Believe those who are seeking the truth. Doubt those who find it. Andre Gide

Thursday, January 30, 2014

A bit more on the economics of Bitcoin

I'm still trying to understand the details of how cryptocurrencies like Bitcoin work. But the general principles involved seem clear enough, so let me start by explaining (what I think) these are. I'll let the experts out there fill in the gaps (and correct any errors I may have made). So what follows is basically an introductory lecture I would deliver to a class on the subject.

This is about the payment system: the way we pay and get paid for things. Any payment system has to solve the following two problems:

    [1] How to transfer credits across accounts in an honest, secure, and reliable manner;
     and
    [2] How to manage the total supply of credits over time.

The earliest (and arguably still most important) payment system relies on informal communal record-keeping. In small communities (villages, networks consisting of close friends, or work colleagues, clubs, etc.) a lot of what gets produced and consumed relies on what one might call "social credit" designed to exploit multilateral gains to trade (even when bilateral gains to trade are absent). In small groups, it is relatively easy for many members of the community to keep track of individual contributions to, and individual withdrawals from, the collective good. I may sometimes ask a favor of a team member even if we both know I have no direct way to return the favor personally. At the same time, I may be asked to deliver a favor to a team member even if we both know he/she has no direct way to return the favor personally. We just do these things because it is in our collective self-interest. In such reciprocal "gift-giving" economies, the currency that facilitates exchange consists of individual reputations (credit histories). If credit histories are easily observed by members of the community, then its difficult to misrepresent or distort your credits, or steal credits from others. If you try to do so, and if you are caught, you may be ostracized from the community, or worse. (

I mention this idea of "communal monitoring" because some form of it seems to play a critical role in the practical application of the Bitcoin protocol.

As a practical matter, the "social credit" system described above seems to work well for small groups, but not so well for larger communities. It's tough to keep track of the individual credit histories of thousands or millions of people, let alone ensure that such records remain a true representation of history. In large communities, many individuals become "anonymous" to one another. Anonymity here means that anything they do in a transient bilateral meeting will not be observed and recorded by the community. That's too bad because efficiency may have dictated that a gift be made in such a meeting. The gift might have been made if the gift-giver received (a social) credit for his/her sacrifice. But if no social credit is forthcoming (because nobody can see it), then the trade does not take place, even though it should have (in an ideal world).

One solution to this problem is monetary exchange. That is, imagine that there exists a set of durable, divisible, portable, recognizable physical object that is hard to steal/counterfeit (the way that reputations need to be hard to steal or counterfeit). Then contributors (workers) could build up credit by accumulating this object, and recipients (consumers) could draw down their credit by spending this object. As it circulates in this manner, this object becomes money. According to this interpretation, money is nothing more than a substitute for the missing (excessively costly) communal record-keeping technology (see Ostory 1973, Townsend 1987, and Kocherlakota 1998).

In a monetary economy, there is no explicit communal monitoring going on. If money is difficult to steal/counterfeit, then the only way I could have acquired it is by working for it (or by having someone else who worked for it bequeath it to me as a gift). When I show up at my local Starbucks and ask for a triple grande latte, they won't hand over my drink until I show evidence my contributions to society. The evidence is in the form of the money that I earned from work. As I hand over my money, I debit my wallet and credit the Starbucks wallet. This transfer of credits involves no intermediary--it is a "self-serve" accounting mechanism.

Of course, many exchanges do take place via intermediaries like banks and clearinghouses. A check drawn on my bank account is an instruction to debit my account and credit another account. The accounts sit on the books of a third party--the intermediary. The money in this case need not even take a physical form -- it can exist simply as a book-entry object. Today, these book-entry objects take the form of electronic digits, and these digits are debited and credited across accounts managed by banks with instructions from debit card technology.

O.K., well suppose that you do not trust the government (or central bank) and their paper money. Suppose you want the convenience of electronic money (so no commodity money). And moreover, suppose you do not want to rely on a third party like a bank. Maybe you don't trust them, or you do not like their fees, or the records of your purchases they keep, or the fact that your identity is associated with your account. What is the alternative?

What we want is some way to replicate the cash experience using electronic digits instead of physical currency. Recall that in bilateral cash transactions, the accounting is done on a self-service basis without the help of the community or some other third party. When it comes to digital money transferred over the internet across a large network of users, self-serve accounting is not likely to be practical. The self-serve part will have to be replaced by some communal monitoring service (obviously not a delegated third party, since this is what we are trying to avoid). I'll try to explain why in a moment, but first let me considered an idealized world where the relevant information is costlessly accessible to all members of the community.

