Benjamin de Waal
Cryptocurrencies Beyond Bitcoin?
Updated: Dec 27, 2020
I talk a lot about Bitcoin but a few people I know from outside of the Bitcoin space have asked me why I don’t talk about other uses of “blockchain technology” and other cryptocurrencies.
For the former, I already addressed the blockchain case in a previous article. I may write something longer or more detailed on that in the future addressing the flaws in some specific examples that are raised over and over like voting and logistics, but for now that article will suffice.
For the latter case of “other cryptocurrencies” however, I haven’t addressed it beyond a few scathing comments on various social media such as LinkedIn and Facebook. To rectify this, I’ll therefore try to address it in more detail now.
I’d like to start with a definition of “cryptocurrency” so that we’re all on the same page as to what this article addresses. Unfortunately, there really isn’t a good one. Even the “experts” at the European Banking Association are completely unable to form a coherent and meaningful description which I addressed here. The United States Internal Revenue Service (IRS) has a similar issue with their description.
So, the best I can do is to address the following things and hope it covers it to your satisfaction, dear reader:
Proof-of-Work security/consensus mechanisms.
Other non-Proof-of-Work security/consensus mechanisms.
Forks of Bitcoin such as Bitcoin Cash, Bitcoin SV, and Bitcoin Gold.
Clones of Bitcoin with minor modifications such as Litecoin and Dash.
“Smart contract platforms” such as Ethereum and EOS.
Hosted tokens such as the Binance Token (BNB) and VeChain.
“Stablecoins” such as USDT and USDC.
“Directed Acyclic Graph” tokens such as IOTA and Byteball.
Novel digital token/coin approaches such as Monero and Grin.
The “TL;DR in advance”
I don’t see long-term fundamental value in anything other than Bitcoin. There are a few interesting technologies scattered amongst a sea of worthless crap but where these exist, they’re either not significant enough to be valuable on their own, or are able to be co-opted by Bitcoin, rendering it worthless/uninteresting to implement in a different token/coin.
This view is often called “toxic Bitcoin maximalism” by supporters of other coins, but in the sections that follow, I intend to justify the position and show why it’s the only feasible and realistic understanding that can be derived from the facts as they exist.
I don’t rule out the possibility of a “Bitcoin killer” being created one day, but I can be relatively clear on what kind of properties it would need to have and why I view it as unlikely in the extreme that these properties can exist externally and incompatibly to Bitcoin in such a way that Bitcoin couldn’t adopt them. Also, in case it didn’t go without saying, that I am completely certain that no existing potential competitor to Bitcoin has these properties or is even attempting to do so.
Blockchains aren’t inherently secure on their own. That’s a property of their security mechanism, which itself is tied (in the general case, as with Bitcoin) to the way in which the consensus algorithm determines what is a valid transaction or block and what is an invalid transaction or block.
The security and consensus mechanism used in Bitcoin is “Proof of Work”. The concept behind proof of work is that in order to change the transactions in an arbitrary previous Bitcoin block, approximately the same amount of work needs to be expended as was expended for that block plus every block since then. As new blocks are generated every ten minutes on average, a successful attack at rewriting a transaction in a block from only one hour ago would require the same amount of energy under the control of one individual as was spent on the entire Bitcoin network for the last hour.
That is to say, the blocks are secured by the ability to prove that a certain amount of work (“work” in the physics sense of energy transfer, reduceable to a measure of entropy) was invested in their creation and the creation of all following blocks that reference it (the “chain” in the word “blockchain”).
Technically, there is some further nuance to this, but as this isn’t a technical article, further examination doesn’t belong here, but definitely will be covered in a future article on understanding Proof of Work.
In a proof of work system, there needs to be an incentive to secure the chain. Altruistic energy use is an unrealistic expectation and would lead to an extraordinarily weak chain that could be overwritten by anyone with an economic incentive to do so as the energy use required would be very low.
