比特币区块图示:隐性与显性 AsicBoost

摘要:我们提供了一个关于比特币区块的图解说明,其中包括 Merkle 树,并解释为什么在隔离见证( Segregated Witness )升级时在区块中加入额外 Merkle 树是必要的。然后,继 2017 年 9 月我们发布关于 AsciaBoost 的文章,我们再仔细观察一下显性和隐性 AsicBoost 的某些潜在负面影响。在专利所有者最近发出了公告后,我们得出结论认为,新的区块链防御专利许可证( BDPL )计划如果稳健,显性 AsicBoost 对网络上系统所带来的风险是有限的。而另一方面,对效率较低的隐性 AsicBoost 可能仍然存在一些问题。

 

这是对比特币区块和 Merkle 树结构的简化描述。其他更详细的插图由杰里米·鲁宾( Jeremy Rubin )和蒂莫·汉克( Timo Hanke )制作。 (资料来源: BitMEX 研究)

 

组成部分的图示

 

区块头

 

比特币区块的头部(灰色)大约有 80 个字节,包括区块版本,前一个区块的哈希值, Merkle 根,时间戳,位元(难度)和随机数。

 

候选区块头


除了随机数以外,其包含了区块头的所有内容 。

 

子区块

 

上图显示 Merkle 根分为两部分,这是进行比特币 SHA256 工作验证功能所要求的。对此的解释可以在我们早期关于AsicBoost 的文章上找到。

 

第二个 Merkle 树


隔离见证升级引入了一个新的 Merkle 树,除了它包含了见证数据并排除了 coinbase 的交易外,它与主 Merkle 树基本上具有相同的结构。每笔交易的相对位置必须与主 Merkle 树的位置保持一致。

 

为什么要有第二个 Merkle 树

 

第二个 Merkle 树增加了区块复杂性,有些人认为它对整体系统来说是不利的。隔离见证是比特币网络的升级,该升级修复了某些缺陷,比如关于 sighash 操作的二次方扩充和交易延展性。见证数据不能被添加到主 Merkle 树中,否则旧节点会认为这些交易无效,这将产生硬分叉。

 

然而,那些表示如果隔离见证是透过硬分叉升级而不是软分叉升级便可以避免产生额外 Merkle 树的说法是不正确的。硬分叉会使 Merkle 主树中包含见证数据,进而导致现有的钱包将新的交易格式视为无效,并且无论这些钱包是否具有充分验证节点,它们都将与新的交易格式不兼容。这样做的结果是,有些用户将无法互相交流,可能会造成资金丢失。想在像比特币这种实时网络实现这种升级且又不造成任何网络中断是不大现实的 。因此,即使隔离见证是通过硬分叉升级,加入第二个复杂的 Merkle 树的也是必要的。

 

AsicBoost

 

正如我们在前一篇关于 AsicBoost 的文章中所解释的那样,隐式 AsicBoost 利用散列算法拆分两个区块之间的 Merkle 根,然后在 Merkle 根的最后 4 个字节中寻找冲突点 。 隐性 AsicBoost 会与交易混淆,这是显式 AsicBoost 能够避免的。除非区块变得更小,第二个 Merkle 树使隐式 AsicBoost 操作变得更加困难,而一般区块变小是可以被检测到的。

 

AsicBoost潜在的负面问题

  隐性 AsicBoost 显性 AsicBoost

专利保护

无论是隐性或显性 AsicBoost 的潜在负面影响是一样的。  AsicBoost 是一项专利技术,正如我们在前一篇关于专利的文章中所解释的那样,这些技术可能在区块链领域带来不利的后果。这似乎是 AsicBoost 的主要负面因素之一,因为它有可能给一家采矿公司带来其他竞争对手的不可逾越的优势,形成一个由法律保护而无法缩小的差距。这可能会破坏比特币的核心价值。如果专利所带来问题变得严重,比特币社区可能会实行软分叉来阻止 AsicBoost 的使用。

 

为了缓解这个问题,专利所有人可以开放专利 – 例如,加入防御性专利保证。看起来 AsicBoost 专利拥有者最近好像做出了这样的承诺。如果承诺足够强大,现阶段这个问题可以被解决,至少在专利适用的地区是如此。

小区块和低容量

隐性 AsicBoost 可能会激励或甚至空白区块的生产,这会使得隐性 AsicBoost 更加高效。但这会降低网络容量并增加交易费用。

小区块或空白区块对容量有负面影响,因为它们会维持网络难度,但不会对任何交易累积做出重大贡献。

不适用

不愿意升级到隔离见证以及不诚实的原因 也许 AsicBoost 最具破坏性的负面影响在于它可能导致一些矿工不愿意升级隔离见证。这本身可能并没有太大的负面影响,但是因此传播关于隔离见证的不诚实信息会对生态系统产生巨大的负面影响。

 

然而,我们想指出,这只是一个不确定且毫无事实根据的指控,目前尚不清楚这是否是反对隔离见证的动机之一。

不适用

调整 Merkle 树或交易的激励

如上图所示,隐性 AsicBoost 依赖矿工调整 Merkle 树或交易的能力。这可能会比小区块对网络造成的不利影响更大。隐性 AsicBoost 似乎是一个更简单的解决方案,只需要更改区块头中的一块字段。

不适用

超越竞争对手的优势

与已知优势相比,隐性  AsicBoost 可能无法被竞争对手检测到,因此可能会为其带来一些秘密的竞争优势。

 

尽管一般来说,我们认为透明度是一件好事,但运营着隐性 AsicBoost 的网络是否会因此而对网络造成任何不利因素,除了本表提到之处以外,我们并不清楚。

不适用

降低在 Bitcoin Core 中通过发出版本信号和警告消息执行软分叉升级的能力

不适用

显性 AsicBoost 使用版本字段,如上图左上角所示。这具有信号功能,表示矿工已准备好通过软分叉进行升级。显性 AsicBoost 可能会在此字段中使用空格,这可能会阻止其作为升级信号的功能。

 

然而:

  1. 显性 AsicBoost 可能不需要全部4个字节,因此一些字节可能可以留给软分叉信号。这可以减少同时发生的软分叉的数量。
  2. 许多人认为软分叉信号系统无论如何是个失败的系统。矿工通常会提供相互矛盾的信号,从而导致信号不可靠。

显性 AsicBoost 的另一个缺点是 Bitcoin Core 软件可能会看到一个不寻常的版本字段,并认为网络以未知的方式升级,从而向用户发出警告消息。


我们认为, AsicBoost 对整体网络来说,它不一定是个负面因素。虽然隐性 AsicBoost  激励小区块的开采的确是个问题,但大部分与显性 AsicBoost 相关的问题都是可以减轻或规避的。特别是,如果 BDPL 系统证明是有效的,那么使用显性 AsicBoost 可能不会产生显着的负面影响 – 至少在目前看来是如此。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

Diagram of a Bitcoin block: Covert versus overt AsicBoost

Abstract: We present a graphical illustration of a Bitcoin block, including the Merkle trees and explain why the additional Merkle tree in the block, associated with the Segregated Witness upgrade, is necessary. We then take a closer look at some of the potential negatives of both overt and covert AsicBoost, following on from our September 2017 piece on the subject. After the recent announcement from the patent owner, we conclude that the new Blockchain Defensive Patent License (BDPL) scheme, if robust, could result in limited downsides to the use of overt AsicBoost on the network. On the other hand, there may still be some issues with the less efficient covert AsicBoost.

This is a simplified depiction of the structure of a Bitcoin block and the Merkle trees inside it. Other, more detailed illustrations have been produced by Jeremy Rubin and Timo Hanke. (Source: BitMEX Research) 

Components of the diagram

Block header

The header of the Bitcoin block (in grey) is around 80 bytes and includes the version, the hash of the previous block, the Merkle root, the timestamp, the bits (difficulty), and the nonce.

Block header candidate

This includes all of the above, with the exception of the nonce.

Chunks

The diagram above shows that the Merkle root is split between two chunks, which are required to conduct Bitcoin’s SHA256 proof-of-work function. An explanation of this can be found in our earlier piece on AsicBoost.

Second Merkle tree

The SegWit upgrade introduced a new Merkle tree, which has the same structure as the main Merkle tree, except that it includes the witness data and excludes the coinbase transaction. The relative position of each transaction must remain identical to that of the main Merkle tree.

Why a second Merkle tree?

The second Merkle tree increases complexity, which some may consider a disadvantage. SegWit was an upgrade to the Bitcoin network that fixed bugs, such as the quadratic scaling of sighash operations and transaction malleability. The witness data could not be added into the main Merkle tree, as otherwise old nodes would consider these transactions invalid, which would be a hardfork.

However, it is not true to say the additional Merkle tree could be avoided by making SegWit a hardfork upgrade rather than a softfork upgrade. A hardfork resulting from the inclusion of witness data in the main Merkle tree would lead existing wallets to consider the new transaction format invalid, and these wallets would not be compatible with the new transaction format whether they were fully verifying nodes or not. The effect of this would be that some users would be unable to interact with each other and funds could appear to go missing. This type of upgrade may not be possible in a live network such as Bitcoin without significant disruption. Therefore, the additional complexity of a second Merkle tree would be necessary even if the SegWit upgrade were a hardfork.

AsicBoost

As we explained in our previous piece on AsicBoost, covert AsicBoost involves finding a collision in the last 4 bytes of the Merkle root, exploiting the fact that the hashing algorithm splits the Merkle root between the two chunks. Covert AsicBoost messes with the transactions, something that overt AsicBoost avoids. The second Merkle tree can make covert AsicBoost more difficult unless the blocks are much smaller, which could be detectable. 

Potential negative issues with AsicBoost

  Covert AsicBoost Overt AsicBoost

Patent protection

This potential negative of AsicBoost applies to both the covert and overt type. AsicBoost is a patented technology and, as we explained in our previous piece on patents, these can be particularly damaging in the blockchain space. This appears to be one of the primary negatives of AsicBoost, as it could potentially give one mining company an insurmountable advantage over the competition, resulting in a gap that could not be closed due to legal restrictions. This could undermine Bitcoin’s core value proposition. It is possible that the Bitcoin community would conduct a softfork to block AsicBoost if the patent problem becomes significant.

To mitigate this problem, the patent owner could open the patent — for example, by making a defensive patent pledge. It appears as if the AsicBoost patent owner may have recently made such a pledge. If the pledge proves robust enough, this issue may now be resolved, at least in the regions the patent applies.

Smaller blocks and lower capacity

Covert AsicBoost can incentivise the production of smaller or even empty blocks, which makes covert AsicBoost more efficient. This can then reduce the capacity of the network and increase transaction fees.

Smaller or empty blocks have a negative impact on capacity, since they still maintain the network difficulty but do not make a significant contribution to any transaction backlog.

n/a

Unwillingness to upgrade to SegWit and potential dishonesty over the reason

Perhaps the most damaging negative of AsicBoost was that it may have caused some miners to be unwilling to upgrade to SegWit. This in itself may not be much of a negative, but the supposed dishonest and divisive misinformation campaign about SegWit may have had a large negative impact on the ecosystem.

However we would like to point out that this is merely an uncertain, unsubstantiated accusation, and it is not clear if this was a motivating factor behind opposition to SegWit.

n/a

Incentive to adjust the Merkle trees or transactions

As the diagram above illustrates, covert AsicBoost relies on the ability of the miner to adjust the Merkle tree or the transactions. This could have detrimental effects on the network other than smaller blocks. Overt AsicBoost appears to be a much cleaner solution, needing only a field in the block header to be changed.

n/a

Secret advantage over competition

Covert AsicBoost may be undetectable and therefore may provide some miners a secret advantage over the competition, compared to a known advantage.

Although in general we think transparency is a good thing, it’s not clear whether or not the network on which covert AsicBoost operates suffers any direct disadvantage from the secrecy, apart from what is mentioned elsewhere in this table.

n/a

Reduced ability to conduct softfork upgrades via version signalling and a warning message in Bitcoin Core

n/a

Overt AsicBoost uses the version field, seen on the top left of the illustration above. This has been used as a signal, to indicate that a miner is ready to upgrade via a softfork. Overt AsicBoost may use space in this field, which may prevent its use as an upgrade-signalling system.

However:

1. Overt AsicBoost may not require all 4 bytes and therefore some bytes may be left for softfork signalling. This could reduce the number of softforks that can occur simultaneously.

2. Many regard the softfork signalling system to have been a failure anyway. Miners often provide simultaneous contradictory signals, rendering the signal methodology unreliable.

Another downside of overt AsicBoost is that Bitcoin Core software may see an unusual version field and think the network is upgrading in an unknown manner, resulting in a  warning message to the user.

In our view, AsicBoost is not necessarily a negative for the network. Although covert AsicBoost has problems with an incentive to produce smaller blocks, most of the issues related to overt AsicBoost can be mitigated. In particular, if the BDPL system proves robust, there may be no significant negatives resulting from the use of overt AsicBoost — at least none which we can currently predict.

Tether

Abstract: Tether is a crypto token based on top of Bitcoin and Ethereum’s blockchains, the value of which is pegged to the US dollar by centralised USD reserves. There is scepticism about Tether, with accusations that the system is not backed by sufficient reserves. We think that this Tether scepticism is mostly focused on the wrong issue. We have found possible evidence in published financial data that the impact of Tether is visible in Puerto Rico’s banking system. Tether is likely to be, or is already, encountering problems related to regulation and we think this should be the primary long-term concern for Tether holders.

About Tether

Tether is a scheme that allows fiat currencies such as the US dollar to be used on the Bitcoin (and Ethereum) blockchain. The abstract of the Tether white paper explains:

A digital token backed by fiat currency provides individuals and organizations with a robust and decentralized method of exchanging value while using a familiar accounting unit. The innovation of blockchains is an auditable and cryptographically secured global ledger. Asset-backed token issuers and other market participants can take advantage of blockchain technology, along with embedded consensus systems, to transact in familiar, less volatile currencies and assets. In order to maintain accountability and to ensure stability in exchange price, we propose a method to maintain a one­-to-­one reserve ratio between a cryptocurrency token, called tethers, and its associated real­world asset, fiat currency. This method uses the Bitcoin blockchain, proof of reserves, and other audit methods to prove that issued tokens are fully backed and reserved at all times

The Tether token therefore exists on top of the Bitcoin and Ethereum blockchains, with around 97% and 3% of its tokens existing on each chain respectively. On Bitcoin, its tokens exist similarly to coloured coins and use the Omni layer, whose protocols interpret extra meaning from some surplus Bitcoin transaction data — for example, the creation or transfer of Tether.

The primary use case of Tether appears to be financial speculation, with many exchanges allowing their customers to buy and sell Tether in exchange for crypto tokens such as Bitcoin. Currently, around 2.2 billion Tether, representing US$2.2 billion, exist. As the chart below illustrates, about 85% of Tether holders are known, with the largest holders being the biggest crypto token exchanges. There is likely to be some mechanism by which these large holders can redeem Tether directly for USD, which we speculate on at a later point in this report.

Tether owners in February 2018 listed in millions of USD. (Source: Tether rich list, Tether transparency report)

The Tether hack

It appears as if the Tether treasury wallet was hacked in November 2017. US$31 million was stolen and sent to an external Bitcoin address, where it remains in quarantine. On 21 November, Tether released a forked client of OmniCore. This froze the stolen funds and was essentially a hardfork of the Omni layer. Since the Tether company backs the Tether token with real USD, Tether users had to upgrade, since Tether would obviously only back the tokens on their chosen side of the fork. As Tether put it:

We strongly urge all Tether integrators to install this software immediately.

The hacking incident demonstrated that Tether is effectively in complete control of the ledger, as they can force a hardfork at will and reverse any transaction — although there may not have been any doubt about Tether’s control beforehand. This raises the question of why Tether bothers to put the database on the Bitcoin and Ethereum blockchains at all — it would be far cheaper for Tether to create its own public database without needing to pay fees to the miners. Although the Tether company was and is able to freeze funds, the process is technically difficult and time consuming, as it requires new software to be written and released and for all Tether exchanges to upgrade.

Who controls Tether?

The Tether “About us” page only appeared between 5 December 2017 and 7 December 2017, and it revealed that Tether had the same management team as the Bitfinex exchange, as the table below illustrates. This is approximately when Tether is said to have received a subpoena from the US Commodities Futures Trading Commission (6 December 2017). Prior to this point, Tether did not disclose its management team — on the website, at least — although it was widely believed that Bitfinex was behind Tether. The timing appears to suggest that the subpoena may have prompted the greater transparency.

Bitfinex Senior Team Tether Team
JL van der Velde (CEO) JL van der Velde (CEO)
Giancarlo Devasini (CFO) Giancarlo Devasini (CFO)
Philip Potter (CSO) Philip Potter (CSO)
Stuart Hoegner (general counsel) Stuart Hoegner (general counsel)
Matthew Tremblay (chief compliance officer) Matthew Tremblay (chief compliance officer)
Paolo Ardoino (CTO)
Chris Ellis (community manager)

Tether and Bitfinex have essentially the same management team. (Source: Tether, Bitfinex)

The Paradise Papers, released in November 2017, revealed that Bitfinex’s CFO and CSO are owners and directors of Tether respectively. There was already little doubt about the link between Tether and Bitfinex prior to full disclosure on Tether’s website.

Tether management and owners. (Source: Paradise Papers)

Some think that Tether may have previously implied that Bitfinex doesn’t control Tether. For example, Craig Sellars, a Tether founder and advisor — and a former CTO of Bitfinex — stated on Reddit in spring 2017:

Bitfinex is a customer of Tether. If Bitfinex wants more USD, they make a request to Tether, just like all other Tether customers. Tether waits for USD to show up, and when it does, creates the necessary tethers and credits Bitfinex.

That comment left much open to interpretation but certainly did not explicitly state that Bitfinex does not control Tether. In this comment, a month prior to the above one, Sellars specifically states that he and Bitfinex CSO Phil Potter were discussing how to improve Tether. Sellars was also open about his simultaneous involvements in Tether and Bitfinex, as his LinkedIn profile indicates:

  • April 2014 to present: Tether founder and advisor
  • January 2015 to May 2016: Bitfinex CTO
  • April 2014 to May 2016: Tether founder and CTO

We do not think there is evidence that Tether misled the public about Bitfinex’s involvement, which some have claimed.

