handled by a few centralized institutions is not one that can be solved by inventing a new algorithm. I don’t disagree with you that this could be a real problem, but we’ll have to think of something else.
I tend to agree with you, and even to a large measure the conclusion of the original article. Yet I think the article overlooked one of the key values of altcoins (litecoin in particular), namely their role as a hedge against something nasty happening to bitcoin. It’s a hedge for 3 reasons: (1) it’s not called “bitcoin”, and some naive governments might outlaw “bitcoin”; (2) it’s a separate chain, which gives it a little resiliency to major blockchain issues; (3) it’s a separate proof of work. For #3, while I agree that a centralized institution could attack litecoin in much the same way as it attacks bitcoin, I still think the existence of alternative POW functions makes the whole cryptocurrency ecosystem more resilient.
While this is obviously true, the benefits of ASICS can be massively reduced. You continually ignore now much less of a benefit can be realized from ASICS for Scrypt coins. Rather than being 10,000 times more efficient, they are perhaps 10x more efficient.
Do you have a credible source for this?
This is true based on the fact that current processors allocate some large amount (>50%) of their die space to memory. If you made something that was 100% memory and a few other specific modifications you could barely improve on mass produced technology that runs in every computer today, particularly because few people have access to the 28 – 32 nm processes used in most GPU’s and CPU’s.
Here is the scrypt whitepaper that’s been around for years: http://www.tarsnap.com/scrypt/scrypt.pdf
Also, it’s hard to take someone seriously when they write things like this:
“In fact, none of them even have white papers, perhaps they are so unoriginal that there is nothing to write about.”
The Scrypt whitepaper has been around longer than Bitcoin itself.
This is a whitepaper for an algorithm. It is not a whitepaper for Terracoin, Feathercoin, Litecoin, Chinacoin, Yacoin, or any of the others. That’s obviously what I meant.
Litecoin doesn’t project itself as being anything more than Bitcoin + Scrypt + more reasonable block times. What would the whitepaper say? Your point is meaningless.
Keep downvoting, it makes your opinion more relevant.
Right, even if you make use of something like network latency to create a lower-bound on the time it takes to calculate your proof-of-work algorithm, it can still be swung so that one person has an advantage.
Ideally (in the sense of preventing work-based attacks), each party of the population of size n would do 1/n * the total work of the network. ie the work is evenly distributed across the *humans* in the population. This is inherently impossible to achieve in an anonymous system like bitcoin, because you can’t easily distinguish one person from another. While there could be 1000 people in the population, it will always be possible for any person to pose as 2000 parties, and obtain 2/3 the power of the population. And if it wasn’t (eg, if each party was identified by their Social Security Number) bitcoin would lose its anonymity.
One way to prevent work-based attacks is to try to make it uneconomical. Take something preferably expensive that most people already have and use that as part of the proof-of-work algorithm.
So if we took something like a house (something which is expensive but which most people already have), and somehow made it so that each house generated similar amounts of work as each other house, then this could make work-based attacks a much smaller issue. Most people have a house. If this house can generate, say, $500/year from participating in the proof of work, then nobody in their right mind is going to spend a few hundred thousand to purchase another house in order to double his profits. So the work will be shared much more evenly across the network and any 51% attack would require a HUGE conspiracy that included half the network.
Of course, this is an absurd example. But the idea still holds – take something that is prohibitively expensive yet which most people already own and use it in your algorithm. Instead of a proof-of-work algorithm, use a proof-of-possession-of-something-prohibitively-uneconomical algorithm. This is still cheatable, of course (I could buy 2 houses if I wanted), but much less-so than any proof-of-work.
I don’t see why it’s an ideal that each human should do an equal share of the work. There is no logical reason for that I can see.
The ideal is to minimize the largest proportion of power that any one party is capable of attaining within the Bitcoin network. Bitcoin gets its security through being distributed, and when one party gains a significant amount of power, bad things become possible (like double-spends).
If you assume a constant population size, this ideal can be rewritten as “each human has an equal amount of power over the network”. It’s true though, that there’s very little difference between a person controlling .0001% of the power and .5% in terms of hash-power based attacks. But if you allow an individual to achieve .5% power, it only takes 100 of them teaming up (or being bought, or tricked) to achieve a “51% attack”, whereas if you distribute the power uniformly, it takes literally half the population to coordinate such an attack.
Although if Bitcoin implemented a few proof-of-stake blocks that might be nice–it would be an outlet for transactions that had to get through even if all the big mining operations were corrupted. That would not be a change to the hash algorithm, but rather to the difficulty that would be required for different people. Of course Satoshi would always win those blocks.
First as a Freicoin developer I’m pleased by your fair appraisal of the motivations of and arguments behind Freicoin even though you disagree with them, we often have a lot of slander thrown our way because of our disagreement with Austrian economic principles.
I would like to bring up a little discussion of our theories if this is all right with you, first we expect interest rates to be reduced by 5% not raised, I think this was just a simple sign error on your part. If your in doubt just think of PPC which effectively has the inverse effect, you gain coins rather then lose them, wouldn’t you expect people to charge higher interest on PPC?
