Tether: Puerto Rico financial data quarterly update

Abstract: Following our earlier research pieces on Tether, financial information from Q1 2018 has been released by the financial regulators in Puerto Rico, providing more evidence of the impact of Tether. In addition to this, a source close to Tether has confirmed to us that the speculation in our initial report is correct.

After our earlier speculation that Noble Bank in Puetro Rico was Tether’s primary reserve bank, a few months later in May 2018 Bloomberg released an article further substantiating our claims. As Bloomberg put it:

According to three people with knowledge of the matter, Noble Bank International, based in San Juan, Puerto Rico, took over banking duties for Bitfinex last year.

In addition to the above, BitMEX Research has also now spoken to people close to Tether, who have also confirmed the reliability of most of the claims in our February 2018 report. Our initial discovery was based on the disclosure of data from the financial regulator in Puerto Rico, who have recently provided the latest update, for the quarter ended March 2018. In our view, the data continues to support our initial speculation.

New Financial Data for Q1 2018

Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.5 billion, up 6.9% in the quarter. Total assets in the category were $4.1 billion, up 7% in the quarter. This moderate growth coincides with a the moderate increase in the volume of crypto-coin trading, which has likely resulted from the continued growth of the Tether balance and crypto-coin ecosystem, moderated by crashing crypto-coin prices in the quarter. In the quarter, the value of Tether in issue increased by 62.7% to $2.3 billion.

We have updated the chart below from the version in our earlier piece, which compares the Tether balance with the deposits in the banking category in Puerto Rico which contains Noble Bank.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

 

Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 85.8% to 91.0%. This also indicates crypto-coin or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)

 

In the quarter the regulator appears to have changed the name of the Tether balance, to “Deposits, money market investments and other interest-bearing balances” from “Cash in banks“. We do not view this as suspicious.

 

A brief history of Stablecoins (Part 1)

Abstract: In this piece we look over the history of distributed stablecoins, focusing on two case studies, BitShares (BitUSD) and MakerDAO (Dai). We examine the efficacy of various design choices, such as the inclusion of price oracles and pooled collateral. We conclude that while a successful stablecoin is likely to represent the holy grail of financial technology, none of the systems we have examined so far appear robust enough to scale in a meaningful way. The coins we have looked at seem to rely on “why would it trade at any other price?” type logic, to enforce price stability to some extent, although dependence on this reasoning is decreasing as technology improves.

 

Please click here to download a pdf version of this report

 

Overview

Distributed stablecoins aim to achieve both the characteristics of crypto-coins like Bitcoin (censorship resistant digital transactions) and the price stability of traditional financial assets, such as the US Dollar or gold. These systems are distinct from tokens such as Tether, where one entity controls a pool of US Dollar collateral, ultimately making the system centralised and thus susceptible to being shut down by the authorities.

Along with the somewhat related idea of distributed exchanges, distributed stablecoins have been referred to as the “holy grail” of financial technology, due to their very strong potential benefits. In our view the transformative nature of such a technology on society would be immense, perhaps far more significant than Bitcoin or Ethereum tokens with their floating exchange rates. Distributed stablecoins could have the advantages of Bitcoin (censorship resistance combined with the ability to transact electronically), without the difficulties of a volatile exchange rate and the challenge of encouraging users and merchants to adopt a new unknown token. Such a system is likely to be very successful and therefore it is no surprise that so many people have attempted to launch such projects:

List of stablecoin projects

Name Type Launch Date White paper link
BitShares (BitUSD) Crypto-collateralized 21 July 2014 White paper
Nu (NuBits) Crypto-collateralized 24 Sept 2014 White paper
Steem (SteemUSD) Crypto-collateralized 19 April 2016 White paper
Corion Non-collateralized 14 Oct 2017 White paper
MakerDAO (Dai) Crypto-collateralized 27 Dec 2017 White paper
Alchemint Crypto-collateralized Sept 2018 White paper
BitBay Non-collateralized Sept 2018 White paper
Carbon Non-collateralized n/a White paper
Basis Non-collateralized n/a White paper
Havven Crypto-collateralized n/a White paper
Seignoriage Shares Non-collateralized n/a White paper

The technical challenges involved in creating such systems are often underestimated. Indeed constructing a distributed stablecoin system, which is robust enough to withstand cycles or the turbulence and volatility linked to financial markets may be almost impossible. For instance perhaps most forms of fiat money, even the US Dollar itself, have not even achieved that, with credit cycles putting US Dollar bank deposits at risk. A stablecoin system which builds on top of the US Dollar is therefore never going to be more reliable than traditional banking, in our view.

In economics there is a concept of money supply, with risk and the potential inflationary impact increasing as the number of layers increase. One could add this stablecoin systems on top, as a new high risk layer:

  • M0 – Notes & coins plus deposits at the central banks
  • M1 – Money on deposit in a bank current account (including M0)
  • M2 – Money on deposit in a bank savings account (including M1)
  • M3 – Money in a money market account (including M2)
  • MZM – Money in all financial assets redeemable on demand (including M3)
  • MSC (Synthetic Crypto Money) – Money inside synthetic crypto stablecoin systems  (including MZM)

However advanced or sophisticated the distributed stablecoin technology is, we believe the token is likely to be less robust than the layers above it in the money supply tree.

In this piece we review some of the most prominent and interesting attempts at building these synthetic US Dollar type systems. BitUSD in 2014 and then a more recent project, MakerDAO (Dai).

 

Case study 1: BitShares (BitUSD) – 2014

Factbox
Coin Name BitUSD
Launch Date 21 July 2014
Crypto collateral Yes
Price oracle No

The first stable coin we will discuss is BitUSD, a stablecoin on the BitShares platform. BitShares was a delegated proof of stake (DPOS) platform launched in 2014 by:

  • Daniel Larimer (The primary architect behind EOS and Steem),
  • Charles Hoskinson (the former Ethereum Foundation CEO & Cardano architect), and
  • Stan Larimer (Daniel’s father).

BitShares is just one in a long line of decentralised autonomous corporation (DAC) type platforms released by Daniel Larimer, as the below image shows:

(Note: Daniel Larmier’s company Invictus Innovations launched a number of token/DAC platforms including Protoshares, Angelshares and BitShares. The black arrows represent Protoshares coin holders being granted tokens in the new chains, which Invictus Innovations promised to deliver on all new DAC platforms. Source: BitSharestalk)

 

BitUSD Marketing material

(Source: Introduction to BitShares Youtube video)

BitUSD System dynamics

Pools of Funds Description
Bitshares The native currency of the BitShares platform
Bitshares held as collateral Separate pools of Bitshares  held as collateral, used as backing for the stablecoin.
BitUSD The stable token, designed to track the value of the US Dollar

 

Groups of Participants Description
BitUSD holders Investors and users of the BitUSD stable coin. Holders of BitUSD are able to redeem the tokens for the Bitshares held in collateral.
BitUSD creators Those that create new BitUSD, by selling it into the market (creating new loans), by posting BitShares as collateral. This loan may be for a small period of time, after which it needs to be rolled over or have its collateral topped up to the initial margin level.
Traders Those exchanging BitUSD for Bitshares, and vica versa, on the platform’s own distributed exchange. There is therefore a Bitshares vs BitUSD market price.
Block producers Bitshares block producers/miners have a role of spending the BitShares backing BitUSD, something they are only entitled to do if the value of the BitShares is less than 150% of the value of the BitUSD it is backing (based on the BitUSD vs BitShares exchange rate on the system’s own distributed exchange). The miner can then uses the Bitshares to redeem/destroy the BitUSD. (After the launch the 150% margin level was increased to 200%)

 

Price Stability Mechanisms Price Direction Description
Investor psychology (Unclear/”Why not trade at $1?”) Both directions There does not appear to be a specific price stability mechanism in the BitUSD system. One can redeem and create BitUSD, however the price this transfer occurs at is determined by the BitUSD vs BitShares price in distributed exchange, which is not linked to “real USD”. In a way the price references itself. There is therefore no direct mechanism keeping the price of BitUSD at $1, but the argument put forward is “why would it trade at any other price?” In our view this logic is weak.
BitUSD redemption (indirect) Positive Should the value of the collateral currency (BitShares) fall, any BitUSD holder can redeem the BitUSD and obtain $1 worth of BitShares, assuming the market price of BitUSD is still worth $1 and there is sufficient BitShares held in collateral.

This stability mechanism protects the integrity of the system only in the event that the value of BitShares falls and the BitUSD market price remains at $1. It does not directly stabilize the price of BitUSD around $1, in our view. If the price of BitUSD deviates from $1, this mechanism may not help correct the price.

In our view, it is important to draw the distinction between a mechanism designed to protect the value of collateral and that of a mechanism which directly causes the price of the stablecoin to converge.

Weaknesses

Exposure to a fall in the value of collateral – BitShares was a new, untested and low value asset, and therefore its value was volatile. If the value of the token falls by 50% sharply, in a period spanned by one of the loans used to create BitUSD, there may be insufficient collateral and the peg could fail.

Lack of a price oracle – In our view one of the most controversial aspects of this design is the absence of any price oracle mechanism, providing the system with real world exchange rates. However any price oracle system is challenging to implement and may introduce several weaknesses and avenues for manipulation. We will talk more about this in part 2. In our view, the only real way around this may be that any stablecoin system may require a price feed from a distributed exchange, which can in theory publish a distributed price feed from real world US Dollar transactions. The distributed exchange in BitShares did not allow “real USD”. A distributed exchange system like Bisq, without a central clearing could in theory allow “real USD” prices and provide a distributed price feed.   Therefore stablecoins may eventually be considered as a layer two technology on top of liquid and robust distributed exchange platforms, should these systems ever emerge.

Manipulation – Trading volume in the Bitshares vs BitUSD market on the distributed exchange platform was low, it was therefore possible for block producers to manipulate the market by causing the value of Bitshares to fall relative to BitUSD, enabling them to obtain Bitshares at a discount.

Lack of any price stability mechanism – The main weakness of the system is the lack of any mechanism to move the price towards $1, other than the “where else would it trade?” logic.

Daniel Larimer’s defence of the system

In Daniel’s view, the mechanism of BitUSD creation is analogous to how USD are created in the economy, in that financial institutions lend them into existence.

It’s the same way dollars are created in the regular banking system. Dollars are learnt into existence backed by collateral, in the case of the current banking system the collateral is your house. In the case of our system its shares in the DAC itself.

(Source: Lets talk Bitcoin episode 129)

 

In a way Daniel is correct here, however as we explained in the introduction to this piece, these synthetic dollars are far less reliable than those created by more traditional banks, and can be considered as a whole new layer of risk, as they are even further away from base money. In addition to this, when obtaining a bank loan, the bank typically has a legal obligation to provide the customer physical cash should they demand it. While such an outcome for BitUSD holder is possible, its not a legal obligation for the creators of BitUSD. Although obviously banks typically do not have the cash in reserve to pay back their deposits, we think the fact they have a legal obligation to do so is an important distinction to draw when comparing BitUSD to US Dollar banking deposits.