Digital cash with communal record-keeping and communal monetary policy

Digital cash consists of information encoded electronically as bits. For concreteness, let's call digital cash "e-coins" and assume that an e-coin takes the form of a unique N-digit serial number.

[A1] Assume that the serial numbers of every e-coin created are recorded in a public data bank for all to see.

There is an initial money supply (50 bitcoins in the case of the Bitcoin protocol) and a publicly known protocol that governs money creation. In a nutshell, money growth can only occur by "communal consent." In the present context, you can think of monetary policy as a rule for money creation (and distribution), where the rule can only be changed by communal consent.

Members of the community possess "computer wallets" where e-coins are stored in an encrypted file and managed by a computer app (you can download these programs for free). Computer wallets have a public address, like a P.O. box (the identity of the wallet is not known, and a person may own several wallets). So people can send money to your wallet, but only you can extract money from your wallet (only you possess a private digital key for this purpose).

[A2] The e-coin content of every wallet is part of the public database.

So here's how things might work. Suppose a buyer wants to send an e-coin to a seller. Essentially, the buyer sends a message to the community: I wish to send e-coin SN01234 to [seller's wallet address]. A digital signature ensures that this message could only have originated from the buyer's wallet.

[A3] All messages are publicly observable.

 (The italicized sentences above emphasize the assumed information structure. For Bitcoin, there is even more information than this: the entire transaction history of every wallet is part of the public database.)

Now, if every member can costlessly scan and verify every element of the public database, the transaction process should be straightforward. First, the seller can see that the buyer does indeed own e-coin SN01234. Second, by comparing SN01234 to the public database of serial numbers outstanding, the seller can see that SN01234 is unique and was not counterfeited by the buyer. Third, the seller can see that the buyer is not trying to "double spend" SN01234 (e.g., by simultaneously offering it to another merchant's wallet).

The practical problem with this protocol is not that information assumptions [A1]-[A3] are violated. The information is available. There's just so much of it that not everyone can be expected to absorb it all instantaneously. It is time lag that opens the door for scammers. The task of legitimizing, recording, and updating the database has to be delegated in some manner. In the Bitcoin protocol, the task is not delegated to any single third party, rather it is delegated to members of the community who wish to "volunteer" their monitoring services.

Now, the precise details of how this public monitoring and record-keeping is done presently escapes me. The basic idea is that the monitoring activity must be made costly, because otherwise there is an incentive for scammers to announce that their scam deals (e.g., attempts to double spend) are legitimate. In Bitcoin, the monitors (miners) are required to solve a complicated mathematical problem (consumes energy and CPU time), the answer to which is easily verifiable. I think that (somehow) the verification of this answer also verifies the legitimacy of the transaction (someone help me out here).

But if it is costly for miners to verify transactions, what motivates them to do it? There is a reward, of course. In Bitcoin, the reward comes in two forms: newly minted bitcoin and/or service fees. So in the Bitcoin protocol, the verification costs are partly financed via seigniorage. I do not understand the exact mechanics of this process, in particular, the cryptographic techniques involved, and how the parameters are varied over time (for example, to ensure that the supply of bitcoins never exceeds 21 million). Maybe some smart person can explain it to me in plain language. (Here is a good attempt).

Before I leave this part of the discussion, I want to make a remark about the "mining" activity in Bitcoin. A lot of people, including Paul Krugman, appear confused about it. I initially shared in this confusion. Mining actual gold for the purpose of increasing the money supply is indeed socially wasteful. That's because an existing supply of gold can be stretched into an arbitrarily large supply of real money balances via an appropriate deflation. But the mining activity in Bitcoin is not a social waste--it is the cost associated with operating a payment system of this particular form when people have an incentive to cheat. The analog here is the cost associated with opening and maintaining your checking account at a bank.

Is Bitcoin a good money?

One could argue that the USD is at least partially backed by its ability to discharge real tax obligations. But bitcoins truly are purely fiat in nature (they have no intrinsic use in either consumption or production). Does this mean that the value of bitcoins must eventually crash to zero (their fundamental value)? No.

Bitcoins are information -- record-keeping devices. You can't eat my credit history either, but some companies would value (and pay for) this information nevertheless. So as long as Bitcoin conveys accurate information, its value can persist indefinitely. (There is, of course, the threat of entry, though Bitcoin appears to have a substantial early-mover advantage.)