Second you very efficiently come to the point of disagreement over the origin of interest, is it monetary or is it time preference. We believe it is a monetary phenomenon originating from liquidity which is likewise monetary in nature. When you say you expect the interest rate in FRC to be changed (in either direction) by the 5% loss your essentially saying that interest rates are subject to change when the durability of money is changed which is a monetary property of the money. But time preference is a universal (or at least very broad) human factor and should lead to similar interest rates in all money, the fact that interest rates do respond to the durability of money indicates the Austrian position is incorrect.
“the fact that interest rates do respond to the durability of money indicates the Austrian position is incorrect.”
But that is the Austrian position….
“The emergence of the price premium is not the product of an arithmetical
operation which could provide reliable knowledge and eliminate the
uncertainty concerning the future. It is the outcome of the promoters’
understanding of the future and their calculations based on such an
understanding. It comes into existence step by step as soon as first a
few and then successively more and more actors become aware of the fact
that the market is faced with cash-induced changes in the money relation
and consequently with a trend orientated in a definite direction. Only
when people begin to buy or to sell in order to take advantage of this
trend, does the price premium come into existence.”
http://mises.org/humanaction/chap20sec3.asp#p541
You can replace premium with discount in this case.
“But time preference is a universal (or at least very broad) human factor and should lead to similar interest rates in all money, the fact that interest rates do respond to the durability of money indicates the Austrian position is incorrect.”
Different people have different time preference rates, so there is no reason to suppose if time preference were the only factor, interest rates would be uniform. Time preference in Arkansas might be much lower than in New Jersey (for example) because people have different value scales naturally. One area might loan money at 5% and the 0ther at 10% simply on how they ascribe value to present goods versus future goods.
Besides all that, there is no reason to suggest – though Austrians may be guilty of implying this – that time preference alone accounts for the market rate of interest. It does not. Mises explains that time preference accounts for originary interest – the foundational factor, the choosing of present versus future goods – but not the whole piece. Certainly there are monetary factors involved, just as there are risk and entrepreneurial factors involved in assembling the “market rate” of interest. What Daniel and other Austrians would object to is the idea that a money can operate and trade on a loan market without its traders ascribing value to present goods or future goods. That value will necessarily shoot the interest rate up +5% to accommodate for time preference. You cannot have an interest rate without time preference value included.
I think you are correct that there is an error in my analysis. I was thinking in terms of money that grows less valuable as time goes on, like in an inflationary scenario, but this is money that decays like a radioactive isotope.
The correct answer is that the interest rate should actually stay the same. I’ll repair this soon.
The decay rate applied to Freicoins is an attempt to twitst my arm to make me spend rather than hoard them. It’s a bit as if your car would ring an alarm if you did not drive it the day before . It’s certainly not my way of thinking freedom.
The forced % rate is completely counter-intuitive and frankly is an attempt to solve a problem that wasn’t there in the first place.
While the piece came across a little too aggressively against altcoins, it made some excellent points (especially related to the mining centralization and the candlemaker’s petition :). In general, unless an altcoin is -vastly- superior to Bitcoin, it is a waste of time and attention.
I think the biggest argument against altcoins, however, is that there really is nothing significantly wrong with Bitcoin. People like to exaggerate its tiny imperfections, and it is from these exaggerations that altcoins find their support. Support that is, thus, exaggerated.
-vastly- superior to Bitcoin
So basically emunie? http://emunie.com and forum.emunie.com
Fully encrypted, and uses a block-tree, making a 51% attack impossible
Any button you click gives a 404…
Doesn’t inspire confidence, and the rest looks like a marketing website for some corporation.
“Moreover, the Bitcoin network is enormous. Performing a 51% attack
against it would require a vastly greater cost than for any other
altcoin network, so the question is academic because Bitcoin in reality offers much greater security.”
We’ve already been around this several times, but you are simply wrong about many things, this being one of the most egregious.
Litecoin network hashrate: 26,000,000 kH/s
Approximate $ / hash using preferred mining equipment (AMD 7950 @ 200$, 600kHash): .33 $/khash
Total netwok value: ~$9 million
Bitcoin network hashrate: 500,000 GHashes
Approximate $ / hash using commonly preferred mining equipment (BFL Single @ $700, 30 gHash/s): 23 $/ghash
Total network value: ~$11.5 million
Using the prices for the next generation ASICS (Monarch @ $4,500, 600 ghash): 7.5 $/ghash, for a network value of ~$4 million.
I am not sure about your analysis of network valuation and hash rate. The valuation of the hashing activity is lke the price of the lock on a vault. It does not tell you much about the value of the contents inside the vault. The valuation of bitcoins today (inside the blockchain “vault”) is roughly 1.5 Billion USD and bitcoin owners will scale the hash rate to whatever level is required to keep it safe. Remember that a 51% attack can only disrupt the network for as long as the network stakeholders cannot match the attacker’s resources. Cheap mining rigs are cheap both for the attacker and the defenders. If the bitcoin 7/7 24/24 network is disrupted for two days, I’ll remember that my bank is closed on week ends.
It’s interesting that these two upvote post that don’t even make any sense. Daniel references the cost of a 51% attack. The market cap has no relation to the cost of one of these attacks.
And his solution to these potential attacks, to just block the offending party, borders on stupidity. I’m sure no one has ever circumvented a restriction on an IP address before.