Bitcoin incentivises proof of work through mining rewards. A mining reward is composed of a fixed number of newly accessible Bitcoin (this amount started at 50 BTC and halves every 210000 blocks; eventually to reach zero satoshi sometime around the year 2140) plus the difference between all transaction inputs and all transaction outputs of transactions that have been included in the block. This is generally referred to as the “mining fee” or “transaction fee”. That is, I may create and broadcast a transaction with a total of 10250sat in inputs, but only 10000sat in outputs. By doing so, I encourage the miner to include my transaction in a block as they can take the 250sat difference for themselves.
As there is limited space in a block, miners will take the transactions with the highest fees in relation to the size they take in the chain. For convenience and common understanding, this is generally measured in “satoshis per byte”.
Proof of Work is often criticised as being a “waste of energy”. In reality however, it’s the most efficient use of energy possible for economic value, as it directly ties the energy expended to the value created. No miner will willingly expend more energy than they receive in rewards, and as an aggregate across all miners, the global energy expenditure on Bitcoin will only ever grow or shrink to meet the rewards that the miners get for their work. It’s essentially ‘near-perfect’ expenditure and thus can be deemed extremely efficient (I promise more depth on this in the more detailed Proof of Work article. In the meantime, the best article I’ve read on the topic is here, despite not covering everything I think it could – or perhaps even should – say).
When there is more than one proof of work system in existence, there is competition for energy expenditure. Energy may be expended on any of the proof of work systems, given any other constraints are fulfilled (e.g. hardware availability/cost, set up costs, etc.).
This means that there are three possible states for a proof of work miner:
Performing work towards getting rewards from the most valuable proof of work system. Not incentivised to change.
Performing work towards getting rewards from a proof of work system other than the most valuable. Incentivised to change to the most valuable.
Performing work towards getting rewards from a proof of work system that is “first place” and equally as valuable as one or more others. Not incentivised to change, yet.
Miners are assumed to be – in aggregate – self-interested and to have no particular preferences for one coin over any other. They simply follow the greatest reward.
When enough miners leave one proof of work system for another, the system is “doomed” as its value decreases further, increasing the incentive to move away from it.
The first and second cases are hopefully obvious and don’t require any significant additional analysis. The third case builds on an assumption that there can be proof of work chains that are equally as valuable for a miner to put work towards. This state can be argued to be unstable at best and impossible at worst, meaning the third case must collapse to either the first or second case within some period of time.
Proof of Work coins that are functionally just clones of Bitcoin have less historical security and are thus definitionally less secure. All other things being equal, a less secure coin is a less valuable coin, and thus these coins are doomed.
Proof of Work coins that have inferior monetary properties to Bitcoin are expected to be viewed as less valuable and thus are doomed.
Proof of Work coins that have superior monetary properties to Bitcoin are expected to be viewed as more valuable and thus may doom Bitcoin (all other things being equal). The upcoming sections will address this risk to Bitcoin.
Finally, an exact clone of Bitcoin that includes all of its transaction history is definitionally just Bitcoin. It’s not possible for this clone to be differentiated from the original and thus is the original.
Non Proof-of-Work Security/Consensus
Because of the perceived high energy use and high barrier to entry inherent in proof of work as a fundamental requirement, several different approaches have been proposed and implemented in cryptocurrencies that try to solve the same problem without energy use.
Bitcoin’s approach to security uses aspects of game theory for things like the aggregate decisions made by miners and expectations around transaction selection, so many attempts are made to extend game theory approaches to more fundamental aspects of the security/consensus mechanism. This betrays a misunderstanding of the role that game theory can and should play. Game theory is useful for making assumptions about behaviours and can indeed be generally relied upon when the group of actors in question is large and diverse enough. However, any attempt to use game theory as the underlying security mechanism ignores the potential for incentives outside of the system itself to override any incentives internal to the system, rendering the security of the system outside of the system’s control.