The Tether audit

The Tether homepage states that:

Our reserve holdings are published daily and subject to frequent professional audits.

The accounting firm Friedman LLP (FLLP) published a report in September 2017 in which  it confirmed that the USD balances that Tether was supposed to hold. The report stated that as of 15 September 2017, a bank held $382,064,782 in an account in the name of Tether.

However, the report did not disclose the names of any of the banks nor did it mention the jurisdictions in which the banks operate. The report also stated that:

FLLP did not evaluate the terms of the above bank accounts and makes no representations about the Client’s ability to access funds from the accounts or whether the funds are committed for purposes other than Tether token redemptions.

In January 2018, Tether ended its relationship with FLLP and explained with this emailed statement.

We confirm that the relationship with Friedman is dissolved.  Given the excruciatingly detailed procedures Friedman was undertaking for the relatively simple balance sheet of Tether, it became clear that an audit would be unattainable in a reasonable time frame. As Tether is the first company in the space to undergo this process and pursue this level of transparency, there is no precedent set to guide the process nor any benchmark against which to measure its success.

The statement indicates that there is a lack of transparency and the audit processes appears inadequate, or at least inconsistent with the promises made on the Tether website. This  likely contributed to the rumors in the cryptocurrency community — for example, claims that Tether is a Ponzi scheme.

Lack of transparency does not necessarily indicate fraud

Tether allows its users to send and receive USD. Transactions cannot easily be blocked and users require no permission — although one notable exception to this is Tether requiring all users to upgrade to a new client in order to block transactions, which is the cumbersome process that occurred after the $31 million hack.

Tether also potentially allows users a degree of anonymity when making or receiving transactions. Its characteristics potentially make it attractive to criminals, just like Bitcoin. While those with the ability to issue and redeem Tether, such as exchanges, are required to go through approval and KYC processes, individual users can use Tether merely by generating a public/private key pair, again just like Bitcoin.

Regulators are unlikely to be particularly happy about this and banks are likely to consider Tether with scepticism. Tether also requires the use of a bank, to hold the USD reserves required to back Tether. Many banks are likely to approach Tether cautiously, and accepting Tether as a client may violate a bank’s compliance procedures such as rules meant to prevent money laundering.

Therefore, Tether may have a problem: either the company may try to conceal aspects of how Tether operates from the reserve bank or the company may need to find a bank with compliance procedures that are not as strict as those of the most prominent financial institutions. We suspect that Tether may have struggled to find appropriate banking relationships and may have had accounts with many banks in many jurisdictions as it tried to find the right partner. We believe this is likely to be the primary reason for the apparent lack of transparency, rather than a lack of USD reserves. The transparency that some Tether stakeholders seem to expect may not be possible in the financial sector when the underlying activity is not clearly authorized or regulated by the authorities.

The Bitfinex exchange may have revenues in excess of US$1 million per day during the recent crypto currency bubble (assuming 100,000 BTC volume per day, 0.1% commission, and a $10,000 BTC price). Even if Tether were experiencing problems, Bitfinex may have resources sufficient to bail out the system. This wealth may also remove some of the incentive to run a fraud or a Ponzi scheme of the type some of the Tether sceptics allege.

Financial data from Puerto Rico

Rumors have been circulating that Tether may have some link to the unincorporated American territory of Puerto Rico. We decided to analyse public financial data to look for signs of unusual activity or strong growth.

We noticed strong growth in the cash balance (and the deposit balance) in the International Financial Entities (IFE) banking category. This sharp increase in cash reserves could be related to Tether. It is also possible for this growth to be related to a non-Tether aspect of the crypto currency ecosystem — for example, plans to make Puerto Rico a crypto utopia.

The chart below compares the value of Tether issued versus the deposit balance for the IFE banking category in Puerto Rico. The match is far from perfect and we cannot draw any strong conclusion from the data. It will be interesting to see what figures the regulators in the region produce going forwards.

Puerto Rico’s IFE aggregate deposits versus Tether in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

In addition to the growth of the total cash balance, we noticed that the cash balance was growing as a proportion of total assets, as the chart below illustrates.

 Puerto Rico’s IFE aggregate cash as a proportion of total assets. (Source: IFE Accounts, BitMEX Research)

This kind of balance-sheet structure is unusual. Normally, banks lend most of their assets and only keep a small balance as cash. The table below shows a simplified typical structure of bank balance sheets.

Illustrative example of the balance sheets of a typical bank and a 100% reserve bank respectively. (Source: BitMEX Research)

Full-reserve banking results in a different balance sheet, which should be detectable by financial analysts even when looking at macroeconomic data. As of the end of September 2017, the ratio of cash to total assets for this category of financial institution in Puerto Rico rapidly climbed to over 70%. This may indicate the presence of full-reserve banking in the territory and that the practice is growing.

Full-reserve banking

Full-reserve banking (also called 100% reserve banking) is when a bank does not lend deposits but keeps all deposited funds either in the form of physical cash or electronically on deposit at a custody bank or the central bank. Full-reserve banking is a fringe concept in modern finance often associated with the Austrian School of economics and libertarianism (or even a Bitcoin type of philosophy). Full-reserve banking is said to make the financial system less susceptible to credit expansion, something Bitcoin is also said to be able to achieve. The main benefit of this is that it could make the economy less likely to experience business cycles, as we explained in our earlier piece.

Noble Bank

We looked at all the financial institutions in the IFE category in Puerto Rico, and identified two banks which claim to be full-reserve banks: Euro Pacific International Bank and Noble Bank International. Full-reserve banks are rare, so while we can’t rule out the existence of any others, it may be unlikely that any others are operating.

Extract from the list of registered IFEs in Puerto Rico. Noble is highlighted in red by BitMEX Research.(Source: Commissioner of Financial Insitutions of Puerto Rico)

Euro Pacific Bank is run by Peter Schiff, a well-known Austrian economist and Bitcoin sceptic. Due to this scepticism, we think it is unlikely that Schiff would become involved in a Bitcoin-related entity like Tether.

Noble Bank, however, is involved in the crypto space and therefore could be involved in Tether. Evidence of Noble’s involvement in cryptocurrency includes the following extract from a letter to the regulator that the bank sent in 2015:

Noble intend to operate an integrated financial market network for the trading, clearing, and settlement of real currency, Bitcoin and other digital currencies

Noble is also the bank that entered into a Bitcoin-related business partnership with Nasdaq in 2015. We suspect that the growth in reserves in this section of the financial services industry in Puerto Rico is related to Noble Bank and cryptocurrency, whether or not this involves Tether.

The founder and CEO of Noble Bank, John Betts, was also behind the 2014 Sunlot Holdings move to take over and potentially rescue MtGox. Sunlot was backed by Brock Pierce, one of the founders of Tether.

Of course, a previous professional relationship between the Noble Bank CEO and one of the Tether founders proves nothing, and the blockchain ecosystem is a small space so such connections are likely. We would like to emphasize that even if Noble Bank is the primary reserve bank of Tether, none of this is evidence that Noble Bank has done anything inappropriate or illegal.

In a Medium post, Noble describes how it lets “clients to create their own pools of credit” and explains the structure of this system with the following illustration.

(Source: Medium)

It is possible that the above model could be the underlying structure behind Tether, and this could explain how it is backed by US dollars. This would indicate the USD that back Tether are inside the Puerto Rican banking system with the reserves held by BNY Mellon, Noble’s custody bank, which is the largest custody bank in the world. If true, this would imply that Tether is not a Ponzi scheme, since the USD reserves are present and being reported to the authorities, and that the reserves may be relatively safe. Although, as we explain later in this report, this should not provide complete comfort for Tether holders in the long term.

Case studies

As we mentioned above, Tether has the following characteristics:

  • No permission is required to send or receive Tether.
  • Transactions cannot be easily blocked.
  • Tether users may be able to obtain a degree of anonymity.

These characteristics may make the system attractive for criminals and money launderers — and if criminal activity becomes too prevalent, the authorities may wish to shut the system down. This has already happened numerous times in the past, as the case studies below demonstrate. In a later report, we may dig into the history of these case studies in more detail.

Liberty Reserve (2006-2013)

Liberty reserve was a Costa Rica-based centralized digital-currency service that let users  send and receive USD-denominated payments over the Internet. Payments could be made using email addresses and there was no procedure to identify those using the system. In 2013, Costa Rican authorities closed the service, accusing the system of facilitating the laundering of US$6 billion of criminal proceeds in the indictment. The founder of the service was arrested and sentenced to prison. The BBC described the service as follows:

Cash could be put into the service using a credit card, bank wire, postal money order or other money transfer service. It was then “converted” into one of the firm’s own currencies – mirroring either the Euro or US dollar – at which point it could be transferred to another account holder who could then extract the funds.

GoldAge (1999-2006)

Prior to founding Liberty Reserve, the same founders ran GoldAge, a gold-based payment platform that was also shut down by the authorities. As the US Justice Department put it:

The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme.

e-Bullion (2001-2008)

e-Bullion was a centralized Internet-based gold-payment system. In 2008, the co-founder of the system was murdered. As a result, the US government confiscated the company’s assets and the system was shut down.

DigiCash (1994-1998)

Perhaps one of the most interesting of the centralised pegged-payment platforms was DigiCash. Developed by David Chaum, DigiCash had strong anonymity technology based on blind signatures built into the system. The platform resembled modern distributed anonymity-based tokens like Monero.

Although DigiCash was centralised, the operator was unable to obtain details about the transactions because everything was anonymous, and therefore the transactions themselves were, in a sense, fully censorship resistant. However, the company eventually failed and in 1998 filed for bankruptcy.

Censorship resistance has two sides: one, that transactions themselves cannot be blocked and the second being that the entire system cannot easily be shut down. The first is relatively easy to achieve though anonymity-based technology such as ring signatures, while the second is more challenging.

The US Justice Department lists other examples of shut-down Internet-based payment systems, including the following.

E-gold (1996-2007)

On April 27, 2007, a federal grand jury in Washington, D.C., indicted two companies operating a digital currency business and their owners. The indictment charges E-Gold Ltd., Gold and Silver Reserve, Inc., and their owners with one count each of conspiracy to launder monetary instruments, conspiracy to operate an unlicensed money transmitting business, operating an unlicensed money transmitting business under federal law, and one count of money transmission without a license under D.C. law. According to the indictment, persons seeking to use the alternative payment system E-Gold were only required to provide a valid Email address to open an E-Gold account–no other contact information was verified. The indictment is the result of a 2½-year investigation by the U.S. Secret Service with cooperation among investigators, including the Internal Revenue Service (IRS), the Federal Bureau of Investigation (FBI), and other state and local law enforcement agencies. According to Jeffrey A. Taylor, U.S. Attorney for the District of Columbia, “The defendants operated a sophisticated and widespread international money remitting business, unsupervised and unregulated by any entity in the world, which allowed for anonymous transfers of value at a click of a mouse. Not surprisingly, criminals of every stripe gravitated to E-Gold as a place to move their money with impunity.”

ShadowCrew

On June 29, 2006, Andrew [Mantovani] was sentenced to 32 months in federal prison for cofounding Shadowcrew.com, an international online discussion forum with more than 4,000 members, many of whom specialized in identity theft and fraud. Shadowcrew members sent and received payments for goods and criminal services through digital currencies. One indicted member, Omar Dhanani, operated an illegal currency exchange, providing members a money laundering service in digital gold by anonymously converting their illicit cash. Dhanani stated that Shadowcrew members used digital gold in order to avoid traditional banking systems. A yearlong investigation by the U.S. Secret Service led to the October 2004 arrest of 21 individuals in the United States, with several other arrests in foreign countries.

Western Express International Currency Exchange Company (2002-2005)

On February 22, 2006, Vadim Vassilenko, Yelena Barysheva, and Alexey Baryshev were indicted by the state of New York for operating an illegal check-cashing and money transmittal business from 2002 through 2005. Their company, Western Express International, acted as a currency exchanger, knowingly exchanging criminal proceeds for digital currencies. Through its web sites, Western Express actively solicited overseas clients in eastern Europe, Russia, and the Ukraine to operate illegally in the United States. Clients using fictitious, often multiple identities committed a variety of cyber crimes, such as reshipping, phishing, spoofing, and spamming. Items purchased with stolen credit card numbers were resold for digital gold, which was further laundered through Western Express. A total of $25 million flowed through the company’s bank accounts over the 4-year period, in violation of New York banking regulations.

Conclusion

History has shown that centralised systems with certain characteristics (censorship resistance or anonymous transactions) tend to get shut down by the authorities. Tether shares some of the same characteristics as these extinguished services so it may also attract criminals and ultimately suffer the same fate.

In our view, Tether has two choices:

  1. Reform the system to include KYC/AML procedures that allow the operator to easily block transactions or freeze funds. In order to do this, Tether may need to fundamentally change its technological architecture and perhaps leave the public blockchains. Essentially, Tether would just be turning into a traditional (or full-reserve) bank.
  2. Continue as is and risk being be shut down by the authorities at some point.

If Tether is shut down, there is a risk that some users may lose access to their funds, perhaps temporarily. We do not recommend holding Tether for the long term, but not for the reasons some of the sceptics typically pronounce. We think that criminal usage of Tether is likely to be relatively low because of the use of Tether for financial speculation, which is probably the system’s dominant use case. Furthermore, we have not found any evidence of criminals using Tether to launder funds. As it stands, we think an imminent shutdown is unlikely.

The case studies above illustrate the two angles to censorship resistance (individual transactions and the system as a whole) and what distributed crypto tokens need to achieve in order to be sustainable in the long run. If a payment system cannot block transactions, doesn’t require permission for use, or offers anonymous use, it will probably eventually be shut down. This could be just as true for systems like Tether and Ripple as it was for Liberty Reserve, E-gold, and DigiCash. A potential way around this is to try to build a distributed system that cannot be shut down (i.e., censorship resistance for the system as a whole).  Whether Bitcoin or other proof-of-work-based systems can achieve this is still unproven, in our view.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

A blockchain-specific defensive patent licence

Abstract: Although the impact of patents on society is debatable, they can have negative impact on the blockchain space. Opening patents up is potentially crucial to the blockchain industry. Unfortunately, however, technology innovators may need to obtain patent protection for defensive purposes. A defensive patent licence (DPL) may be able to protect the ecosystem from the harmful restrictions of patents or mitigate some of the risks. We explain some potential deficiencies and loopholes in the current DPL and take a look at a new, improved licence, a blockchain DPL (BDPL).

(Source: Mises Institute)

Patents in the blockchain space

The issue of intellectual property (IP) is somewhat controversial in the libertarian and blockchain communities. Although patents and copyrights are generally accepted by most, many libertarians regard these systems as unethical state-granted monopolies that impede economic prosperity. This negative view of IP is articulated by Stephan Kinsella in his article “Against Intellectual Property“, in which he describes a patent as follows:

A patent is a property right in inventions, that is, in devices or processes that perform a “useful” function. A new or improved mousetrap is an example of a type of device which may be patented. A patent effectively grants the inventor a limited monopoly on the manufacture, use, or sale of the invention. However, a patent actually only grants to the patentee the right to exclude (i.e., to prevent others from practicing the patented invention); it does not actually grant to the patentee the right to use the patented invention.  Not every innovation or discovery is patentable. The U.S. Supreme Court has, for example, identified three categories of subject matter that are unpatentable, namely “laws of nature, natural phenomena, and abstract ideas.” Reducing abstract ideas to some type of “practical application,” i.e., “a useful, concrete and tangible result,” is patentable, however.

Copyright, on the other hand, covers original works such as books, articles, movies, and computer programs. When it comes to the IP of blockchains or other technologies, patents seem to be more relevant than copyright, which applies more to works of art.

Whatever one thinks of the merits of patents, when it comes to assessing the efficacy of patents in the blockchain space, there are some specific considerations:

  1. A key feature of blockchains is their permission-less architecture, in which nobody has the ability to censor usage of the system (a.k.a. censorship resistance). If one patents a use or function in a blockchain-based system (such as a new transaction format), the patent holder and legal authorities may be unable to prevent its usage by others, potentially making patents unsuitable or unenforceable.
  2. A patent on a cryptocurrency mining technology could give the patent holder a competitive advantage over other miners. This could undermine the whole point of mining, which requires a degree of competition in order to be useful. If a miner or mining coalition achieves a significant proportion of the hashrate, they could censor some or all of the transactions, or even attempt to reverse transactions, potentially rendering the blockchain useless.

Therefore, although the efficacy of patents is debatable in general, many consider them negative with respect to blockchains and desire to avoid the usage of enforceable patents in the blockchain space altogether. Achieving this preferred outcome is not simple; it’s not sufficient for those who develop technology in this space simply to avoid patents. This approach would be vulnerable to so-called patent trolls who could patent these technologies at a later date and possibly hold hostage those blockchain businesses and users who use the patented technology. A form of protection against patent trolls is required.

The DPL

One such tool to prevent or mitigate the risks of patent trolls is the DPL. Companies already using this include the Internet Archive and Blockstream. By signing the DPL, these companies essentially allow any company or individual to use all of their patented technologies for free, as long as they also join the DPL. In order to join the DPL, one must commit to put all one’s respective patents inside the DPL and to not make an infringing patent claim against any DPL member. This effectively forms a club, which anyone may join, whose members need not worry about using the patents owned by any other member. The use of DPLs is purely defensive, and the more entities that join the DPL, the better it is for the blockchain community.

Problems with the DPL

We have spoken to some patent holders in the ecosystem as well as legal experts, and some have identified potential deficiencies within the DPL. The DPL is a first-draft attempt at this scheme and many seem to acknowledge that there is significant scope for improvement.

Potential DPL loopholes include:

  1. The DPL mentions the licence can be revoked if a member transfers a patent to a separate, non-DPL entity that does not abide by the terms of the DPL. However, this restriction only applies once member has joined the DPL. It is possible, in theory, for an entity to transfer patents to an associated company before joining the DPL. In this scenario, the new DPL member who transferred the patent could collude with the company who received it to engage in aggressive patent claims against other DPL members, while still being free to use other patents in the DPL.
  2. Although the DPL prevents members from enforcing their patents among other members, it does not prevent third parties from enforcing patents. A third party may restrict some DPL members from using a patent while licensing that same patent to other DPL members. If this occurs, as in the figure below, any DPL members obtaining the rights to use the patent could have an advantage over other DPL members, which is exactly what the DPL was set up to prevent.