You don’t block the ip address, you block the branch of the block chain he’s creating.
How do you know who “he” is and which branch is being used improperly?
Well, say we’re all happily transacting in bitcoins one day and suddenly around 600 new blocks or so are added to the network to maka new branch from a point 10 hours ago. This invalidating the previously longest branch for the past 10 hours. This could mess up a lot of transactions and I think it would obviously be taken as malicious. Then we would just ignore that particular branch and mark the previous one as the correct one. Right now there is nothing built into the bitcoin software that would make such an action easy to do, but it might be something worthwhile to build in later on.
If, on the other hand, the attacker does not try to start a new branch and simply competes with everyone else on the longest branch according to the rules, then I would not consider this to be an attack at all and there would be no way to designate any block as a malicious one.
The attacker might also try something more modest, like say he merely tries to invalidate the most recent block every now and then, this would require a more careful response, but it would also be a much less dangerous attack. However, it would be possible to prove that at was used to double-spend, and this criteria could be used to prune certain branches, if necessary.
I’m far more afraid of a malicious attacker simply mining every single block one at a time and submitting them without transactions. About a year ago this was fairly common. The 50 btc reward so dwarfed the value of transaction fees that something like 10% of the miners decided to ignore transactions entirely to save on bandwidth.
To combat this you could modify the network to ignore blocks that didn’t include more than 100 transactions or some other hurdle to this activity. But then the malicious miners would just make 100 silly transactions. The 51% attack problem will always be serious as long as the network is kept open and semi-anonymous. I consider these last two aspects more important than resistance to 51% attacks.
That has nothing to do with owning 51% of the network. There is also no reason that Litecoin would have any safeguard against this problem (although PPCoin could be expected to behave better).
You are just changing the subject and groping for arguments. Thank you for demonstrating my accusations of altcoiners. The more you write, the more clear it will be that everything I’ve said is true.
Changing the subject? What was changed?
It’s interesting that you brought up the very same dark pool mining problem I posed to you several months ago.
While I’m generally supportive of your position, he made a good argument which you have ignored and which you have now used as an excuse to engage in ad hominem.
My conclusion is that you have an irrational hatred of alt coins and are not open to their arguments.
Nathan, I would say that the reasoning in this post is invalid because the bitcoin hashrate is increasing at an extraordinarily rapid exponential pace. Your argument is that if I had 4 million to blow today and I could spend it all and get all the next generation ASICs today, I could perform a 51% attack. However, right now the bitcoin hash rate is almost doubling every two weeks! This would mean my 51% attack would not cost simply $4 million, but another $4 million two to three weeks later, and then $8 million after that, and so on. You would need to take this into account in order to correctly analyze the cost of a 51% attack.
Not to mention the fact that it would not actually be possible to instantly produce such a huge quantity of ASICs and that the hash rate would be increasing exponentially as you tried to get them all. I honestly doubt any amount of money would be enough to buy 51% of the bitcoin network because I doubt it would be possbile to produce the computers fast enough.
However, I did not properly explain this issue in my article either, so I will update it to make it more clear. Thank you for your comments.
I actually somewhat agree. I think the technology held by the major mining companies is far advanced than anything the government or some other nefarious interest can produce for now. That doesn’t change the fact that it is exceptionally centralized and unstable at the top.
Your argument amounts to the claim that it would be very difficult for you to do it and therefore it is not possible.
You consider spending $4M on an attack. We’re in a situation that has government actors. The black budget of the US government is in the hundreds of billions. Spending $500M on custom designed ASICs using top of the line process technology from Intel is well within the capabilities of the US government. They could do this in a matter of 3-4 months. This would produce an %80-90 attack, depending on the rate of production of ASIC hardware.
The thing is, for another $500M, they could produce 10 X the capacity of the original $500M because much of that initial investment is going to be development.
As valuable as the bitcoin mining ecosystem is now, it does not come into range of competing with government actors.
This makes the desire to use scrypt a quite legitimate idea.
There is no reason that a 51% attack would be more expensive in a scrypt coin for a network of a given size. The size of the capital investment is determined by the profitability of mining, not the algorithm.
I think I see what you’re trying to say. Except do you take “Total network value” to be the cost of performing a 51% attack?
“Thus, an initial imbalance between
two nearly equal media of exchange will benefit whichever is more
widely accepted until a single one overwhelms the rest. There is no
limit to this effect: ultimately one would always expect a single
currency to overcome all its competitors.”
A major predisposer of some kind of network effect would be lack of a fluid and simple transition between networks. This is the major flaw in the network effect argument espoused by altcoin denialist or bitcoin hegemonist as they prefer to be called.
Why can’t google+ make even a dent in facebook? The answer is not because facebook is better, or even the fact that facebook came first. Those reasons matter quite a bit, but the most important factor is because they are not interchangeable. If google+ were to implement a way to seamlessly interact with those on facebook, there would be no downside to using google+ for those that preferred the layout, and google+ would very likely rapidly gain some ground on facebook.
A more apt example to altcoins is the browsers wars of the last decade. Why didn’t Internet Explorer win? They had a huge advantage, bundling their browser into the most common operating system on the planet. They lost their advantage because there was no downside to the alternative. Millions if not billions of people said to themselves on day: “IE seems to be running slow lately, let me try Mozilla… oh hey this is much better! and I can import my bookmarks with a couple clicks, wow why did I wait so long.”