One problem with Bitcoin as a currency is that its purchasing power sometimes fluctuates violently and at high frequency. As I have argued before, a desirable property of a monetary instrument is that it possess a relatively stable short-run rate of return. (A stable long-run rate of return is nice, but not essential, since other assets than money can be utilized as long-term stores of wealth.). Let's take a look at the USD price of bitcoin:


Holy cow. (Wish I had bought in at 5 cents!)

What accounts for this price volatility? (By comparison, the real rate of return on USD over the same period of time was a relatively stable -1% p.a.). Well, it might have something to do with the thinness of the USD/BTC market (can anyone point me to some evidence?). Or it might have something to do with the fact that bitcoin is not a unit of account (even if it is a medium of exchange, prices are usually denominated in USD). Both of these problems might diminish over time as the popularity of the instrument grows.

But my own take on this is that the price volatility reflects the perception that the supply of bitcoins is (relatively) fixed. This, combined with large fluctuations in the demand for bitcoin, naturally results in huge rate of return volatility. We saw the same thing under gold standard monetary regimes (where gold was a unit of account). In principle, an "elastic" supply of currency (even the credible threat of an elastic supply) can be used to offset sudden changes in demand to keep the rate of return (inflation rate) on money relatively stable.

Trust

My colleague, Francois Velde of the Chicago Fed, has a nice primer on Bitcoin. (It delves into the mechanics of the cryptography involved, but I still find many parts of his discussion a little vague.) But in terms of what sort of trust is involved in Bitcoin and similar endeavors, I like what he has to say here:
[B]itcoin protocol is based on open-source software. Bitcoin is what bitcoin users use. The general principles of bitcoin and its early versions are attributed to an otherwise unknown Satoshi Nakamoto; improvements, bug fixes, and repairs have since been carried out by the community of bitcoin users, dominated by a small set of programmers.

Although some of the enthusiasm for bitcoin is driven by a distrust of state-issued currency, it is hard to imagine a world where the main currency is based on an extremely complex code understood by only a few and controlled by even fewer, without accountability, arbitration, or recourse.
 Yes, it's hard to imagine. But maybe it's because we lack imagination? Only time will tell.

41 comments:

  1. A beautiful application of the idea that money is memory. Makes me wonder if Nakamoto read Kocherlakota.

    ReplyDelete
  2. One question is, what is Bitcoin's value a function of?

    One answer is its convenience as a payment mechanism. This begs the question: what would Bitcoin be worth, in dollars, if it were a universally accepted means of payment?

    Further, even at that point, competing currencies might be conjured into being, so Bitcoin would have to fight off these attackers. So another question is, what would Bitcoin be worth as a universally accepted means of payment, if the marginal cost of exactly replicating its attributes in a competing currency is zero?

    This will mark me as a neanderthal, but I think the answer to the questions above is that gold is a better competing MOA to the dollar than Bitcoin -- it has some permanent underlying demand from consumer use, and therefore some intrinsic value. They say an ounce of gold has purchased a man's tailored suit since Roman times. Sounds about right. So the question is really how to turn gold from an MOA to an MOE. A gold-backed e-currency is one solution. The problem is that gold must be stored physically somewhere, and that somewhere is subject to sovereign control. This is the one advantage of ecurrencies; except that, realistically, sovereigns could outlaw them as means of payment quite easily. So there you have it: no way around sovereign control, but at least gold has a more stable MOA by virtue of its marginal cost and permanent demand.

    ReplyDelete
    Replies
    1. A problem with a commodity-backed e-money is how to handle potential redemptions. Like you said, the gold has to be physically stored somewhere, and the "community" must somehow oversee the redemption. Seems hard to see how some third-party would not be required to oversee the redemptions. And the whole point of e-currency is to bypass reliance on trusted third parties.

      Delete
    2. The trusted third parties are no longer trusted, that is why they are being bypassed.

