How to do cryptocurrency right

Proof of work tends to be inherently slow, has inherently high transaction costs, and the miner’s interests are not identical with those holding currency as a store of value and those using currency as a medium of exchange.

Proof of stake is nontrival to get right. It is a form of the infamously difficult to understand (and infamously difficult to program correctly) Paxos protocol. The Paxos protocol has the great advantage over the proof of work in that after an unpredictable and possibly large time, it announces a definite result, whereas with the bitcoin proof of work protocol, no result is ever final, it just becomes exponentially probable.

Ignore the carping that proof of stake is inherently flawed. Any implementation of proof of stake that is easy to understand is likely inherently flawed, that being the infamous nature of Paxos.

Bitcoin was genuinely decentralized from the beginning, and over time became more centralized. Big exchanges and a small number of big miners are on the path to inadvertently turning it into another branch of the oppressive and corrupt government fiat money system.

The new altcoin offering are for the most part not genuinely decentralized. They have a plan for becoming genuinely decentralized some time in the future, but the will and ability to carry the plan through has not been demonstrated.

Assume that, instead of everyone being a peer, we have few dozen or so peers, the peers distributed among several nuclear armed jurisdictions, and each peer has a hundred million or so clients, and each peer stores the entire blockchain forever.

OK, we are talking rather large peers. A terabyte of storage, a hundred dollars worth, will keep one of them going for a week. Say two terabytes for redundancy. I don’t think cost of storage is going to be a significant problem.

Scaling, however, is the hard problem. Making enormous amounts of storage actually useful and effective is the problem. The amount of storage per client is absolutely insignificant. The amount of bandwidth per client is absolutely insignificant. Having a useful connection between enormous numbers of clients and enormous amounts of storage via enormous amounts of bandwidth is the hard part.

Prompt response is another problem. It inherently takes time, and potentially large and unpredictable time, to reach consensus on the blockchain.

We can, however, have fast trust base responses followed by consensus: Since the peers are pretty big, you can trust a peer for your payment during the short time it takes for consensus to settle.

The way this would work is that every client is hosted by a peer. If his host should crash, or turn evil, he can move to another peer, though during the move he will not be able to make fast transactions. When he makes a payment, the peer hosting him testifies that this is not a double spend, and the payment is instantly flagged to the recipient as cleared – but it does not get flagged as settled, and the recipient cannot spend the payment, until it gets incorporated into the blockchain consensus, about twenty minutes later. Since the peers are big and long lived, you can trust them with your money for half an hour or so, and if you don’t want to trust them,, or you don’t trust some of them, you just wait for the transaction to be incorporated into the consensus.

Tags:

27 Responses to “How to do cryptocurrency right”

  1. John B says:

    Jim, another interesting post – as they usually are – but I can’t help noticing something.

    Not much talk these days of the God Emperor and his 4-d chess. On a scale of “Hillary” to “Everything his supporters hoped” I’d put him into the left hand half, and moving leftwards.

    Maybe something will happen to prove me wrong, I hope so. Otherwise I think the time is near when you should say something about how Trump has failed, no?

    • Cavalier says:

      Here’s a simple litmus test: if one day we wake up to find ourselves under a new currency, Trump has succeeded, and most campaign promises are forthcoming; if not, then not.

  2. Mister Grumpus says:

    How trippin’ am I to wonder and hope that some nuclear-armed authorities like China, Russia and India (plus side-kicks like Brazil and Iran) could go in on something like this together?

    I mean, the programming and architecture would be done by a sub-set of them, but they’d all be at the ribbon-cutting ceremony if you dig.

    Maybe I’m just a high-trust goober, but I’d sure think that each of these authorities would have more to gain from such a move than they’d lose when giving up Fiat Powers over their own domestic currencies.

    Eh?

    • Mister Grumpus says:

      (There is the sad example of what happened to Khadaffi when he tried to set up an honest gold-backed currency, but he was alone and lacked nukes.)

    • Cavalier says:

      >but I’d sure think that each of these authorities would have more to gain from such a move than they’d lose when giving up Fiat Powers over their own domestic currencies

      And that is precisely the problem.

