Posted May 11, 2019
What factors will investors consider important when comparing other cryptocurrencies to Bitcoin? [Image source]
When Satoshi Nakamoto released Bitcoin, it naturally garnered interest among cypherpunks trying to create digitally native money. By using Proof of Work and its difficulty readjustment mechanism to solve the double spending problem, Satoshi managed to put Bitcoin significantly ahead of previous cypherpunk attempts at digital money. Along those lines, it is understandable why the Bitcoin community is irritated with most altcoins today; they simply do not differentiate against Bitcoin meaningfully enough to warrant attention.
While I sympathize with the core beliefs of this thinking, it does leave lingering questions. Along which dimensions could a cryptocurrency compete against Bitcoin today? Did Satoshi get every cryptocurrency design choice right? As a believer in free markets, I am in favor of honest cryptocurrency competition. Not to mention the fact that fierce competition through a truly free market strengthens the ultimate winner of the cryptocurrency market.
At this time, differentiations have been proposed along many vectors, ranging from privacy to on-chain governance. For the most part however, these differentiations are marginal and insufficient to disrupt Bitcoin on their own. In the end, I believe there are two differentiations against Bitcoin that could provide meaningful competition against Bitcoin: a cryptocurrency’s adaptability and its ledger assurance model. This blog will take a look at some of the most popular differentiations available: programmability, privacy, throughput, monetary policy, adaptability and ledger assurance, and examine whether they provide enough of a competitive advantage to compete with Bitcoin in the long term.
Programmability is perhaps the most well known form of differentiation in crypto. The main idea behind programmability is that it makes developing dApps much easier. In turn, the utility generated by dApps drives monetization.
In the case of Bitcoin, the sole purpose of Bitcoin’s script is to provide a simple way to signify the authorization of a value transfer. Satoshi said it best: “The nodes only need to understand the transaction to the extent of evaluating whether the sender’s conditions are met.” Bitcoin’s script was intentionally limited to predicates because Satoshi did not believe that programmability would be the key driving force behind making Bitcoin more money-like.
On the other hand, programmability advocates argue that the additional utility from more programmability will drive monetary premium. While true to some extent, additional programmability also exposes a cryptocurrency to a greater attack surface, as seen with Ethereum’s DAO hack. Ultimately, the marginal utility gained from additional programmability must also be compared to the marginal attack surface created by it.
Moreover, from a monetary perspective, it is not a given that utility is the critical driver of monetary premium to a cryptocurrency. Although utility does play a role in bootstrapping some forms of money, monetary premium is ultimately driven by other factors, like network effects, durability, reliability and liquidity. A good example of this is gold. For the most part, during gold’s monetization, there were few practical uses for gold. Despite this, gold had common acceptance throughout the world, could be easily stored and verified, remained scarce throughout history, and thus was widely used as money.
It is also worth noting that while Bitcoin’s script limits programmability to boolean evaluations, it does not necessarily limit its extensibility. For example, recently proposed BIP-schnorr, BIP-taproot and BIP-tapscript have recently been proposed by Pieter Wuille in order to modify script to allow for Schnorr signatures. These BIPs would structurally change script without increasing programmability while also increasing the efficiency and privacy of transactions. In sum, Bitcoin’s script provides more than enough extensibility to improve Bitcoin’s ability to function as a money without taking on risk associated with additional programmability.
Another way of looking at it is that transactions only occur when the sending party agrees on conditions under which they will transfer value. Script seeks to serve that use case solely. In turn, script’s predicate based nature fits this model perfectly, and provides plenty of room to grow. As noted earlier by Satoshi, ideas for script include multisig for custody solutions and hash time lock contracts for Lightning have provided tremendous value to Bitcoin’s ability to function as money without having to fully engage with the programmability-security tradeoff.
In conclusion, although Bitcoin’s script demonstrates the usefulness of programmability to a cryptocurrency’s ability to function as money, it isn’t clear how additional programmability infuses enough additional “moneyness” into a cryptocurrency for it to differentiate meaningfully against Bitcoin.
At first glance, it appears that privacy would be a strict improvement for a cryptocurrency to pursue given Bitcoin’s complete transparency. However, a closer look reveals some problematic tradeoffs.
First, increased base layer privacy reduces auditability, which is important because it helps users quickly verify that Bitcoin is functioning as expected. A great example of this was the recently disclosed Zcash bug: printed coins may exist in the shielded pool and we’ll never know for sure whether coins have been counterfeited. This is a truly disastrous outcome for a cryptocurrency. Ultimately, auditability ensures that everyone can verify that their currency is not counterfeitable and is crucial for scarcity and social consensus.