In response to the supposed weakness of a lack of a price peg, Larimer argues in favor of his “hypothesis that the price feed is unnecessary” as follows:

It implements automatic margin calls, such that if the price moves against someone who is effectively short, it forces them to cover and buy it back in the market and that creates a peg. The market peg works on the premise that all market participants buy and sell based on what they think market participants will be buying and selling in the future. The only rational choice is to assume that it’s going to trade based on the peg in the future. If you don’t believe that they you have to decide on which way it’s going to go, up or down. And if you don’t have a way of saying you abstain from the market. If you don’t think it works you sell the shares and get out, as the systems going to fail in the first place. So its a self reinforcing market peg, that causes the asset to always have the purchasing power of the dollar.

(Source: Lets talk Bitcoin episode 129)

 

In our view this idea that a price of $1 is the “only rational choice” is a weak argument. It is basically saying that if the price is not $1, then what will it be? This logic may hold true for some periods, but it is not sustainable and will not scale, in our view.

Conclusion

The volume of BitUSD in existence was a lot lower than many had hoped, in some periods there was only around $40,000 in issuance. At the same time liquidity was very low and the price stability was weak, as the below chart illustrates. The main architect of BitUSD went on to propose a new stablecoin SteemUSD in 2017, this time including a price feed system. Therefore we consider BitUSD as an interesting early experiment, it did not achieve what was hoped nor did it build a robust stablecoin.

(Source: Coinmarketcap)

 

Case Study 2: MakerDAO (Dai) – 2017

Factbox
Coin Name Dai
Launch Date 27 Dec 2017
Crypto Collateralized Yes
Price Oracles Yes (indirect)

The next stablecoin we look at is Dai, which exists on the Ethereum platform. This system is highly complex, with four relevant pools of funds and six possible stability mechanisms. There are currently around $50 million worth of Dai in issuance and the peg seems to be holding up reasonably well.

System dynamics

Pools of Funds Description
Ethereum Ethereum is the native token of the Blockchain platform used for Maker & Dai
Pooled Ethereum Ethereum is placed in pools used as collateral for issuance of the Dai token. These are often referred to a collateralized debt positions (CDPs)
Dai Dai is an ERC-20 token that is generated by collateralizing pooled Ether. Dai is the stablecoin token, designed to be valued at $1.
Maker The Maker token is MakerDAO’s governance token. It is used to vote on various initiatives that pertain to the stability of the ecosystem. It is also mandatory to possess during the collateral unlocking process. During such a process, a stability fee is garnered from the user, where payment is accepted exclusively in Maker. Maker is also an ERC-20 token.

 

Groups of Participants Description
Dai Creators An individual who sends Ethereum to a smart contract, locking up Ethereum in exchange for Dai. These people are also known as CDP owners.
Dai Holder/User A Dai holder may or may not be a Dai creator. They may invest in or use the Dai stablecoin token.
Maker Token Holders Maker token holders vote on several functions and parameters of the MakerDAO system. They manage aspects such as stability fees and liquidation ratios, as well as having responsibility to nominate other groups.
Keepers These traders monitor the Dai collateral and if it falls to an insufficient level, purchase the collateral in an open auction, by spending Dai.
Oracles Price feed producers submit price information that is aggregated and used to select a given price for both Maker and Ethereum (but not Dai itself). These agents are nominated by MakerDAO token holders.

In order to prevent manipulation, there is a one hour lag between the price publication and when it impacts the system. In addition to this a median type mechanism is used to select the price, which involves ignoring the highest and lowest prices. In our view this may not prove to be robust enough if the oracles have a conflict of interest and try to engage in manipulation.

Global settlers This is another group nominated by the MakerDAO token holders. This group can unwind the entire Dai system, by giving Dai holders the right to redeem their collateral at a fixed price.

 

Price Adjustment Mechanics Price Direction Description
Dai Redemption Positive The primary stability mechanism is the ability, in theory, to redeem Dai for $1 worth of Ethereum. Redemption can only be conducted by CDP owners (unless there is insufficient collateral). If the price of Dai falls, CDP owners need to either use Dai they currently hold or buy it in the market, and then they can redeem/delete Dai for $1 worth of Ethereum based on the price feed provided by the price oracles.
Dai Creation Negative To complement the Dai redemption process, the mechanism to prevent the price of Dai climbing too high, is the ability of Ethereum holders to create new Dai, by placing Ethereum inside of CDPs.
Target rate (Not active) Both directions There is a “Target Rate Feedback Mechanism” (TRFM), which appears to be another price stability mechanism in the system. However, it is not yet active nor have several specifications of the mechanism been worked out yet.

The the idea is that a target rate is set by the MakerDAO token holders. The target rate is essentially a spread which applies to the creation or redemption of Dai, designed to correct the price.

CDP liquidation (indirect) Positive There is a mechanism by which traders/keepers can redeem the Ethereum collateral held by another CDP. This can only occur if the value of this collateral falls to an insufficient level to backup the Dai, in this case 150% of the value of Dai. This should incentivise CDP owners to keep topping up their CDPs to ensure there is a large buffer of Ethereum.

This is a necessary mechanism to ensure the integrity of the system and ensure the value of the collateral is always sufficient. However it is not clear if this directly keeps the value of Dai at $1. This mechanism can be thought of as a building block on the stability mechanism, which merely ensures the level of collateral is sufficient. Other redemption systems are needed to make this meaningful, in our view.

Global Settlement Positive This mechanism can be triggered at any time. The triggering essentially gives all Dai holders an option to convert back to a fixed value of Ethereum, worth $1 according to the oracle price feed, at the time of the triggering (or whatever price is possible given the total level of collateral in the system). The difference between this and normal redemption, is that the price is fixed and its open to all Dai token holders and not paired to a particular CDP.

The idea is that this mechanism can be used as a threat against CDP holders, to ensure they keep redeeming Dai in the event the price falls, rather than holding out for an even lower price.

Global settlement can also be used in the event of bugs or other emergencies.

MakerDAO token issuance (indirect) Positive MakerDAO token holders act as the buyer of last resort. If the collateral (pooled Ethereum) in the system were to drop below 100% collateralization, MakerDAO is automatically created and auctioned on the open market to raise additional funds to collateralize the system. Hence, if the system becomes undercollateralized, Maker holders absorb the damage.

Again this mechanism protects the value of collateral, but does not directly help the price of Dai converge to $1, in our view.

Analysis of the core stability mechanism – Dai redemption

The primary stability mechanisms appear to be the ability of CDP owners to redeem if the price of Dai is too low and for people to create new Dai if the price is too high. For example if the price of Dai falls to 80 cent, CDP owners could purchase Dai in the market and redeem it, unlocking $1 worth of Ethereum and making a nice profit. This is how the system should work under normal circumstances.

The above appears to be a robust stability mechanism which should keep the price of Dai at or near $1. However, the theory may only work if CDP owners expect the price of Dai to correct back to $1. If the price of Dai has fallen to 80 cent, CDP owners may be reluctant to redeem if they expect the Dai price to fall further to 60 cent, as such a price would enable them to make even more profit. There is no guarantee that once the price reaches 80 cent, it won’t continue to fall.

Therefore the stability mechanism could depend somewhat on the power dynamics between two groups, Dai owners and CDP owners. These two groups are essentially trading against each other in the market, Dai owners are selling of Dai and CDP owners are the potential buyers. If the power balance shifts towards CDP owners, such that they are well capitalised, patient, collaborative and determined, this group could outmaneuver the Dai token holders, drive the price down, and then buy it back and make a large profit. This may seem unlikely, but in our view the stability mechanism may not work in all market scenarios. Although we consider Dai as superior to BitUSD, in some limited ways, the Dai peg relies on market psychology and investor expectations, in the same way as BitUSD. Therefore the Dai peg is also weak and unlikely to scale.

The global settlement system can mitigate the above risk. If CDP owners are successfully manipulating the price of Dai down too far, this could trigger global settlement. Dai holders would then get around $1 of Ethereum back. Therefore the threat of global settlement may keep the price of Dai up. However again the effectiveness of this threat depends on the determination of the various groups, the CDP owners, MakerDAO token holders and global settlement activators.

Conclusion

We consider Dai to be one of the most sophisticated and advanced stablecoins systems which has been produced so far. In our view, when digging into Dai’s stability mechanisms, there is no one powerful mechanism which ensures stability. Instead we have a complex network of systems, which to some extent reference each other and use circular logic.  One could claim this complexity was created to obfuscate the lack of a strong and clear stability mechanism, but it is more likely to be an indication of an experimental trial and error type approach to the design of the system.

Therefore the system is still reliant on investor expectations and psychology, although to a lesser extent than the BitUSD. While the stability systems in place could work, at least for a while, we think they are not robust enough to withstand market turmoil or some types of power imbalances between Dai holders and CDP owners. Therefore, the search for the holy grail continues.

 

Bitcoin Economics – Deflationary Debt Spiral (Part 3)

Abstract

This report is the third in a three part piece on Bitcoin economics. In the first piece, we looked at common misconceptions with respect to how banks make loans and the implications this has on the ability of banks to expand the level of credit in the economy. We analysed the inherent properties of money which ensure that this is the case and evaluate the impact this could have on the business cycle. In part two, we considered why Bitcoin might have some unique combinations of characteristics, compared to traditional forms of money.  We explained the implications this could have on the ability of banks to engage in credit expansion. In this piece (part three), we examine the deflationary nature of Bitcoin and consider why this deflation may be necessary due to some of Bitcoin’s weaknesses. We also look at how Bitcoin could be more resilient to some of the traditional economic disadvantages of deflation than some of Bitcoin’s critics may think.

 

Click here to download the pdf version of this report

 

Bitcoin’s deflation problem

One of the most common critiques of Bitcoin and related crypto-coin systems, is the supply cap (in the case of Bitcoin 21 million) and the associated deflationary nature of the system, which could be damaging to the economy. Critics have argued that history has taught us that a finite monetary supply can be a poor economic policy, resulting in or exacerbating, economic crashes. Either because people are unwilling to spend appreciating money or because the real value of debt increases, resulting in a highly indebted economy. Bitcoin proponents are often called “economically naive”, for failing to have learnt these economic lessons of the past.

In this third piece on Bitcoin economics, we explain that the situation may be more complex than these critics think, as Bitcoin is fundamentally different to the types of money that came before it. There may be unique characteristics about Bitcoin, which make it more suited to a deflationary policy. Alternatively, limitations or weaknesses in Bitcoin could exist, which mean that too much inflation could have negative consequences not applicable to traditional forms of money. In our view, these issues are often overlooked by some of Bitcoin’s economic critics.

A selection of quotes about Bitcoin’s inflation problem

The supply of central bank notes can easily expand and contract. For  a  positive  demand  shock  to  bank  notes  (shifting  from  consumption/investment  to money: i.e. it is a  deflationary  shock),  the  central  bank increases money  supply  by  buying  securities and  foreign  currencies.    For  a  negative  demand  shock  to  bank  notes,  the  central  bank absorbs money in circulation by selling securities and other assets.  In case of [Bitcoin], the latter operation is not included in its protocol. That is  to  say,  the  cryptocurrency  protocol  usually  includes  the  currency  supply  rule,  but  does  not  have  a  currency  absorption  or  write-off  protocol. Can we reduce this irreversibility?