      • Mister Grumpus says:

        And what problem is that?

        • Cavalier says:

          Power is zero-sum.

          Power gained from somewhere is power lost from somewhere. If (when) governments adopt virtual currency, then, in theory if not in practice, anyone could be summarily disconnected at any time.

          Governments have a lot to gain, and their subjects have a lot to lose.

    • John B says:

      I agree, that’s a fine idea. Sadly the few independent governments that could pull it off would probably be too afraid of the disruption they might bring on themselves. But who knows.

  3. Garr says:

    A year or two ago I looked at a book in Barnes & Noble that was all about “Bitcoin.” It didn’t explain anything. It assumed that you’re already familiar with a bunch of jargon.
    Wiki on “Bitcoin” depends on the term “block chain”. The link to “block chain” gets to a Wiki that refers you right back — in the first sentence — to “bitcoin”.
    The Wiki on “Bitcoin” also depends on the phrase “peer to peer”. Here’s the first sentence of the Wiki on “peer to peer”: “Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers.”
    What’s a “peer” then, you dickheads (not you guys — I mean the Wiki-ists).
    Okay, maybe I’m just too fucking stupid for this stuff — I don’t get theoretical physics either (I mean, what the fuck is “energy”?) — but on the other hand maybe some people behave as though they’re thinking and explaining things without actually having any feel for what it is to think and explain things.
    Which suggests that AIs, probably non-conscious ones, already control this society and may have been in control since — when, the Seventies?
    Which still doesn’t explain the inability of theoretical-physics-expositors to see that they’re really not explaining anything at all — they’re just engaging in explanation-like behavior.
    Possibly alien AIs (I mean from outer space) took over when Victoria died? Then left Earth in the hands of terrestrial AIs in about 1973?

    • Dave says:

      A “block” is a chunk of data containing a list of transactions of the form “Transfer X satoshis from account A to account B with a fee of Y satoshis.” (1 bitcoin = 100,000,000 satoshis) Everything is cryptographically signed including the signature of the previous block, thereby forming a “chain” whose blocks cannot be removed or reordered.

      To generate a new block, a miner must run an SHA-256 hash algorithm on the block, generating a quasi-random 77-digit number. If that number has at least 21 leading zeros, collect your prize of 12.5 bitcoins plus all transaction fees, else try again. No joke, each hash attempt has a one-in-a-septillion chance of generating a valid block!

      “Peer to peer” means that we all interact as equals; no one is anyone else’s boss. Its opposite is the client/server model, where one server owns the data and many clients ask to read and modify it.

      You and I are not peers, we are clients. I’ll upload this comment to Jim’s server, from which you will download it. It’s much more efficient than everyone talking to everyone peer-to-peer, but if the government seizes Jim’s server, we’re all fucked.

      Energy is force times distance. It takes three times as much energy to accelerate 30-60 versus 0-30 because more distance is covered. Whereas a chain needs much force but no energy to hold up a heavy chandelier because the distance moved is zero.

      The First Law of Thermodynamics says than energy is conserved; changing from one form to another but never created or destroyed. The Second Law says that energy degrades into its most disordered form (e.g. “waste heat”), from which no useful work can be extracted.

      You are not alone. Numerous topics on Reddit are prefixed with “ELI5:” for “explain like I’m five”.

      • Garr says:

        Thanks, Dave. You’re a nice guy.

        On energy — you’re told me how to measure it, but not what it is.

        An energetic bunny is able to hop around quickly, covering a lot of ground with each leap … when I’m feeling “low-energy” I just wanna lie around and space out. So energy is something that Things have — sort of like general ability. So there’s no energy-stuff just floating around like a glowing swirly gas — that just doesn’t make any sense. But one always reads/hears pronouncements on the order of “In the beginning there was just pure Energy!”

        Energy-conservation: there’s only so much of the glowing swirly gassy stuff that shoots out of wizards’ finger-tips in the universe?