If this sounds a little abstract, we can use the simple concrete example of “proof of stake”. Proof of stake is a system where financial actors in a cryptocurrency can “stake” their coins for transaction processing/block creation and earn rewards from doing so. This is financially similar to the proof of work model where the more significant the financial value is input, the more significant the financial reward is as output. However, since the stake that is put up is measured in the cryptocurrency itself, an actor who is able to gain access to large amounts of the currency without the financial outlay to purchase it themselves – such as an exchange – can easily gain significant influence over the system without the incentive to stay true to it. While there is no inherent and direct reason for an exchange to attack a proof of stake system, this is certainly very clearly a risk when it comes to state actors who may view a growing cryptocurrency as a threat to their authority and control.
For comparison, we can quickly reconsider how this may appear in a proof of work system. The financial requirement that a state must put in to “attack” a proof of work system is a diversion of potentially significant amounts of energy that they could spend elsewhere. The desire to destroy the system needs to be weighed against the value of that energy. In proof of stake, this consideration doesn’t exist. Bitcoin specifically is actually even more difficult as there are difficulties in acquiring or producing the necessary ASIC hardware. This is non-trivial, even for the largest and most powerful state actors and would also be extremely easy to notice, allowing for coordinated defence against the attack (up to and including a change of the algorithm if absolutely necessary; although this isn’t without its own serious problems).
There are of course more sophisticated attempts to solve the issue beyond simple proof of stake, but they all tend to suffer similarly. Delegated proof-of-stake simply moves some incentives around and complicates the structure, but doesn’t fundamentally change it. Proof of capacity relies on algorithms that prove a certain amount of storage space was used, changing from fundamental energy use to “who can afford the most hard drives?”, and so on.
Proof of Authority is a system that simply ignores the broader game theory entirely and instead relies on a small number of “authorities” who (ideally) have different incentives and competing wishes to act together to sign new additions to the chain. This is obviously extremely weak against an attacker who has the ability to coerce each authority such as a powerful government or even a very powerful private organisation.
Because “work” can be viewed as a fundamental aspect of the universe defined in terms of entropy, an intriguing concept that at first sounds very interesting is proof of elapsed time (PoET). PoET proposes using another fundamental aspect of the universe that we – at least presently – are pretty sure is outside of our control: time. The idea is that if you can prove that a certain amount of time has elapsed, you can use this in a system where the actors must also expend a similar amount of time in order to rewrite the chain. This has the same advantage of compounding security as proof of work and avoids the energy use. Unfortunately, it remains purely theoretical since we know of no way to prove elapsed time in a trustless manner. PoET implementations either rely on agreement of elapsed time between multiple actors, which devolves to proof of authority, or rely on “trusted hardware” such as specific hardware from Intel (who coincidentally came up with this variant of the system) which of course devolves in to an even simpler kind of proof of authority with only one authority!
The majority of “cryptocurrency” projects simply try to solve perceived problems in Bitcoin without understanding the properties that Bitcoin has that provide it value.
A simple but extremely relevant example is that a misunderstanding about Bitcoin’s transaction fees led to the creation of Bitcoin Cash.
Bitcoin Cash is a fork of the Bitcoin blockchain. That means that they share a common history up to a specific block number, after which a difference in the agreed rules mean that transactions and blocks that are valid according to Bitcoin are not valid according to Bitcoin Cash and vice-versa. It’s possible to have a chain split where one side considers the other side’s transactions and blocks to be valid, but since this will cause the chain to be continually overwritten by chain reorganisations should the other side have greater proof-of-work behind it, it’s generally avoided on purpose by forked coins (including Bitcoin Cash) by requiring a specific flag or magic number to be present.
Bitcoin Cash (bcash) has introduced several differences to Bitcoin since the fork event but all are relatively minor. The most significant changes are the blocksize limit (bcash has a larger limit) and the difficulty adjustment algorithm. The initial desired change was only the blocksize limit, but because the vast majority of mining hashpower stayed with Bitcoin, bcash required a new difficulty adjustment algorithm to avoid simply failing immediately due to a lack of hash power or failing later as miners “game” the difficulty for profit by jumping chains opportunistically.