      Delete
    3. Reproducing the Bitcoin protocol is indeed costless. Reproducing the integrity of the public record, which is a function of how much CPU power is devoted to mining is not costless. This is the primary first mover advantage of Bitcoin over competing implementations

      Delete
    4. Regarding gold and e-money: David, I wouldn't say the only point of e-money (digital currency) is to avoid trusting third parties. The frictionless exchange of value, with or without third party trust, has great value for many people (e.g. those using international remittances). See the following link Diego and David for an interesting and pointed example regarding this: http://www.coindesk.com/bullion-exchange-brings-ripple-physical-world/

      Delete
    5. To clarify, Ripple is a payment protocol that enables "frictionless" value transfer (of anything, BTC, USD, gold, airline miles). This is accomplished, though, by trusting gateways (similar to banks) that are entry and exit points for the protocol; these are where you would redeem/withdraw your gold. To oversimplify, it's frictionless, it includes digital currency, but it requires trust*.

      *not trust in an intermediary per se, but decidedly more trust than what the Bitcoin protocol requires.

      Delete
    6. sethhoskins: Sure, point taken. However, it seems to me that the current banking system has the technology to implement this "frictionless" payment system you describe, no?

      Delete
    7. Bitcoin or Ripple > NACHA

      Delete
  3. "Misrepresent or distort your credits" = fractional reserve lending. The problem is staring us in the face.

    ReplyDelete
    Replies
    1. No, I think you are wrong. I talk about fractional reserve banking here: http://andolfatto.blogspot.com/2011/09/fractional-reserve-banking.html

      Delete
    2. I appreciate your blog, its really great stuff and your obviously a smart guy, but I disagree. Its a credit crisis brought on by too much debt. And who are the "savers" lending us all this money? Entities that can create money at will, whose liabilites (FRNs) are not obligations to perform or representations of wealth at all. Taxpayers are the only collateral for the paper creation...and I personally dont consider that a society of "free" people.

      Disagreement aside, I honesty enjoy your blog.

      Delete
    3. To sum up David's post: Asset Transformation. In this day of age with so much hate against banks (much of it deserved, but not all of it) it is important to point out where the value from banking comes from in the process of intermediation. Banks (and other financial institutions) are factories that turn assets that regular folks don't want to hold into assets they do want to hold.

      Delete
    4. James, I agree the valuable function a bank serves is that of intermediation....matching uo savings surplus entities with those seeking the use of savings but in deficit. However, I think fractional reserve gives the banks themselvs the ability to be the "saver". What is being loaned as legal "good and valuable legal consideration" is just a multiple of some actual, living breathing savers effort. And doing this juices the banks p&l so of course its in their best interst to multiply reserves like crazy into loans. And this can only result in too much debt, like we have today.

      Delete
    5. There is more to it than the matching process. You can go online and find some sites that will match you with someone who needs a personal loan. A bank does more than that. In the case of you making the personal loan online, you will have an asset that is highly illiquid. You will either have to abide by the terms and wait to be paid, or try to sell the asset. However, it would be very likely that you would have to sell the asset below its value. The asset would be very unique, and anyone you would sell it to would expect it to be a lemon and believe you to be taking them for a ride. Why else would you want to sell it, they would ask? You must have private information. Very few people are willing to make these type of personal loans for such reasons, so few people would find lenders. Assets that become more liquid attract buyers. Banks turn illiquid loans into liquid deposits. Its a win for people who would like to hold liquid assets and a win for the people looking to borrow since there will be more funds available to lend. This would not be possible without a fractional reserve system.

      Yes it can be dangerous, but so is nuclear power. Not using a valuable technology that can sometimes be dangerous if not used wisely is not the way to make progress.

      Delete
  4. "USD is backed by its ability to discharge tax obligations.....bitcoin is not, therefore bitcoin has zero fundamental value." Im paraphrasing you, of course, but I have to callyou on that stmt. If the force of money is only applied via legislation, you had better tell the irs and state tax agencies to quit confiscating non money assets from people behind on taxes. No, money does not get its worth only from legal tender laws. If is were so simple, many new laws could be written to include other forms of money under that umbrella.

    ReplyDelete
    Replies
    1. Yes, a bitcoin has zero fundamental value. What is your problem with that? I'm not suggesting that this is a bad thing. And I never said anywhere that money only gets its worth from legal tender laws. I explicitly said that Bitcoin will retain its value as long as it records information in a useful manner (whether or not it possesses legal tender status).

      Delete
    2. To me, and at best, bitcoin represents only a previously expended resource or energy making it hard to get. Like gold in a way, but much less history and consensus. Its a representation of previous labor. Question is, will society deen this expended effort as having been for social good, thus giving them a reason ti view it favorably.

      Delete
    3. Lles,

      The value of Bitcoin has more to do with the core protocol. That is, the ability to send units of account securely, with no intermediary, globally, economically (low fees), and do so in minutes.