Company H is not a member of the DPL but it licenses the use of its patented technology to DPL member company A while engaging in enforcement action against the other DPL members. This gives company A an advantage, while company A is still a valid member of the DPL. (Source: BitMEX Research)

The new BDPL

A proposed blockchain-specific DPL scheme, the BDPL, aims to improve on the DPL with amendments and additional terms that hope to correct the loopholes identified above. The BDPL still retains the core defensive properties of the original DPL, granting a licence to all members who join the BDPL.

This first loophole is fixed with an amendment to one of the terms in the licence. The original DPL merely prevents a member from making any non-defensive patent claim against another member. The new terms also prevent a member, “whether individually or in collusion with each other or with any other person”, from making a non-defensive claim. This stricter requirement may make the type of collusion mentioned above more difficult.

The second loophole is fixed by adding a new term to the licence. This is a requirement that specifies that the licence will be revoked if members use any patent licensed by a third party, when such a licence “is or is likely to be” enforced and restricted from use by another BDPL member. This should prevent a scenario such as the one illustrated above.

Conclusion

In our view, this new BDPL offers an improved, more robust alternative to the existing system. However, it is more onerous in some respects than the old scheme — for example, there are stricter requirements about making public notices. In addition, closing the circumvention loopholes requires a tradeoff: a BDPL member could be caught between a rock and a hard place if it licenses a crucial technology from a non-BDLP member who then begins enforcement action against other BDLP members without the knowledge of the licensee. Fixing this problem within the licence may not be possible, although mitigating this risk could be possible with additional licensing terms preventing aggressive action against other BDPL members.

Providing patent owners with more choices can only be beneficial and this new licence is a positive addition to the blockchain space. This scheme may be more robust and therefore more attractive to patent holders, while maintaining the defensive nature that can protect the ecosystem from the harmful effects of patents. We have spoken to patent owners who have indicated that they may prefer the BDPL to older schemes. While it would be beneficial were such defensive schemes to become popular, it is difficult to predict which, if any, will succeed.

We think the BDPL is both a significant improvement and more likely to be adopted than the DPL. If adopted, the BDPL could substantially benefit the ecosystem, mitigating one of the risks silently looming over the blockchain space.

 

The Ripple story

Abstract: In this piece, we briefly look over the history of Ripple and examine various disputes between the founders and partner companies, typically over control of XRP tokens. We then explore elements of the technology behind Ripple. We conclude that the apparent distributed consensus mechanism doesn’t serve a clear purpose, because the default behaviour of Rippled nodes effectively hands full control over updating the ledger to the Ripple.com server. Therefore, in our view, Ripple does not appear to share many of the potentially interesting characteristics crypto tokens like Bitcoin or Ethereum may have, at least from a technical perspective.


Jed McCaleb (left) joined Ripple in 2011. Chris Larsen (right) joined the company in 2012. (Source: BitMEX Research)

Introduction

On 4 January 2018, the Ripple (XRP) price reached a high of $3.31, an incredible gain of  51,709% since the start of 2017. This represented a market capitalization of $331 billion, putting Ripple’s valuation in the same league as Google, Apple, Facebook, Alibaba, and Amazon — the largest tech giants in the world. According to Forbes, Chris Larsen, the executive chairman of Ripple, owns 17% of the company and controls 5.19 billion XRP, worth around $50 billion at the time of the peak, making him one of the richest people in the world. Despite this incredible valuation, many of the market participants do not appear to know much about Ripple’s history or the technology behind it. In this piece, we provide an overview of the history of Ripple and look at some of its technical underpinnings.

History of Ripple

RipplePay: 2004 to 2012

Ryan Fugger founded a company he called RipplePay in 2004. The core idea behind the protocol was a peer-to-peer trust network of financial relations that would replace banks.


The RipplePay logo during that period of the company’s existence. (Source: Ripplepay.com)

RipplePay’s basic theory was as follows:

  • All banks do is make and receive loans. A bank deposit is a loan to the bank from the customer.
  • A payment from Bob to Alice in the traditional banking system is simply an update to their respective loan balances to the bank, with Bob’s loan to the bank declining slightly and Alice’s increasing slightly.
  • RipplePay held that one could replace banks by creating a peer-to-peer trust network in which individuals could directly loan each other, and alterations to these loan balances enable payments.
  • Payments, then, are simply updates to these loan balances, provided the system can find a path of relationships from the payer to the recipient.


In this example, the person on the far right side of the lineup makes a payment of $20 to the person on the far left. Although the payer and recipient do not directly trust each other, the payment transfers through a chain of IOUs forged of seven people who are linked by six trusted relationships. (Source: Ripple.com)

The network architecture is not dissimilar to the idea behind the Lightning Network, except with counterparty risk, something which Lightning avoids. In our view, this model is likely to be unstable and the trust networks are unlikely to be regarded as reliable — and therefore we are unsure of its efficacy. Either the system would centralise towards a few large banks and fail to be sufficiently different to the existing financial system or it would be liable to regular defaults. However, the current Ripple system is very different to this original idea.

At the start of 2011, Bitcoin was gaining some significant traction and began to capture the attention of Ripple’s target demographic. To some extent, Bitcoin had succeeded where Ripple had failed, building a peer-to-peer payment network with what appeared to be a superior architecture to Ripple. In May 2011, Jed McCaleb, an early Bitcoin pioneer, joined Ripple, perhaps to address some of these concerns.

McCaleb had founded the Mt. Gox Bitcoin exchange in 2010, which he sold to Mark Karpeles in March 2011. According to an analysis of the failure of Mt. Gox by WizSec’s Kim Nilsson, the platform was already insolvent, to the tune of 80,000 BTC and $50,000, in March 2011 when McCaleb sold it. Shortly after this, Ryan Fugger handed the reins of the Ripple project to McCaleb.

This video from June 2011 describes some of the philosophy and architecture of Ripple after McCaleb had joined the project:

OpenCoin: September 2012 to September 2014


The Ripple logo during the OpenCoin period. (Source: Ripple.com)

In 2012, McCaleb hired Chris Larsen, who remains on the board today as the executive chairman and whom the current website describes as a co-founder of Ripple. This marked the start of the OpenCoin era, the first of three name changes between 2012 and 2015. Larsen is the former chairman and CEO of E-Loan, a company he co-founded in 1996, took public in 1999 at the height of the tech bubble, and then sold to Banco Popular in 2005. Larsen then founded Prosper Marketplace, a peer-to-peer lending platform, which he left to join Ripple in 2012.

Larsen is not new to volatile prices and price bubbles. E-Loan experienced a peak-to-trough fall of 99.1% between 1999 and 2001. E-Loan’s IPO share price stood at $14 on 28 June 1999 before selling for $4.25 per share in 2005. (Source: Bloomberg)

To address the success of Bitcoin, Ripple now planned to allow Bitcoin payments on its network, potentially as a base currency for settlement. This period also marked the launch of the Ripple Gateway structure. The community realized that the peer-to-peer structure did not seem to work, with ordinary users unwilling to trust counterparties sufficiently to make the network usable for payments. To address this, Ripple decided to form gateways, large businesses that many users would be able to trust. This was said to be a  compromise, a hybrid system between traditional banking and a peer-to-peer network.


How Ripple gateways work. (Source: Ripple.com)

In late 2012, OpenCoin opposed the usage of the name “Ripple Card” by Ripple Communications, a telecom company that predated the launch of the Ripple payment network. This may illustrate the start of a change in culture of the company, with a willingness to use the law to protect the company, and a change in strategy to focus more on the Ripple brand.


Ripple Communications is an unrelated telecom company based in Nevada that held the Ripple.com domain and used the Ripple name before the Ripple payment network came into being. (Source: Internet Archive)

In October 2012, Jesse Powell, the founder and CEO of the Kraken exchange (which launched in 2011) and close friend of McCaleb, participated in Ripple’s first seed round with an investment believed to total around $200,000. Roger Ver is also said to have been an early investor in Ripple, apparently investing “before even the creators knew what it was going to be”.

XRP token launch: January 2013

Ripple released its XRP coin in January 2013. Like Bitcoin, XRP is based on a public chain of cryptographic signatures, and therefore did not require the initial web of trust or gateway design. XRP could be sent directly from user to user, without the gateways or counterparty risk, which was the method used for all currencies on Ripple, including USD. Ripple perhaps intended XRP to be used in conjunction with the web of trust structure for USD payments — for example, to pay transaction fees. The company set the supply of XRP at a high level of 100 billion, with some claiming this would help Ripple prevent sharp price appreciation. Critics argued that the XRP token may not have been a necessary component of the network.

In April 2013, OpenCoin received $1.5 million in funding from Google Ventures, Andreessen Horowitz, IDG Capital Partners, FF Angel, Lightspeed Venture Partners, the Bitcoin Opportunity Fund, and Vast Ventures. This was the first in many rounds of venture funding and it included some of the most respected venture-capital companies in the world.

McCaleb left the project sometime between June 2013 and May 2014. Although his departure appears to have only been widely discussed within the Ripple community starting in May 2014, later statements from the company indicates he ended his involvement in June 2013 when Stefan Thomas took over as CTO. Thomas had created the We Use Coins website in March 2011 and the 2011 “What is Bitcoin?” YouTube video.

McCaleb appears to have disagreed with Larsen on strategy and then was seemingly forced out of the project, based on support Larsen received from the new venture-capital investors. After leaving Ripple, McCaleb went on to found Stellar in 2014, a project said to be based on some of the original principles behind Ripple.

Ripple Labs: September 2013 to October 2015

In September 2013, OpenCoin became Ripple Labs.

In February 2014, Ripple implemented the “balance freeze” feature, which it activated in August 2014. This allowed Ripple gateways to freeze or even confiscate coins from any user of its gateway, even without a valid signature for the transaction. The motivation of this was said to be to enable gateways to comply with regulatory requirements, for example, a court order demanding the confiscation of funds. The default setting for a gateway was to have the freeze feature enabled, but it was possible for a gateway to disable this option by using a “NoFreeze” flag, such that tokens a gateway owed could not be frozen or confiscated using this feature. The largest gateway at the time, Bitstamp, did not opt out of the freeze feature.

In May 2015, regulatory authorities in the United States fined Ripple Labs $700,000 for violating the Bank Secrecy Act by selling XRP without obtaining the required authorisation. Ripple additionally agreed to remedial measures, the most onerous of which are summarised below:

  • Ripple Labs must register with FinCEN.
  • If Ripple gives away any more XRP, those recipients must register their account information and provide identification details to Ripple.
  • Ripple must comply with AML regulations and appoint a compliance officer.
  • Ripple must be subject to an external audit.
  • Ripple must provide data or tools to the regulators that allows them to analyse Ripple transactions and the flow of funds.

Ripple: October 2015 to present

In October 2015, the company simplified its name to Ripple.


The current Ripple logo. (Source: Ripple.com)

In September 2016, Ripple raised $55 million in funding in a round lead by Japan’s leading online retail stock-brokering company, SBI Holdings (8473 JP). SBI acquired a 10.5% stake in Ripple. As we mentioned in our “Public companies with exposure to the crypto space” piece, this is part of a wide range of SBI investments into crypto. SBI and Ripple have set up a joint venture, SBI Ripple Asia, which is 60% owned by SBI and 40% owned by Ripple. The company is hoping to provide a settlement platform using Ripple’s “distributed financial technology”.

In September 2017, R3, another blockchain company, sued Ripple. R3 argued that Ripple agreed in September 2016 to give it the option to buy 5 billion XRP at an exercise price of $0.0085 before September 2019. At the peak, the intrinsic value of this call option was worth around $16.5 billion. R3 alleges that in June 2017, Ripple terminated the contract, despite having no right to do so. Ripple then filed a counter case, alleging that R3 did not honour its side of the original 2016 agreement by failing to introduce Ripple to a large number of banking clients or to promote XRP for usage in these banking systems. As of February 2018, the case is unresolved.

Ripple supply and company reserves

When Ripple was founded, it created 100 billion XRP tokens of which 80 billion tokens were allocated to the company and 20 billion were given to the three founders. Here is an approximate breakdown of the distribution of those tokens:

  • The Ripple company received 80 billion XRP.
  • Chris Larsen received 9.5 billion.
    • In 2014, Larsen committed to put 7 billion XRP of this 9.0 billion into a charitable foundation.
  • Jed McCaleb received 9.5 billion. Upon leaving Ripple:
    • McCaleb retained 6.0 billion (subject to lock up agreement).
    • McCaleb’s children received 2.0 billion (subject to lock up agreement).
    • 1.5 billion was given to charity and other family members of McCaleb (not subject to lock up agreement).
  • Arthur Britto received 1.0 billion (subject to lock up agreement).

When McCaleb left Ripple, there were concerns he was, could or would dump his XRP into the market and crash the price. McCaleb and Ripple constructed the following agreement to prevent this by restricting the sale of XRP. The agreement was revised in 2016 after Ripple accused McCaleb of violating the initial terms.

2014 agreement
  • McCaleb’s sales are limited to $10,000 per week during the first year.
  • Sales are limited to $20,000 per week during the second, third, and fourth years.
  • Sales are limited to 750 million XRP per year for the fifth and sixth years.
  • Sales are limited to 1 billion XRP per year for the seventh year.
  • Sales are limited to 2 billion XRP per year after the seventh year.

(Source: http://archive.is/cuEoz)

As for the 80 billion XRP held by the Ripple company, the plan was to sell or give away this balance, use the funds to fund company operations, and to use it to seed global money-transfer gateways. As the Ripple wiki says:

XRP cannot be debased. When the Ripple network was created, 100 billion XRP was created. The founders gave 80 billion XRP to the Ripple Labs. Ripple Labs will develop the Ripple software, promote the Ripple payment system, give away XRP, and sell XRP.

From December 2014 to July 2015, the company disclosed on its website the amount of XRP it held, the amount in circulation, and indirectly (by mentioning a reserve) the amount spent on company operations. The company did not distinguish between what it sold and what it gave away for free. The disclosure for 30 June 2015 is shown below.


(Source: Ripple.com)

Some time after July 2015 the disclosure was modified, with the reserve balance no longer available. Since at least late 2017 Ripple disclosed three figures, the “XRP held by Ripple”, “XRP distributed” and “XRP to be placed in escrow”. As at 31 January 2018, the balances are as follows:

  • 7.0 billion XRP held by Ripple
  • 39.0 billion XRP distributed
  • 55.0 billion XRP placed in escrow

We have been unable to link or reconcile the old Ripple reserve figure with the new XRP held by Ripple figure, therefore we are unsure how much the company has spent on its own operations across the entire period. However, we have analysed the information disclosed in the old way prior to July 2015, 12 data points in total, in addition to forum posts from the company’s current chief cryptographer David Schwartz (regarded as one of the main architects of Ripple’s technology, who goes by the name JoelKatz online and is said to have had 1 billion XRP). The following charts present our findings related to the distribution or spend of XRP.


XRP holdings from 2013 to 2015 – billion. (Source: BitMEX Research, Ripple.com)


XRP distribution (sales to partners plus XRP given away) and XRP spent on company operations – billions. The crosses represent points where information was available. We are not aware of why the amount spent on company operations appears to decline towards the end of 2015. (Sources: Ripple.com, https://forum.ripple.com/viewtopic.php?f=1&t=3645, https://forum.ripple.com/viewtopic.php?f=1&t=3590)


XRP in circulation – billions. (Source: Ripple.com, https://forum.ripple.com/viewtopic.php?f=1&t=3645, https://forum.ripple.com/viewtopic.php?f=1&t=3590, Coinmarketcap/new Ripple disclosure)

The data shows that Ripple sold or distributed 12.5 billion XRP from January 2013 to July 2015. We have been unable to determine how many XRP were sold, at what price, or how many were given away. The company spent at least 4 billion XRP on company operations between March 2014 and July 2015 but there are no details of what this was spent on, as far as we can tell.

Dispute between company founders

As we alluded above, McCaleb did not part with the company on the best of terms. In May 2014, early Ripple investor Jesse Powell described the situation:

Since Jed’s departure, the management of the company has taken a different direction. Sadly, the vision Jed and I had for the project in the early days has been lost. I’m no longer confident in the management nor the company’s ability to recover from the founders’ perplexing allocation to themselves of 20% of the XRP, which I had hoped until recently would be returned. Prior to Jed’s departure from Ripple, I had asked the founders to return their XRP to the company. Jed agreed but Chris [Larsen] declined — leaving a stalemate. This afternoon, I revisited the allocation discussion with the pair and again, where Jed was open, Chris was hostile.

Ripple responded to Powell with a claim that he was spreading false and defamatory information in violation of his obligations as a Ripple board member. The letter states:

In fact, as Chris has stated previously in discussions with you and Jed, he has been and remains willing to return most of his founders’ XRP to Ripple Labs.

Powell retorted that Larsen would return only a portion of his XRP to the company, and rather than giving it back, this would be a loan. Powell ends the letter by explaining how he sees the situation with respect to the 20 billion XRP granted to the founders and the formation of Ripple:

Jed and I got started with Ripple in September of 2011. I believe Chris joined sometime around August of 2012. Prior to Chris joining, the company had two investors. I’m not sure when Jed and Chris allocated themselves the XRP but they say it was before incorporation, which occurred in September of 2012. In my view, the two stole company assets when they took the XRP without approval of the early investors, and without sharing the allocation amongst the other shareholders. Whatever coin they allocated themselves prior to incorporation of Opencoin, I believe was abandoned. There had been several ledger resets between Sep 2012 and Dec 2012, and a new version of Ripple emerged, built by Opencoin, clearly with company resources. If Jed and Chris have continued to run the old software to preserve their Betacoin, I have no problem. Unfortunately, Jed and Chris again allocated themselves XRP in December of 2012. That XRP unquestionably was not gifted by Jed and Chris to the company, it did not exist prior to the company’s existence, and it was generated with company resources. That XRP has always belonged to the company and it was taken from the company by Jed and Chris. I’m asking them to return what they’ve stolen.

Powell continued to comment on the situation on the Ripple forum:

The board and investors have known about it for a long time. I’d been nudging them to return the XRP since I found out about it. Jed was always willing but Chris wasn’t, and Jed kept his share in case leverage was ever needed to more aggressively persuade Chris to return his portion. It wasn’t a regular topic of discussion and was just something I just imagined would work itself out when Chris got a grasp on the damage it was doing to Ripple’s image and adoption. If my goal had been to get my fair share, I probably would have been more proactive about it but I’d just assumed it would eventually be entirely returned to the company. I could have agreed to a small amount of XRP being paid out in lieu of cash compensation or instead of equity, but otherwise, we all should have bought our XRP at the market rate, like everyone else.