The case against increasing the block size is covered somewhat in my previous article on that topic which allows us to conclude that Bitcoin Cash has inferior monetary properties compared to Bitcoin and thus – as defined in the previous section – must be doomed to fail. Bitcoin SV – with its unlimited block size – even more so.
The most obvious problem with Bitcoin forks is that they’re (definitionally) not Bitcoin. If there were consensus amongst Bitcoin users for the changes that are proposed, the changes would be adopted in Bitcoin and it would simply be Bitcoin.
For many forks – including both Bitcoin Cash and Bitcoin SV – the same mining algorithm is used. This means that ASIC devices dedicated to Bitcoin are also able to be switched over to mine Bitcoin Cash or Bitcoin SV. This gives these coins the advantage of a ready-made and powerful mining infrastructure but leaves them extremely vulnerable to attack as their hash power is such a small percentage of the total hash power available globally. A government actor could very easily exert enough influence over a mining operation within their jurisdiction to effectively attack any fork coins, whereas no such possibility exists for Bitcoin itself.
In the case where the mining algorithm or security/consensus mechanism has been changed – as is the case with Bitcoin Gold – the fork either suffers from inability to economically compete against Bitcoin due to being a weaker proof of work, or is insecure by not being proof of work, as described in the previous sections.
Litecoin and Dash are examples of cryptocurrencies that are essentially “clones” of Bitcoin with minor modifications.
Litecoin is a proof of work system using a different mining algorithm. Dash is primarily proof of work but has a concept of “master nodes” that act in a kind of delegated proof of stake manner hybridised with proof of authority.
Bitcoin clones by their nature suffer a similar problem to Bitcoin forks of “not being Bitcoin”. Unlike forks, they’re able to offer a consistent chain but like forks, suffer from either being an inferior proof of work chain or not being a proof of work chain and thus vulnerable to external incentives.
As described earlier, the only way for such a clone to be a risk to Bitcoin is if it were to introduce technology that enabled monetary policies making it a significantly better economic system than Bitcoin. However, by virtue of being cloned from the same codebase, there are no imaginable properties that such a clone could implement that couldn’t also be implemented in Bitcoin.
Smart contract platforms
The most well-known system to fall under this category is Ethereum and any competitors attempting to do the same thing will suffer the same problems as they’re systemic to the concept, not the specific platform.
The concept of smart contract platforms is to act as decentralised computing platforms for economically valuable computing tasks. That is, you create a script that performs a set of actions – and unlike Bitcoin, this is generally expected to be Turing complete and thus could truly be any actions – and then encode this as an entity on the blockchain. The solution can be computed by any node on the network given it has the knowledge of all associated data, and therefore the script cannot be stopped, shut off, faked, or otherwise interfered with. It gains the strength of Bitcoin’s transactions being distributed and pseudonymous but for computing actions far beyond the simple transfer of value or basic scripting that is possible in Bitcoin.
All of this sounds great. It’s technically quite beautiful. It’s unfortunately economically extraordinarily unsound. Running a script is computationally intensive and the more complex it is, the more it costs to verify it. Thus, the concept of “gas” is included in Ethereum, whereby a script creator pays for their script to be run. For any non-trivial script, it’s provably impossible to actually know the computation power required in advance (a variant of the well-known halting problem) and thus the amount of gas to be paid for a script is definitionally undetermined until it’s actually run.
Even if it were possible to determine the correct amount of gas in advance, or if you’re always willing to ‘overpay’ with high estimates to ensure that scripts are executed as desired, the cost rises faster than the value that can be extracted from most scripts, thus severely limiting the use case of these platforms.
Furthermore, while it’s theoretically possible to run any kind of software on a platform such as this, the only scripts that have shown to make any sense are those that have a financial basis themselves. In fact, the only widespread use of the Ethereum blockchain thus far has been the building of other “token” based cryptocurrencies on top of the network!