        By the way, I was thinking about something sort of related: Wouldn’t the calculation of the force (destructiveness upon impact with some standard material?) of a punch be almost impossibly difficult to calculate, given all of the factors involved including the massivity of the various body-parts involved and the degree to which they’re lined up behind a blow? Has anyone tried to figure out a formula for judging, say, whether Rocky Marciano’s left hook or George Foreman’s right cross is more forceful, just based on what’s known about the punchers and how they move?

        • jim says:

          No such thing as pure energy. Energy is always embodied in some physical form, such as a rabbit. Or food. Or a punch.

          Energy conservation means that the amount of punches you can throw is limited by the amount of food you consume. Entropy means that the energy in the punches that you throw is a lot less than the energy in the food you consume.

          The grass converted energy of sunlight into grass. The rabbit converted the energy in the grass into rabbit. Then if it could not convert that energy into getting out of your way fast enough, you ate the rabbit.

          The energy of a punch can be pretty easily measured, it is force times distance, which is equal to velocity squared times mass. And a punch, or a bullet, with more energy, is proportionately more hurtful than a similar punch with less energy.

          An very concentrated blow, as with the icepick that killed Trotsky, will do more damage than the same amount of energy applied in a slap to Trotsky’s face, but this is because the concentration means it can penetrate his skull and enter his brain, which is a more vital organ and less easily repaired than Trotsky’s cheek, but by and large, destructiveness is proportional to energy, apart, of course, from the fact that applying that energy directly to his heart is going to kill him, while applying a similar amount of energy to the outside of his ribcage is just going to piss him of off.

          • Garr says:

            “Energy is always embodied in some physical form” — you seem to be imagining “Energy” as a glowing gas that gets trapped inside of some kind of porous body.

            “The energy of a punch can be pretty easily measured, it is force times distance, which is equal to velocity squared times mass” — but the amount of mass that Marciano or Foreman puts behind a punch is impossibly difficult to calculate, it seems to me. Ali was 25 pounds heavier than Marciano, but Marciano hit with much more force because Marciano put a much larger percentage of his mass into his punches. Check out Marciano vs. Jersey Joe Walcott on Youtube. (For an even more extreme example, see Dempsey vs. Willard — a 65 pound body-weight differential.) How do you calculate the percentage of a fighter’s mass that’s put into his punches — except indirectly, by assessing the resulting damage?

            • Garr says:

              and it isn’t that Marciano’s or Dempsey’s fist moves faster. In general, a fighter hits harder when he gains weight. The 230 lb. Ali hit harder than the 215 lb. Ali. Given that force = mass x velocitysquared, there’s obviously much less variation in the speed with which fists move through the air than in the degree to which mass is applied. “Quick” in boxing doesn’t refer to the speed with which fists move through the air — it refers to the amount of time between the appearance of an opening and the beginning of a fist’s motion toward that opening, and to the number of punches a fighter gets off per unit of time.

    • jim says:

      > A year or two ago I looked at a book in Barnes & Noble that was all about “Bitcoin.” It didn’t explain anything. It assumed that you’re already familiar with a bunch of jargon.

      > Wiki on “Bitcoin” depends on the term “block chain”. The link to “block chain” gets to a Wiki that refers you right back — in the first sentence — to “bitcoin”.

      > The Wiki on “Bitcoin” also depends on the phrase “peer to peer”. Here’s the first sentence of the Wiki on “peer to peer”: “Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers.”

      > What’s a “peer” then, you dickheads (not you guys — I mean the Wiki-ists).

      This is why my cleaning lady should not invest in bitcoin. This stuff is all for techies, and a lot of techies do not find stuff like Paxos all that easy either.

      Peers are in a relationship of equals, each managing its own data, and sharing data with the others on equal terms. A client, on the other hand, stores his data on his host, and if his host misbehaves, he has problems.

      When you post messages to my blog, your browser is a client, and my web server is your host. I could edit your messages, or delete them. You cannot edit my messages.