The company, through marketing VP Monica Long, then responded to the Powell’s continued public pressure with the following commitment:

Further, co-founder and CEO Chris Larsen has authorized the creation of a foundation to distribute his donation of 7 billion XRP to the underbanked and financially underserved. This plan has previously been in development but is now being accelerated and finalized independent of a formal agreement amongst all the original founders. He believes this is both the right thing to do and the best way to remove further distractions in pursuit of the broader vision of the company. Details of the foundation, its independent directors, and the giveaway will be forthcoming.

The above response appeared to divert the pressure on Ripple and Larsen that was building inside the Ripple community. The foundation that was set up is Ripple Works. We have reviewed the charity’s US tax filings for the fiscal years ended April 2015 and April 2016, which show the following donations of XRP:

Date Donor Amount (XRP)
November 2014 Chris Larsen 200 million
April 2015 Chris Larsen 500 million
July 2015 Chris Larsen 500 million
November 2016 Ripple Inc 1,000 million

As of April 2016, two years after the commitment, Larsen appears to have given at least 1.2 billion XRP out of the promised 7 billion XRP total to the foundation. We have not been able to obtain the filling for the year ended April 2017, as it may not be available yet.

The dispute and the Bitstamp Ripple freeze incident

In 2015, Ripple took advantage of the Ripple freeze feature instituted in August 2014. The Bitstamp gateway froze funds belonging to a family member of Jed McCaleb. Some consider this ironic: Ripple originally stated that the freeze feature was implemented to enable gateways to comply with orders from law enforcement yet the first actual usage of the feature appears to have been an order to comply with an instruction from the Ripple company itself, against one of the founders.

What appears to have happened is a family member of McCaleb sold 96 million XRP (perhaps part of the 2 billion XRP given to other family members and not part of the lock-up agreement) back to Ripple for around $1 million. After Ripple acquired the XRP for USD, Ripple appears to have asked Bitstamp to use the Ripple freeze feature to confiscate the $1 million Ripple had just used to buy the tokens. In 2015, Bitstamp took both Ripple and McCaleb to court, to determine the best course of action.

Court documents allege/reveal the following:

  • McCaleb had 5.5 billion XRP.
  • McCaleb’s two children held 2 billion XRP.
  • Another 1.5 billion XRP were held by charitable organizations and other family members.
  • In March 2015, Jacob Stephenson, a relative of McCaleb, offered to sell 96 million XRP to Ripple.
  • Ripple agreed to pay nearly $1 million to buy the 96 million XRP from Stephenson in a complicated transaction that “manipulated the market” to “improperly inflate the price per XRP of the transaction and mislead other purchasers”. As part of this, Ripple paid more than the cost and asked Stephenson to return an excess amount of $75,000.
  • Bitstamp’s chief legal officer was also an advisor to Ripple and as such there was a conflict of interest.

The dispute between McCaleb and Ripple continued until a final resolution in February 2016, when the company, implying that McCaleb had violated the 2014 XRP lock-up agreement, stated that a final settlement had been reached:

Jed exited Ripple back when it was OpenCoin in June 2013. He has played no role in the strategy or operations of Ripple since then. He has, however, held significant stakes of XRP and company shares. In August 2014, we shared the terms of a lock-up agreement that dictated timetables and limits within which Jed could sell XRP. The purpose of the agreement was to ensure distribution of his XRP in a way that would be constructive for the Ripple ecosystem. Since April 2015, Jed has been party to ongoing legal action related to alleged violation of the 2014 agreement.

McCaleb responded to this with his side of the story, indicating that he was also happy with the final agreement.

This week also sees the end of a longstanding issue. Stellar and I have finally reached a settlement with Ripple in the ongoing dispute between the parties. The settlement shows that Ripple’s claims were entirely baseless. Ripple has conceded in exchange for Stellar and I agreeing to settle the litigation.

Under the final agreement, McCaleb’s family member’s $1 million were unfrozen, Ripple agreed to pay all legal fees, and 2 billion XRP were freed for donation to charity. McCaleb would be free to sell his remaining XRP, perhaps over 5 billion XRP, consistent with the terms in the table below.

2014 agreement 2016 revised agreement
  • McCaleb’s sales are limited to $10,000 per week during the first year.
  • Sales are limited to $20,000 per week during the second, third, and fourth years.
  • Sales are limited to 750 million XRP per year for the fifth and sixth years.
  • Sales are limited to 1 billion XRP per year for the seventh year.
  • Sales are limited to 2 billion XRP per year after the seventh year.
  • McCaleb must donate 2 billion XRP to charity
  • McCaleb must retain title ownership of 5.3 billion XRP; however, Ripple will control the funds.
  • McCaleb and the charity will be able to collectively sell the following percentage of the average daily volume:
    • 0.5% in the first year,
    • 0.75% in years two and three,
    • 1.0% for the fourth year, and
    • 1.5% thereafter.

(Source: http://archive.is/cuEoz)

The Ripple consensus process

The consensus system

The Ripple technology appears to have gone through several iterations, but a core part of the marketing of Ripple is the consensus process. In 2014, Ripple used the image below to illustrate the consensus system, which seems to be an iterative process with servers making proposals and nodes only accepting these proposals if certain quorum conditions are met. An 80% threshold of the servers is considered a key level and once this threshold is crossed, a node regards the proposal as final. The image depicts some complexity in the process and the BitMEX Research team is unable to understand the detailed inner workings of the system or how it has any of the convergent properties necessary for consensus systems.


(Source: Ripple wiki)

In January 2018, the BitMEX Research team installed and ran a copy of Rippled for the purpose of this report. The node operated by downloading a list of five public keys from the server v1.ripple.com, as the screenshot below shows. All five keys are assigned to Ripple.com. The software indicates that four of the five keys are required to support a proposal in order for it to be accepted. Since the keys were all downloaded from the Ripple.com server, Ripple is essentially in complete control of moving the ledger forward, so one could say that the system is centralised. Indeed, our node indicates that the keys expire on 1 February 2018 (just a few days after the screenshot), implying the software will need to visit Ripple.com’s server again to download a new set of keys.


A screenshot of Rippled in operation. (Source: BitMEX Research)

Of course, there is nothing wrong with centralised systems; the overwhelming majority of electronic systems are centralised. Centralisation makes systems easier to construct, more efficient, faster, cheaper to run, more effective at stopping double spends and easier to integrate into other systems. However, some Ripple marketing, like the image below, contends that the Ripple system is distributed, which some may consider misleading.


(Source: Ripple.com)

In addition to the potentially misleading marketing, the construction involving the quorum process and 80% threshold may not be necessary and merely adds to the obfuscation, in our view. Defenders of Ripple could argue that the list of five public keys is customizable, as one could manually edit the configuration file and type in whatever keys one wants. Indeed, there is a list of such validators on the Ripple website. However, there is no evidence that many users of Ripple manually change this configuration file.

Even if users were to modify the configuration file, this may not significantly help. In this circumstance, there is no particular reason to assume that the system would converge on one ledger. For example, one user could connect to five validators and another user could connect to five different validators, with each node meeting the 80% thresholds, but for two conflicting ledgers. The 80% quorum threshold from a group of servers has no convergent or consensus properties, as far as we can tell. Therefore, we consider this consensus process as potentially unnecessary.

Validation of the ledger

Although the consensus process is centralised, one could argue that in Ripple user nodes can still validate transaction data from all participants. This model can be said to provide some assurance or utility, despite its computational inefficiency. Although moving the ledger forward is a centralised process, if the Ripple servers process an invalid transaction, user nodes may reject those blocks and the entire network would then be stuck. This threat could keep the Ripple server honest. However, this threat may not be all that different from the existing user pressure and legal structures which keep traditional banks honest.

Apparently, Ripple is missing 32,570 blocks from the start of the ledger and nodes are not able to obtain this data. This means that one may be unable to audit the whole chain and the full path of Ripple’s original 100 billion XRP since launch. This could be of concern to some, especially given Powell’s comments, which indicate that there may have been resets of the ledger in the early period. David Schwartz explained the significance of the missing blocks:

It doesn’t mean anything for the average Ripple user. In January of 2013, a bug in the Ripple server caused ledger headers to be lost. All data from all running Ripple servers was collected, but it was insufficient to construct the ledgers. The raw transactions still survive, mixed with other transactions and with no information about which transaction went in which ledger. Without the ledger headers, there’s no easy way to reconstruct the ledgers. You need to know the hash of ledger N-1 to build ledger N, which complicates things.

Conclusion

Much of this report has focused on disputes, primarily related to control over XRP, including accusations of theft. Perhaps such disputes are not particularly unique, especially given the rapid, unexpected growth in the value of the ecosystem. In fact, this story of the disputes might not be too dissimilar from that of some of the large tech giants mentioned in the introduction to this piece.

More significant than the disputes is the fact that the Ripple system appears for all practical purposes to be centralised and is therefore perhaps devoid of any interesting technical characteristics, such as censorship resistance, which coins like Bitcoin may have — although this does not mean that Ripple or XRP is doomed to failure. The company has significant financial capital and has proven somewhat effective at marketing and forming business partnerships, and perhaps this could mean the company succeeds at building adoption of the XRP token either among businesses or consumers. If so, the points that Bitcoin critics often raise may be even more pertinent and relevant in the case of XRP. These points include:

  • The lack of inflation is a naive economic policy.
  • The price of the token is too volatile and speculative.
  • Regulators will shut the system down if it becomes popular.
  • Perhaps most importantly, why not use the US dollar? Banks will build competing digital systems based on traditional currencies (if they don’t exist already).

The real mystery about Ripple is that, given the large market value of the system, why are all the Bitcoin critics so silent? Perhaps the answer to this question is just as applicable to some of Bitcoin’s proponents as it is to its critics. Most people seem to judge things based on what they perceive as the culture and character of those involved, rather than on the technical fundamentals.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

The art of making softforks: Protection by policy rule

Abstract: In this article, following on from our piece on the history of consensus forks, guest writer Dr. Johnson Lau explains the distinction between policy rules and consensus forks. He explains why it may be safer to introduce new softforks when the proposed rule is already covered by policy rules (non-standard behaviour), as this may mitigate or reduce some of the risks normally associated with changing the consensus rules.

(Source: gryb25)

Softforks are the primary way to fix and introduce new Bitcoin consensus rules. The following series of articles will describe how Bitcoin softforks are engineered.

Consensus rules and softforks

Consensus rules determine whether a transaction or a block is valid or not. Every user and miner on the Bitcoin network is expected to adhere to the same set of consensus rules, so they will all agree to a single ledger.

A softfork is an event when the majority of users and/or miners decide to adopt a stricter set of consensus rules, which makes some previously valid transactions/blocks invalid, but not the opposite. If the majority enforces the new rule set, any violating fork would (statistically) never catch up to the stricter fork in terms of total proof of work. The minority with the old rules set will always follow the longer and stricter fork, so everyone on the network would still agree to a single ledger.

Policy rules and consensus rules

While consensus rules are the only criteria for determining transaction validity, relaying or mining nodes may prefer some kinds of transactions over others. For example:

  • As spam control, transactions with very low fees or “sand outputs” (outputs with very low value) are rejected.
  • Some miners refused to include “on-chain casino” transactions, considering them spammy.
  • Transactions with an unknown version are rejected (currently only version 1 and 2 are “known”).
  • Transactions with exotic scripts (i.e., not P2PKH, P2SH, v0 segwit, or a few other cases) and unknown NOPx codes (currently only OP_NOP2 and OP_NOP3 are known) are rejected.
  • “Replace by fee” and “child pay for parent” are also policy rules, as they determine which transactions are preferred by miners.

By definition, policy rules MUST be at least as strict as consensus rules. Obviously, no miners would like to include invalid transactions in a block (which will lead to a loss of mining reward) or to relay them (which will get them banned by peers).

While policy rules could be stricter than consensus rules, it is important to note that policy rules do not determine the validity of transactions. Once a transaction is included in a valid block, all network nodes will accept it even if it violates some policy rules.

It is also important to note that policy rules are local, while consensus rules are universal. That means different network nodes might have different policy rules but they will still agree to the same blockchain ledger as long as they are running the same consensus rules.

Transactions that violate a policy rule are sometimes called “non-standard transactions”, distinguishing them from “invalid transactions”.

Policy rules and softforks

Ideally, all miners should have upgraded to the new, stricter rule sets on or before the activation of a softfork. Financially, they have a strong incentive to do this, as mining an invalid block (in terms of the new rules) would lead to significant monetary loss. However, in a decentralized system like Bitcoin, this is not guaranteed.

Although miners are expected to pay attention to any proposed rule changes and take timely action, miners who build invalid blockchain might lead to market disruption and monetary loss for ordinary users. Therefore, any well-planned softforks should bear this in mind and minimize the risks.

The trick is to make a softfork only if it is covered by existing, widely adopted policy rules. Miners with the policy rules who are unaware of the new consensus rules would refuse to include such transactions by default, so they would never include transactions that are invalid in terms of the new consensus rules. Some cases in Bitcoin history illustrate this.

A worker is adding a “Road Closed” sign to a route that is not being used due to an obstruction that existed before the sign was placed. The new traffic rules only prevent behaviour that was already “non-standard” and disruption is therefore minimal.

Case Study Description
BIP65: Check lock-time verify OP_NOP1 to OP_NOP10 originally had no meaning in the Bitcoin script language. While they are counted as one operation (there is a limitation of 201 operations in a script), practically, they are skipped during transaction validation. However, a policy rule has been included in Bitcoin Core since version 0.10 to reject OP_NOPx by default. BIP65 is a softfork introduced in Bitcoin Core 0.12 to redefine OP_NOP2 as OP_CHECKLOCKTIMEVERIFY (OP_CLTV). OP_CLTV checks if the top stack value is greater than the transaction’s nLockTime field (along with a few more conditions). If any of the conditions are matched, the transaction is considered as invalid. Otherwise, OP_CLTV is skipped like OP_NOP2.

New nodes would always enforce the new consensus rules after softfork activation. Yet even before the softfork was activated, the original OP_NOP2 policy rule was replaced by the OP_CLTV rules (which is okay, since OP_CLTV rules are stricter than the original OP_NOP2 consensus rules).

Legacy mining nodes would not perform the nLockTime check. However, as long as they were running version 0.10 or above, the default OP_NOP2 policy rule would prevent them from including ANY transactions with OP_CLTV, valid or not. As a result, legacy mining nodes of 0.10 or above would never actively produce an invalid block with respect to the new OP_CLTV consensus rules.

BIP68: Relative lock-time using sequence numbers nSequence is a field in Bitcoin transactions, which was essentially unused. The idea of BIP68 was to use the nSequence field for the purpose of relative lock-time, which is a very important building block of advanced transactions such as payment channels and the Lightning NetworkHowever, the nSequence field has been ignored since the very first version of Bitcoin, and miners would accept any transaction with any nSequence value. There was no policy rule governing nSequence value, therefore a safe softfork could not be done as simply as OP_CLTV.

The trick was to use the transaction-version field (nVersion). Since version 0.7, non-version-1 transactions are rejected by a policy rule. To leverage this, BIP68 requires that the new rules for nSequence are enforced ONLY if the transaction version is 2 or above (or below 0, to be precise). Therefore, legacy mining nodes would not produce any BIP68-violating block, since they won’t include any non-version-1 transactions by default.

An attacker could not “turn off” BIP68 by simply changing the transaction version, since the version is covered by signature. This is also the only instance in which the transaction version is associated with consensus rules.

BIP141: Segregated witness Segregated witness (segwit) is a softfork to fix transaction malleability by redefining a certain script pattern. In BIP141, the pattern is an output script (or P2SH redeemscript) which starts with a single OP_x (x = 0 to 16), followed by a canonical data push between 2 and 40 bytes. However, this is not what it was originally proposed. In the first draft, the witness-program pattern was a single push between 2 and 41 bytes.

A policy has been implemented since v0.6 to reject transactions that spend exotic scripts (i.e. not P2PKH, P2SH, and a few more types). The first draft of the witness program was indeed non-standard in this regards.

The problem is with the witness program when wrapped in P2SH. Before v0.10, the policy rules would also reject any exotic P2SH scripts. This rule was greatly relaxed in v0.10, and the original witness-program design was not covered.

A few alternative proposals were considered:

  • A new transaction nVersion (like BIP68) does not work. If the new consensus rule is “segwit rules are enforced only if nVersion is larger than 2”, an attacker could steal all money stored in segwit outputs by changing the nVersion (since the nVersion is covered only by the segwit signature, which is not checked when nVersion is 2 or below).
  • An OP_NOPx might be used to label a witness program. However, this would make all witness programs 1 byte bigger, and also occupy the limited OP_NOPx space.

The final version made use of the so-called “clean stack” policy rule from BIP62. Although BIP62 is now withdrawn, its rules are still enforced as policy. “Clean stack” requires that script evaluation must end with one and only one stack item. The final witness-program design, however, leaves two item on the stack. This is valid by consensus but violates “clean stack” policy.

Failing example: BIP16 and pay-to-script hash (P2SH) BIP16 was the first planned softfork on Bitcoin. It was activated when 55% of hash power signalled readiness (compared with the 80% to 95% currently in use). Before P2SH was introduced, there was no policy rule for checking the form of spending output. As a result, a significant number of miners kept creating invalid blocks, occasionally long chains, months after softfork activation.
Failing example: Segregated witness on Litecoin Not long after the Bitcoin segwit implementation was finalized, Litecoin started to integrate the segwit code. However, while segwit was released in Bitcoin Core 0.13.1, the last Litecoin version at that time was 0.10.4, which did not include the “clean stack” rule. Litecoin developers tried to fix the problem by adding an extra consensus rule to segwit that required the block version to be at least 0x20000000, hoping that would force miners to upgrade. It turned out that all miners upgraded right before the activation (with the last large miner upgrading a few hours before), and no fork was created due to the lack of “clean stack” in the last release.

Should a large mining pool have failed to upgrade at the last minute, the extra-block version rule would have provided little or no protection. This will be discussed in a future article.