– Mitsuru Iwamura (“Can We Stabilize the Price of a Cryptocurrency?: Understanding the Design of Bitcoin and Its Potential to Compete with Central Bank Money”) – 2014

 

The point is that by not building in an inflation, of say 2% per annum in the global supply of Bitcoins, you almost doom it as a currency, because people will start hoarding it, knowing that it’s going to be worth more next year than it is this year

 –  David Webb (51 minutes into the video) – 2014

 

More broadly, a hard supply cap or built-in deflation is not an inherent strength for a would-be money. A money’s strength is in its ability to meet society’s needs. From my perspective, Bitcoin’s built-in deflation means that it does a poorer job than it might at meeting society’s needs. Maybe I will be proven wrong. We shall see.

 –  The Economist (“Bitcoin’s Deflation Problem”) – 2014

 

The currency’s “money supply” will eventually be capped at 21m units. To Bitcoin’s libertarian disciples, that is a neat way to preclude the inflationary central-bank meddling to which most currencies are prone. Yet modern central banks favour low but positive inflation for good reason. In the real world wages are “sticky”: firms find it difficult to cut their employees’ pay. A modicum of inflation greases the system by, in effect, cutting the wages of workers whose pay cheques fail to keep pace with inflation. If the money supply grows too slowly, then prices fall and workers with sticky wages become more costly. Unemployment tends to rise as a result. If employed workers hoard cash in expectation of further price reductions, the downturn gathers momentum.

 – The Economist (“Money from Nothing”) – 2014

 

Our current global system is pretty crap, but I submit that Bitcoin is worst.  For starters, BtC is inherently deflationary. There is an upper limit on the number of bitcoins that can ever be created (‘mined’, in the jargon: new bitcoins are created by carrying out mathematical operations which become progressively harder as the bitcoin space is explored—like calculating ever-larger prime numbers, they get further apart). This means the cost of generating new Bitcoins rises over time, so that the value of Bitcoins rise relative to the available goods and services in the market. Less money chasing stuff; less cash for everybody to spend (as the supply of stuff out-grows the supply of money).

 –  Charlie Stross (“Why I want Bitcoin to die in a fire”) – 2013

 

Nevertheless, there is still the 21m limit issue. If the limit is reached, the future of Bitcoin supply has to go down the path of fractional reserve banking, since only re-lending existing coin, or lending on the basis that settlement can one day be made in Bitcoin — a la conventional banking practice — can overcome the lack of supply

 Izabella Kaminska – Financial Times (“The problem with Bitcoin”) – 2013

 

 

So to the extent that the experiment [Bitcoin] tells us anything about monetary regimes, it reinforces the case against anything like a new gold standard – because it shows just how vulnerable such a standard would be to money-hoarding, deflation, and depression.

–  Paul Krugman (“Golden Cyberfetters”) – 2011

 

While Bitcoin has managed to bootstrap itself on a limited scale, it lacks any mechanism for dealing with fluctuations in demand. Increasing demand for Bitcoin will cause prices in terms of Bitcoin to drop (deflation), while decreasing demand will cause them to rise (inflation). What happens in each of these cases? Let’s start with deflation, because right now demand for Bitcoin is on the rise. What do people do when they think something’s value will be higher tomorrow than it is today? Well, they acquire and hold on to it! Who wants to give up money that’s constantly rising in value? In other words, rising demand causes demand to rise further. Irrational exuberance at its finest. Deflation begets deflation, ad infinitum, or at least until something breaks.

The Underground Economist (“Why Bitcoin can’t be a currency”) – 2010

 

Deflation and the deflationary debt spiral

Many economists have been debating the advantages and disadvantages of inflation for decades. Nevertheless, this primary point of contention is one of theory; economists, from differing schools of thought have a variety of views on the topic.  It is fair to say that the current economic consensus is that deflation is an undesirable economic phenomenon, while moderate inflation of around 2% per annum is desired. Those with Austrian school leanings, who oppose centrally managing inflation towards a certain positive target, tend disproportionality to support Bitcoin and gold’s somewhat deflationary nature.

One of the primary drivers for the negative view on deflation appears to be the 1929 great depression and the idea of a deflationary debt spiral. The theory is that during a period of economic recession and deflation, the real value of debt increases. Such an increase compounds the misfortunes of an already weak economy. Economist Irving Fisher is often credited with formulating this theory, as a response the financial crises of 1837, 1873 and the 1929 great depression.

Then we may deduce the following chain of consequences in nine links:

  1. Debt liquidation leads to distress setting and to
  2. Contraction of deposit currency, as bank loans are paid off, and to a slowing down of velocity of circulation. This contraction of deposits and of their velocity, precipitated by distress selling, causes
  3. A fall in the level of prices, in other words, a swelling of the dollar. Assuming, as above stated, that this fall of prices is not interfered with by reflation or otherwise, there must be
  4. A still greater fall in the net worths of business, precipitating bankruptcies and
  5. A like fall in profits, which in a “capitalistic,” that is, a private-profit society, leads the concerns which are running at a loss to make
  6. A reduction in output, in trade and in employment of labor. These losses, bankruptcies, and unemployment, lead to
  7. Pessimism and loss of confidence, which in turn lead to
  8. Hoarding and slowing down still more the velocity of circulation. The above eight changes cause
  9. Complicated disturbances in the rates of interest, in particular, a fall in the nominal, or money, rates and a rise in the real, or commodity, rates of interest.

Evidently debt and deflation go far toward explaining a great mass of phenomena in a very simple logical way

 – Irving Fisher (1933)

 

Is deflation as bad as these critics claim?

To the extent that critics accuse Bitcoin supporters of being economically naive, they may not always be entirely correct or they could be missing some nuances. Firstly, one does not need to be an Austrian economist to question whether deflation (supply cap) is always undesirable. Deflation could be bad in some circumstances, but it may depend on the characteristics of the economy and the type of money used in society. The social sciences are not like maths or computer science, nobody really knows the right answer to a high degree of certainty and opinions in the academic community change over time. Furthermore, economic circumstances can change over time, which can result in a different set of dynamics, where different inflation policies are optimal. Therefore a hard rule, fixed for all time, such as “deflation is always bad”, may not be the correct philosophy. For example, maybe Fisher’s view on inflation was correct for the economy in the 20th century, however by 2150 technology may have fundamentally changed to such an extent, such that another inflation policy may be more appropriate for society.

Bitcoin has different characteristics and the deflationary debt spiral argument may be less relevant

As we explained in part 1 and part 2 of this piece, Bitcoin possesses properties which are fundamentally different to the traditional money used in the economy such as the US Dollar or gold backed systems. Traditional money, such as the US Dollar are based on debt, which is an inherent property of fiat money. Alternatively Bitcoin may have properties which make it resilient to credit expansionary forces, such that the money is not inherently linked to debt. Therefore in the event of an economic crash and deflation, in a Bitcoin based economy, the impact of increases in the real value of debt could be less significant than one may think. This could make the deflationary debt spiral argument less relevant in a Bitcoin based economy.  In our view, it is likely that many of the Bitcoin critics may have overlooked this point when evaluating the disadvantages of Bitcoin’s deflationary monetary policy.

Disadvantages of inflation unique to Bitcoin

In addition to Bitcoin having some potential advantages, which could make it more resilient to the disadvantages of deflation, Bitcoin’s critics may also have overlooked some of Bitcoin’s weaknesses, which may make it more vulnerable to inflation:

  • Arbitrary environmental damage – Another common criticism of Bitcoin is the environmental damage caused by the energy intensive mining process. Although as we explained in the second part in our series on mining incentives, this issue could be overestimated since miners have a uniquely high level of choice with respect to the geographic location of their mining operations. This flexibility could reduce environmental damage as miners may use failed energy projects rather than investing in new ones.  However, it is still important to note that, the negative environmental damage caused by Bitcoin does seem to be a significant negative externality.  Mining incentives are made up of transaction fees and the block reward (inflation). Therefore increasing inflation increases the level of environmental damage and increases the negative externality. If a 2% inflation policy is decided upon, this could mean at least 2% of the value of the system is spent “damaging” the environment per annum. The inflation policy decision is somewhat arbitrary and the more inflation is selected the greater the extent of environmental damage. There may even be parallels here with the existing financial system. The policy of central banks to stimulate the economy, to achieve their inflation targets, could also be said to cause an arbitrarily high level of environmental damage, at least in the eyes of some critics. Although the link between inflation and environmental damage in a Bitcoin based system is more direct and measurable.  Instead of continued inflation, in Bitcoin the block reward halves every four years until mining incentives are driven entirely by transaction fees. This means that the level of environmental damage will be driven by the market, in that it could represent the amount that users are willing to pay for security, rather than an arbitrarily high level of environmental damage which would be the result of an inflationary monetary policy.
  • Aligning the interests of miners and users – Miners are currently primarily incentivised by the block reward rather than transaction fees. This results in a number of potential problems in the ecosystem, for example perhaps the interests of miners and users are not well aligned. Miners could, for example, exclude transactions from blocks, against the interests of users. Miners may be less likely to take this kind of action if they are primarily incentivised by transaction fees, something Bitcoin’s deflationary policy ensures will eventually become reality.
  • Inability to generate coin value – The supply cap can be considered as a key selling point of Bitcoin for investors and is likely to have helped generate investor interest which may have been necessary to bootstrap the system. If a perpetual inflationary policy was chosen, Bitcoin may not have been able to succeed to the extent it has, even if the deflationary policy is inferior from an economic perspective.

The irony of this debate – economic criticisms are only relevant if Bitcoin is a tremendous success

Much of this discussion focuses on the economics of Bitcoin, assuming Bitcoin is widely adopted, such that the inflationary dynamics have an impact on society. In our view this is an unlikely outcome and perhaps should be considered even more unlikely by Bitcoin’s critics. In our view, Bitcoin may satisfy a useful niche, that of making both censorship resistant and digital payments, but it’s unlikely to become the main currency in the economy. Therefore the debate about Bitcoin’s deflationary nature should be considered as largely irrelevant anyway. Hence it is therefore somewhat odd that some critics use this as an argument against Bitcoin.

This point is similar to one Paul Krugman made in his 2013 “Bitcoin is Evil” piece. Although Mr Krugman is widely derided in the Bitcoin community, most notably for his 1998 comment that “by 2005 or so, it will become clear that the Internet’s impact on the economy has been no greater than the fax machine’s”, we consider the distinction he draws in the quote below as both accurate and sensible:

So let’s talk both about whether BitCoin is a bubble and whether it’s a good thing — in part to make sure that we don’t confuse these questions with each other.

Paul Krugman – “Bitcoin is Evil” – 2013

 

Perhaps Satoshi thought that having a finite supply cap and a deflationary bias, may help the system succeed, even if from society’s point of view, moderate inflation would be more utilitarian. From a system design perspective, producing a working payment system should be the priority, since a system which does not succeed, even if it’s hypothetically beneficial to society, is ultimately useless.

Conclusion

We conclude that rather than being driven by economic naivety, some Bitcoin supporters may have had a more nuanced understanding of the relationship between debt, deflation, the properties of money and credit expansion than the critics think. In contrast one could argue it’s the economic mainstream’s lack of understanding of the relationship between money and debt, and the potential ability of Bitcoin to somewhat decouple the two, which is the most prevalent misunderstanding. Indeed to many, Bitcoin’s ability to decouple debt from money and thereby result in a deflationary climate without the deflationary debt spiral problem is the point, rather than a bug.