The network effect will not exist with altcoins in any major capacity, except for artificial mental barriers created by people like the author of this article. Going between Litecoins and Bitcoins is as simple as trading a 20 dollar bill for singles. So long as there is some advantage in using singles, people will continue to carry them, whether to use in a soda machine, or to tip a bartender. If altcoins can create value, however small, they will seamlessly fill any cracks in the bitcoin system.
“Going between Litecoins and Bitcoins is as simple as trading a 20 dollar bill for singles.”
What’s harder, going between ltc and btc, or going between mbtc and btc?
Also, re:browsers, HTML is the protocol, not the browser. Your analysis applies to Bitcoin clients (Electrum, Bitcoin-QT, Mycelium, Blockchain.info, etc…)
That said, thank you Nathan for providing an excellent illustration of motivated reasoning. You should start a blog where you can publish your drivel.
Motivated by what? I have a 30 ghash bitcoin miner. Have you ever even attempted to mine, ever? Go back to the sandbox.
Why does someone have to be a miner in order to have a legitimate opinion?
That was the one thing you responded to? No comment on how the network effect doesn’t apply or the errors in calculating network mining value? Just my dig an Pierre, for his typical mis-informed opinion?
Your dig at Pierre is not a legitimate dig because it is nonsensical, and you have not shown that his opinion is misinformed in any way. It’s really just a nonsequitor.
Also, I did respond. You just weren’t patient enough.
He claimed I was using motivated reasoning, that I didn’t care about the actual relative strengths and weaknesses of the argument. So yes, his opinion is misinformed.
You both seem to assume away any problems related to mining as nothing more than a rounding error, likely based on your lack of mining experience. These problems will continue to exist and are not being solved by self-congratulatory post about how bitcoin is bulleproof and all competitors are charlatans.
Nothing that I wrote depends on running a mining rig. And no, I’m not assuming that the problems with mining are small–the mining community is clearly Bitcoin’s biggest weakness (as evidenced by the existence of so many altcoins). However, these problems are not going to be solved by making silly knock offs and then making ridiculous claims about them.
What claims are ridiculous? The caricatured descriptions you give?
It’s true that the inconvenience of using G+ and Facebook together is greater than that of using Bitcoin and Litecoin together. However, this in no way invalidates my point. There is inherently an inconvenience with using two media of exchange concurrently. In the long one, one has to overwhelm the other.
I have some minor comments (other than the “big” one in that I mostly agree with you). In principle I outlined the same line of reasoning as you in my thesis and I remember you liked that section (it’s called something like “If Bitcoin fails, what would replace it?”).
There are some rational reasons why to support an altcoin. The first one is that it allows experimenting with features not available with Bitcoin (to the extent that they are too different to be easily testable on testnet either). It could be something like namecoin, or a new scripting language operation. The second one is diversification of risk. An altcoin could feature a technology that can survive problems that would disable Bitcoin. One could for example design a different consensus algorithm, as I suggested in comments to Dan Kaminsky’s article ( http://www.cato-unbound.org/2013/07/10/dan-kaminsky/money-has-gotten-buggy#disqus_thread ).
While in the long run, as you suggest, the improvements may be integrated into Bitcoin, there is still a period of uncertainty while an altcoin exists and the feature is not integrated into Bitcoin. There also could be no apriori way of determining which of mutually exclusive features is better in the long run. There could also be path dependence, meaning that Bitcoin will be stuck in a globally suboptimal path, and inertia might prevent a timely migration to a superiour altcoin.
Another important thing is to distinguish emergence, sustainability and market share. This is the same problem as in the debate regarding the regression theorem. An altcoin might emerge and even survive practically indefinitely without gaining significant market share. Previously, transaction costs put the critical mass of new types of media of exchange relatively high, but with cryptocurrencies it appears to be significantly lower than previously anticipated (even by me after I learned about Bitcoin). As long as an altcoin kind of works as a medium of exchange, ideological motivation seems to be sufficient for it to survive. It is not necessary that the macroeconomic effects are predicted by its proponents accurately (as it is with freicoin). In particular demurrage seems to have a large decentralised group of proponents that dates back to times before cryptocurrencies.
I think I was overly cautious in my thesis regarding critical mass. It’s not like people would magically cease to be libertarians, or that they start thinking that fiat money or gold is a better alternative. As Jeff Tucker insightfully points out, once you use Bitcoin, it’s as if a switch flipped in your mind. There’s no going back. It also doesn’t appear likely that the agents of the state would suddenly change their mind and admit they have been wrong about central control of money supply and transaction processing all along.
Peter,
Thanks very much for your thoughtful comments! As to your point about experimentation, I agree with you and should have stated this more clearly. It is good to create alternative block chains as experiments. However, they should be treated as experiments, not as scams. Your point about uncertainty is well-taken. Of course we don’t know which ideas are going to be incorporated into Bitcoin eventually and it’s good to be able try out different ideas. However, my problem is that altcoins are rarely treated as if that is their purpose. For example, suppose an alt-coin has a such a wonderful feature that it eventually gets incorporated into Bitcoin. Well then it really makes no sense to treat the altcoin as an investment because its success as an experiment will ultimately make it LESS competative against Bitcoin, once Bitcoin incorporates the feature.