      Delete
  5. "Its hard to imagine a world where the main currency is based on an extremely complex code understood by only a few and controlled by even fewer without accountability, arbitration or recourse."

    No one else here sees the humongous irony in this stmt? Is he talking about bitcoin or the USD?

    ReplyDelete
    Replies
    1. The Fed was created by an act of Congress, representatives of the citizens of the United States, in 1913. In terms of how the Fed is audited, you may want to read this: http://www.stlouisfed.org/about_us/federal_reserve_audit.cfm

      And if you want to have the Fed shut down (as has been done before in the U.S.), you do have some recourse. It's called "voting for representatives in regularly scheduled elections."

      The fact that a majority do not agree with your point of view should not be taken as evidence that there is no accountability, arbitration, or recourse.

      Delete
    2. Where money buys a congressional vote, a public vote does not matter. Recourse as a concept is in great peril in america, and around the world. Its why we see "unrest" globally. I actually do think I have the majority on my side, because they are more like me than like you. Im a regular guy accountant working in real companies with real p&l's and resource constraints to worry about, not a fed economist. As much as I seceretly envy the idea of that job.

      And as for accountability, id like to be reimbursed by the FRBNY for all the savings of my labor that is limited to me that was lost to a managed inflation of the currency.

      Until I can get that back, there is no accountability. All I can do is not hold the dollar.

      Delete
    3. There is certainly a spectrum of accountability. The level of which does seem low to me. And this is exacerbated by so few people understanding economics, money and the Fed. Bitcoin, and digital currency generally, may help people address this concern.

      Delete
  6. "the answer to which is easily verifiable. I think that (somehow) the verification of this answer also verifies the legitimacy of the transaction (someone help me out here). "
    And I thought I'd done such a good job in that paper I wrote :(
    The answer produced is a function of the entire transaction record used to produce it. Any modifications to the transaction record will invalidate the answers. So other miners will only accept an answer as a valid solution if they have an identical transaction record.

    ReplyDelete
    Replies
    1. Ian, your paper was a big help to me in understanding various aspects of the Bitcoin protocol! I should have asked you permission to make it publicly available (or perhaps you have a link to it?). But I am still not exactly sure how this part of it works, even after your excellent explanation ;)

      I have another question for you. I recently read an article in Business Bloomberg on the "Bitcoin Rush." According to this article, it seems like a concentration of computing power may be developing. My understanding is that it is crucial that the computing power of any individual remain less than than 50% of the community computing power. But if one or two miners end up dominating, then what is to prevent them from scamming the system?

      I have a feeling that this is the real danger for Bitcoin, and if this concentrating of mining power is not somehow restricted, it will lead to the collapse of the system. What do you think?

      Delete
    2. David,

      It's my opinion that free market forces will keep such an attack from happening.

      Because the computing power is already so daunting, most mining concentration will occur in pools, which are much less likely to coordinate an attack. For a single attacker the cost would be incredibly high; and provided he/she is economically motivated, to undermine the currency that one is mining makes no sense.

      Delete
    3. And David, this source helped me understand the technical side of Bitcoin a lot:
      http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/

      Delete
    4. Hi David.
      Glad the paper was helpful! I have it on my dropbox, should be available here:
      https://dl.dropboxusercontent.com/u/5048461/p2pcurrency.pdf

      Regarding the "Bitcoin Rush" are you referring to this article?
      http://www.bloomberg.com/news/2013-10-15/bitcoin-mining-rush-means-real-cash-for-hardware-makers.html

      It's true that Bitcoin has become popular and valuable enough that an individual with a personal computer has almost 0 chance of successfully mining Bitcoins. This has resulted in the development of both specialized hardware, and mining "pools". In pools, all users contribute towards mining, and if anyone manages to add a block to the chain (and earn some Bitcoins) the proceeds are distributed to all members of the pool, proportional to how much work they did towards adding that block. If you look here:
      https://blockchain.info/pools
      You can see that this has resulted in something of a concentration of mining power, however the concentration is not great enough for any individual pool to overrule everyone else. Especially considering the coordination issues within that pool that such a strategy would entail.

      Regarding how the answer to the mathematical problem verifies the transaction, I'll refer you to the section in my paper on hashing for a more technical explanation, or you can consider this metaphor.