      When we actually get all this stuff actually working so that my cleaning lady can actually use it, here is how it will work:

      You will download an app. When you first launch the app without a wallet file, it will ask you to setup an account, similar the setup process for Google playstore on Android, except that your user name will look like a twitter name, and will be in the cryptocurrency namespace, whereas the name for your Google playstore account is in the DNS namespace and looks like an email account.

      Your wallet file connects to a user name on the blockchain. Should you lose your wallet file, or lose its password, you are sol. You will never again be able to access the money in the account. Conversely, if someone else gets a copy of your wallet, and guesses your password, you are sol. He will steal your money and there is not much you can do about it.

      When you launch a wallet file, you are a client, and the app attempts to login with your host, who is a peer on the crypto currency blockchain. But if there is something wrong with your host, well, you will just have to change to some other peer on the blockchain. Your account is not really with your host, it is with the blockchain, but to access the blockchain, you have to access as a client through a host who is a peer on the blockchain.

      You will be able to cyptocurrency tweet from your wallet, and receive cyptocurrency tweets. The tweets can contain text, money, weblinks and such. Links on the web can link to tweets – typically a tweet that offers some good or service in return for crypto currency. When you click on such a tweet, it will launch your app with your current default wallet.

      The tweets will not be stored in the blockchain, though any money in the tweet will, together with a hash of the tweet. If the money is a response to an offer of goods or services, the hash of the tweet chains to the offer, so in the event of a dispute, you can prove you responded to the offer, and that the recipient took your money. Your tweets are stored off the blockchain, in your wallet, and optionally in your host. When you change hosts, other people may lose access to your past tweets, except, of course, to the extent that your past tweets are stored in their wallet, which past tweets containing money always will be. Your past tweets will also be stored in your wallet, and you can make them available by retweeting them through your new host.

      At this point I hear you say:

      “Well, being a peer on the blockchain sounds better than being client of some host who is a peer on the blockchain. How do I get to be a peer?”

      Well, first you download the last year or so of the blockchain, which if we take over the world and replace the US dollar, is likely to be about fifty terabytes of data. And if we have taken over the world, you had better get an internet connection that can handle ten gigabits per second. And if you have that capability, find two or more well connected peers on the blockchain that accept you as a peer. (If only one accepts you, you are still a client.)

      That is a lot, but it is not impossible for a wealthy individual. Even if we take over the world, being a peer on the blockchain will still be a perfectly reasonable choice for a high net worth individual. It will about one hundred times larger than the usual good home connection to the internet.

      So we can make a good start on taking over the world with most people being peers, but it will from the beginning be easier for the user, and make considerably fewer demands on his internet connection, to be a client of a host who is peer of all the other peers on the blockchain. Setting up a peer on the blockchain will from the beginning not be all that easy for the average user, and from the beginning will put a significant load on his computer and his internet connection. And once we have taken over the world currency system and largely replaced state currencies, only a rather wealthy man will be able to afford a system capable of being a peer.

      • Cavalier says:

        >You will download an app.

        Easy enough.

        >When you first launch the app without a wallet file, it will ask you to setup an account, similar the setup process for Google playstore on Android, except that your user name will look like a twitter name, and will be in the cryptocurrency namespace, whereas the name for your Google playstore account is in the DNS namespace.

        Alright.

        >Your wallet file connects to a user name on the blockchain.

        Cool.

        >Should you lose your wallet file, or lose its password, you are sol. You will never again be able to access the money in the account.

        Disaster. Utterly unworkable.

        >Conversely, if someone else gets a copy of your wallet, and guesses your password, you are sol. He will steal your money and there is not much you can do about it.

        Catastrophe. Utterly outrageous.

        >You will be able to cyptocurrency tweet from your wallet, and receive cyptocurrency tweets. The tweets can contain text, money, weblinks and such. Links on the web can link to tweets – typically a tweet that offers some good or service in return for crypto currency. When you click on such a tweet, it will launch your app with your current default wallet.

        Neat.

        …But there is no possible advantage that can offset the consequences of losing or having your password stolen. In the first case, people are stupid, poor of memory, lapse into dementia, go senile, and simply forget that they’ve changed a password after they’ve changed it. In the second case, you simply cannot put people’s bank accounts (or life savings, or whatever) on the line of perfect security of the sweat-inducing-security-nightmare-clusterfuck-that-is-every-single-one-of-their-devices.