As to the sustainablity of altcoins, I am not predicting that their
prices must all go to zero. I am simply predicting that none will ever
match Bitcoin in market share. You are quite right that an altcoin could
continue running on the margins for quite a long time.
Once again, thanks for your comments and I will try to be more clear about some of the issues you mentioned in the future.
“If people had to work with both networks, they would still have to receive every transaction from both networks.”
Hunh? Why would I have to pay the same merchant twice in 2 different currencies? That makes NO sense at all. 2 networks would split the load (assuming they had the same size and popularity) except for the conversion trades between the two chains. But even these conversion trades are only the EXACT equivalent of trades to fiat, so there is no magic multiplication of transactions here either.
While many of your arguments are well thought out, I think you need to reexamine multiple parallel currencies from a blockchain utilization perspective.
Say some merchants accepted Bitcoin and others accepted Freicoin. I would then need both a Bitcoin client and a Freicoin client on my computer, and both of these would be receiving all the communications from both networks, because that’s how cryptocurrency networks work. All communications are broadcast to all nodes.
Of course, it would be possible for a client to disconnect from the network and only update itself periodically. This would reduce the messages it had to process. However, this also invalidates the argument that two block chains would be a good way to reduce network load.
If that is what you meant by “the network” it could have been made more clearly, or better yet pointed out you were talking about the internet as a whole. From the context it appeared to claim that the traffic on the BITCOIN network would be undiminished and the overall internet traffic would double.
We are so far from breaking the internet or client bandwith requirements that it is not a significant concern except in mobile or metered use cases (where having a full client would be a foolish idea anyway.)
When looking at it from an internet wide perspective there is very little difference between 1 or many digital currencies unless it is common to trade through multiple pairs for a single transaction (which would be a foolish way to waste money on fees.) In fact if some of there networks are localized (ChinaCoin, RuCoin, etc) then you would see a global bandwidth reduction balanced by a regional increase of about the same level.
(FYI, I’m working with orders of magnitude here, not single percentage points, the scenario is simply not refined enough to calculate more closely.)
The idea of a dual structure would be ordered around geographic areas. So Bitcoin might be a global transfer of value. With long block times, and somewhat higher transactions fees, it would be the facilitator of international trade.
A sub level might be countries or regions. The size of this subgroup is a rather interesting academic problem, but it intuitively makes sense to not require everyone on earth to use the same blockchain when we can have say 50+ local chains and massively reduce this overhead.
This map is a good start: http://www.fastcoexist.com/1681677/a-new-map-of-the-us-created-by-how-our-dollar-bills-move
That is totally ludicrous. Even if you could get one block chain going in one region and another in a different region, there is no reason that those block chains would actually stay in those regions. There is no reason to expect that the border between them would actually stay small enough to enable people to save overhead. Also, the network effect would necessarily tend, ultimately, to make one region shrink and for one currency to become dominant.
Finally, this, as I already pointed out, is a ridiculous solution to the size of the block chain and the network bandwidth. These can de dealth with without going to the absurd contingency of using more than one currency.
Transaction fees will be the primary impetus behind any localized blockchains. If bitcoin ever gets to the point that the number of transactions are causing serious latency or bandwidth issues, the natural response would be higher fees, incentivizing the creation of alternate chains. Alternate chains needs not be based purely on region, or even have mining done in the home region.
As we’ve discussed, the network effect is minimal if non-existent for cryptocurrencies.
As one of the primary Freicoin developers, I’ll take some time to write up a response to your analysis of the economics of demurrage currency. Kenneth got the ball rolling, but there’s still more to say.
However in the 5 minutes I do have right now, I’d like to point out that there is more to Freicoin than demurrage currency. Since about the time of the Bitcoin 2013 conference in April, our primary focus has been developing an extension called Freimarkets, which brings colored-coin like assets, asynchronous peer-to-peer exchange, and off-chain transactions to the bitcoin/freicoin protocol. You can read the whitepaper here:
http://freico.in/docs/freimarkets-v0.0.1.pdf
And there’s a discussion topic for it here:
https://bitcointalk.org/index.php?topic=280292.0
If you’re going to discuss Zerocoin (which, btw, probably is going to be released as an altcoin, or integrated into an existing *coin) as a positive infrastructure-adding development, then I kindly suggest taking a look at the Freimarkets whitepaper as well. We all would appreciate your thoughts.
I will read the paper. Colored coins could really be used for some interesting things! However, these sorts of features still should be seen as experiments possibly to be added to Bitcoin some day rather than as viable Bitcoin alternatives.
Freimarkets is not colored coins, although it solves a superset of the same problems in a similar way. It grew out of a discussion we had in the Freicoin community about how to improve on the various colored coin proposals out there, all of which are incompatible with Freicoin for reasons that are not important enough to get into. After running into many limitations and being unable to work around them all at once, we looked instead at how we could solve the problem if we were allowed to make hard-forking changes as well. As it turns out, a small number of hard-fork changes *significantly* improves the performance and capability of colored coins (even in regular bitcoin), and adds other entirely new and desirable features, such async p2p exchange, Ripple-like transitive transactions, and our flavor of off-chain transactions.