Policy protection is not a panacea

At this point, a reader might find that the policy-protection trick described above would only prevent un-upgraded miners from actively making the first invalid block after softfork activation. However, should such an invalid block be somehow created, un-upgraded miners would still accept it and extend such a blockchain if it had more proof of work. So this is a way to only reduce but not eliminate the chance of an accidental chain split at softfork activation. This issue is also particularly problematic if a significant number of miners are using different full-node implementations, which might not have the same policy rules.

Dr. Johnson Lau, Bitcoin Protocol Developer

CC BY-SA 4.0

The Lightning Network

Abstract: In this piece, we explain the motivation behind the creation of the Lightning Network and why its scaling characteristics are superior to what we have today, potentially resulting in a transformational improvement. We describe some of the basic technical building blocks that make Lightning possible. We then examine some of its limitations, including the downsides of inferior security compared to transacting on-chain and why this makes Lightning potentially unsuitable for larger-value payments.

(Source: flickr.com)

The motivation behind the Lightning Network

Blockchain-based payment systems typically work in a “broadcast to everyone” mode, in that when one makes a payment, one needs to broadcast the transaction to all participants in the network.

Nodes in such a system must:

  • store the transaction indefinitely,
  • verify the transaction, and
  • relay the transaction.

Miners, meanwhile, are required to engage in an energy-intensive competitive process to determine if the transaction makes it into the ledger, just in case a conflicting transaction occurs.

There isn’t even special treatment for the recipient of the payment. For example, if one buys a coffee using Bitcoin, the transaction is broadcast to the entire Bitcoin network without prioritising propagation of the transaction data to the coffee shop or the coffee shop’s payment processor. Many consider this process to be inefficient. If the objective is to build a payment system used by millions of people across the globe, this method does not seem logical.

The old “broadcast to everyone” announcement method at sporting events, during Arsenal’s 3-3 draw at home to Sheffield Wednesday in May 2000. Prior to the widespread adoption of mobile phones, stadium announcers broadcast messages for individuals over the public-address system to all those in attendance. Mobile phones have made this process faster and more efficient, as messages can be sent directly to the intended recipient.

The Lightning Network represents an improvement in efficiency and uses a more logical payment-network structure. Instead of broadcasting a transaction to everyone, the transaction can be sent more directly to the payment recipient. Only when parties to the transaction are dishonest does one need to resort to the cumbersome process, which distributed censorship-resistant systems require to maintain consensus. In this way, one can achieve performance and efficiency almost equivalent to that of direct communication between the parties over the Internet, while retaining some of the security characteristics of Bitcoin’s blockchain.

However, building such a payment system, in which all parties can always revert to the blockchain and reclaim their funds if there is a problem, is complex and has some significant risks and limitations.

Lightning’s basic technical building blocks

Unidirectional micropayment channel. (Source: BitMEX Research)

The diagram above depicts the traditional way to set up a basic unidirectional payment channel. Although setting up the channel involves broadcasting a transaction to everyone, once the channel is set up, multiple payments from Bob to Alice can occur by simply sending data from Bob to Alice, avoiding a broadcast to the entire network. The payment process can be repeated again and again until the funds in the channel, in this case 1 BTC, have been exhausted.

In theory, the above channel is secure for the following reasons:

  • If Bob tries to renege on his payment, all Alice needs to do is sign and broadcast to the network transaction P1, which Bob signed when he initially made the payment. As long as this gets confirmed before the one-week locktime in transaction B, Alice safely receives her 0.1 BTC regardless of what Bob does.
  • If Alice refuses to sign anything in order to frustrate Bob, all Bob needs to do is wait one week for transaction B to become valid, and he is then able to move the money from the channel to himself by broadcasting transaction B, which Alice has already signed.

This process is more secure if transaction A cannot be malleated by a third party (the TXID changing), otherwise Bob could have created transaction B only for it to become invalid as transaction A changes, thereby enabling Alice to hold the funds hostage indefinitely.

According to an e-mail that Satoshi sent to Bitcoin developer Mike Hearn, this basic structure was Satoshi’s idea:

One use of nLockTime is high frequency trades between a set of parties. They can keep updating a tx by unanimous agreement.  The party giving money would be the first to sign the next version.  If one party stops agreeing to changes, then the last state will be recorded at nLockTime.  If desired, a default transaction can be prepared after each version so n-1 parties can push an unresponsive party out.  Intermediate transactions do not need to be broadcast.  Only the final outcome gets recorded by the network.  Just before nLockTime, the parties and a few witness nodes broadcast the highest sequence tx they saw.

(Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-April/002417.html)

How the Lightning Network actually works

This micropayment construction can be considered the core building block for the Lightning Network, which is essentially a network of these payment-channel-like constructions. Payments find a path along channels which are already directly connected to each other until they reach the final recipient.

The channel construction used in Lightning builds on this basic structure with more advanced and complex technologies. The above construction is unidirectional, while in order to be useful, payments need to be made in both directions. For example, one can think of making payment channels bidirectional by constructing two channels between Alice and Bob, each in the opposite direction. More precisely, Lightning uses Poon-Dryja channel construction. This has lower liquidity requirements than simply setting up a network of unidirectional payment channels in opposite directions, which would require twice the amount of funds to be locked up inside the channel. However, Poon-Dryja channel construction has significant weaknesses compared to the other approach. Poon-Dryja channels require each party to sign a new transaction every time the channel is updated (a payment is made) while a unidirectional channel only requires the sender to sign when the channel is updated.

The old locktime feature can be replaced with more advanced functions:

  • Check locktime verify (BIP65) can prove that the output cannot be spent until a certain date rather than ensuring a particular spend of the output is invalid until a certain date, which is what locktime does.
  • Relative locktime (BIP68) can replace a specific end date with a date relative to the corresponding output. This can allow payment channels to remain open for indefinite periods, with a closure transaction triggering a time window during which the other party has a finite period of time (e.g., two weeks) to broadcast their reclaim transaction and recover the funds.
  • Hashed timelock contracts (HTLC) can require the receiver of a payment to provide a string that hashes to a certain value by a certain date or returns the funds to the payer. This same hash can be used to trigger other payments in the channel network, enabling payments to be made across a chain of channels.

The resulting Lightning Network and its advantages

The Lightning Network should then, in theory, allow all participants in the network to make near instant and cheap transactions in all directions by finding a path among the nodes. This therefore avoids broadcasts to the Bitcoin network, as long as there are no problems, and results in a scalable network. The architecture even allows microtransactions and improves the privacy of payments.

Channels can stay open indefinitely due to the relative-locktime feature and there should be no counterparty risk; if anyone tries to steal funds through a hostile channel closure, the other participants to the transaction will have a significant time window in which to issue their own redemption transaction and get their money back.

Network functionality and user experience

A big unknown is how people and businesses will actually use the network, and commentators have different visions. Some see the Lightning Network as eventually being ubiquitous for small payments, with complexities handled in an automated way. Others more sceptical of Lightning typically envision the various components of the network requiring more of a manual construction when the system is used and a poor user experience plagued by unexpected channel closures and periods of Lightning Network downtime.

Sceptical view of Lightning Ambitious view of Lightning
Channel setup In order to set up a Lightning channel, a user must manually create a new expensive on-chain transaction. Setting up a Lightning channel will be a seamless process built into existing wallets and systems. When receiving a payment or purchasing Bitcoin, the funds need to go somewhere. Funds could immediately go into a Lightning channel as they are received and therefore setting up the channel requires no additional steps or costs.
Channel closure Once the payment is complete, one needs to close the channel, with a manually created, expensive on-chain transaction. There may be no need to close the channel and users can keep their wallet funds in channels indefinitely or for long periods of time.
Network routing Routing is likely to be a significant problem, since finding a short path between parties is a difficult problem to solve algorithmically. If no route is found, the user and merchant will have to engage in the cumbersome process of selecting an on-chain transaction by manually changing the payment process.

1. The existing P2P network already requires a network topology and the relaying of messages, with nodes typically having eight connections. The Lightning Network topology is simply an extension of that.

2. Routing is not a significant problem, since even in massive networks the average number of steps in a path between users is small.

3. Even if there is a problem with routing, a payment could simply be made on-chain without the user even noticing the difference.

4. A small number of large channel operators can prevent routing problems.

Centralisation of payment channels The network will centralise around a few large hubs as this is the most efficient model. This centralisation increases the risk of systemic channel failure, which is when a few large channels fail, resulting in a simultaneous mass exodus from payment channels and on-chain congestion, ensuring that some are unable to exit the channels before expiry.

Economic incentives act against centralisation; anyone can set up a node as there are low barriers of entry. In addition, there is an incentive to undercut other nodes by charging lower fees.

Even if the network does centralise around a few large hubs, the Lightning Network still provides a useful and interesting system. Bitcoin already has a few large entities such as Coinbase that take custody of a large amount of funds.

Under Lightning, the entities do not have custody of funds and merely act to relay data used for payments.

Liquidity Payment channels will have insufficient liquidity and therefore the scope of payments will be limited. Payments of any reasonable size can almost instantly drain the liquidity of an entire channel, such that Lightning payments will need to be suspended. Users will be incentivised to run Lightning nodes and provide liquidity in order to receive fees. The network will be used for small payments, far smaller in value than the maximum channel capacity, ensuring sufficient liquidity.
Requirement to be online when receiving a payment With an on-chain transaction, all a sender needs is a payment address to make a payment; the recipient does not need to be online. In contrast to this, as explained above, a recipient in Lightning will need to sign a reclaim transaction before receiving a payment. This significant limitation means that recipients are required to keep their private keys exposed in a hot wallet. This makes Lightning impractical in many scenarios, such as making high-value payments, at ATMs, at in store PoS systems, or paying those with limited Internet connectivity. Although a recipient is required to be online to receive a payment, this does not result in significantly different dynamics to most on-chain payments, since if the recipient is not online, they don’t know about or cannot verify the payment anyway. It is also not necessary that the user or device directly receiving the payment needs to store the private keys. For example, an in-store PoS terminal or a crypto ATM machine could receive the signed redemption transaction over the Internet from the firm’s HQ prior to receiving payments, communication that is necessary when making payments anyway.
Potential requirement to monitor the channel Lightning Network participants may be required to monitor payment channels and then take action by a certain deadline in order to safeguard their funds. For example, a hostile reclaim transaction could trigger the start of a period in which the other party must also issue a reclaim transaction to protect their funds, before a certain deadline. This is a significant burden on users. Channels do not need to be monitored at all times, as this depends on the window provided by the relative locktime. Channel-monitoring services (watchtowers) could mitigate this risk by monitoring channels on behalf of users: these services could either warn users in the event of a hostile reclaim transaction or could issue reclaim transactions themselves, if they were pre-signed and supplied beforehand by the users.

In reality, the truth may lie somewhere between these two visions, with the network potentially moving to the more ambitious vision over time. What this disagreement appears to come down to is that Lightning sceptics see it as a complex, incomplete, and impractical payment system based on the channel-construction system alone. Proponents see Lightning more as a scalable building block for a second layer on top of Bitcoin’s blockchain, which will eventually be supplemented by wallets, payment protocol systems and channel-servicing companies, resulting in a simple and seamless user experience. Ultimately, wallets may be able to communicate with each other and then automatically, dynamically decide which payment methodology is best, on-chain or the most practical method via Lightning, without the user even knowing or caring.

The increased security risks of Lightning

  • Requirement to be online when receiving a payment: As explained above, before receiving a payment, the recipient needs to sign a reclaim transaction so that the sender knows they can reclaim their funds in the event of hostile channel closure or a refusal to sign. Therefore, to receive money requires a hot wallet, meaning that private keys are potentially exposed if a security incident occurs.
  • Requirement to monitor the channel: Lightning Network participants or watchtowers may be required to actively monitor the payment channels. This could place a burden on users or watchtowers and potentially reduces the security of funds inside a channel relative to Bitcoin stored on-chain. There is a risk of missing a reclaim-transaction deadline, either due to a failure to appropriately monitor the channel or perhaps because of on-chain network congestion.
  • Miners could censor channel-closing transactions: 51% of the hashrate may have the ability to steal funds from Lightning users by censoring a channel-closure transaction, in which the miner is the other party. Although the potential consequences of this type of attack are already devastating without Lightning, the Lightning Network potentially offers hostile miners a slightly larger attack surface.

While each of these three factors alone may not be significant, the need to potentially expose one’s private keys to the Internet when receiving payments, the risk of a hostile channel closure, and the risk of miners censoring channel-redemption transactions combined result in significantly inferior security — although all these risks can be managed to some extent.

There is a risk that lazy or poorly informed users keep too much money in a channel and funds are lost or stolen due to one of these failure scenarios. There is also the risk that price volatility results in users keeping more funds in payment channels than they would otherwise have intended.

Conclusion

The Lightning Network does appear to potentially offer significant and transformational improvements with respect to scalability. As a result, transaction speeds and transaction fee rates should dramatically improve, without impacting the underlying security of the core protocol. Crucially, however, the inferior security properties of Lightning payments may make the Lightning Network unsuitable for larger payments (or, at least, it may be irresponsible to use it for larger payments). Speculation and investment flows, which require these larger payments, currently appear to be the major driving force in the cryptocurrency space, with the volume of retail payments being relatively small in comparison. Because of that, Lightning may not be as big a game changer as some imagine, at least in the medium term. While enthusiasts appear likely to adopt this technology quickly, widespread adoption may take considerable time.

挖矿诱因 – 第三部分 – 短线与长线

摘要:在关于加密货币挖矿诱因的第三篇文章中,我们将探讨无论是短线或长线的周期中,矿工如何透过选择的不同时间段来实现利润最大化。我们可以用 “传统” 挖矿行业中的概念进行类比, 例如 “高分级” 的概念。在企业金融界里,有传言说加密货币矿工们很快就可以进行 IPO ,这意味着管理层可能将更专注于创造公司短期利益,因为他们需要向投资分析师证明季度收益的合理性。然后我们将看看这个问题对潜在网络的影响,比如费用替换(RBF), ASICBOOST 和区块大小限制等。无论喜欢与否,我们都认为完整的 RBF 即将到来。

 

内蒙古 Bitmain 挖矿场 – 照片和卫星图像 – 比特币挖矿不再是业余爱好者的玩意儿

资料来源:谷歌地图卫星图像

 

概述


早在 2017 年 9 月,我们就挖矿诱因写了两篇文章。第一部分着重于挖矿成本曲线,并将其与 “传统挖矿” 成本曲线的走势进行比较,而第二部分则研究了能源行业的情况,这情况对加密货币矿工来说可能是个具有吸引力的好机会,从而得出失败的或不赚钱的能源项目可能非常适合比特币挖掘。在 2017 年 11 月,我们描述了关于矿工在 2014 年就莱特币与狗币的“算力战争”中追逐短期利润的情况,以及这情况如何在比特币现金中又重蹈覆辙,其原因是因为矿工试图最大化其短期利润,而不是基于对自己青睐的加密货币的意识形态做出支持。

 

在本文中,我们将看看矿工是否将重心放在短期利润最大化(可能甚至是下一个区块利润最大化),或者矿工可以集中精力促进系统的长期可行性,制定旨在改善最终用户的体验的政策,从而增加长期利润。我们得出结论:行业竞争水平以及盈利水平可能会影响短期和长期利润最大化的决策。较高的竞争水平和较低的利润率可能会导致更多矿工关注短期的利润。然后,我们将继续研究每种策略对比特币面临的各种问题的影响,例如替换费用交易, ASICBOOST 或区块限制政策。


我们认为,矿工的意识形态正在减少且变得越来越商业化。同时,竞争的激烈程度可能在未来几个月和几年内持续增加。因此,我们预测随着矿工们将不断寻求短期利润最大化,全面的 RBF 也将在比特币矿业中流行起来。

 

短线与长线

 

大多数企业都希望实现利润最大化,比特币挖掘也不例外。过去也许有些矿工是业余爱好者或理想主义者,但现在这个时代似乎已经结束了,现在利润被视为工业发展和商业化的主要驱动力。然而,利润最大化可能是一个比我们想象中更为复杂的概念。严格地说,投资者应该选择贴现收益最大化的项目。然而如何估算今天的利润与明天的利润之间之差 – 贴现率 – 往往是一个具有挑战性的测量变数。

 

与传统挖矿类比 – 高分级

 

在 “传统挖矿” 中,高分级是指通过浪费或破坏低品位矿石,以降低矿山整体回报的方式开采更高品位矿石的做法。这往往被视为一个破坏性操作,它通过破坏一些矿石来获取更高品位的矿石而降低了矿体的价值。由于面临短期利润考核的压力,矿业管理团队可能会参与这种操作,例如提高利润率以满足股东的短期需求,产生现金流以满足债务持有者的需求,或者提高自己的绩效挂钩奖金。管理层可能会向公众或投资者隐瞒这些行为。

 

高分等级通常发生在相关商品长时间价格疲软,利润率低,债务水平高,管理队伍压力大等情况下。

 

问题是,这些公司是否会以较低的黄金价格来削减其长期业务,或者是否将削减他们的短期业务,希望能够透过黄金价格获来弥补其长期业务?第二种做法被称为高分级,也是一场灾难。

 

资料来源:Randgold 首席执行官 Mark Bristow

 

下图展示了高分级露天开采计划的情况。大型矿山的初步计划是获取更多的矿石。但是,下面所示的替代方案会增加矿石的品位,同时会永久破坏一些高品位矿石,这可能违反了矿主的长期利益。

资料来源:Exploration Alliance

 

在某些情况下,由于折扣率,成本或商品价格的变化而修改挖矿计划是完全合理的,然而高分级具有负面含义,通常指以不适当的方式降低资产价值。

 

尽管高分级和加密货币挖掘之间没有直接的联系,但是这个概念表明,当挖矿队受到压力时,他们可以做出一些偏向短期收益的决定,这可能会破坏股东的长期利益。在这一点在某些情况下需要特别留意,当股东有较少的控制权,较少的信息或相对关注短期利益时。

 

挖矿盈利能力

 

矿工是否做出这些 “破坏性的” 短期决定取决于盈利水平,而盈利水平则是由相关商品的价格决定。如果商品或加密资产的价格下跌,使矿工利润降低,他们可能面临以下三种选择:

 