Second, privacy coins often require users to trust innovative cryptography that is much more experimental than the well established primitives of digital signatures and hash functions. As a result, privacy coins further push users to trust a handful of cryptographers to maintain the cryptocurrency. Again, this is a tradeoff, where users gain privacy at the expense of trust.
Third, privacy does not need to be built into the base layer. As a comparison, the Internet can provide a fair degree of privacy through Tor’s onion routing to obfuscate network activity and TLS for encrypting communications. A similar story is happening in Bitcoin, with Wasabi wallet “fungiblizing” individual users’ bitcoin via Chaumian coinjoin through the transaction layer and proposals like Dandelion for hiding transaction origination in the network layer.
Moreover, it would be very cumbersome to implement privacy at the physical layer of the Internet. Although physical layer privacy may have been ideal, it presents challenges that are simply easier to address at other layers of the Internet. In the end, the Internet’s physical layer focuses on one job: providing a reliable physical medium through which information can be transferred.
Finally, we do see some issues prop up with privacy coins at a performance level. For example, the privacy coin Monero cannot be pruned, could be vulnerable to tracability attacks and has a much larger transaction size compared to Bitcoin. This is a direct result of the complexity involved with implementing privacy. In the end, the cumbersome nature of building privacy is akin to a fully private physical layer of the Internet: ideal, but with substantial and potentially unnecessary performance tradeoffs.
On the other hand, one can make the case that the Internet faces privacy issues today as a result of not taking the time to properly build privacy lower in its protocol stack. As a result, today’s Internet users do not have privacy by default, and most users do not end up benefiting from the tools available that help make using the Internet more private.
In sum, privacy offers a differentiation against Bitcoin that provides a valuable characteristic of money to users and a critical property of money, but with some very important and potentially avoidable tradeoffs.
If a new cryptocurrency were to appear that improved throughput without engaging in any tradeoffs, it would be an instant hit. Of course, in a world without free lunches, this is not possible. Throughput is measured in transactions per second, and is inversely proportional to transaction size and directly proportional to block size.
In the transaction size case, it’s unlikely that a new form of digital signatures will come around that Bitcoin would not be able to adopt through a softfork. For example, Schnorr signatures could be implemented in a whole new differentiated cryptocurrency, but it’s also possible to integrate them into Bitcoin through a softfork.
In the block size case, Bitcoin’s network will need greater bandwidth across the network and social consensus to support a block size increase. This is due to the fact that block size increases substantially reduce Bitcoin’s security model; as fewer users would be able to independently validate Bitcoin’s state, it becomes much harder for more people to be able to trust the currency itself. As such, there is a direct tradeoff that is constantly being made here by all participants of the Bitcoin network: low bandwidth requirements and less throughput in exchange for enabling more users to run their own full node.
In the end, differentiation on the axes of transaction and block size would be marginal at best and would likely not be enough to usurp Bitcoin. While this form of differentiation could be useful, its costs to decentralization mean that it would not be enough on its own to overcome Bitcoin.
One of the most fascinating facts about Bitcoin is that it has a fixed money supply in the long term and its nth order effects on society. However, there is still some uncertainty with regards to how Bitcoin will function in a post-block reward world.
At this time, the game theory is out on what will happen as transaction fees start to take over as the chief subsidizer of the network. We don’t have a good understanding of what the impact of Lightning Network will be, how users will behave and how miners will view the network in the future. While there may be problems a few halvenings from now, none of them can be addressed now by coming out with a new coin with a different monetary policy.
In the end, at this time there is little reason to experiment with this issue at this time. Although there are interesting discussions ongoing in this vector, at this time, there just isn’t enough information available at this time for other cryptocurrencies to meaningfully differentiate on this axis.
For cryptocurrencies, adaptability is the ability of a cryptocurrency to make necessary changes to its protocol to protect itself. Another common term for this is governance, and it is critical to a cryptocurrency’s ability to build trust and Lindy effect among its users. Hasu gets to the crux of the importance of governance in Unpacking Bitcoin’s Social Contract: “You can agree you’re in a terrible situation and you can agree you want to change it, but the resulting social contract is only as strong as it is credible. Without a stable institution to enforce it, a contract loses the trust of the people and falls apart.” As such, creating a reliable adaptable systems could be a critical differentiation factor against Bitcoin.