At the time though, we were still discussing this as a bitcoin protocol improvement. The decision to put it in Freicoin came during discussions with core developers at the conference. Bitcoin has simply too many stakeholders at this time to make such significant forking changes as Zerocoin or Freimarkets, especially when either would significantly increase the size of transactions or the number of non-payment transactions. P2SH may be the last such change, and even it was soft-forking and small by comparison. And the situation will only get worse as bitcoin grows, meaning its featureset will become even more frozen over time.
For good or for bad, the time has come that large, incompatible changes to the bitcoin protocol can no longer be made unilaterally by the core developers, even as a united group. If you want to make a significant change, on the scale of Zerocoin or Freimarkets, or if you want to change the economics in any way (as we did with Freicoin), a merged mined altchain is the only viable choice. It may eventually make its way into bitcoin, but only after it is well tested elsewhere.
In your section discussing shorter confirmation times, I don’t think you really get to the heart of the issue, at least as it has been explained by advocates of faster block times.
I don’t really see why someone attempting to double spend would broadcast both transactions. They would actively attempt to hide the second transaction. Perhaps there is a large miner who doesn’t broadcast transactions to cut down on latency, or simply to enable fraudulent double spends. If they had 30% of the network, a 1 block double spend would be successful 30% of the time, and could be carried out every 10 minutes.
If instead the network used a block time of 1 minute, and we waited for the exact same amount of time, 10 minutes, it would then have a success rate of .3^10, virtually 0. There is always an advantage to faster block times, whether it is making small transactions slightly easier to verify, or making large transaction with longer wait times far more secure. The overhead size argument, put forth by Pierre and others in the past claims that the 2% of the block that is overhead makes the faster confirmations infeasible. I plan on bitcoin blocks growing by a of a lot more than 2% in the near future. If a 2% growth is catastrophe now, there are bigger problems.
The second counter claim, that propagation would take too long seems equally ingenuous. If this were true, why don’t we use even longer blocks? What is the natural block time? Why do we use blocks at all if we can simply have a system to detect potential double spends? Shorter block times is one change bitcoin could make relatively seamlessly, simply reducing the reward and the difficulty by a factor of 4. Even still, people like Pierre have defend the 10 minute time. More than anything this seems like motivated reasoning. It’s simply arguing that bitcoin is perfect in every circumstance, without any attempt to weigh the options or offer try to head of potential problems.
I’m referring to the double spend attack described in this paper: http://eprint.iacr.org/2012/248.pdf This attack does not depend on owning a significant portion of the network, but it does depend on being better connected than the person being attacked.
The attack you’re referring to is related to the 51% attack because it involves owning a significant part of the network. I mentioned in the 51% attack section that an attacker with less than half the network would have a lower probability of successfully beating the rest of the network over a given period of time if the block generation rate is lower, so I agree with you that a shorter block generation time is a safeguard against the kind of attack you’re thinking of. But just as I described in that section, this isn’t a realistic risk. You’re talking about someone who secretly owns 30% of the network just so that he can double spend successfully 30% of the time. Get real. If there were a transaction so valuable that it would be worthwhile for someone who owned a significant part of the network to attempt to cheat on, then the seller could afford to wait an hour.
You mean a large miner willing to sell individual blocks to the highest bidder? That is almost certainly going to be a reality for bitcoin in the future. To the miner it would be pure profit, as they are still receiving the block rewards and transaction fees from all but the requested excluded transaction.
Also, let me point out that your math is wrong, though I agree with your overall conclusion. You are assuming that a successful attack on the network with 30% starting 10 blocks behind would require generating 10 blocks in a row without the other 70% generating any blocks at all. However, the attack is also successful if the attacker manages to generate 11 blocks while the opponents generate only 1, or if he generates 12 and the opponents generate 2, etc.
The question is really about a biased random walk and the probability of arriving at a given location within a given time frame. You can find the math for that sort of question here: http://www.dartmouth.edu/~chance/teaching_aids/books_articles/probability_book/Chapter12.pdf
The difference between the probabilities for the 10-minute confirmation time and the 1-minute confirmation time are much less than you estimate. The exact answer depends on how much time the attacker has available for the attack.
Assuming there is no code implemented to prevent those kinds of dark pool attacks, you are correct. Of course those higher order attacks (11-1, 12-2, etc.) are each another multiple less common than the simple 10-0 attack, and don’t appreciably increase the chances of a successful attack.
The differences would be at best the summation of (.3)^-n from 1 to infinity multiplied by the chance of a 10-0 attack.
One minor correction:
> Moreover, no recorded case of any successful double spend attack in the history of Bitcoin…
There was a somewhat public case, when such an attack was perpetrated against Satoshi Dice. It was found out that if you send a transaction with 0 fees, and then later another transaction (the double-spend) with a fee, a few miners would ignore your 0 fee transaction, and include the one with the fee into the block. I think some would even take a low fee transaction, and then replace it with a higher fee one. This attack was carried out against Satoshi Dice, where a gambler would place a bet on SD, and if the bet lost, double-spend the bet to his own wallet instead. If the bet was won, he would take the bet. The issue has been fixed, as far as I know, but by SD changing the way they process bets, not by fixing the underlying “higher fees allow double-spend” issue.