  • 亏本运作 – 也许是为了弥补固定成本
  • 暂停运作 – 对剩下的矿工来说,这会减少商品的供应,从而增加价格。另一方面,在加密货币挖掘中,这可以降低难度,提高剩余矿工的利润率
  • 修改挖矿政策 – 对剩下的矿工来说,这可能意味着对挖矿策略的修改 – 例如高分级。在加密货币的市场情况下,它可能意味着全面使用 RBF ,公开的 ASICBOOST ,或者在无限制区块大小的情况下,清除内存池以获得所有的费用,尽管这可能会对交易中的定价产生负面影响,破坏行业前景。

 

一般来说,盈利能力降低会增加管理团队的压力,使他们做出更多的短期决策,例如在银行的压力下偿还债务,或者在股东的压力下提高盈利能力。高利润率的公司可能有更高的自由度来关注公司长期利益,并可能为未来投资。

 

行业集中度

 

除了盈利能力外,加密货币挖掘中另一个要考虑的因素是其行业集中度。

 

过去6个月矿池集中度

资料来源:BitMEX 研究,Blockchain.info

 

上图说明了矿池之间的产量集中度,但是我们也可以通过查看芯片产量或对矿池的控制权来分析该行业的集中程度。就芯片产量而言,我们估计 Bitmain 在比特币市场份额可能达到 75% 。

 

如果一个矿工有很大的市场份额,他们的政策可能会对比特币产生重大影响,这可能会影响系统整体价值。相比之下,一个市场份额较低的小矿企业的政策可能对整个体系影响不大。因此,公地悲剧便会产生,通常对于整个系统来说最好的政策对于每个小型个体矿工来说或许都不是最好的。例如,如果一个拥有 1% 市场份额的小矿工可以采取某个行动来增加利润,而若所有的矿工参与,便会损害系统的长期利益,那小矿工为什么不采取该行为,对他来说仅有 1% 市场份额不会对整个市场影响太大。

 

除此之外,市场竞争强度也可能很重要。如果矿工们野心勃勃的争夺市场份额,他们可能会更加无所不用其极,以提高利润率来赢得业务。

 

费用替换(RBF)

 

费用替换是一个系统,可以用一笔交易费较高的交易来替换一个矿工记忆池中的另一笔交易,这笔交易需要支付部分或全部该笔交易相同的输入。这个特征的一个变体之前被中本聪在程式里加入过,之后又被中本聪删除了。比特币核心团队后来添加了一个可选择的技术版本,而用户必须在交易时指定该笔交易可以被替换。

 

RBF 一直存在着争议,包括完整版本和选择版本,批评者声称它通过破坏零确认交易来降低比特币的可用性。 RBF 的支持者声称,矿工最终将全面采用 RBF ,因为它通过选择收费较高的交易来增加短期利润,即使这可能会通过降低系统的效用来损害长期的利润率,从而可能降低比特币价格。同样,它有时被看作是个公地悲剧。 RBF 的反对者可能会反驳这种说法,他们会说矿工更加关注长期利益,因此 RBF 倡导者们正在尝试解决一个不适用的博弈论类型问题。

 

我们可以将这些看作一个行业特征,包括短期利润驱动的动机和采取全面 RBF 的可能性:

 

短期利润 – 全面 RBF 的可能性大 长期利润 – 全面 RBF 的可能性小
比特币价格下降的时期 比特币价格上涨的时期
低利润率 高利润率
行业集中度较低 行业集中度较高
矿工之间激烈的竞争 竞争较小及矿工之间相互合作
上市挖矿公司 私人持有的挖矿公司
利润驱使的矿工 意识形态驱使的矿工

 

无限区块大小限制

 

留意比特币的人都知道,“区块大小的辩论”是一个复杂的问题,可以从多个角度来看。其中一个角度是费用市场与挖矿激励之间的相互关系。大区块的支持者有时会争论,收费市场在无限区块大小的情况下仍然可以运作,而“小区块支持者”经常会对此提出异议。


这个论点的一个要素是要看矿工关注长期还是短期利益,就像上面的 RBF 一样。支持区块大小限制的人声称,我们需要一个符合经济利益的区块大小限制,声称如果没有限制,矿工可能会把重点放在短期利润最大化和收取所有费用上,导致收费低和挖矿诱因不足。而“大区块支持者”反驳这一点,声称矿工对长期利益的关注度更高,他们不会采取这样的行动,因为长期来说这会损害整体系统,从而损害他们的业务。


“死亡螺旋” 论争的历史

 

在某种程度上,这种短期与长期激励的讨论,或者说 “死亡螺旋” 的争论,正好是 2011 年 4 月的大规模辩论的起源。

 

死亡螺旋 式的争论是假定我将涵盖所有的交易,不管它的收费/优先权有多低,因为这样做没有任何成本,我为什么不拿这些免费的钱?然而,现实生活中有很多不愿意这么做的公司,因为他们明白这样会损害自己的事业。


资料来源:迈克·赫恩(Mike Hearn)(2011年4月) – Bitcointalk – 早在一天之前,赫恩先生就认为“死亡螺旋失败模式似乎是合理的”,但后来在思考问题后又改变了主意。

 

虽然讽刺,但近年来一些“大区块支持者”的表述渐渐转移成了追求短期利润的“挖矿”型思维。也许是因为比特大陆,一个大型的矿工,已经成为大区块的最重要的支持者之一。大多数“大区块支持者”似乎已经把表述转移成其他较可靠的论点,但是,正如我们上面所解释的那样,这个短期和长期利益的思路可以被认为是区块大小辩论的起源和社区分裂的部分原因。


我们认为,这些问题没有正确或错误的标准答案。正如我们上面所解释的那样,矿工更关注短期或长期的利益取决于许多因素,包括盈利能力和市场份额。我们认为,行业可能会经历周期性的变化,行业将根据市场的情况在长期和短期关注度中转移。这种现象在传统挖矿业中是很常见的,行业驱动将受商品价格周期的影响。

 

时代转变 – 关注短期利益才是王道


比特币社区正面临迅速的变化,从一个凝聚着共同愿景且共同构建革命性技术的团队转变为由竞争利润的集团组成的更大的社区。几年前,矿工们追求受短期利润最大化的假设是不切实际的,然而,现在越来越被接受为常态,尤其是在比特币现金 EDA 所造成的哈希率波动之后。


挖矿是一项业务:台积电报告中提到,一家加密货币采矿公司每年可能在芯片上花费 15 亿美元,同时这数字正在不断增长。在一些企业金融界,有传言说大型挖矿集团或芯片生产商很快就可以进行 IPO ,这在几年前几乎是不可想象的事情。这可能会使企业高管们为了向投资分析师和股东每个季度的证明公司的盈利能力而处于不利地位。与此同时,许多人预计今年挖矿业竞争性越来越大,新公司有望推出更有竞争力的产品。

 

在这个新的世界里,类似 RBF 的行为和收费市场的“死亡螺旋式失败模式”似乎越来越不可避免。也许早期的收费市场和 RBF 提倡者过于沉迷于不切实际和复杂的博弈论,也许他们为时过早,因为在采用 RBF 和满块区块之前,更好的策略可能是关注用户体验。即便现在比特币已经变了,短期利润最大化成了新王道。


在未来几年,我们预测很多矿工将全面参与 RBF ,甚至公开 ASICBOOST (这也可以提高利润),尽可能令短期利润最大化。无论我们喜欢与否,我们认为这个时代即将来临…

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

Mining incentives, part 3: Short term vs. long term

Abstract: In this third piece on crypto mining incentives, we look at the different time periods miners may choose to maximise profits: in the short term or long term. We draw analogies with related concepts in traditional mining, such as high-grading. In corporate finance circles, there are rumours of potential IPOs for crypto miners, which could mean management focus shifts to the short term, as these groups may unfortunately need to justify quarterly earnings to investment analysts. We then look at the implications of this on potential network issues, such as replace by fee (RBF), AsicBoost, and the blocksize limit.  Whether one likes it or not, we think full RBF is coming.

Bitmain crypto-mining farm in Inner Mongolia: photograph (above) and satellite image (below). Bitcoin mining is no longer for only for  hobbyists. (Source: Google Maps satellite image)

Overview

In September 2017, we wrote two pieces on mining incentives. Part 1 focused on the mining cost curve and compared it to the dynamics of the cost curve in traditional mining while part 2 looked at circumstances in the energy industry that could result in attractive opportunities for crypto miners, concluding that failed or otherwise uneconomic energy projects may be best suited for Bitcoin mining.  In November 2017, we wrote about miners chasing short-term profits in the Litecoin vs. Dogecoin hashrate wars of 2014 and how this was repeated again with Bitcoin Cash, as the hashrate oscillated between coins due to miners attempting to maximise short-term profits rather than make decisions based on ideological support for their favoured coins.

This piece looks at the possibility that miners will focus on short-term profit maximisation (perhaps even next-block profit maximisation) or on promoting the long-term viability of the system by enacting policies designed to improve the end-user experience, thereby potentially increasing long-term profits. The level of competition in the industry, as well as the level of profitability, can alter decisions to pursue short-term and long-term profit maximisation. Higher levels of competition and lower profit margins may result in a more short-term outlook. Each strategy could have implications for Bitcoin, replace-by-fee transactions, AsicBoost, or the blocksize-limit policy.

Mining is becoming less ideological and more commercial. At the same time, the intensity of competition may increase in the coming months and years. We predict full RBF will become prevalent in Bitcoin mining, as miners seek to maximise short-term profits.

Long term vs. short run

Most businesses want to maximise profits and Bitcoin mining is likely to be no exception.  In the past, perhaps, some miners were hobbyists or idealists, but this era appears to have ended — profits are now seen as a main driver as the industry grows and becomes more commercial. However, profit maximisation can be more complex than one may think. Strictly speaking, investors should select projects which maximise discounted returns, and evaluating the difference between profits today and profits tomorrow — the discount rate — is often a challenge.

Analogy with traditional mining: High-grading

In traditional mining, high-grading is the practice of harvesting a higher grade of ore in a way that wastes or destroys lower grade ore, reducing the overall return of the mine. This destructive process reduces the total value of the ore body by making some ore inaccessible or literally destroying it in favour of access to higher grade ore. Mining management teams may engage in this process due to short-term pressure — for example, to boost short-term profit margins to satisfy shareholders, to generate cash flow to satisfy debt holders, or to achieve their own performance-linked bonuses. Management teams might conceal this  conduct from the public or from investors.

High-grading often occurs during prolonged periods of price weakness of the relevant commodity, when profit margins are low, debt levels are high, and there is considerable pressure on management teams. Randgold CEO Mark Bristow has said:

The question is, are the companies going to re-cut their business long-term at a lower gold price, or are they going to re-cut their short-term business hoping they’ll be rescued in the long term by the gold price? That second one is called high-grading and it’s a disaster.

The diagram below depicts the plan for a high-grading open-pit mine. An initial plan for a larger mine (scenario A) captures more of the total ore but the alternative plan (scenario B) increases the grade of the ore mined, while permanently destroying or removing access to some high-grade ore, which is potentially detrimental to the long-term interest of mine owners.

(Source: Exploration Alliance)

Revising a mining plan due to changes in discount rates, costs, or commodity prices can of course be entirely legitimate in some circumstances, but high-grading has negative connotations and is normally associated with reducing the value of assets in an inappropriate manner.

Although there is no direct link between high-grading and crypto mining, the concept demonstrates that when mining teams are under pressure, they can make short-term decisions that destroy long-term shareholder value. This is particularly relevant in the listed space, where shareholders may have less control, less information, or more of a short-term focus.

Mining profitability

Whether miners make these destructive short-term-focused decisions or not often depends on the level of profitability, which can be determined by the price of the underlying commodity. If the price of the commodity or crypto asset falls, a miner who is no longer profitable may be faced with three options:

  • Operate at a loss — This could make a contribution to fixed costs.
  • Suspend operations — In traditional mining, this could reduce the supply of the commodity and thus increase its price. In crypto mining, on the other hand, this could lower the difficulty, increasing profit margins for the remaining miners.
  • Modify mining policies — In traditional mining, this could be a modification to the mining plan such as, for example, a switch to high-grading. In the case of crypto, it could be engaging in full RBF, overt AsicBoost, or, in the event of an unlimited blocksize limit, clearing the memory pool to scoop up all the fees, despite the negative impact this could have on pricing in the transaction fee market, destroying industry prospects.

In general, lower profitability can increase the pressure on management teams and lead them to make more short-term decisions — for example, to pay down debt if they are under pressure from banks or to return to profitability if they are under pressure from shareholders. Higher-margin companies may have more freedom to focus on the long term and may be able to invest for the future.

Industry concentration

In addition to profitability, another factor to consider in crypto mining is the level of concentration in the industry.

Mining pool concentration over the last six months. (Source: BitMEX Research, Blockchain.info)

The above chart illustrates the level of concentration among mining pools, but one could also analyse the level of concentration in the industry by looking at chip production or the control of mining farms. With respect to chip production, we estimate that Bitmain may have a 75% market share in Bitcoin.

The policies of a miner with a large market share may have a significant impact on Bitcoin, which could impact the value of the entire system. In contrast, the policies of each small miner with a low market share may not have much impact on the system as a whole. Among the small miners, this threatens to become a tragedy of the commons if policies that are best for the system as a whole are not those that are most beneficial for each small individual miner. For instance, a small miner with a 1% market share can opt to engage in action that increases profits but damage the prospects of the whole system if all miners were to engage in the same action. Why would the small miner choose not to conduct the activity, since that miner’s 1% market share will not make much difference on its own.

In addition, the level of competitive intensity may also matter. If miners are ruthlessly competing for market share, they may be more focused on doing whatever it takes to improve profit margins to win business.

Replace by fee

Replace by fee (RBF) is a system that enables the replacement of a transaction in a miner’s memory pool with a different transaction that spends some or all of the same inputs, due to higher transaction fees. A variant of this feature was first added by Satoshi, who later removed it. Bitcoin Core then added in an opt-in version of the technology, where users must specify that the transaction can be replaced when making the transaction.

RBF has always been controversial, both the full version and the opt-in version, with detractors claiming that it reduces the usability of Bitcoin by undermining zero-confirmation transactions. Supporters of RBF claim, among other things, that miners will eventually adopt full RBF anyway, as it boosts short-term profits by selecting transactions with larger fees, even though it may harm long-term profitability by reducing the utility of the system, which could lower the Bitcoin price. Again, it’s sometimes seen as a “tragedy of the commons” problem. Opponents of RBF may counter this by saying miners have more of a long-term focus, and therefore RBF advocates are solving a theoretical game-theory problem that may not apply.

Certain industry characteristics encourage short-term profit-driven motives and therefore full RBF:

Short-term profit: Full RBF more likely Long-term profit:  Full RBF less likely
A period of falling Bitcoin prices A period of rising Bitcoin prices
Lower profit margins Higher profit margins
Lower levels of industry concentration Higher levels of industry concentration
More intense competition and rivalry among miners A less intense competitive environment and collaboration among miners
Publicly owned mining companies Privately owned mining companies
Profit-driven miners Ideologically driven miners

Unlimited blocksize limit

As anyone following Bitcoin knows, the blocksize debate is a complex issue. One angle is the interrelationship between the fee market and mining incentivisation. Supporters of larger blocks sometimes argue that a fee market would still work with an unlimited blocksize, while “smaller-blockers” often dispute this point.

An element of this argument is related to whether miners focus on the long term or the short term, just like for RBF. Supporters of an economically relevant blocksize limit claim that without a limit, miners may focus on maximising short-term profits and scoop up all the fees, resulting in low fees and insufficient mining incentives. “Larger-blockers” retort that miners will have more of a long-term focus and would not take such action, as it would damage the long-term viability of the system, and therefore their businesses.

History of the “death spiral” argument

In some ways, this short-term versus long-term incentive discussion, or the “death spiral” argument, goes right to the genesis of the blocksize debate, back in in April 2011, which is when Mike Hearn wrote this at Bitcointalk:

The death spiral argument assumes that I would include all transactions no matter how low their fee/priority, because it costs me nothing to do so and why would I not take the free money? Yet real life is full of companies that could do this but don’t, because they understand it would undermine their own business.

One day earlier, Hearn had written that “the death spiral failure mode seems plausible” but he apparently changed his mind after thinking about the issue further.

Some larger-blockers have somewhat shifted views in recent years to a pro-mining philosophy of chasing short-term profits, perhaps because a large miner, Bitmain, ironically has been one of the most prominent advocates of larger blocks. Most larger-blockers appear have shifted the narrative to other valid points, although, as explained above, this “short term versus long term” line of thought can be considered the genesis of the blocksize debate and part of the reason for the initial division in the community.

There is no right or wrong answer to these questions. Whether miners have a short-term focus or long-term focus depends on many factors, including profitability and market share. The industry may go through cycles of shifts between long-term and short-term focus depending on conditions in the industry. This phenomenon is visible in traditional mining, driven by commodity price cycles that impact industry conditions.

Changing times: Short-term profit focus will be king

The Bitcoin community is rapidly transforming from a cohesive group of people with a shared vision working together to build a revolutionary technology to a larger community of competing profit-driven factions, and the change is almost complete. It may have seemed unrealistic a few years ago to assume that miners would be primarily driven by short-term profit maximisation, but this has increasingly become accepted as the norm, certainly after the hashrate swings caused by Bitcoin Cash’s EDA.

Mining is a business: TSMC has reported that one crypto-mining business may be spending US$1.5 billion per annum on chips, and growing. In some corporate-finance circles, rumours are circulating that large mining pools or chip producers could shortly conduct an IPO, something almost unimaginable a few years ago. This could put management of the mining pool in the unfortunate position of needing to justify operating profit margins to investment analysts and shareholders each quarter.  At the same time, many expect the mining industry to become more competitive this year, with new companies launching competitive products.

In this new world, RBF behaviour and the fee market “death spiral” failure mode seem more and more inevitable. Perhaps early fee market and RBF advocates were too obsessed with unrealistic and complex game theory, and maybe were too early, when a better tactical decision could have been to focus on the user experience before adopting RBF and full blocks. Bitcoin has changed, and short-term profit maximisation is the new mantra.

We predict that many miners will engage in full RBF and even overt AsicBoost (which can also boost profits) in the coming years as they do all they can to maximise short-term profits. Whether one likes it or not, it’s coming….