However, even if Bitcoin has solved this economic problem, perhaps it’s naive to think Bitcoin would result in a more prosperous economic system. Bitcoin is a new and unique system, which is likely to cause more economic problems, perhaps unexpected or new ones. After all there is no perfect money. It just may not be correct to apply the traditional economic problems of the past, to this new type of money. Although it may be more difficult, identifying Bitcoin’s potential economic problems may require more analysis and a stronger understanding of the underlying technology.

Ironically, if one thinks these economic problems associated with deflation have a remote chance of being relevant, like the critics indirectly imply, that would mean Bitcoin has a significant chance of becoming widely adopted and hugely successful. In that case, perhaps the sensible thing to do is buy and “HODL”.

 

List of 44 Bitcoin fork tokens since Bitcoin Cash

Abstract: Although in 2018 Bitcoin may have somewhat moved on beyond this issue, in this sixth piece on consensus forks and chainsplits, we provide a list of 44 tokens which seem to have forked away from Bitcoin since the Bitcoin Cash split.

(Source: gryb25)

From late 2015 to the end of 2017, there was significant focus and analysis in the Bitcoin community about a chainsplits, finally resulting in the launch of Bitcoin Cash and then a plethora of other tokens. We have already covered some of topics related to these splits, in the five articles below:

In this sixth piece we list 44 Bitcoin forked tokens.

List of Bitcoin forked coins since Bitcoin Cash

Name URL/Source Fork Height
Bitcoin Cash https://www.bitcoincash.org 478,558
       Bitcoin Clashic http://bitcoinclashic.org (Forked from Bitcoin Cash)
       Bitcoin Candy http://cdy.one (Forked from Bitcoin Cash)
Bitcoin Gold https://bitcoingold.org 491,407
Bitcore https://bitcore.cc 492,820
Bitcoin Diamond http://btcd.io 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot https://bithot.org 498,777
United Bitcoin https://www.ub.com 498,777
BitcoinX https://bcx.org 498,888
Super Bitcoin http://supersmartbitcoin.com 498,888
Oil Bitcoin http://oilbtc.io 498,888
Bitcoin Pay http://www.btceasypay.com 499,345
Bitcoin World https://btw.one 499,777
Bitclassic Coin http://bicc.io 499,888
Lightning Bitcoin https://lightningbitcoin.io 499,999
Bitcoin Stake https://bitcoinstake.net 499,999
Bitcoin Faith http://bitcoinfaith.org 500,000
Bitcoin Eco http://biteco.io 500,000
Bitcoin New https://www.btn.org 500,100
Bitcoin Top https://www.bitcointop.org 501,118
Bitcoin God https://www.bitcoingod.org 501,225
Fast Bitcoin https://fbtc.pro 501,225
Bitcoin File https://www.bitcoinfile.org 501,225
Bitcoin Cash Plus https://www.bitcoincashplus.org 501,407
Bitcoin Segwit2x https://b2x-segwit.io 501,451
Bitcoin Pizza http://p.top 501,888
Bitcoin Ore http://www.bitcoinore.org 501,949
World Bitcoin http://www.wbtcteam.org 503,888
Bitcoin Smart https://bcs.info 505,050
BitVote https://bitvote.one 505,050
Bitcoin Interest https://bitcoininterest.io 505,083
Bitcoin Atom https://bitcoinatom.io 505,888
Bitcoin Community http://btsq.top/ 506,066
Big Bitcoin http://bigbitcoins.org 508,888
Bitcoin Private https://btcprivate.org 511,346
Classic Bitcoin https://https://bitclassic.info 516,095
Bitcoin Clean https://www.bitcoinclean.org 518,800
Bitcoin Hush https://btchush.org 1st February 2018
Bitcoin Rhodium https://www.bitcoinrh.org Unknown
Bitcoin LITE https://www.bitcoinlite.net Unknown
Bitcoin Lunar https://www.bitcoinlunar.org Unknown
Bitcoin Green https://www.savebitcoin.io Unknown
Bitcoin Hex http://bitcoinhex.com Unknown

(Source: BitMEX Research, Forked coin websites, findmycoins.ninja)

Please note it is very important to handle these new fork tokens with caution. In particular, we would strongly advise you not to import your Bitcoin private key into any new fork token wallets without first spending the Bitcoin to a new output associated with a different private key after the token snapshot point, so that your Bitcoin is not at risk.

 

 

New Ethereum Miner Could be a Game Changer

Abstract

We look at Bitmain’s new Ethereum miner and notice that it may be less energy efficient than one might expect for an ASIC. We explore the possibility that this miner contains a new more advanced form of technology, which is less efficient than ASICs, but potentially partially immune to PoW algorithm changes. We then conclude that whether this particular Ethereum chip is capable of this or not, this type of technology may eventually end the era of anti-ASIC PoW changes designed to improve decentralisation, such that crypto-coin communities may have to accept the inevitability of ASICs.

Overview

Bitmain have recently launched a new Ethereum miner, widely believed to be an ASIC, and it is expected to ship in late July 2018. However, many in the Ethereum community oppose ASICs and prefer GPU mining, since GPU companies are primarily concerned with gaming rather than crypto-coins, which should mean that the hardware is distributed more widely and fairly, improving decentralisation. Therefore a risk to Bitmain could be that the Ethereum community decide to hardfork to change the PoW algorithm, which could devalue the Bitmain machines and result in a large wasted investment.

In this report, we speculate that Bitmain may already be one step ahead of the Ethereum community. Bitmain may have already learnt a lesson with Monero, two coins which recently conducted PoW changes, potentially resulting in large devaluations of Bitmain’s ASIC chips. Developing a custom chip requires a considerable financial investment and therefore we think Bitmain may have taken some countermeasures to avoid another loss. Bitmain could have designed a new type of mining chip, less efficient that ASICs, but immune to PoW changes. This could make an Ethereum hardfork PoW change mostly pointless.

The recent Monero anti-ASIC PoW change

At the start of April 2018 the Monero community decided to hardfork and change the PoW algorithm, in an attempt to “brick” ASICs and make Monero more GPU-friendly. Due to sharp increases in hashrate, illustrated by Figure 1 and 2 below, the Monero community believed that ASIC manufacturers had developed Monero ASICs, in secret, and were mining the coin.

As Figure 2 shows below, the rolling 90-day hashrate growth rate reached c. 300% in the early part of 2018 (based on 7-day rolling averages). Even after factoring in the sharp increase in value of the Monero coin, this is an extraordinary growth rate. After Monero developers announced plans for a hardfork, Bitmain began to sell Monero ASICs on their website, indicating that they could indeed have been mining in secret. After the PoW change, as Figure 1 shows, the Monero hashrate dropped off significantly.

After the hardfork, the Monero chain split into two, with the original rules coin being called Monero Original (XMO). Although this coin had a lower value than Monero, it had a higher hashrate, since there was little else for the Monero ASICs to mine. There was no replay protection implemented for the split, however Monero increased the ring signature limit, therefore one can split Monero and Monero Original by first initiating a transaction on the Monero Original chain with fewer ring signatures than are allowed on Monero (less than 7).

Figure 1 – Monero hashrate compared to Monero price

Source: Coinmarketcap, BitMEX Research

 

Figure 2 – Monero hashrate compared to Monero price – Rolling 90-day percentage growth of 7-day moving average

Source: Coinmarketcap, BitMEX Research

Note: In the 7 days following the PoW hardfork, the hashrate rolling average excludes the period prior to the hardfork

Bitmain’s new Ethash miner

As we mentioned above, Bitmain has recently launched a new Ethereum miner, which is expected to ship around late July 2018. Given the history with Monero and the fact that many in the Ethereum community, including those mining Ethereum at home on GPUs, are likely to be unhappy at a new Bitmain product, Bitmain may be concerned. One downside to the new miner could be increased miner centralization, but in addition to this, the product may also receive hostility from some in the Ethereum community due to their financial interests in the existing Ethereum miners, GPUs. Bitmain’s management is not stupid, and therefore in our view the company is likely to act with caution and may have taken measures to mitigate against some of these risks.

Figure 3 – Bitmain’s new Ethereum miner: the Antminer E3

Specifications:

  • Power consumption: 800W
  • Hashrate: 180MH/s

Source: Bitmain

The advertised specification of the product is disclosed above. As the table below illustrates, a back -of-the-envelope calculation could imply this new Ethereum miner is less efficient than one would expect if it was an ASIC, based on comparisons with the efficiency gain measured on some of the other ASICs related to other coins. For instance a Bitcoin ASIC is c. 521x more efficient than an FPGA, while the Monero ASIC is c. 88x more efficient than a GPU. In contrast the new Ethereum miner is only c. 1.4x more efficient than a GPU. This could indicate that the new Ethereum miner is not an ASIC at all, but merely a new device more efficient than the existing GPU miners. However, we appreciate that the below table is a crude approximation which ignores many crucial variables and factors, such as the memory-intensive nature of the Ethereum mining algorithm. But although the calculation is inaccurate, the figures can still potentially illustrate a point:

Figure 4 – Approximate miner efficiency calculations

Miner Hash rate (GH/s) Power (W) Energy per hash (J/GH)
Bitcoin (SHA256)
CPU 0.0005 100 200,000
High end GPU 0.5 300 600
FPGA 0.8 40 50
High end ASIC 14,000 1,340 0.096
Efficiency gain 521x
Ethereum (Ethash)
High end GPU 0.032 200 6,250
Antminer E3 0.18 800 4,444
Efficiency gain 1.4x
Monero (CryptoNight)
High end GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
Efficiency gain 88x

Source: BitMEX Research, Bitmain
Note: Figures are approximations

Mining chip types & Vector processors (VPs)

As Figure 5 below illustrates, when Bitcoin launched in 2009, mining was conducted using CPUs. However, the architectures of GPUs and FPGAs are more efficient at processing repetitive hash operations. Therefore the network shifted, first to GPUs and then to FGPAs. In 2013, ASICs designed for specific hash functions emerged. Compared to CPUs, GPUs and FPGAs, ASICs are far more efficient at running a particular algorithm, however excluding this, ASICs are far less efficient or actually totally useless.

Figure 5 – Crypto-coin chip type timeline

Source: BitMEX Research
Note: The inclusion of Vector Processors (VPs) towards the end of 2018 is speculative

It might be possible that Bitmain has developed a new type of chip, a Vector Processor. The architecture of this chip could be designed for PoW hash functions in general, but not for a specific hash function. These chips could then be more efficient than GPUs and FPGAs, but less efficient than ASICs. The advantage over ASICs is that they could be, in some respects, immune to PoW changes. It is possible that the new Ethereum miner falls into this category of chip, although this is mostly speculation on our part.