Daniel, your reference #6 to the PPCoin whitepaper links to the Bitcoin whitepaper and not http://www.ppcoin.org/static/ppcoin-paper.pdf
Brilliant once again, thanks Daniel. I see you and this group increasingly referenced in the broader bitcoin forums, keep it up!!
Hi. I am glad to read such technically challenging posts and replies. However, I’d like to put forward my point from a different point of view, which may be much
simpler to comprehend, for the layman, than most of the discussion above.
There are people/organizations who mine for DIAMONDS/GOLD/SILVER… or all three.. or either of the three… or two out of the three natural mineral resources
Then again, there are people/organizations who mine only GOLD…. then there are people who mine more gold… then there are the elite within that community that
mines the most gold.. and this will go on until the gold mining is over..
Now, many other people mine only in silver.. and this will go on until there is even a measurable amount of silver remaining..
Then there are the bronze miners, the natural gas explorers too..and gems… and metals.. and so on and so forth..
The point here is that each one of this is a valuable commodity in itself… just like all the coins are commodities in themselves..
similarly, is it not feasible to let’s say compare BITCOIN to DIAMONDS ( the most in value ), then the other coins, value wise, as gold, silver, etc. etc.??
After all, the value of gold, silver , natural gas and such resources is only due to the fact that it’s required by humans… as has been proved by ancient civilizations that
these commodities have been used in the past very successfully as means of trade payments and as general currency…
so, is it not pragmatic to think that let’s say in an year or two from now.. I could pay someone a Bitcoin for two large pizzas…. and someone at the other table would
pay him let’s say 125 Litecoins for the same treat… and another one may be paying 600 feathercoins for the same treat..
Isn’t all this pragmatic and realistic? What do you think ?
This is really a well-considered and thorough article, but I think on one point it’s a bit overconfident. Namely, “Furthermore, a truly great innovation would much better serve people by being incorporated into future versions of Bitcoin rather than by requiring them to switch to something else.”
While this might be literally true, it doesn’t automatically follow that it WOULD be incorporated, as there could be conflicts of interest. Miners are essentially the ones who vote on adoption of changes, and if changes were proposed that seemed to benefit the network, but would make the miners’ large investment in ASICs useless, then it’s plausible that bitcoin could actually fall behind a competitor by the time it became obvious that incorporation would be important for its future.
I’m going to invest a bit in at least one POS coin, as the long-term viability of bitcoins POW mining scheme is questioned by some rather intelligent people, like Kaminsky. The overwhelming majority of my investment will still be in bitcoin, as the network effect and the strength of its development team are by far the most weighty factors in play. However, I think it’s just intellectual arrogance not to hedge one’s bets at least a bit into altcoins that possess features with meaningful differences. We are never as good at predicting the future as we think we are.
i still consider to add litecoin pays for http://blackhatpwnage.com in future but yes BTC rocks
I don’t quite understand why it took so much writing simply to explain that Bitcoin is the most popular altcoin currency. You should take the time and think about why Bitcoin is not ideal as a currency.
Very interesting article. Love your graphics to illustrate your point but there are uncertainties and variables that I do not think you have captured. We are in the early stages of supporting infrastructure for crypto- currency. Bitcoin is blazing the trail but eventually it is likely 3rd party companies will be the middlemen for most Bitcoin transactions either in the form of the software you use on your device or a web wallet or exchange service. Once this occurs these providers can extend their market by offering processing of other crypto-currency, after all these currencies have value for their holders and others. Today I can buy and sell many altcoins on an exchange easier than I could Bitcoins just a few years ago.
Once the paypals of the crypto-coin world start honoring multiple coins it will be transparent and will not matter which one is used, only its spot value will matter and that it meets a certain volume and volatility standard. I don’t see in theory why there can’t be 1000 such currencies.
In this scenario it is even possible that the subtleties between the coins will be amplified and it is indeed possible Bitcoin becomes the 2nd or third most popular.
Hey Daniel, great article! However, I would like to know what you think about Zerocoin launching as an alt-coin. Matt Green has recently said it would be launching in the next month, bringing reduced proof sizes (of 98%) and allowing for direct really anonymous transactions. What’s your take on that? Would that be innovative enough for it to live as a viable alt-coin or even a bitcoin replacement? (especially regarding the talks about tainted coins and the likes on bitcoin…)
The point about conflict of interest in Primecoin is excellent.
If i got you right, the main reason for Bitcoin’s success is that it is the first of its kind and thus the most popular, right? But what if a big company like amazon or paypal or any other with many customers and huge payment processes or even a country decides to give birth to their own altcoin? Just because… they can? And because they don’t want to use bitcoin, because they don’t want others to control it? Then what?
Every country has it’s own favourised fiat inflated currency. Creation of legal national cryptocoin freely competing with main fiat currency would kill it… and no government would agree on this and getting rid of manipulative inflative economy under their control… even if gov would own most of volume of national crypto in time they would waste and loose it… 😉 and its popularisation would make any inevitable attempt to replace it to new national crypto impossible… cause ppl would never accept such fraud and defence of once legsl and official independent cryptocurrency would be trivial while with fiat it’s impossible. Govs would rather try to marginalise it as a threat to tax system… or civilise it by taxation to limit its useage and defend fiat system. Soon gold standard will come back and with cryptos it will be double force to wipe fiat system.