      Imagine the public ledger as a pool of paint. Every new block of transactions will modify the colour of the paint (abstract away from how this would actually rapidly turn to brown). Further imagine that you have some target colour that you want to create, by combining the colour resulting from the ledger with one other colour. If you get it right, it'll be easy to verify, but guessing which colour to add isn't easily determined, so you guess different colours until you stumble upon the answer. Once you find the right colour combination you broadcast your solution to everyone else who was trying to find it. They'll only produce the same colour and verify your solution if you both found the right new colour, and were working off the same original colour. Once everyone accepts this the base colour plus your new one becomes the new base colour, and all following solutions will depend on it.
      I don't know if trying to explain it in colours instead of numbers made it better or worse. Let me know!

      Delete
    5. Hmm, not really. Something is blocking my brain from absorbing the idea. I hope it isn't just the fact that I am dense! Let's keep talking Ian -- we can work on a paper together.

      Delete
  7. I've got a gatling gun's worth of questions for you:

    "But bitcoins truly are purely fiat in nature (they have no intrinsic use in either consumption or production). Does this mean that the value of bitcoins must eventually crash to zero (their fundamental value)? No. Bitcoins are information -- record-keeping devices. You can't eat my credit history either, but some companies would value (and pay for) this information nevertheless. So as long as Bitcoin conveys accurate information, its value can persist indefinitely"

    Companies might pay for information about your credit history, but I can unearth all sorts of other record keeping devices and ledger entries that contain accurate information that no one would pay to own. Why are bitcoin ledger entries valuable whereas an entry in some other ledger conveying equally accurate information is worthless?

    The market cap of all dogecoins is more than that of all sexcoins, does that mean that dogecoins record information in a more useful manner?

    Bitcoin went from being worth $0 to some positive value. Does this mean that it made a sudden switch from recording information in a non-useful manner to a useful manner? If so, how does this happen? Doesn't a bitcoin worth $0 (as they were in 2009) still provide accurate record keeping devices? I'm skeptical of the idea that the informational content of a e-coin can explain bitcoin's value (ie. why it can't fall back to $0) if it can't explain its debut.

    ReplyDelete
    Replies
    1. Why are bitcoin ledger entries valuable whereas an entry in some other ledger conveying equally accurate information is worthless?

      Because accurate information is not necessarily relevant information?

      The market cap of all dogecoins is more than that of all sexcoins, does that mean that dogecoins record information in a more useful manner?

      Not more useful, but just more, perhaps? I can write down a model of fiat money, where two countries use their own fiat currency. The purchasing power of the respective currencies can depend on (among other things) the size of the economies. But interesting question, nevertheless..

      Bitcoin went from being worth $0 to some positive value. Does this mean that it made a sudden switch from recording information in a non-useful manner to a useful manner?

      The value of the bitcoin must also depend on the future prospect of its use, no? If people suddenly expect the network to expand, shouldn't this drive up the value of this type of information?

      Delete
  8. "The basic idea is that the monitoring activity must be made costly, because otherwise there is an incentive for scammers to announce that their scam deals (e.g., attempts to double spend) are legitimate."

    What the mining process does is to create a timestamped ledger that cannot be altered afterwards. New entries can be added, but old ones cannot be erased.

    Payment instructions are forwarded between computers running the Bitcoin protocol, so in principle everybody ends up with the full set of transactions. However, each computer will generally receive the transactions in a different order, since that order depends on how many hops you are removed from the person who generated each transaction. But the various nodes need to agree on one shared order, otherwise they can't tell which of two conflicting transactions will go through.

    If you had a single central party, that would be easy enough, but the idea with Bitcoin is not to need a central party.

    You might try to let people announce a new set of transactions (a new block in the blockchain) at random and let every node stick to the first announcement they had heard. That would work if new blocks weren't announced too frequently. At the very least you would want the frequency to be above the average time it takes to broadcast a new block across the network.

    Bitcoin's trick to determine this frequency is to make it artifically difficult to create a block by adding a mathematical puzzle to each block. A block is only valid if it contains a valid solution to the puzzle. The answer to this puzzle is a number called a nonce. There are very many solutions to each puzzle, yet only a small fraction of all numbers is a valid solution and which solutions are valid varies from block to block. The only known way to solve the puzzle is by sequentially trying all possibilities. By varying the difficulty of the puzzle the system arranges for one solution to be found roughly every ten minutes.

    Generally each node will hear only a single proposed new block, because everybody abandons looking for a solution to the current problem once a new block comes in, because they know everybody will use the block they heard first.