比特币共识分叉的完整历史

摘要:在这篇文章中,我们列出了 19 个比特币共识规则的变化(或 18 个,有一个意外 “失败” 了),这呈现了几乎所有我们认为比特币历史上的重要事件。这些事件中至少有 3 次造成了可识别的区块链分叉,分别持续了大约 51 , 24 和 6 个区块,这些事件分别发生在 2010 年, 2013 年和 2015 年。

资料来源:gryb25

 

专用术语

名称 释义
区块链分叉 区块链分叉,导致原区块链分拆成两个各自独立的区块链。这可能由硬分叉,软分叉或其他原因造成。
共识规则变更
硬分叉 放宽区块有效性的共识规则,以致以前认为无效的一些区块现在被认为是有效的。

现有节点需要升级才能整合到新的硬分叉区块链。

软分叉 收紧区块有效性的共识规则,以致以前认为有效的一些区块现在被认为是无效的。

现有节点不一定需要升级也可以整合到新的软分叉区块链上。

备注:我们相信这些条款起源于 2012 年 4 月,并在 BIP99BIP123 中正式确定

 

比特币共识分叉列表

日期 启动区块 BIP  号或软件版本 注释 类别 结果
2010 年 7 月 28 日 不适用 1 0.3.5 OP_RETURN 被禁用。修复一个让任何人可以支出任何比特币的重大缺陷 软分叉 在升级过程中没有证据表明有出现任何问题
2010 年 7 月 31 日 不适用 1 0.3.6 禁用 3 OP_VER 和  OP_VERIF 软分叉 有些用户在升级时遇到了问题,建议在不能升级的情况下 关闭节点
添加 NO_NOP 函数,尽管在这之前可能没有使用过 NO_NOP 硬分叉
2010 年 8 月 1 日 不适用 1 0.3.7 分离 scriptSig 和 ScriptPubKey 的评估。修复一个让任何人可以支出任何比特币的重大缺陷 潜在非确定的硬分叉 在升级过程中没有证据表明有出现任何问题
2010 年 8 月 15 日 74,638 0.3.10 在 1,845 亿比特币支出事件发生后,修复过量支出程序错误

当初交易时输入的 0.5BTC 仍未被支出

软分叉 区块链分叉了。 事件发生后 5 个小时,解决方案客户端 0.3.10 出台。我们相信在 “好区块链“ 夺回 PoW 领先之前,”坏区块链“ 上产生了 51 个区块
禁用 OP_CAT , 删除了 DoS vector, 同时禁用了 14 个其他功能 软分叉
2010 年 9 月 7 日 不适用 1 0.3.12 以不正確的方式添加 20,000 簽名操作限制。這個不正確的限制今天依然存在 软分叉 在升级过程中没有证据表明有出现任何问题
2010 年 9 月 12 日 79,400 不适用 添加 1MB 区块大小限制。

在 2010 年 7 月 15 日认可的“MAX_BLOCK_SIZE = 1000000” 是源于 2010 年 7 月 19 日 0.3.1 rc1 的软件版本。 认可的 1MB 规则在 2010 年 9 月 7 日执行,从第 79,400 个区块开始启动。在 2010 年 9 月 20 日,中本聪删除了这个启动规则,但保留了 1MB 的限制规则。

软分叉 在升级过程中没有证据表明有出现任何问题
2012 年 3 月 15 日 171,193 BIP30 不允许使用相同的 TXID 进行交易,除非较旧的交易完全用完。  2012 年 9 月,该规则已在所有区块中实行,除了 91,842 和 91,880 区块违反了该规则 软分叉 这是软分叉公布日,没有证据表明有出现任何问题
2012 年 4 月 1 日 173,805 BIP16 支付 Script Hash (P2SH)- 这允许交易发送到 script hash (地址开头为 3 )而不是公匙哈希(地址开头为 1 ) 软分叉 在 2012 年 2 月 1 日之前的 7 天内,激活率达到 55% 。矿工们升级的速度不够快,所以评估时间推迟到 3 月 15 日。运行 0.6.orc1 的用户延迟升级,当他们的无效交易节点被挖掘时,导致过早启动软分叉,卡在了区块 170,060 。 45% 的矿工生产无效区块形成的启动问题在软分叉后延续了几个月。
2013 年 3 月 24 日  227,835 BIP34 需要在 coinbase 交易中包括区块高度 软分叉 95% 的激活率。完成成功部署。
2013 年 3 月 11 日 225,430 0.8.0 这是由 Berkeley DB 迁移到 Level DB 引起的一个意外硬分叉,它意外的删除了未知的 10,000 BDB 数据库锁定限制。这导致了在 2013 年 3 月 1 日发生的一个区块链分拆,尽管导致错误的程序是在 20 天前发布的,也就是 2013 年 2 月 20 日。当比特币经济和矿工用回 0.7.2 规则,该变更也被切换了。 共识规则没有发生变化 发生了至少涉及 24 个区块的区块链分叉, 0.8.0 区块链上起码领先了 13 个区块。同时发生了成功重复支出的情况。初始规则的区块链最终重新取得领先 PoW
2013 年 3 月 18 日 不适用 1 0.8.1 这是一个临时的软分叉,导入了一个新的规则,要求区块中的输入引用不超过 4,500 个 TXID ,这个规则要比 10,000 BDB 锁定限制更严格。该规定于 2013 年 5 月 15 日过期,一个硬分叉发布日。 软分叉 没有证据表明有任何问题
2013 年 5 月 15 日 或 2013 年 8 月 16 日  252,451 或之前 BIP50 在 2013 年 8 月,可能产生了一个违反了原先 10,000 BDB 锁定限制规则的区块,该规则在 2013 年 5 月 15 日放宽了。 硬分叉 没有证据表明有任何问题
2015 年 7 月 4 日  363,731 BIP66 严格的 DER 签名 – 这种升级意味着比特币不再依赖于 OpenSSL 的签名解 软分叉 在 1.000 个区块的区间内达到 95% 的采用率。由于一些矿工表示支持 BIP66 ,但还没有升级,而且用 SPY 开采,所以发生了区块链分拆,持续了 6 个区块。最终新的软分叉规则夺回主动权。
2015 年 12 月 14 日  388,380 BIP65 检查锁定时间认证 – 这可以锁定资金直到将来的某个指定时间。这是比特币的一个新功能 软分叉 成功推出达到 95% 采用率
2016 年 7 月 4 日  419,328 BIP68
BIP112
BIP113
相对锁定时间

取消使用未来的时间戳来抓取过去交易时间中位数激励

软分叉 成功推出获得 95% 采用信号
2017 年 7 月 23 日   477,800 BIP91 这个临时软分叉标识出了 SegWit 升级的必要性 软分叉 尽管只有极少数用户采用了 BIP91 规则,但软分叉在 336 个区块区间内达到了 80% 的采用率。因此区块链分拆的风险在这段时间内更高了。
2017 年 8 月 1 日  478,479 BIP148 此临时软分叉在 2017 年 8 月 1 日之后的两周时间内标识出 SegWit 升级必要性 软分叉 尽管只有极少数用户采用了 BIP91 规则,软分叉公布日似乎成功且没有问题。因此区块链分拆的风险在这段时间内更高了。
2017 年 8 月 24 日  481,824 BIP141
BIP143
BIP147
隔离见证升级 软分叉 成功推出获得 95% 采用信号
2262年 13,440,000 BIP42 修正了 21 万个加密货币供应上限的错误。该软件已于 2014 年 4 月升级,以解决这个错误,但新的规则在到 23 世纪前都不适用。 软分叉 软分叉仍然不适用

资料来源:BitMEX 研究,Github,比特币区块链

 

备注:

  1. 除了 1MB 区块大小的限制之外,在 2012 BIP16 软分叉之前,没有任何的激活方法,因此如果分叉可以平稳的发生而不导致区块链分拆,则不一定有特定的共识分叉区块高度或发生日期。
  2. “如果你不能立即升级到 0.3.6 ,最好在那之前关闭你的比特币节点。” – 中本聪(资料来源
  3. 在删除 OP_VER 之前,每个软件升级都有可能被认为是一个非确定性的硬分叉,而这些情况已经被排除在这个清单之外。如果硬分叉的定义包括上述的情况,那么它的定义便太过迂腐了。
  4. 在上表中我们没有使用一致的定义,因为例如,根据具体情况,分叉的发生日期在每个事件中的定义根据该事件的情况都有所不同。
  5. 其他人也提到, P2P 协议的改变也可以被认为是硬分叉的一种,如果它们使以前的软件版本无法继续使用,使之前软件版本不再连接到网络。但严格来说,这些规则并没有放宽任何区块的有效规则,而是可以通过建立软件过度版本来同步旧节点。这些更改不包括在上面的列表中。
  6. 有些人认为 BIP90 是硬分叉的一种,然而由于它只是放松了过去发生的与软分叉激活相关的规则,所以它并不具备许多与共识分叉相关的特征或风险。
  7. 2010 年 7 月,区块链选择规则被改变了,由区块的数量转移到的累积工作量。从技术上讲,这不是区块有效性规则的变化,但是这种变化的确存在一些与共识规则变化相关的风险。

 

2013 年事件算是硬分叉吗?

我们认为,总的来说,发生在 2013 年 3 月 11 日之后几个月, BDB 锁定限额的添加算是一个硬分叉。有争议的规则是 10,000 BDB 的锁定限制,这是添加。该规则于 2013 年 5 月 15 日2013 年 3 月 18 日发布的软件版本 0.8.1 中放宽。超过此限制的区块可能最终于 2013 年 8 月 16 日生产。因此,该硬分叉的日期可以是 2013 年 5 月 15 日或 8 月 16 日,取决于您如何定义它。

 

虽然有些人认为这可能不算是一个硬分叉,原因可以有很多,包括觉得这个规则是 “半非确定性” 的,或者可以由手动改变 BDB 配置的设置。事实上,由于锁定限制的非确定特性,理论上有可能存在一个本地系统设置,使得旧的 BDB 锁定限制从未被突破。因此,由于透过非常严格的定义,要求硬分叉是确定性的,甚至可能与比特币数据(如交易或区块头)直接相关的,人们可以做出比特币“从来没有硬分叉过”的声明。

 

在讨论这个事件时,比特币开发者 Gregory Maxwell 说:

 

那里有一个混合包,实际上你可以拿一个 BIP-50 节点,并且完全同步区块链,我最近几个月前用 0.3.24 做了这个尝试。它只是不会可靠地处理涉及大区块的,除非您更改 BDB 配置。所以,如果这到底是不是一个硬分叉还是有争议的,因为它是非确定性的。之前有一些错误修复,旧版本会被卡住,并在此之前停止同步链接。所以我认为如果给予一个非常强大的定义,就是以创建一个违反了先前版本规定的规则的区块链来看的话,我们从来没有硬分叉过。

 

资料来源:https://bitcointalk.org/index.php?topic=702755.msg8116032#msg8116032

 

2015 年 7 月区块链分拆事件

在上述共识规则变化清单中,有三次事件造成了可识别的区块链分拆。最近一次发生在 2015 年 7 月 4 日,在 BIP66 软分叉升级期间发生。

在 BIP66 激活之后,立即产生了一个 6 的区块的孤儿链,因为矿工产生了无效区块,而其他矿池并没有被认定该为无效区块,因为它们并没有在验证新区块。

在这种情况下,一些矿工表示支持 BIP66 软分叉,但实际上并没有升级他们的节点来验证这些区块,可以说矿工是 “假表态”。如果矿工已经开始验证区块,他们会发现区块无效且拒绝这些区块,然而一些建立无效区块的矿工和一个无效区块分支却出现了。

下图显示说明了这 6 个区块和区块分叉的图表。

 

2015 年区块链分拆图表

资料来源: Blockchain.info (http://archive.is/WqGRp,http://archive.is/LHlF7)

 

免责声明

虽然在这篇文章中提出了许多说法,但我们并不保证准确性。我们可能犯了错误或者意外地忽略了列表中的共识规则更改。我们欢迎更正。

 

备注

在这篇文章发表之后,比特币维基上发布了另一个共识版本清单。

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

比特币黄金 (BTG) – 投资流量数据

摘要:几个星期前,我们发表了一篇关于比特币现金(Bitcoin Cash)的文章,讲述如何分析个别区块链上的交易数据,并试图得出两个区块链上潜在投资流量的结论。在本文中我们将提供关于比特币黄金(BTG)的类似分析。

 

比特币黄金(BTG)概述

比特币黄金(BTG)是一个由比特币区块链分割出来的加密货币,与比特币现金类似。任何人在第 491,406 个区块产出时(发生于 2017 年 10 月 24 日)持有比特币,都将被分配到相同数量的比特币黄金。根据客户交易时的余额,一些交易所允许客户从分叉日开始交易比特币黄金。然而,比特币黄金区块链本身似乎在快照点 21 天之后,即 2017 年 11 月 14 日后才变得可用。


比特币黄金的目的似乎是通过将哈希算法从 SHA256 切换到 Equihash ,从而改善采矿中心化,由于 Equihash 比由 ASIC 主导的 SHA256 更具有 GPU 亲和性。

 

比特币黄金分配给加密货币创始人

虽然比特币黄金项目团队并不想让这个事实众所周知,但他们新创建了 100,000 个加密货币,然后分配给比特币黄金的团队成员们。总共涵盖 8,000 块区块奖励,一个区块奖励 12.5 BTG,两数相乘可以得到 100,000 个加密货币。


根据比特币黄金当前的现货价格每个 450 美元,这个奖励总额值约 4,500 万美元。在许多人看来,这种看似不必要的分配可能会损害比特币黄金的公正性。例如比特币现金就没有这样的分配机制。有人也可能会争辩说,比特币现金的初始难度调整机制也允许在硬分叉之后的初始阶段产生大量的加密货币,虽然这似乎比比特币黄金更公平,因为任何人都可以挖掘比特币现金,他们没有直接获得分配。

 

交易支出总额

截至 2017 年 12 月 20 日,已有 261 万个比特币金币至少被支出了一次。相比之下,比特币区块链上在快照点和比特币黄金可以开始交易后分别支出了 470 万个比特币和 240 万个比特币。这也相当于支出了 410 万个比特币现金,若以比特币现金分叉后的相应天数计算。


已经花费的 261 万比特币黄金占所有比特币黄金总量约 15.8% 。我们认为,这可能与比特币黄金的撤资有关,主要是因为这个 261 万加密货币数字高于比特币同期第一次支出比例。


图 1 – 比特币黄金(BTG)与比特币(BTC) – 自区块链分割以来至少支出一次的加密货币数量与比特币黄金价格比较 – 百万

资料来源:BitMEX 研究,比特币区块链,比特币黄金区块链,Bitfinex(价格数据)

 

比特币现金首次支出(每日)

比特币黄金首次平均每日支出与发布后的初始阶段相比略有下降。在过去的十天里,平均每天的支付量是 44,000 ,相比之下,前十天是 110,000 。

 

图 2  – 自区块链拆分后首次支出的比特币黄币与比特币黄金价格相比(日支出百万美元)

资料来源:BitMEX 研究,比特币黄金区块链,Bitfinex(价格数据)

 

安全事件

在 2017 年 11 月 21 日至 2017 年 11 月 25 日的 4.5 天内,官方比特币黄金Github资料库可能已被黑客入侵,导致官方网站提供了一个恶意的钱包。根据比特币黄金团队发布的消息,恶意钱包只容许黑客提取发送到新比特币黄金地址的资金,因此比特币不受影响,因为现有的私人密钥没有受到影响。目前仍不清楚究竟发生了什么,但比特币黄金团队声称,至少有 80 BTG 被盗。鉴于此次事件的严重性,我们认为,这种影响潜在后果可能更严重。

 

该事件说明了为什么谨慎处理这些新的硬分叉加密货币是非常重要的。特别是,我们强烈建议您在仍未将比特币支付到新的与与私匙无关的输出点的情形下,不要将比特币私匙导入到这些新的分叉加密货币钱包中,以便使得您的比特币没有风险。

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

承受着加密货币的市场风险及收益的上市公司

摘要:近几个月来,像比特币这样的加密货币相关资产价格暴涨,许多投机者似乎想要持有其价格上行的仓位,但我们认为其价格下调的风险很高。在这篇文章中,我们分享一个可以持有其潜在价格上行仓位但风险较低的方法,通过提供一些在加密货币市场有一定参与度而同时还有其他领域业务的上市股票给您参考。

 

概述

今年以来,比特币的价格已经上涨了 1,600% ,而另一些加密货币,如以太坊和莱特币,的价值升幅更大。因此,我们认为,整体价格下跌的风险较大。例如,在比特币产值减半的机制下,未来四年可能出现价格疲软周期。该领域的现有投资者可能希望在锁定一定的利润的情况下,仍保留一些上行仓位,而潜在的新的刚进入这个领域的投资可能希望在持有上行仓位的情况下,同时降低一些价格下行的风险。

 

为了供您参考,我们列出了上市公司名单,其中一些业务增长由加密货币相关领域驱动,可能受益于加密货币价格进一步升值,但这些公司同时拥有其他业务可以分散因加密货币市场而导致股价下行的风险。在对所讨论的任何公司进行投资之前,您应该自行进行更多的研究:以下信息旨在为公司作出基本介绍。

 

承受着加密货币潜在市场风险及收益的上市公司名单

公司股票 网站 注解
 

 

http://www.tsmc.com 潜在稳定的投资机会,拥有高利润率的业务及其核心业务与加密货币市场密切相关日
http://www.alchip.com 可能需要更多的研究来确定加密货币市场对其业务发展的相关性
 

 

https://www.gmofh.com 可能是一个有趣的投资,虽然是新的加密货币交易所,目前规模较小
 

 

http://www.globalunichip.com 具有强大的ASIC设计业务,但是股票价格相对较贵
 

 

https://www.gmo.jp 可能缺乏对加密货币某个领域的专注力
 

 

https://www.overstock.com 可能缺乏对加密货币某个领域的专注力
 

 

https://squareup.com 不清楚这种商业模式是否具有强大的盈利能力
 

 

https://www.ig.com 加密货币交易可能会蚕食其现有的客户
 

 

https://www.plus500.com 加密货币交易可能会蚕食其现有的客户
http://www.garage.co.jp 与加密货币的相关性较弱
 

 

http://premiumwater-hd.co.jp 与加密货币的相关性较弱,且不清楚其股东能如何从ICO中获益
 

 

http://www.cmegroup.com 加密货币业务的占比可能没那么重
 

 

http://www.cboe.com 加密货币业务的占比可能没那么重
 

 

http://www.sbigroup.co.jp 与“假中本聪”的关联令人担忧

 