Jesus, bitcoin advocates are starting to sound like FIAT advocates.
One of the good reason I think we need altcoins is that the bitcoin early adopters which are millionaires by now will become billionaires, are you not happy with being a millionaire?
And I have lots of bitcoin
While bitcoin is indeed superior to altcoins , it is wrong to say that bitcoin already has a concurrent , the dollar (and other currencies). Bitcoin (and 99% of cryptocurrencies) don’t know inflation , it is a system solely based on demand an availability.
Good read. I tend to agree that altcoins are a nuisance introduced in vein attempts to solve a problem that wasn’t there in the first place. Bitcoin is definitely the way to go.
Additionally, you can play and win bitcoins at PeerLuck.com – pure luck, best payouts! 🙂
What’s wrong w/ having stuff like Dogecoin provide a nice low key friendly community for n00bs to get their feet wet with (while getting used to a lot of the key Bitcoin principles) – will attract so many more people into cryptocurrency man of whom will ‘graduate’ to Bitcoin?
This is exactly the way I have been feeling about altcoins all along. I’m glad you could put it down in writing in a much better way that I would have been able to. I am sending this article to all my Bitcoin friends.
Altcoins are still easy enough to mine and get people interested in crypto. without them you would not have near as many people interested in the subject. Your precious Bitcoins would be worth a lot less.
When you said “Furthermore, a double-spend attack is only possible if the two
conflicting transactions occur within a few seconds of one another, so
the best defense against double spending is simply to watch the network
for a few seconds after receiving a payment,” I began to doubt that you knew what a double-spend attack is. The idea is that I publish a payment to another person on the network, wait to receive whatever product he gives me, and then fork the block previous to the one containing my payment and publish a competing block in which my payment isn’t mentioned. The result is that if my new block is accepted, I get the product that I “paid” for, but I also get to keep all my coins. That’s a double-spend.
Also, I agreed with you in the beginning, but with such a hatefully worded paper, I found that my mind was automatically trying to resist everything you said. It triggered thoughts like: “Who wants to be friends with an asshole? Is this guy truly representative of the bitcoin community at large? Because if so, I’m beginning to see why one might prefer to claim membership to an alternative community instead.”
Reference # 6 is not working. You need to update it. I found a working link to the pdf http://barkingshibes.com/wp-content/uploads/2014/02/ppcoin-paper.pdf
Don’t be so closed minded. Altcoins are a testing ground. They are not competing with Bitcoin. They are trying out new ideas, providing smaller networks to allow security testing, and attracting new users who would beare intimidated by Bitcoin. Embrace altcoins for their benefit to the community as a whole, and for the innovation that is there. Not all are clones, scams, or schemes. Bitcoin itself could benefit from incorporating SOME of the ideas that have been proposed or implemented.
Then there is Ethereum, which is the first idea I’ve read that actually has the potential to surpass Bitcoin. It will have a currency involved with it, but the currency is secondary. That isn’t the point of it. It will take the decentralized network to the next level, and could be not just the next step in digital currency, but the next step in the internet as a whole.
network effects where big networks always win has been shown to be false by research and observation in the last 15 years. Quality and thus innovation is the most crucial factor in effecting the growth potential of a network. If that wasn’t the case, you wouldn’t see services like Braintree and Stripe making a dent in the payment processing industry, nor would have myspace become obsolete with the arrival of FB.
If weaknesses in the Bitcoin protocol become hard to change, or the bitcoin network becomes too regulated by governments interventions, and the source code itself become world government property, as it may soon or later, alternatives will always be more than welcome.
Whatever the author had in mind when he dismissed alternatives, one thing is for sure, there was no need to write this article had he not felt threatened by the alternatives. It reads more like wishful thinking and self convincing, mixed with irrational contempt.
Daniel I think my main
problem is the lack of humility in your approach and tone, I’m sure you’re very
smart but you’re not very wise and certainly not humble. Many different forms of money have competed
since the dawn of commerce and always will, they win or lose because of many factors:
utility, availability, value, fungibility, perceptions, legal tender laws, etc.
For you to assert “oh oh Bitcoin will remain the digital currency winner because it has so
many more users”, when Bitcoin has MAYBE 2 million global users today is a
laugh. Apple has 800 million credit cards on file, a captured device
marketplace, unbelievable brand, and hooks into bricks and mortar merchants
with iBeacon…surely you’re not attempting to say Bitcoin would best
AppleCoin? Son, stop trying so hard…let a few more years roll over your
back…gain some wisdom while you gain knowledge…and be a bit humble about
what you insist you “know” so much better than others.
This article needs a correction – BitFreak has, indeed, launched his mini-blockchain idea into an altcoin (CryptoNite). So much for that example.
Brilliant piece. We’ll argued and logical. You should write more about cryptocurrencies, you clearly know your stuff. Well done!
when bitcoin rewards dry up it will break. Dopecoin is Proof of Share instead of proof of work. Dopecoin is the future of altcoins. Buy Dopecoin on Bittrex