Figure 6 – The evolution of crypto-coin chip types

Chip type Central Processing Unit (CPU) Graphics Processing Unit (GPU) Vector processor (VP) Application Specific Integrated Circuit (ASIC)
Example crypto-coins Bitcoin (BTC) – 2009 to 2011 Bitcoin (BTC) – 2012 to 2013
Ethereum (ETH),
Monero (XMR)

Ethereum (ETH) – 2018 onwards

Bitcoin (BTC) – 2014 to present,
Monero Original (XMO)

Manufacturers Intel,
AMD
NVIDIA,
AMD
Bitmain Bitmain,
Canaan Creative,
Ebang,
Innosilicon
Foundry

TSMC, Samsung,
Global Foundries, SMIC

TSMC, Samsung,
Global Foundries, SMIC
TSMC TSMC,
Samsung,
Global Foundries
Primary use Computing Gaming Crypto-coin mining Crypto-coin mining
Immune to PoW change Yes Yes Potentially No

Higher efficiency

 

It is possible that Bitmain’s new Ethereum miner is tailored for Ethash, in that the components inside the miner such as the electric circuits, power control devices, memory and control modules could all be specifically calibrated for mining Ethereum. However the chip itself, which is the area that requires by far the most financial investment, could be more general and not specifically designed for Ethereum. Therefore if Ethereum conducts a PoW change, it could be possible to direct the chips into a new device as they leave the foundry or perhaps even recover the chips from the old device put them into a new Ethereum miner. Although again, at this point we are speculating.

Artificial Intelligence (AI) technology

At TSMC’s latest set of quarterly results on 19th April 2018, Co-CEO Mark Lie said the following:

[Bitmain] is doing a lot of things on blockchain technology, like AI. They are doing very well. We expect them to slowly move to the AI area.

Source: Q1 2018 earnings call

“AI” is a term with many meanings. Although at this point the situation is unclear, it is possible that any new Vector Processor chips could be what TSMC mean by AI technology. Since any such chip may be able to switch between hashing algorithms, at a stretch, one could argue this falls within the scope of AI. It remains to be seen if the chip is merely programmable, like modern GPUs, or if there is a trick up its sleeve that could give it an efficiency gain vs. GPUs in most cases. If present, this advanced technological capability is likely to be seen as a major achievement for Bitmain. Such technology may also be even more expensive to develop and more specialised than the technology in ASICs, which could make the decentralisation problem even worse.

Ethereum hashrate growth – No evidence of deployment of the new chips

Despite the above, we have not yet seen any strong indications of the deployment of the new chips on the Ethereum network. As Figures 7 and 8 below indicate, Ethereum’s hashrate appears, broadly speaking, to be following a normal trend given the price volatility.

Figure 7 – Ethereum hashrate compared to Ethereum price and NVidia GPU sales

Source: Bloomberg, Etherscan.io, Coinmarketcap, Nvidia, BitMEX Research

 

Figure 8 – Ethereum hashrate compared to Ethereum price – Rolling 90-day percentage growth of 7-day moving average

Source: Bloomberg, Etherscan.io, Coinmarketcap, BitMEX Research

Conclusion

When discussing the possibility that Bitmain’s new Ethereum miner isn’t an ASIC and that the new chip may be somewhat immune to PoW changes, Vitalik Buterin told us:

I have a very similar impression myself

Despite what we have said above, most of the content in this article should be considered guesswork. However, even if we are wrong about this particular chip, we still think it is reasonably likely that at some point in the future, Bitmain or another company, will develop a general-purpose hashing chip, which is more efficient than GPUs for almost all hashing algorithms. At this point the era of anti-ASIC PoW changes could be over, with crypto-coin communities having to make a choice between two potentially unfavourable outcomes:

  1. Allowing ASICs, or,
  2. Allowing general purpose hashing chips, where technologies and production capabilities could be even more concentrated.

Unless of course proof-of-stake systems prove robust enough.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

Complete guide to Proof of Stake – Ethereum’s latest proposal & Vitalik Buterin interview

Abstract

In this piece we examine proof of stake (PoS) consensus systems.  We look at their theoretical advantages and weaknesses. We then analyse the specific details of some of the most prominent and novel PoS systems attempted thus far, where we learnt that some pure PoS systems becomes increasingly complex, to the point which they became unrealistic. We review the latest Ethereum proposal, which we think is a significant improvement compared to previous attempts and it could provide net security benefits for the Ethereum network. However, the system may still be reliant on proof of work (PoW), which is still used to produce the blocks and at this point it is not entirely clear to us if the PoS element of the process contributes to ensuring nodes converge on one chain.

 

Please click here to download the pdf version of this report

 

Introduction

Before diving into the specifics of Proof of Stake (PoS), it’s important to clarify what one is trying to achieve when building these consensus systems. Essentially one is trying to construct a data structure with the following properties:

  1. No one entity controls the content of the data (distributed storage and verification of the data is not sufficient);
  2. The database can move forward, (Casper terminology: “Liveness”); and crucially
  3. Participants agree on the content of the data i.e. nodes have a mechanism to decide between conflicting valid chains (Casper terminology: “Safety”)

PoW uses the most accumulated work rule to decide between competing valid chains (fork choice rule). This is not only an apparent solution to criteria three above, but the PoW mechanism also inherently solves the block production and block timing issue. While total accumulated work is the fork choice rule, a block producer is also required to include an element of PoW in each block, a stochastic process, and therefore the issue of who produces each block and when each block is produced, is also be addressed by PoW.

PoS is the general concept of a fork choice rule based on the most accumulated stake (i.e. the chain with the most coins backing, voting or betting on it). However, unlike PoW, this does not necessarily directly address the issue of who produces each block or when blocks are produced. Therefore these issues may need to be addressed by alternative mechanisms. PoW is also a solution to the coin distribution problem, something which may also require an alternative solution in PoS based systems.

Theoretical overview of PoS

The byzantine generals problem

The Byzantine generals problem illustrates some of the  main challenges involved when attempting to construct a data structure with the properties mentioned above. Essentially the issue is about timing and how to determine which updates to the ledger occurred first. Actually if one third or more of the actors are disruptive, the problem is provably unsolvable, from a mathematical standpoint, as Leslie Lamport proved in 1982.

It is shown that, using only oral messages, [reaching agreement] is solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals

Source: The Byzantine Generals Problem (1982)

PoW can therefore be considered as an imperfect hack, which seems a reasonably strong Byzantine fault tolerant system, but certainly not a mathematically robust one. It is in this context, of imperfect systems, which one should analyse PoS alternatives, as like PoW, these systems will also have flaws.

In PoS there are two competing philosophies. One of which is derived from PoW. Coins based on this include Peercoin, Blackcoin and earlier iterations of Ethereum’s PoS proposals. The second philosophy, is based more on Lamport’s academic research from the 1980s and embraces the conclusion Lamport reached that a two-thirds majority is required to build a Byzantine fault tolerant system. Ethereum’s current iteration of the Casper proposal adopts this second approach.

Advantages of PoS

PoS is typically looked at in the context of PoW, as an alternative which solves or mitigates against negative externalities or problems inherent in PoW based systems:

More environmentally friendly

Perhaps the most widely cited advantage of PoS systems is the absence of the energy intensive process which PoW requires. If PoS based systems can achieve the same useful characteristics as PoW systems, environmental damage can be avoided. This is a significant positive for PoS, although as we discussed in our piece on Bitcoin’s energy consumption, the problem may be slightly overstated, due to the incentive to use lower cost or otherwise failed energy projects as a source of power, limiting environmental damage.

Stronger alignment of incentives

Another major problem with PoW based systems is that the interest of miners may not align with that of coin holders, for example miners could sell the coins they mine and then only care about the short term, not long term coin value. Another issue is that hashrate could be leased, with the lesee having little or no economic interest in the long term prospects of the system. PoS directly ties the consensus agents to an investment in the coin, theoretically aligning interests between investors and consensus agents.

Mining centralisation & ASICs

Another key advantage of PoS based systems is potentially improving decentralisation. PoW mining has a number of centralising forces which are not applicable to PoS:

  • ASIC production is expensive and centralised (In Bitcoin Bitmain has a high market share);
  • Chip foundries are expensive and centralised (TSMC, Intel, Samsung & SMIC are the only players with scale);
  • ASIC related technologies can potentially be patented;
  • There may be a limited number of cheap energy sources, with restricted access; and
  • Many aspects of mining can have economies of scale, such as maintenance costs and energy costs, resulting in centralisation.

General and economic weaknesses of PoS

An incomplete solution

As we alluded to above, Satoshi’s PoW systems appears to kill four birds with one stone:

    • Chain selection (the fork choice rule),
    • Coin distribution,
    • Who produces blocks, and
    • When blocks are produced.

PoS only appears to be a proposed solution to the chain selection problem, leaving the other problems open. Although these other issues could be less significant than the chain selection issue.

An “unfair” economic model

One of the most common criticisms of PoS systems is that they allocate new funds in proportion to the existing holdings. Therefore the “rich get richer” and it results in a few wealthy users holding a higher proportion of the wealth than the more egalitarian PoW alternative. If one invests in a PoS system at the start, you can maintain your share of the wealth, alternatively in a PoW system your wealth is diluted as new rewards are distributed to miners. Indeed, if rewards are allocated in proportion to the existing holdings, one could argue its not inflation at all and that the reward is economically equivalent to adding more zeros to the currency. Therefore one can even claim the reward system is pointless and does not provide an incentive at all. However this only applies if all users become PoS validators, while in reality some users will want to use the funds for other purposes.

Risk of a loss of funds

Another issue is that staking requires signing a message from a system connected to the internet. Therefore stakers are required to have a “hot wallet” which increases the risk that funds are exposed to theft from hackers. Although it may be possible to mitigate this downside by having a private key only entitled to stake for a short period of time, after which the balance reverts back to the owner. Although if there is a slashing rule (punishment for voting on two conflicting chains), a hacker could conduct action which destroys the funds even if this mitigation strategy is used. Another potential mitigation strategy could be the creation of specialist hardware for staking.

Technical & convergence weaknesses of PoS

Nothing at Stake

Core to the consensus problem is timing and the order of transactions. If two blocks are produced at the same time, PoW solves the problem by a random process, whichever block is built on top of first can take the lead and then miners are incentivised to build on the most work chain. PoW requires energy, a finite real world resource and therefore miners have to decide which chain to allocate this resource to.

In contrast this process in PoS based systems is not entirely clear. If two blocks are produced at the same time, each conflicting block can build up stake. Eventually one block may have more stake than the other, which could make it the winner. The problem here is that if stakers are allowed to change their mind to back the winner, such that the system converges on one chain, why would they not use their stake on multiple chains?

After-all stake is a resource inherent to the chain and not linked to the real world, therefore the same stake can be used on two conflicting chains. Herein lies the so called “Nothing at stake” problem, which we view as the most significant issue facing PoS.

The “Nothing at Stake” problem

The Nothing at Stake problem Stake does not add to the convergence of the system, since the same stake can be applied to multiple competing chains, which is a risk free way of stakers increasing their rewards. In contrast, in PoW based systems, energy is a real world finite resource and therefore the “same” work cannot be applied to multiple competing chains.
Defense 1 The issue can be avoided or mitigated against. The protocol can be adjusted such that if a staker uses the same stake on multiple chains, a third party can submit a proof of this to either chain, resulting in a punishment, such as the confiscation of the stake (slashing conditions). Alternatively instead of a punishment, the cheater could lose potential rewards or be excluded from the staker pool.
Response from PoS sceptic The above defence is inappropriate and punishes what may be legitimate or necessary behavior. For example if a staker receives a block first, while the majority receives an alternative block first, it may be legitimate for that staker to change their mind and switch to follow the majority. Indeed the process of changing your mind and switching to the majority to ensure the network converges is the point of the consensus system. If this behavior is punished, how does the system converge?