稍微更详细的分析这些公司

 

台积电(TSMC)

投资理念

  • 在我们看来,对台积电的投资很可能是获得一些适度上行仓位的好方法,同时可以减轻或消除下行风险。

 

概述

  • 这家台湾公司是全球最大的半导体代工厂。台积电是一个完全专注于集成电路制造的公司。
  • 根据最近的季度财报资料,加密货币采矿相关业务每季度收入为 3.75 亿美元,占集团销售额的 5.1% 。然而,随着加密货币的价格不断升值,这个业务板块很可能正在快速增长。


投资案例

  • 台积电利润率极高,2017 年 EBITDA 利润率预计为 66% 。我们认为该公司在加密货币业务方面可以实现该利润率。
  • 以目前的加密货币价格来看,矿工和 ASIC 设计师很可能正与台积电下大量订单,这可能意味着明年的销售增长。如果加密货币价格大幅上涨,2018 年的订单量可能非常强劲。因此,如果有人确信2018 年将是加密货币的大年,那么台积电可能是获得这种仓位的一种相对低风险的方式。
  • 加密货币采矿是一个具有挑战性和竞争性的业务,因此大部分的利润可能会被提供关键设备的公司所赚取。在不论哪家采矿公司占据主导地位的情况下,台积电都能从中受益。正如马克 · 吐温所说:

在淘金期间,贩卖铲子是一桩很好生意

  • 台积电在派息方面也是非常健康的,其收益率为 3.1% 。公司从未停止过派息,因此如果市场疲软,这应该能支持股价。
  • 台积电非常关注其核心业务,作为半导体代工厂,不会因为投资其他区块链相关领域(如 ICO 或 Ripple )而分散注意力。我们认为,长期来看,对某个领域有专攻的企业往往表现较好。

 

投资风险

  • 目前相信台积电只有一家加密货币采矿客户比特大陆(Bitmain),因此存在着巨大的客户集中风险。
  • 苹果(APPL US)和 iPhone 对该公司的风险及收益影响较大。

 

估价指标


资料来源:彭博,BitMEX 研究

 

世芯电子(Alchip)

投资总结

  • 世芯电子可能值得进一步研究,以确定其业务与加密货币市场的相关性。

 

概述

  • 世芯电子是一家台湾 ASIC 设计和制造公司,规模比 GUC 规模小(下文将提到)。
  • 我们不知道加密货币采矿对这家公司业务的相关性有多高,然而,在最近的公司演示文稿中,一个页面解释了一些比特币挖掘相关产品。

 

投资案例

  • 这个名字目前不是太多人熟悉,因此 2018 年强大的加密货币增长能带来的好处可能是非常显着的。

 

投资风险

  • 比特币相关业务的规模还不得而知。
  • 盈利记录不可靠,公司 2016 年亏损。
  • 据说订单前景相对于其他一些公司的可预见度较低。
  • 该股迄今累计上涨 171% ,表明加密货币市场的风险及收益可能已经反映在估值中。

 

估价指标

资料来源:彭博,BitMEX 研究

 

GMO 金融控股(GMO Financial Holdings)

投资总结

  • 由于公司现有的基础设施和专业知识,GMO Coin 可能会成为日本成功的加密货币交易所。因此GMO 金融控股可能是一个有趣的投资机会。

 

概述

  • GMO 金融控股是一家 GMO 网络(GMO Internet)旗下的上市子公司。GMO 网络占 GMO 金融控股 80.8% 的股权,因此股票市场流动性较低。
  • 该业务包括一个零售外汇平台,以及由 GMO 金融持有 58% 股权新的 GMO Coin 交易所。
  • 加密货币采矿业务和 ICO 不会放在该子公司的业务板块下,而是在 GMO 网络集团内部的业务板块下。

 

投资案例

  • GMO 金融控股提供比母公司更直接的加密货币交易平台业务。交易平台业务相当新,因此具有相当大的发展潜力。
  • 它拥有日本最大的外汇交易零售平台,因此 GMO 金融可能已经拥有需要成功构建加密货币交易平台的基础设施和专业知识。
  • 该交易所计划在短时间内开始提供杠杆产品。

 

投资风险

  • 我们无法确定 GMO Coin 的交易量数据,因此市场份额可能很低。不过,最近的公司介绍显示其增长强劲。
  • 该公司有公布 GMO Coin 交易所业务的月度交易量数据。

 

估价指标

资料来源:彭博,BitMEX 研究

 

创意电子(Global Unichip)

投资总结

  • 估值看起来相当贵,股价可能已经反映了加密货币市场能带来的好处。

 

概述

  • 创意电子是一家台湾无晶圆 ASIC 设计公司。台积电持有创意电子约 34% 股权,台积电董事长也在创意电子(中国)任职。但是,台积电的技术库对其他竞争的无晶圆公司开放。
  • 我们认为,与 2017 年加密货币采矿相关的销售额占创意电子销售额的 20% 左右,2018 年这个数字可能会大幅增长。

 

投资案例

  • 加密货币业务占了 20% ,是销售收入重要的组成部分,2018 年采矿业务的竞争将更加激烈,因此 ASIC 设计可能是关键。因此,如果 2018 年加密货币的价格上涨,创意电子可能会表现非常好。

 

投资风险

  • 在某程度上,其股票价格已经反应了加密货币市场的利好,今年股价上涨了 304% 。因此,我们认为,如果加密货币市场崩盘,则存在显着的下行风险,但这实际上仍比实际持有加密货币的风险更小。
  • 以 34.7 倍的EV / EBITDA测算,该股票的价格较贵。
  • 除了加密货币市场外,创意电子也依赖于 机器学习 /人工智能(AI)相关领域的行业发展。

 

估价指标

资料来源:彭博,BitMEX 研究

 

GMO 网络(GMO Internet)

投资总结

  • GMO网络似乎在加密货币领域缺乏单一板块的专注力,因此 GMO 金融控股可能是一个更好的投资选择。

 

概述

  • GMO 网络是一个日本互联网基础设施和数字支付集团。该公司的主要业务是在线信用卡交易处理,域名相关服务和 SSL 证书服务。
  • 2017 年 10 月,该公司宣布推出比特币采矿业务,并可能推出相关的 ICO 业务。
  • 该公司还有一个名为 GMO Coin 的子公司,一个加密货币交易所。

 

投资案例

  • GMO 在加密货币,ICO ,采矿和交易所的运作方面提供了广泛的加密货币市场投资机会。
  • 其核心业务 SSL 证书服务增长强劲,2017 年销售额增长了 90%。

 

投资风险

  • 公司正在进入竞争剧烈的行业领域,但似乎缺乏聚焦,同时尝试着许多不同的板块。所以他们不可能在所有的板块都很成功。
  • GMO 计划明年推出 7nm 采矿芯片,这是一个野心挺大的项目,特别是在有比特大陆作为一个强有力的竞争对手,且还不清楚 GMO 的采矿芯片合伙制造商是谁的情况下。
  • 公司对 GMO Coin 的所有权占比很低,只有 46% 。

 

估价指标

资料来源:彭博,BitMEX 研究

 

Overstock

投资总结

  • 该公司可能在加密货币领域方面缺乏侧重点,而股票上涨可能已经反应了加密货币市场的利好。

 

概述

  • Overstock 是一家美国电子商务公司,专注力于家具和床上用品。
  • 几年来,该公司的首席执行官兼创始人帕特里克布赖恩(Patrick Bryan)先生一直是比特币热衷支持者。这可能源于几个着名的投资银行和对冲基金被指控针对 Overstock 在 2005 年的裸卖空行为后,首席执行官的反华尔街立场。布赖恩最终获得对手支付一笔和解费来平息事件。
  • 2014 年,Overstock 第一次接受比特币付款,并参与了多个项目,包括 2014 年的 Counterpary 交易平台,以及 2016 年第一次在平台上推出 Overstock 股票的 t0 系统,同时目前正在建立分布式账本系统。

 

投资案例

  • Overstock 提供了广泛的加密货币市场投资机会。

 

投资风险

  • 像上面提到的许多公司一样,Overstock 似乎缺乏侧重点,并正在尝试着各种与加密货币市场有关的项目。
  • 年初至今股价累计上涨了 214% ,部分原因在于加密货币市场利好。

 

估价指标

资料来源:彭博,BitMEX 研究

 

Square

投资总结

  • 投资界可能已经很好地理解了加密货币的故事,而估值评级可能会为股价带来相当大的下行风险。

 

概述

  • Square 是一家美国数字支付解决方案公司。
  • Square 最近宣布推出一款新产品,使用户能够在移动应用上购买和出售比特币。

 

投资案例

  • 自推出以来,新的比特币应用程式获得了正面的反馈,因为它被认为易于使用。

 

投资风险

  • 基于传统的估值测算,股票非常昂贵。
  • 比特币应用程序不提供用户在比特币网络上支付的功能。
  • 目前还不清楚移动应用商业模式中的买/卖比特币是否有利可图。

 

估价指标

资料来源:彭博,BitMEX 研究

 

IG 集团

投资总结

  • 强大的加密货币业务可能会蚕食其他领域的收益,因此加密货币相关的好处可能会受到限制。

 

概述

  • IG 集团是一家英国的差价合约和差价博彩平台公司。
  • 由于高波动性,公司也有提供加密货币相关的交易产品,该产品有助于提高盈利,因为其他产品的波动性较低。

 

投资案例

  • IG 是零售领域最大和最强的差价合约公司之一。

 

投资风险

  • 英国和欧洲的监管环境是公司面临的重大挑战之一。零售杠杆交易行业受到监管机构的严密监督。
  • 虽然加密货币业务可能表现良好,但不清楚这是否会导致新的客户,或 IG 现有的客户为了只享受交易,并将切换到其他具有波动性的产品。

 

估价指标

资料来源:彭博,BitMEX 研究

 

PLUS 500

投资总结

  • 像 IG 一样,更强大的加密货币销售可能会蚕食其他领域的收入。

 

概述

  • Plus 500 是一家英国的在线零售交易平台。

 

投资案例

  • Plus 500 的技术平台使其能够比许多同行更快地推出新产品,确保它能够在不稳定的加密货币市场中更快地跟上新趋势。
  • 由于 IG 的品牌和更悠久的历史,Plus 500 股价相对 IG便 宜。然而,Plus 500 的客户留存率正在改善,并且它越来越关注忠诚的高价值客户,而不是关注可能会随时失去所有的钱和离开的投机客户。

 

投资风险

  • 就像 IG 一样,差价合约相关的监管可能日趋严格是一个主要风险。

 

估价指标

资料来源:彭博,BitMEX 研究

 

Digital Garage

投资总结

  • 人们可以考虑一个双向交易,做多 Digital Garage 同时做空 Kakaku.com ,虽然与真正的加密货币业务的相关性似乎看来微不足道。

 

概述

  • Digital Garage 是日本的技术投资基金,主要资产是价格比较网站 Kakaku(2371 JP)。
  • Digital Garage 也投资于区块链基础设施公司 Blockstream。
  • 从理论上讲,您可以在做多 Digital Garage 的情况下同时做空 Kakaku 来增加对 Blockstream 的风险收益率。

 

投资案例

  • Blockstream 推出了一款卫星产品,能够在全球广播比特币交易。

 

投资风险

  • Blockstream 的业务模式似乎有些模糊。该公司似乎更专注于技术和基础设施而不是商业行为,因此可能无法产生收益。
  • 与 Blockstream 的相关性非常有限。

 

估价指标

资料来源:彭博,BitMEX 研究

 

Premium Water 控股

投资总结

  • 与加密货币市场的相关性较弱。

 

概述

  • Premium Water是日本一家高增长的矿泉水交付公司,向家庭和办公室市场提供食用水。
  • 根据 COMSA 白皮书第10页,公司将进行 ICO ,或许为了业务扩张而筹集资金。 COMSA 是日本的集中 ICO 解决方案公司,最近自己进行了加密货币销售。

 

投资案例

  • 公司可能会在 ICO 筹集大量资金,现有股东有可能会受益。

 

投资风险

  • 就算有,现有股东如何从 ICO 受益尚不清楚。

 

估价指标

资料来源:彭博,BitMEX 研究

 

芝加哥期商交易所(CME Group)

投资总结

  • 加密货币不太可能成为一个主要的盈利来源。

 

概述

  • CME 经营机构衍生品交易所,交易期货合约和期权。这些工具与利率,股票指数,外汇和大众商品相关。
  • 该公司最近宣布推出比特币期货合约。

 

投资案例

  • 投机似乎是比特币交易的主要目的之一,因此比特币产品的推出可能会导致 CME 的交易量大幅度增长。

 

投资风险

  • 比特币产品是新的,相较CME的其他产品比特币期货是否会有很大的需求仍是一个未知之数。
  • 在 21.0 倍的 EV / EBITDA 看来,该股价已经相当昂贵。

 

估价指标

资料来源:彭博,BitMEX 研究

 

芝加哥期权交易所(CBOE)

投资总结日

  • 加密货币不太可能成为一个主要的盈利来源。

 

概述

  • CBOE 经营机构金融期权交易平台。主要交易工具与外汇和股票指数相关。
  • 该公司最近宣布推出比特币期货合约。

 

投资案例

  • 和 CME 一样,投机行为似乎是比特币所使用的主要目的之一,比特币产品的推出可能会导致 CBOE 交易量的大幅增长。

 

投资风险

  • 比特币产品是新的,相较 CBOE 的其他产品比特币是否会有很大的需求仍是一个未知之数。
  • 在 24.4 倍的预期期 EV / EBITDA 来说,股票已经相当昂贵。

 

估价指标

资料来源:彭博,BitMEX 研究

 

SBI 控股

投资总结

  • 与 “假中本聪” 合作行为是一个重要的关注点,因此我们不建议投资于 SBI 。

 

概述

  • SBI 控股是一家日本金融公司,主要业务是国内线上股票交易平台。 SBI 看作是 GMO 的同业。
  • SBI 控股公司对加密货币领域似乎非常热忠。该公司有一个加密货币基金,投资于 Ripple ,R3 ,Orb ,Coinplug ,Wirex ,Veem 和 bitFlyer 。 (资料来源
  • SBI计划进一步投资,包括比特币挖掘。 SBI 也拥有区块链咨询业务,包括为 ICO 提供咨询服务。

 

投资案例

  • SBI 控股提供了在加密货币市场许多领域的投资机会。

 

投资风险

  • SBI 最近宣布与 nChain 建立战略合作伙伴关系,这家公司由克雷格赖特(Craig Wright)先生经营,在比特币社区内也被称为 “假中本聪” 。这可能表明,SBI 与赖特先生合作本身对加密空间的知识有限,或者公司可能正在浪费股东资金。
  • SBI 也似乎缺乏区块链战略的重点。

 

估价指标

资料来源:彭博,BitMEX 研究

 

列出其他与加密货币市场相关上市公司

编号 名称 市值(百万美元) 2017年至今收益回报 (美元) 描述 区块链专攻
日本
4751 JP Cyberagent 4,814 50.0% 运营媒体网站 Ameba ,并提供广告代理服务,外汇交易网站以及 PC 和手机内容服务。有可能正在为设立自己的加密货币交易而所做准备
3774 JP Internet Initiative Japan 841 16.2% 为企业提供互联网连接服务。准备增加比特币服务业务
6172 JP Metaps 365 (24.6%) 开发智能手机的广告应用平台。有可能正在为设立自己的加密货币交易而所做准备
3825 JP Remixpoint 322 359.9% 电力零售业务,节能咨询和二手车销售业务。  BITPoint 交易所业务
2315 JP Caica  231 (7.7%) 为金融和电信行业提供信息系统解决方案服务。发行加密货币 “Caica”
3696 JP Ceres   216 34.8% 提供网络营销服务。提供 Coin Tip 服务
3853 JP Infoteria 177 47.6% 提供基于 XML 的软件开发。发行加密货币 “Zen”
8732 JP Money Partners    133 (18.0%) 提供外汇交易服务。与 Kraken 交易所联盟
3807 JP Fisco  125 22.4% 提供财务信息。交易和处理 Monacoin
8704 JP Traders Holdings   120 (8.7%) 通过互联网和呼叫中心提供金融服务。 Quoinex 交易所业务
3121 JP MBK  102 36.7% 为日本和中国的企业和房地产提供贷款和投资服务。投资于 BTCBOX 交易所
3808 JP Okwave   43 36.6% 问答社区网站 OKWave 。有可能正在为设立自己的加密货币交易而所做准备
台湾
2377 TT Micro Star 2,058 5.6% 制造和销售主板和视频图形加速(VGA)卡
2376 TT Gigabyte Tech 1,102 28.8% 制造和销售电脑主板
3515 TT AsRock 296 100.6% 开发,设计和销售主板
2399 TT BioStar Micro 84 70.5% 制造和销售电脑主板和接口卡
6150 TT TUL Corp 68 312.3% 开发,制造和销售视频图形加速(VGA)卡,多媒体产品和接口卡
美国
NVDA US NVIDIA 116,085 80.2% 设计,开发和销售图形处理器和相关软件
AMD US AMD 9,928 (9.3%) 制造半导体产品
GBTC US Bitcoin Investment Trust 5,139 2,383.0% 专门投资于比特币的信托基金
RIOT US Riot Blockchain 275 732.7% 购买加密货币和区块链业务,以及支持区块链技术公司
SSC US Seven Starts Cloud Group 262 241.5% 提供人工智能,区块链和金融科技支持的数字金融解决方案
MGTI US MGT Capital  204 475.3% 运营一系列网络安全技术
DPW US Digital Power 103 686.4% 设计,开发,制造和营销用于销售给计算机和其他电子设备制造商的开关电源
加拿大
HIVE CN Hive Blockchain 636 n/a 作为一家加密货币采矿公司
BTL CN BTL Group 197 991.7% 开发区块链技术
CODE CN 360 Blockchain 33 600.0% 投资区块链技术
澳大利亚
DCC AU Digitalx 106 495.7% ICO 咨询和区块链咨询服务

资料来源:彭博,BitMEX 研究

 

免责声明:本文不构成投资建议。在决定进行任何投资之前,您应该自行研究。

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)