In general, the tradeoffs of adaptability have to do with increasing upgradability in exchange for steadiness and conservatism of the rules within a system. In Bitcoin’s case, governance is largely informal and bottom up, and much of it occurs through BIPs. This process is covered extensively by Jameson Lopp in his article Who Controls Bitcoin Core? In the article, Lopp points out that Bitcoin develops more like a language does over time: “Languages emerge spontaneously; the consensus over the meaning of words is organic rather than dictated by dictionaries. Much as dictionaries describe the phenomenon of a language rather than define it, so do Bitcoin implementations describe the language of Bitcoin with code.” As such, we can understand Bitcoin’s adaptability to be very difficult to change singlehandedly, memetic based, and conservative. In exchange, it is much harder to force sweeping changes upon the network.
One popular method to counteract this lack of adaptability has been proposed is on-chain governance. Although potentially useful, on-chain governance does present challenges to cryptocurrencies. For starters, it is inherently anti-meritocratic. Those with large holdings of the currency gain influence over those with skill. For instance, imagine a world in which one group had exclusive control over Bitcoin’s development. We might see constant work hash function changes (demanded by users who don’t want to deal with those pesky ASIC manufacturers) or block size increases (which help miners and merchants in the short term at the expense of the health of the network). Instead, Bitcoin’s far more meritocratic process of approving and rejecting ideas has been more effective and secure, albeit slow. Altogether, formal governance is directly antithetical to Bitcoin’s goal of decentralization.
In addition, on-chain governance directly increases the attack surface of “corporate takeover” attacks where a group buys influence within the project. At a minimum, formal governance allows for lobbying for certain developments within the cryptocurrency, resulting in stakeholders picking winners and losers through the development of the cryptocurrency. Instead of letting ideas compete in the open, governance provides mechanisms that can be hacked by savvy parties. And as a result, governance presents political risks to the security of the cryptocurrency itself.
In their piece, A Conflict of Crypto Visions, Arjun Balaji and Yassine Elmandjra summed up Bitcoin’s stance on formal governance: “Because the specifics of law and governance are complex and unknowable, the constrained vision opposes fully formal on-chain governance: implementation of “law as code” becomes heavily subjective and unlikely to account for the unpredictable changes in the real world.” Essentially, it’s impossible to know how or what governance will be used for in practice. As seen here, governance can be viewed as an unnecessary introduction of politics to something that ideally would be void of politics in the first place.
That being said, formal governance does have potential for allowing for increasing the adaptability of a cryptocurrency. By providing a formal framework through which disputes are resolved, governance may help keep a community unified while allowing it to remain nimble. This can be tremendously helpful for a new cryptocurrency, especially as it tries to bootstrap trust among users in an attempt to compete with users’ well established trust in Bitcoin. All told, by providing credible governance, a cryptocurrency accomplishes several critical tasks: first, it bootstraps its own trust within holders by elevating their importance above that of anyone else within the given cryptocurrency’s ecosystem, second, it meaningfully differentiates itself from the informal governance king in Bitcoin, and third, it further integrates its technical and social systems, making for better adaptability.
Finally, it’s worth noting that Bitcoin has demonstrated adaptability in times where the agreed upon social consensus rules were insecure in the short term. CVE-2010–5139, also known as the Value Overflow Incident and CVE-2018–17144 demonstrated that Bitcoin can make changes when fundamental aspects of its security are challenged. In a way, adaptability varies on a spectrum from security risk to upgrade profitability.
In total, adaptability, whether its through on-chain governance or not, presents a tradeoff between political attack security surface in exchange for upgradability and reduced forkability. It does not stop truly motivated forkers, and does reduce the meritocracy associated with debates in a cryptocurrency’s community. As it stands today, Bitcoin dominates the informal governance axis of the cryptocurrency industry. Given that governance plays such a critical role in the social contract of a cryptocurrency, it will be interesting to see which cryptocurrency’s governance systems prove to be successful in the years to come.
Ledger Assurance Model
This is likely the most meaningful way to differentiate against bitcoin. An idea invented by Permabull Nino in his article Assurances in Crypto, ledger assurance is the security and reliability guarantees generated through consensus mechanisms like Pure Proof of Stake, Proof of Stake + Proof of Work, and Bitcoin’s pure Proof of Work along with its difficulty adjustment mechanism. It will be interesting to see what tradeoffs are uncovered in this subfield of cryptocurrency because it is basically a currency’s security model against double spending attacks.