Tokens built on top of Ethereum or other platforms (such as the Liquid Network by Blockstream, or even in very simple forms like “coloured coins” on top of Bitcoin) are entirely dependent on their underlying systems and thus inherit any disadvantages specific to those systems. This means for example that tokens built on top of Ethereum are definitionally more expensive than the value that can be extracted from them due to the behaviour of Ethereum’s gas system. Every such token eventually migrates off the platform or fails, but not before their founders have extracted large amounts of money from gullible speculators.
It is possible to imagine simple tokens on top of Bitcoin being used as things like “reward points” or similar and due to Bitcoin’s properties not conveying any strong disadvantages to the token that they could have some limited use. They can definitionally never be a currency themselves though as they are strictly less functional than Bitcoin itself and thus can only ever fulfil a secondary role at best.
Stablecoins are an attempt to create a cryptocurrency that maintains a “stable” value against a fiat currency. This could be the US Dollar, Euro, or any fiat.
The best known stablecoin is “Tether” (USDT) which has a value floating around that of the US dollar. It is claimed to be backed by real USD – that is, for every tether within the system, a US dollar is held by a trusted organisation.
Obviously, this kind of system is a measure that only exists in a world where fiat currencies continue to exist. They’re also entirely based on centralised trust models around the fiat holdings. The only reason they exist at all is because of regulatory systems that make them “more attractive” in some scenarios than fiat when it comes to ownership, taxation, and reporting. There is no long-term viability of these systems as currencies in their own right.
As a side note, while a stablecoin could be created that has its own blockchain or similar, all stablecoins that currently exist are hosted tokens and thus also find themselves under the same constraints as mentioned.
Directed Acyclic Graphs
A blockchain can generally be modelled as a continuous “chain” of blocks with occasional short-term forks that are resolved a block or so later. Directed Acyclic Graphs (DAGs) are fundamentally similar structures but with a large number of constantly forking and remerging chains that have an emergent status at the end.
It’s a complex and fascinating structure mathematically, but so far, no DAG has been built that didn’t require at least some form of centralised coordinator to make sense of the chaos. It’s possible that such a thing can’t exist. This is an ongoing area of study.
Novel digital token/coin approaches
Aside from basic blockchains and even DAGs, there are other novel approaches that have been taken in trying to create a cryptocurrency.
Monero is a relatively traditional blockchain, except that the transactions are masked both in terms of the participants and amounts. The concept uses a system called “ring signatures” to effectively add so much “noise” to the network that meaningful information can not be extracted. Anyone trying to watch “you” would see so much activity that isn’t actually you, that when you do perform an action it is lost in the noise (this is an oversimplified description, since I promised not to go deeply technical in this article).
The disadvantage of anything that masks actors and amounts is verifiability. I can be certain of how much Bitcoin exists and what UTXOs (unspent transaction outputs) they currently reside in. I may be able to know a few things about some UTXOs such as whether they require a script, a simple signature, or are part of a multisignature arrangement, but without external information I can’t link them to real people. With Monero on the other hand, there is no way I can prove the amount of Monero that exists in the network or whether I am truly transacting with the person that I think am transacting with – even if they want me to know that I am.
Grin is another interesting approach which nearly forgoes the blockchain or graph approach entirely by aggregating transactions to a single transaction within a block and then further allowing historical data to be removed by allowing for spent outputs to cancel against corresponding inputs while still maintaining the verifiability that a transaction historically occurred and thus the proof of ownership for the current coin’s owner is maintained.
Grin’s approach is extremely interesting but suffers – like Monero – from being unable to verify it hasn’t been historically broken. The status of the Grin “blockchain” would appear the same if it has been compromised or not and there is thus simply no trivial way to know if any planned economic principles have been violated.
There are many more systems aside from these and it’s impossible to evaluate all in an article such as this. I continually investigate technologies that seem interesting and new, but as yet have not seen any that couldn’t either be implemented in Bitcoin or carry risks that make them unacceptable as a true form of money.