    Occasionally two nodes may find a valid block roughly simultaneously, and one part of the network will start building new blocks on top of one of these block because that's the block they received first, while another part will build on top of the other block because they happened to receive that other block first. If a node has only a single candidate for block n, but more than one for block n+1, it will stick with the one it heard first. But once additional blocks are added on top of these blocks, a node will jump ship to the longest chain, which means the longest branch starts growing faster while the shorter chains start growing more slowly, so before long all minority nodes will have jumped ship and consensus is reestablished.

    So all miners can do is 1) to order transactions and 2) to censor them, perhaps based on transaction fees. Whether is a transaction is valid or not is determined by all nodes, regardless of how much computing power they can muster so they cannot falsify transactions.

    ReplyDelete
  9. So how could a 51% majority misbehave?

    One possibility would be to start generating blocks that didn't contain any transactions except for the coinbase transactions for the reward miners get for finding a block. Or they could direct so much computing power to mining that the system automatically increases the difficulty of the puzzles in order to keep at 1 block per 10 minutes and then abandon the mining process. If they have much more computing power than all other miners combined it will take very long for the difficulty to readjust and in the meantime no one can have new transactions confirmed or their mining rewarded so everybody abandons the coin. I believe Bitcoin miners have done this to rival coins which subsequently collapsed.

    They could also make payments with the system, wait for the goods to arrive and then roll back history by starting a new chain of blocks on top of the block just before the block they made their payment in. The honest miners would have a head start, but if the dishonest miners have more computing power they will eventually catch up and all honest nodes will jump ship to the new longest chain. The initial payment will effectively have been rolled back, which means the original owner can try to spend it a second time.

    ReplyDelete
  10. “Is Bitcoin a good money?” - Yes it is good money. It wouldn’t be in circulation if it isn’t. Investors, entrepreneurs won’t be using it if not, right?

    ReplyDelete
    Replies
    1. Apple shares are also in circulation. When was the last time you used an AAPL share to buy a cup of coffee?

      Delete
  11. David,
    excellent post as usual. My undergrad econ class is very much into bitcoins and I have a guy who bought a load of bitcoins at a dollar. He is swimming in money right now. I have two questions for you, the first one is about the inherent deflation built in bitcoins. As you mentioned, bitcoin is subject to wild short-term swing in prices because of the limited supply. If bitcoin was created as a peer to peer currency to facilitate trade, given the limited supply, would bitcoin not turn into a store of value (assuming that people believe it has value and someone will always demand bitcoin) rather than as "medium of exchange", thus going against the original idea of its creator. The second question may be more techie. Mining Bitcoin already requires a lot of computer power. This raises two issues. Since it relies on the community for the verification and validation of transactions, given the increased need for computer power as more bitcoins are mined, it seems to me that mining will be done by entities that want to heavily invest in such computing power. This opens the door for fraud and potentially abuse of power. The second issue is regarding computer power. When we will get closer to the 21 m of bitcoins, will we have the computer power to solve the algorithms? Talking to some techies, it is not clear unless there is easy and cheap access to a quantum computer.

    ReplyDelete
    Replies
    1. Excellent questions, Tara.

      [1] Sure, I can see it retaining value as a store of value, like gold, for example.

      [2] I worry about that too -- the conclusion seems inevitable to me -- high concentration of power, which at the end of the day we must trust (perhaps for good reason because they would want to protect their francise value--but then, the same is true of banks).

      [3] Good question.

      Delete
  12. bitcoin in india is a radical solution and a great choice for fiat currency which have
    subjugated the globe for quite lots of time now. Though, the main issue with this crypto-
    currency is that this is volatile and its substitute rate fluctuates like any other currency,
    plus for that cause it is necessary for you to interpret the most recent news to know the
    newest exchange rates. If you have been keeping an eye on the news lately, you have to
    have observed that there have been lots of fluctuations in the price. The prices went
    higher in the early on part of the year plus then went down lots afterward a couple of
    months.

    ReplyDelete
  13. What should I expect from all the conversations made about Bitcoin? Either this digital money set up will be followed by everyone legally or this chapter will be closed once and for all?

    ReplyDelete
  14. Bitcoin is a form of digital currency, created and held electronically. No one controls it. Bitcoins aren’t printed, like dollars or euros - they’re produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems. It’s the first example of a growing category of money known as cryptocurrency... ty david

    ReplyDelete