To sum up the idea behind Permabull Nino’s ledger assurance models: all monies can be summarized as ledgers that assure their users of their balance through accounting practices and respective legal systems. In the case of fiat, we have sophisticated accounting systems for individuals and businesses to keep track of their money and laws and regulations to help facilitate transactions between adversarial parties. Bitcoin provides people with accounting by allowing them to track their individual accounts through the blockchain, and provides mechanisms to transact through its digital signature system and Proof of Work. In sum, because Bitcoin provides significantly improved ledger assurances over fiat, it will eventually win the battle of monies. (Note, Murad Mahmudov discusses this idea in a recent RHR in depth. Link here.)
One popular ledger assurance model is Proof of Stake. Instead of rewarding blocks to the strongest worker, it rewards blocks to the strongest staker. As a result, Proof of Stake provides low energy consumption and complete finality. In doing so, it sidesteps two oft-cited criticisms of Proof of Work: energy abuse and vulnerability of having Proof of Work’s game theory exploited. That said, there are drawbacks to Proof of Stake. It is naturally oligarchical and disposes itself towards technical and complexity problems. It is practically impossible to fair launch from scratch a Proof of Stake currency (i.e. either a Proof of Work bootstrapping period or long term ICO required). Additionally, given the variety of implementations of Proof of Stake, it isn’t clear what Proof of Stake is at this time.
Another potential ledger assurance model could be a hybrid between Proof of Work and Proof of Stake. Such a hybrid would likely live somewhere between Proof of Work and Proof of Stake tradeoff spectrum. Again, given the variety in Proof of Stake implementations, it is unclear how such a currency would work at this time.
All this isn’t to say this design space isn’t worth exploring. As more information comes to light about the security of Proof of Work, alternative consensus models could provide better ledger assurance. For example, if it is determined that the economics of Proof of Work is doubtful, then another consensus mechanism might uncover tradeoffs to mitigate the issues with Proof of Work. If a superior model were to arise that provided Bitcoin-like guarantees and addressed any potential problems with Proof of Work, it’s likely that cryptocurrency would compete strongly with Bitcoin.
Differentiation at Level 1 will be much more interesting than other forms of differentiation. Source
Another important point worth acknowledging about this space is the importance of social scalability as a tradeoff within the ledger assurance model differentiation. As Nick Szabo writes in Money, Blockchains and Social Scalability, “the secret to Bitcoin’s success is that its prolific resource consumption and poor computational scalability is buying something even more valuable: social scalability.”
Proof of Work, and its counterpart, Proof of Stake, can be thought of as being on a sliding scale between social scalability and computational and energy efficiency. Where pure Proof of Stake is highly political and relies heavily on a wide variety of design choices, Proof of Work is objective, and whose only design choices involve the difficulty adjustment mechanism and selection of a hash function. On one hand, pure Proof of Work provides unlimited social scalability, and on the other, Proof of Stake or its introduction limits social scalability while gaining energy efficiency.
In the end, ledger assurance models are the primary drivers of trust within monies. And it is trust that ultimately matters in the competition of monies. Ledger assurance models confer finality and provide users with a sense of security. In addition, ledger assurance models must account for social scalability. In sum, because ledger assurance simultaneously involves building trust among users and allowing for social scalability, cryptocurrencies that heavily differentiate on this axis successfully will have a much greater chance of competing with Bitcoin.
At this moment in time, differentiating against Bitcoin is really hard. Barring a Satoshi level innovation in a new cryptocurrency model, there just isn’t much of a justification to experiment with a vast majority of the cryptocurrencies available today.
Some differentiations like programmability, monetary policy and privacy present tradeoffs that provide marginal benefits to the core functionality of a cryptocurrency, but have significant downsides. At this time, Bitcoin dominates most of these tradeoffs by selecting for security and decentralization. In total, these differentiations can be treated as red herrings; easy on the eyes, but impractical in practice.
In the end, ledger assurance systems and adaptability may just be the axes along which cryptocurrency can differentiate against Bitcoin. At this time, it is unclear what the post block subsidy (and future) problems will look like, how to implement other ledger assurance models and hard cap monetary policy will tend to outcompete inflationary currencies in the short term. In sum, these two vectors present interesting fields of research through which cryptocurrencies can meaningfully differentiate themselves against the Proof of Work and organic governance king, Bitcoin.
Cryptocurrencies differentiate in the present through their governance and ledger assurance models, and over time by building liquidity, acquiring development and entrepreneurial talent, and increasing belief in their security. Ultimately, the long term differentiations take time and no one can come close to matching Bitcoin’s Lindy-based security. And while all differentiations are linked, a new cryptocurrency will only be able to compete with Bitcoin in the immediate term by finding niches within the differentiations of ledger assurance and adaptability.