Either the economic value of the punishment is higher than the rewards for switching to follow the majority, or it isn’t. Therefore the nothing at stake problem means PoS systems can never make a contribution to system convergence and the idea is therefore fundamentally flawed.

Defence 2 The apparent dilemma above can potentially be  resolved in various ways. For instance:

  • Earlier proposals from Casper used multiple rounds of staking. Changing one’s mind in the early rounds can be legitimate and perhaps the punishment is small, while in later rounds the punishment for using the same stake in multiple competing chains increases, such that eventually users have a high degree of assurance over the finality of the system.
  • The most recent iteration of Casper aims to allow validators to change their minds, but only in “legitimate” scenarios and not when its “illegitimate”.
Response from PoS sceptic By adding multiple rounds or criteria in which validators can change their minds one is increasing the complexity of the system. This is merely adding layers of obfuscation to conceal the inherent weaknesses illustrated by the nothing at stake problem, without solving the fundamental issue.
Defence 3 No system is perfect, indeed it’s mathematically impossible to construct a perfect system and therefore the nothing at stake problem is not solved, however the measures identified above mitigate the problem, such that these theoretical issues are unlikely to apply in the real world.

The long range attack consensus problem

Another potential issue with PoS is the so called “long range attack” problem. This is the idea that attackers could, for instance, buy a private key which had a large token balance in the past and then generate an alternative history from that point, awarding oneself more and more rewards based on PoS validation. Due to the large amount of rewards given to the attacker, one could then generate a higher stake chain than the existing chain and a large multi year chain re-organisation could be performed.

The solution to this problem is checkpointing, which is the process of locking in a certain chain state once a certain stake threshold has been met, such that it can never be re-organised. Critics argue that this solution requires one to keep their node online at all times, since an offline node cannot checkpoint. Some claim that if one goes offline, the security model therefore degenerates to “ask a friend”, since one is dependent on asking others for their checkpoints. Although in the past the Bitcoin reference implementation included checkpoints, the purpose of these was to speed up the initial sync, although the impact of this could be said to result in an “ask a friend” security model.

However, in our view this is a matter of different priorities. If one wants each individual user to fully verify all the rules and the state of the system, then relying in these checkpoints is insufficient. Indeed, the Satoshi’s original vision appears to imply that the ability of nodes to be switched off and then verify what happened when was was gone is potentially important:

Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone

Source: Bitcoin Whitepaper

Although the ecosystem is expanding, many businesses and exchanges operate 24×7 and are therefore required to keep a node running all the time, and can therefore do checkpointing. There are strong incentives preventing them from allowing a large chain re-organisation. To many, this is sufficient security and the risks posed by the long range attack problem are therefore irrelevant or too theoretical.

Stake grinding

In a pure PoS system, stakers also need to produce blocks. These systems have often worked by selecting a sequence of authorised block producers randomly from a pool, where the probability is proportional to the stake. The issue here is a source of randomness is required inside the consensus system. If the blocks themselves are used for generating the entropy, stakers could try to manipulate the content in blocks in order to allocate themselves future blocks. Stakers may then need more and more computing power to try more and more alternative blocks, until they are allocated a future block. This then essentially results in a PoW system.

In our view, the stake grinding problem is less of a fundamental problem with PoS, when compared to significant issues like the nothing at stake problem. All that is required to solve this problem is a source of entropy in the network and perhaps an Ethereum smart contract like the RanDAO, in which anyone can participate, can solve this problem.

 

Case Studies – Peercoin & Ethereum’s Casper

1 – Peercoin – 2012

Overview

Peercoin is a hybrid PoW and PoS system, built on the idea of coin age. The fork choice rules is the blockchain with highest total consumed coin age.

Coin age is simply defined as currency amount times holding period. In a simple to understand example, if Bob received 10 coins from Alice and held it for 90 days, we say that Bob has accumulated 900 coin-days of coin age

Source: Peercoin Whitepaper

In Peercoin, some blocks were produced purely using PoW, whilst other blocks were produced using PoW where the difficulty adjusts based on the coin age destroyed by the miner in the transaction (the coinstake transaction as opposed to a coinbase transaction). “For example, if Bob has a wallet-output which accumulated 100 coin-years and expects it to generate a [PoS block] in 2 days, then Alice can roughly expect her 200 coin-year wallet-output to generate a [PoS block] in 1 day.

Analysis

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins in a coinstake transaction on multiple chains by ignoring the second conflicting chain. However this is not sufficient and can result in nodes diverging, if they receive the conflicting blocks in a different order.
Block production Solved by using PoW to produce the blocks
Long range attack This was a critical vulnerability for Peercoin, an attacker can simply save up coin age by not spending their coins and then launch a re-organisation attack.

This was solved by centrally broadcasting checkpoints several times a day. Peercoin was therefore a centralised system.

Stake grinding This may not have been an issue, since there was no selection from a validator pool as PoW was always required and coin stake altered the PoW target.

Conclusion

At the time Peercoin was an interesting early novel approach, however the proposal resulted in a centralised system, not able to match the properties of PoW.

2 – Ethereum – Casper full PoS system – 2015

Overview

This is a full PoS proposal, based on “consensus by bet” methodology.

  • Blocks are produced from a pool of block producers, a random number generator is used to select whose turn it is to produce a block and then the producer is given a time window in which they can produce a valid block.
  • There is a set of bonded validators, one must be in the set to make or take bets on blocks.
  • Validators can then make or take bets on block propositions, providing a probability each time, representing the return betters can make.
  • After several rounds of betting, as the probability approaches 1 or 99%, the block is considered final.

Source: Ethereum Blog

Betting strategy

According to the Ethereum blog, betting should occur using the following strategies by default:

  • If the block is not yet present, but the current time is still very close to the time that the block should have been published, bet 0.5.
  • If the block is not yet present, but a long time has already passed since the block should have been published, bet 0.3.
  • If the block is present, and it arrived on time, bet 0.7.
  • If the block is present, but it arrived either far too early or far too late, bet 0.3.
  • Some randomness is added in order to help prevent “stuck” scenarios, but the basic principle remains the same.

The default betting strategy had a formula (given below), to push the probability away from 0.5, such that the chain would move forward, with the probability expecting to either approach zero or one.

Let e(x) be a function that makes x more “extreme”, ie. pushes the value away from 0.5 and toward 1. A simple example is the piecewise function e(x) = 0.5 + x / 2 if x > 0.5 else x / 2

If a validator bets when the probability is 99%, the return is very small (a 1% return used as a measure from which the reward is calculated), in contrast a winning bet placed placed with odds of 0.5, represents a return of 100%, which results in a higher return from the rewards pool.

The fork choice rule then is the sum of all the weighted probabilities, which have crossed a certain threshold, say 0.99. For instance a chain of five blocks, each with a probability of 1 will represent a score of 5. Any validator who changes their mind after the 0.99 threshold has been crossed, can be punished (slashed) for staking on multiple chains. While changing your mind before the threshold is considered legitimate and there is no punishment in that scenario.

Analysis

In our view, this proposal is highly complex, which we consider as the main downside.

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins to bet on multiple chains by using a punishment mechanism, in which validators would lose their deposit. In our view, this could harm the convergence of the system, although betting formula may move the probability away from 0.5, which is designed to help mitigate the issue.
Block production The RanDAO contract could be used to provide entropy to select the block producer. However, this only provides a time window in which blocks could be produced, it is possible there is a lack of consensus over whether the block was produced within the time window or not, after which the betting process is supposed to resolve the dispute.
Long range attack The nodes checkpoint blocks once a certain probability threshold has been reached. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding The RanDAO contract may solve the stake grinding issue

Conclusion

The proposal was not adopted by Ethereum. In our view the proposal was never complete, as some parameters and aspects of the system lacked a specification. Although the consensus by bet approach was interesting, it seemed too complex and there were too many uncertainties. This approach illustrates the difficulties involved when constructing full PoS systems and how when one tries to address the weaknesses, it just results in more and more complexity, until the system becomes unfeasible.

3 – Ethereum – Latest version of Casper – The hybrid PoW/PoS System – 2018

Overview

The current Casper proposal represents a change in philosophy or a pivot, compared to some of the earlier PoS systems. It returns to the academic work of Lamport in the 1980s and Lamport’s theorem that these systems work if and only if two-thirds of agents in the system are honest. Therefore the current version of Casper is less ambitious than before. PoS is no longer used to produce blocks or decide on the timing of blocks, which is still done by PoW miners. The PoS system is used as a checkpointing process. In our view, this proposal is superior to the more complex earlier iterations of Casper.

The system works as follows:

  • The PoS system is only used every 100 blocks, to provide an extra layer of assurance over PoW, as a checkpointing system.
  • Participants in the PoS process send their Ether into a “validator pool”.
  • Every 100 blocks validators put their stake behind a checkpoint block, whilst also referencing a previous checkpoint block. If two-thirds of the funds in the validator pool support a proposal, the block is considered “justified”.
  • Once a block is justified, it can be used as a reference for future votes. Once two-thirds of the stake use a justified block as a reference, this justified block is considered finalised and this finality takes precedence over PoW.
  • Validators votes are only valid 12 confirmations after the last checkpoint block.
  • If the two thirds threshold is not met, the chain continues to progress based entirely on PoW.
  • If stakers do any of the following banned behaviors, in return for a small 4% fee, a third party can submit a proof of this, such that the cheater loses their entire stake/deposit (slashing):
    1. Votes for multiple conflicting blocks at the same height.
    2. Votes for multiple conflicting blocks at different heights, but using conflicting reference blocks, unless the new reference block has more height.

The Ethereum reward structure will be adjusted, such that PoS validators also receive a share of the rewards, in addition to the PoW miners. As far as we can tell, the details of this new allocation have not been decided yet.

Analysis

The latest iteration of Casper is a significant improvement from earlier versions, in our view, primarily because of lower levels of complexity and greater reliance on PoW mining.

In theory, there are only three problems with the new proposal:

  1. Over one third of the stakers refusing to participate – in which case we are just back to a PoW based system
  2. Stakers changing their mind after finality such that more than two thirds supports an alternative chain – the long range attack problem
  3. Stakers reaching two-thirds majority support for a lower PoW chain than the current leading PoW chain, a new way of causing a re-organisation. We view this as the most significant downside of this proposal.

Core to the assumption behind this system is that its PoW which drives the chain forwards and that the PoS system only comes into play, once the PoW miners have decided on a chain, PoS votes are not even valid before 12 miner confirmations. Indeed, if the two thirds majority cannot be achieved then the chain continues on a PoW basis.

Therefore, we conclude, that the core characteristic of this latest Casper proposal is that the PoW happens first, and only after this does PoS potentially provide an extra assurance against a chain re-organisation, orchestrated deliberately by a hostile PoW miners. PoW therefore still provides computational convergence, with the PoS mechanism defending against the threat of a human/politically instigated miner re-organisation. Therefore although PoS provides this safety, as point three above indicates, it also provides extra risk, therefore its not clear if there is a net benefit.

Weakness Summary
Nothing at Stake Validators can vote on multiple chains, but not at the same height. This is designed to allow validators to change their mind, but only for “legitimate” reasons.

For the hybrid version of the model, the convergence issue may be solved by relying on PoW mining.

Block production PoW miners produce blocks and therefore there is no issue related to selecting the block producer.
Long range attack Once two-thirds of the stake in the validator pool has used a block as a reference for voting, nodes finalize the block and there cannot be a re-organisation. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding PoW miners produce blocks and therefore there is no stake grinding issue.