        And Dave pretty much perfectly encapsulates the entire cryptocurrency argument:

        >It’s much more efficient than everyone talking to everyone peer-to-peer, but if the government seizes Jim’s server, we’re all fucked.

        If you’re doing something the government doesn’t want you to be doing, don’t! If it’s important enough — and by God, controlling the media of exchange is important enough — they’ll bend you right over a splintery wooden table and fuck you until you prolapse.

        >And once we have taken over the world currency system and largely replaced state currencies

        Before or after “we” “take over” the sovereign Deep State?

        • jim says:

          > > It’s much more efficient than everyone talking to everyone peer-to-peer, but if the government seizes Jim’s server, we’re all fucked

          The basic blockchain idea is that if the government seizes your server, you are not fucked.

          Rather, the government has to seize all or most of the servers, which if they are distributed between several jurisdictions, likely to be difficult. So, if the US government seizes all the US servers, most people will scarcely notice. They will just log into a host in some other jurisdiction.

          Governments notoriously find it extremely difficult to cooperate or coordinate with other governments.

          • pdimov says:

            “Governments notoriously find it extremely difficult to cooperate or coordinate with other governments.”

            Governments have their own TLDs and yet, the Stormer can’t stay online.

      • Dave says:

        Many devices run older versions of their operating systems with known security holes, so any wallets stored on them will be summarily emptied. Android is the worst in this regard because upgrading existing hardware to a newer OS version is usually impossible.

        If you die and your next of kin cannot find your wallet and password, your crypto is lost forever. If a corporation entrusts a crypto account to five different people, it’s five times as likely that one of them will have a virus on his computer that empties the account. Or maybe, because it’s trivially easy to create an anonymous destination account, one of the five embezzled the money to fund his retirement?

        There are advantages to a government-controlled banking system that forces all users to identify themselves, cf. Stanley Mark Rifkin.

  4. ilkarnal says:

    Re-iterating this https://blog.reaction.la/economics/cryptocurrency/#comment-1731867 but also:

    Yeah, I like the idea of having a few well-trusted peers. The problem is that every ‘nuclear armed jurisdiction’ is ambivalent or fairly hostile to cryptocurrency already, and that will chance into a white hot hatred the instant cryptocurrency fulfills 1/10th of its promises.

    If push comes to shove, there are nuclear options that states can and will resort to. You can blacklist whole TLDs, mandate severe peer to peer throttling or delay or outright halt, and give big users the Dread Pirate treatment. There’s definitely a cost to this, but the cost of allowing a large fraction of the economy to move from controlled to uncontrolled territory is far greater. I don’t think that large fraction will shift in the first place, but if it doesn’t then cryptocurrency has failed to deliver on any significant fraction of its promises.

    • Will says:

      Going off your previous comment, even if you wanted to use bitcoin for illicit transactions, it’d be difficult to find someone willing to accept it. Cyptocurrency is used/accepted mainly by upper middle class white male stem majors (AKA the people least likely to run a criminal enterprise). If you actually want to buy drugs or guns or get a hooker, cash is the only thing they’ll take in 90+% of cases.

      The more I think about it, the more it seems like cryptocurrency is basically useless. A solution in search of a problem. It’s a poor medium of exchange. According to Jim, it’s becoming more and more centralized, leaving it vulnerable to government action and thus a poor store of value, and any plan to de-centralize it is excessively convoluted as to be impractical. The only arguable use is as a speculative investment and that ship sailed a few years ago.

      As far as I can tell, people use bitcoin for novelty rather than utility. It’s used just for the sake of being used. Ex: “Oh man, I just bought a new keyboard with bitcoin! All I had to do was spend a day downloading the coin wallet, buy coins on an exchange, find a vendor that accepts bitcoin and make the purchase. I can’t believe people used to use cash and credit, THIS is the future.”

      Cryptocurrency is just intellectual/economic masturbation for upper middle class right libertarian comp sci nerds.

      • jim says:

        Personal experience: Bitcoin is in fact useful for buying guns and drugs.

        However its primary use is money laundering, in particular and especially, evading Chinese capital controls.

        The current market value of bitcoin is one two hundredth of the current market value of government issued US dollars. If it takes over the world, expect approximately two hundred fold appreciation.

        But needs fixing before it can take over the world.

  5. Reluctant Dissident says:

    The thing is though Jim, the need for decentralisation stems from the nature of corrupt government: people want something that can’t be subject to inflation, confiscation and hair-cuts.
    This means any solution to that problem will forever be subversive and pitted against official institutions.

    The prohibition on right-wing activism applies.

    When the time comes for digital currencies to be genuinely useful (and not a form of right-wing activism, hence doomed to fail), they won’t even need to be decentralised, because they won’t be something analogous to a drug cartel hiding below the radar.

    • Cavalier says:

      Pretty much. Cryptocurrency isn’t a technological problem. Cryptocurrency is a political problem. The owner(s) of a cryptocurrency will benefit in the exact same way as the owner(s) of a regular currency benefit — except more so, because their new power will be unconstrained by normal material limitations, and everyone will have a chip.

      10 years ago, people had dumbphones, but the touch-screen smartphone (the iPhone) had just been released.

      20 years ago, almost nobody had cellphones of any kind, and the ones that did carried them around in bags.

      30 years ago, there was no Internet, and the Soviet Union still loomed over half of Berlin.

      These things move with astonishing rapidity. When you find yourself unable to buy or sell because of your crimethought, don’t say I didn’t warn you.

      • Mister Grumpus says:

        Is your point that if there are “hosts” and “clients”, then there will eventually be an authority that can cut-off my ability to buy and sell if I crack nigger jokes on the internet?

        • Cavalier says:

          There are some technologies that have made the state stronger relative to its sheeple, and some technologies that have made it weaker. I would hazard a guess that there have been more, perhaps far more, that enhanced the power of the state (or, more generally, the rich and powerful) than there are those that enhanced the power of the common man.

          The argument for cryptocurrency, essentially, is that the state is incapable of cracking down on a technology, even if said technology threatens to undermine the state’s whole economic power. Judging by the way that the state crushes neo-Nazis and casually demolishes buildings and suchlike, I suspect that this an unreasonable proposition.

          Regular, present-day currency is rooted in the idea that every dollar has a physical manifestation in a form of a piece of paper issued by the Federal Reserve Third Bank of the United States, and that whoever physically holds this paper is the possessor of its value. The cooler features of the financial system, things bank accounts, checks, credit cards, and more recently Apple Pay, are all built upon this fundamental logic. It’s nice, because money has been around forever, and anybody can physically hold paper and understand how it works, and it’s completely ad-hoc: it’s difficult enough (and dangerous enough) to fake a physical dollar that it rarely happens, and so there is no supertotalitarian Great Ledger in the Sky.

          Cryptocurrency is something completely different. Cryptocurrency is rooted in the idea that mostly anonymous, effectively untraceable cash just isn’t cool anymore, maaan, so we need to move our means of exchange from human-friendly meatspace into NSA-friendly cyberspace. Oh, and because bits are super easy to fake, we need to use hand-wavy algorithms incomprehensible to normal human beings to build One Computer System in order to keep a perfect historical record of literally every transaction ever, viewable and Big Data-izable to anyone and everyone (or just your friendly neighborhood CIAniggers). And, oh yeah, if you’re ever hacked even once ever, or you forget your password, or your drunkenly change your password, or you’re scopolamined, then say goodbye to your life’s savings, ‘cuz you ain’t gittin’ it back, suckahh.

          And if the government ever sinks its long, grasping talons into the One True Ledger, or simply issues its own virtual currency and outlaws the rest (can you say: adoption rate?), then yes, fuck you, you filthy heretic, you will be shunned by all of humanity, and good luck buying a house or a car or food at the grocery, or getting your children into not-nigguh-skool.

Leave a Reply for Will