Other potential unresolved issues

In the event of a contentious hardfork and chainsplit, if the new chain alters the format of the validator checkpoint votes, two-thirds of the validators could conduct destructive re-organisations on the original chain, while avoiding punishment (slashing) due to the new voting format. Validators could therefore destroy the original chain, while still moving forward on a new chain of their choice. The system could therefore be less resilient to being shut down.

Exclusive BitMEX Research Interview with Vitalik Buterin on the latest Casper proposal

Question 1 – Even though the PoS system may provide more assurance than before, prior to the 34% voting threshold being reached, re-organisation risk may be higher, since a re-organisation can occur in more ways, both via PoS and via PoW. Are you concerned about the negatives of this?

I would say no. There are plenty of reasons to believe that it should not negatively impact stability. The pre-finalization chain scoring rule is “highest finalized epoch + total difficulty * epsilon”. There is a paper here that points out that any “monotonic” chain scoring rule is a Nash equilibrium; our scoring rule is clearly monotonic so it’s a Nash equilibrium. Both miners and validators use the chain scoring rule, so miners and validators would both naturally help the chain grow, not try to revert it. Casper FFG was deliberately designed in this way, to “play nice” both with “chain-based” intuitions of consensus as well as BFT-theoretic concepts of finality.

 

The only way in which “re-organisation risk may be higher” is either:

 

  • If validators are more likely than miners to be majority-dishonest
  • If the Casper-specific code has bugs

We accept that if either of these are true then Casper FFG can add risks.

Question 2 – How do you expect users and exchanges to behave? Should exchanges modify their behavior before crediting deposits, for example 2 confirmations plus 34% of validator votes?

If I ran an exchange I would do something like “wait 12 confirmations for deposits up to $10k, and finality for anything higher”

Question 3 – Will there be an overall confirmation score metric, combining both the impact of PoW and PoS, which exchanges can use?

I suppose it’s possible to create one. Here are a few distinct stages of confirmation that I can think of:

  • A transaction has been included into a block, which is the head
    • which is the Nth ancestor of the head
    • which is an ancestor of a checkpoint C which is an ancestor of the head. Validators have started voting on C.
  • Validators have justified C.
  • A child of C, C’, exists, and validators have started voting on C’ to finalize C
  • The child of C’ has >1/3 votes. At this point, at least one validator needs to actually be slashed for the transaction to be revertedC is finalized.

Conclusion

This latest PoS proposal is the best proposal so far, in our view. We think it may be adopted by Ethereum and it could make a net positive contribution to the security of the system. However, the system remains reliant on PoW mining, at least at the interim stage. PoW is relied on to resolve any Byzantine faults first, before the PoS process occurs. Therefore the system relies on PoW for both block production and for the crucial property of ensuring the system converges on one chain. Although PoS mining may mitigate some risks (hostile PoW miners), it is unclear if it makes a net contribution to convergence or security. Critics of PoS could therefore argue that any rewards redistributed from PoW miners to stakers unnecessarily dilutes system convergence and security.

Although we think the current proposal could work, the nothing at stake problem could still be a significant challenge. The jury is still out on whether this new mechanism solves this problem. Therefore despite the plan to use this proposal as a stepping stone, as part of a gradual shift towards a full PoS system, this could be more difficult to achieve than some in the Ethereum community think.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

Bitcoin price correlation: Record high against the S&P 500

Abstract: We look at the price correlation between Bitcoin and some traditional financial assets since 2012 and notice that the correlation with stocks in the last few months has reached record high levels, although it remains reasonably low in absolute terms. We conclude that a crypto-coin investment thesis of a “new non-correlated asset class” may therefore have some merit, although correlations may increase if the ecosystem expands. Due to the current correlation with stocks, Bitcoin may no longer offer downside protection in the event of a financial crisis, which some people may expect.

cryptocurrency. golden bitcoin coin on a stock market charts

Overview

We calculated the 180-day rolling daily percentage price-change correlation between Bitcoin and a variety of traditional financial assets since 2012. As the chart below demonstrates, the correlation never really significantly escaped the -0.2 to +0.2 range, which is a reasonably low level.

Bitcoin price correlation versus various traditional assets – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Bitcoin vs. the S&P 500 and gold

Focusing on just the S&P 500 index and gold, it appears as if Bitcoin has experienced several periods of correlation.

  • During the Bitcoin price rally in March 2013, which commentators at the time suggested was partially caused by the Cypriot financial crisis, the Bitcoin price correlation with gold increased and remained somewhat elevated until the January 2014 Bitcoin price crash.
  • During the 2016 Bitcoin price rally, a moderately strong gold-price correlation returned again and gold and Bitcoin both had a strong year. This indicates that the same underlying economic factors and political uncertainty (the economic slowdown in China, Brexit, and the election of President Trump) may have contributed to price movements of both assets during this period.
  • During the recent Bitcoin price rally, things appeared somewhat different, with the price correlation between Bitcoin and stocks reaching record levels (almost 0.25). In our view, Bitcoin appears to have obtained some “risk-on” characteristics in this rally. Increased levels of liquidity available to investors and the amount of enthusiasm for new technology, may be driving price movements in both stocks and Bitcoin, to some extent. Therefore Bitcoin may be less likely to provide protection in the event of a financial collapse or fall in equity markets, something traditionally considered one of Bitcoin’s potential strengths. In addition to this, the price correlation with gold recently became slightly negative.

Bitcoin price correlation between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Statistical significance

The R-squared between Bitcoin and other assets in the chart below is low, peaking at only 6.1% with the S&P 500 during the recent price rally. In addition to this, we have not been able to prove the statistical significance of any daily price-change correlation between Bitcoin and any traditional asset using any robust methodology. Scientifically speaking therefore, this article is speculative.

Bitcoin price R-Squared between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Recent price movements

Although it’s difficult to make any conclusions based on robust statistical methodology, due in part to the limited number of data points, a chart of the Bitcoin price versus the S&P 500 in the last few months shows a strong positive relationship, which is difficult to totally ignore.

Bitcoin price compared to the S&P 500 index. (Source: BitMEX Research, Bloomberg)

Indeed, as Bloomberg pointed out with the graph below, the peak of the Bitcoin price actually coincided with the peak forward earnings valuation ratio in the S&P 500. This comparison may be somewhat spurious, since the stock market actually peaked at the end of January (while Bitcoin peaked in December) and earnings estimates reset to higher levels for the year ending December 2018 at the end of 2017.

Bitcoin price compared to the S&P 500 index’s forward P/E ratio. (Source: Bloomberg)

Ethereum and Litecoin

We also looked at the rolling Bitcoin daily price-change correlation between Ethereum and Litecoin. The price correlation between these coins and Bitcoin is obviously far higher than for traditional assets and it is statistically significant. During the massive crypto-coin rally in 2017, the price correlation to Bitcoin fell dramatically to the 0.1 level, as altcoins traded against Bitcoin and moved more independently. After the price correction started in 2018, price correlations have began to climb as the coins seem to move together again.

  • Litecoin — The correlation normally tends to be high, at around the 0.5 level. The price correlation dipped to around 0.2 in 2015, when there was not much Litecoin price action.
  • Ethereum — After Ethereum launched, the system was reasonably small and exposed to some unique risks, such as uncertainty surrounding its launch and the model of giving funds to the founding team. Therefore its price correlation with Bitcoin started low before eventually reaching levels similar to Litecoin.

Bitcoin price correlation between Ethereum and Litecoin – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Conclusion

Crypto-coin proponents sometimes mention that crypto coins are a “new non-correlated asset class” that can provide a hedge for traditional portfolio managers. These traditional portfolio managers are then expected to allocate a weighting in their portfolios for crypto-coins, which may cause further price appreciation.

It appears that Bitcoin has been a reasonably non-correlated asset class throughout its history. During the recent rally to a valuation of hundreds of billions of dollars, however, correlations — and, crucially, correlations to risk-on assets — started to increase.

Although there is some merit to the hypothesis of crypto-coins not correlating with traditional assets, if crypto-coin prices remain elevated or increase further and become a significant part of the global financial system, higher correlation with traditional assets may become inevitable.

Whether crypto coins are a “new” asset class and whether this matters is another topic. It’s not clear if there is significant merit merely to being new; more importantly, perhaps, is if crypto-coins offer anything unique.

 

Update: SegWit transaction capacity increase compared to Bitcoin Cash

Abstract: In September 2017, we wrote a piece on the SegWit capacity increase. Here, we provide an update on SegWit adoption with six more months of transaction data. We also compare the transaction throughput to that of Bitcoin Cash, an alternative capacity-increase mechanism.

Please click here to download the pdf version of this report

 

SegWit vs. Bitcoin Cash

The SegWit upgrade to the Bitcoin protocol occurred in August 2017. After this, users had the option of upgrading their wallets and using SegWit, which provides the benefits of about 41% more scale (assuming no other users also upgrade).

Around the same time, Bitcoin Cash provided an alternative mechanism for increasing capacity, in which one also needs to upgrade to a new wallet and adopt a new transaction format to get the benefit of more transaction throughput, although a main difference between this and SegWit’s approach is that Bitcoin Cash resulted in a new coin.

The transaction volumes of Bitcoin Cash and the new SegWit Bitcoin transaction format have been reasonably similar. Since the launch of Bitcoin Cash, 6.1 million SegWit transactions have taken place, only 20.1% more than the cumulative number of Bitcoin Cash transactions. These figures are remarkably close — although supporters of the SegWit capacity-increase methodology could claim that Bitcoin Cash had a one-month head start and that the Bitcoin Cash chain has lower transaction fees so that a comparison is not appropriate. Adjusting for the one-month head start, SegWit has 31.5% more cumulative transaction volume than Bitcoin Cash, larger than 20.1% but still reasonably close. Of course, its possible that at some point either or both of these figures could be manipulated.

Although the data suggests that SegWit transaction have been adopted slightly faster than Bitcoin Cash, resulting in more transaction volume, Bitcoin Cash advocates could argue that the Bitcoin Cash token is more about a philosophy of larger capacity in the long term, rather than the speed of the actual increase in transaction volume in the short term. Therefore Bitcoin Cash supporters can still claim that Bitcoin Cash will eventually have more transaction volume than Bitcoin, once adoption of the coin increases.

Cumulative transaction volume since the launch of Bitcoin Cash. (Source: BitMEX Research, Bitcoin blockchain, Blockchair for Bitcoin Cash data)

As these charts indicate, there was a sharp spike in Bitcoin Cash transaction volume when it launched; in contrast the SegWit upgrade was more gradually adopted. This is likely to be related to the investment flows and excitement of the new Bitcoin Cash coin, which may have driven short term adoption, as some of the spikes in the chart illustrate. Three months after the launch of Bitcoin Cash, on 31 October 2017, SegWit transaction volume overtook Bitcoin Cash and has remained in the lead ever since.

Daily transaction volume. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

The chart below shows that the adoption of SegWit has continued to grow since August 2017, perhaps increasing in steps as large corporate entities switch to SegWit. Adoption currently hovers around 30% as a proportion of the number of transactions, although the adoption rate only measures around 22% as a proportion of block space, which is possibly a more important metric.

Percentage of transactions that use SegWit. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

SegWit has begun to meaningfully impact system-wide capacity, potentially reducing fees and benefitting even users who choose not to upgrade to the new transaction format. However, the transaction fee market is still immature and, in our view, transaction prices are likely to remain volatile going forward.

Conclusion

Adoption of both the new transaction format for SegWit and Bitcoin Cash has been reasonably slow. At the same time, as our earlier piece shows, adoption of new consensus rules can also be gradual. This illustrates why it may be important to construct network upgrades in the least disruptive way possible, perhaps an upgrade mechanism which is safe even if users and miners do not upgrade at all.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

Tether: New financial data released by Puerto Rico

Abstract: Following our earlier research piece on Tether a few weeks ago, further financial information has just been released by Puerto Rico. The new data supports our speculation that Noble Bank could be Tether’s primary reserve bank and that the region may be a major cryptocurrency centre.

Over the weekend, the Commissioner of Financial Institutions of Puerto Rico released aggregate financial-system data for the calendar year ended 2017. Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.3 billion, up 248% in the quarter ended December 2017. Total assets in the category were $3.8 billion, up 161% in the quarter. This extraordinary growth coincides with a large increase in value of cryptocurrency assets, which has likely resulted in large cash inflows into cryptocurrency-related banks.

Over the same period, the value of Tether in issue has increased by 215% to $1.4 billion. This new data supports the thesis in our recent piece on Tether, in which we speculated that Noble Bank is Tether’s primary reserve bank.

We have updated the chart below from the version in our earlier piece, with an initial data point for the end of 2017. It illustrates the sharp growth in bank deposits in the IFE category in Puerto Rico, coinciding with the recent cryptocurrency boom.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 72.2% to 85.8%. This also indicates cryptocurrency or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

Diagram of a Bitcoin block: Covert versus overt AsicBoost

Abstract: We present a graphical illustration of a Bitcoin block, including the Merkle trees and explain why the additional Merkle tree in the block, associated with the Segregated Witness upgrade, is necessary. We then take a closer look at some of the potential negatives of both overt and covert AsicBoost, following on from our September 2017 piece on the subject. After the recent announcement from the patent owner, we conclude that the new Blockchain Defensive Patent License (BDPL) scheme, if robust, could result in limited downsides to the use of overt AsicBoost on the network. On the other hand, there may still be some issues with the less efficient covert AsicBoost.

This is a simplified depiction of the structure of a Bitcoin block and the Merkle trees inside it. Other, more detailed illustrations have been produced by Jeremy Rubin and Timo Hanke. (Source: BitMEX Research) 

 

Please click here to download a pdf version of this report

 

Block header

The header of the Bitcoin block (in grey) is around 80 bytes and includes the version, the hash of the previous block, the Merkle root, the timestamp, the bits (difficulty), and the nonce.

Block header candidate

This includes all of the above, with the exception of the nonce.

Chunks

The diagram above shows that the Merkle root is split between two chunks, which are required to conduct Bitcoin’s SHA256 proof-of-work function. An explanation of this can be found in our earlier piece on AsicBoost.

Second Merkle tree

The SegWit upgrade introduced a new Merkle tree, which has the same structure as the main Merkle tree, except that it includes the witness data and excludes the coinbase transaction. The relative position of each transaction must remain identical to that of the main Merkle tree.

Why a second Merkle tree?

The second Merkle tree increases complexity, which some may consider a disadvantage. SegWit was an upgrade to the Bitcoin network that fixed bugs, such as the quadratic scaling of sighash operations and transaction malleability. The witness data could not be added into the main Merkle tree, as otherwise old nodes would consider these transactions invalid, which would be a hardfork.

However, it is not true to say the additional Merkle tree could be avoided by making SegWit a hardfork upgrade rather than a softfork upgrade. A hardfork resulting from the inclusion of witness data in the main Merkle tree would lead existing wallets to consider the new transaction format invalid, and these wallets would not be compatible with the new transaction format whether they were fully verifying nodes or not. The effect of this would be that some users would be unable to interact with each other and funds could appear to go missing. This type of upgrade may not be possible in a live network such as Bitcoin without significant disruption. Therefore, the additional complexity of a second Merkle tree would be necessary even if the SegWit upgrade were a hardfork.

AsicBoost

As we explained in our previous piece on AsicBoost, covert AsicBoost involves finding a collision in the last 4 bytes of the Merkle root, exploiting the fact that the hashing algorithm splits the Merkle root between the two chunks. Covert AsicBoost messes with the transactions, something that overt AsicBoost avoids. The second Merkle tree can make covert AsicBoost more difficult unless the blocks are much smaller, which could be detectable. 

Potential negative issues with AsicBoost

  Covert AsicBoost Overt AsicBoost

Patent protection

This potential negative of AsicBoost applies to both the covert and overt type. AsicBoost is a patented technology and, as we explained in our previous piece on patents, these can be particularly damaging in the blockchain space. This appears to be one of the primary negatives of AsicBoost, as it could potentially give one mining company an insurmountable advantage over the competition, resulting in a gap that could not be closed due to legal restrictions. This could undermine Bitcoin’s core value proposition. It is possible that the Bitcoin community would conduct a softfork to block AsicBoost if the patent problem becomes significant.

To mitigate this problem, the patent owner could open the patent — for example, by making a defensive patent pledge. It appears as if the AsicBoost patent owner may have recently made such a pledge. If the pledge proves robust enough, this issue may now be resolved, at least in the regions the patent applies.

Smaller blocks and lower capacity

Covert AsicBoost can incentivise the production of smaller or even empty blocks, which makes covert AsicBoost more efficient. This can then reduce the capacity of the network and increase transaction fees.

Smaller or empty blocks have a negative impact on capacity, since they still maintain the network difficulty but do not make a significant contribution to any transaction backlog.

n/a

Unwillingness to upgrade to SegWit and potential dishonesty over the reason

Perhaps the most damaging negative of AsicBoost was that it may have caused some miners to be unwilling to upgrade to SegWit. This in itself may not be much of a negative, but the supposed dishonest and divisive misinformation campaign about SegWit may have had a large negative impact on the ecosystem.

However we would like to point out that this is merely an uncertain, unsubstantiated accusation, and it is not clear if this was a motivating factor behind opposition to SegWit.

n/a

Incentive to adjust the Merkle trees or transactions

As the diagram above illustrates, covert AsicBoost relies on the ability of the miner to adjust the Merkle tree or the transactions. This could have detrimental effects on the network other than smaller blocks. Overt AsicBoost appears to be a much cleaner solution, needing only a field in the block header to be changed.

n/a

Secret advantage over competition

Covert AsicBoost may be undetectable and therefore may provide some miners a secret advantage over the competition, compared to a known advantage.

Although in general we think transparency is a good thing, it’s not clear whether or not the network on which covert AsicBoost operates suffers any direct disadvantage from the secrecy, apart from what is mentioned elsewhere in this table.

n/a

Reduced ability to conduct softfork upgrades via version signalling and a warning message in Bitcoin Core

n/a

Overt AsicBoost uses the version field, seen on the top left of the illustration above. This has been used as a signal, to indicate that a miner is ready to upgrade via a softfork. Overt AsicBoost may use space in this field, which may prevent its use as an upgrade-signalling system.

However:

1. Overt AsicBoost may not require all 4 bytes and therefore some bytes may be left for softfork signalling. This could reduce the number of softforks that can occur simultaneously.

2. Many regard the softfork signalling system to have been a failure anyway. Miners often provide simultaneous contradictory signals, rendering the signal methodology unreliable.

Another downside of overt AsicBoost is that Bitcoin Core software may see an unusual version field and think the network is upgrading in an unknown manner, resulting in a  warning message to the user.

In our view, AsicBoost is not necessarily a negative for the network. Although covert AsicBoost has problems with an incentive to produce smaller blocks, most of the issues related to overt AsicBoost can be mitigated. In particular, if the BDPL system proves robust, there may be no significant negatives resulting from the use of overt AsicBoost — at least none which we can currently predict.

Tether

Abstract: Tether is a crypto token based on top of Bitcoin and Ethereum’s blockchains, the value of which is pegged to the US dollar by centralised USD reserves. There is scepticism about Tether, with accusations that the system is not backed by sufficient reserves. We think that this Tether scepticism is mostly focused on the wrong issue. We have found possible evidence in published financial data that the impact of Tether is visible in Puerto Rico’s banking system. Tether is likely to be, or is already, encountering problems related to regulation and we think this should be the primary long-term concern for Tether holders.

About Tether

Tether is a scheme that allows fiat currencies such as the US dollar to be used on the Bitcoin (and Ethereum) blockchain. The abstract of the Tether white paper explains:

A digital token backed by fiat currency provides individuals and organizations with a robust and decentralized method of exchanging value while using a familiar accounting unit. The innovation of blockchains is an auditable and cryptographically secured global ledger. Asset-backed token issuers and other market participants can take advantage of blockchain technology, along with embedded consensus systems, to transact in familiar, less volatile currencies and assets. In order to maintain accountability and to ensure stability in exchange price, we propose a method to maintain a one­-to-­one reserve ratio between a cryptocurrency token, called tethers, and its associated real­world asset, fiat currency. This method uses the Bitcoin blockchain, proof of reserves, and other audit methods to prove that issued tokens are fully backed and reserved at all times

The Tether token therefore exists on top of the Bitcoin and Ethereum blockchains, with around 97% and 3% of its tokens existing on each chain respectively. On Bitcoin, its tokens exist similarly to coloured coins and use the Omni layer, whose protocols interpret extra meaning from some surplus Bitcoin transaction data — for example, the creation or transfer of Tether.

The primary use case of Tether appears to be financial speculation, with many exchanges allowing their customers to buy and sell Tether in exchange for crypto tokens such as Bitcoin. Currently, around 2.2 billion Tether, representing US$2.2 billion, exist. As the chart below illustrates, about 85% of Tether holders are known, with the largest holders being the biggest crypto token exchanges. There is likely to be some mechanism by which these large holders can redeem Tether directly for USD, which we speculate on at a later point in this report.

Tether owners in February 2018 listed in millions of USD. (Source: Tether rich list, Tether transparency report)

The Tether hack

It appears as if the Tether treasury wallet was hacked in November 2017. US$31 million was stolen and sent to an external Bitcoin address, where it remains in quarantine. On 21 November, Tether released a forked client of OmniCore. This froze the stolen funds and was essentially a hardfork of the Omni layer. Since the Tether company backs the Tether token with real USD, Tether users had to upgrade, since Tether would obviously only back the tokens on their chosen side of the fork. As Tether put it:

We strongly urge all Tether integrators to install this software immediately.

The hacking incident demonstrated that Tether is effectively in complete control of the ledger, as they can force a hardfork at will and reverse any transaction — although there may not have been any doubt about Tether’s control beforehand. This raises the question of why Tether bothers to put the database on the Bitcoin and Ethereum blockchains at all — it would be far cheaper for Tether to create its own public database without needing to pay fees to the miners. Although the Tether company was and is able to freeze funds, the process is technically difficult and time consuming, as it requires new software to be written and released and for all Tether exchanges to upgrade.

Who controls Tether?

The Tether “About us” page only appeared between 5 December 2017 and 7 December 2017, and it revealed that Tether had the same management team as the Bitfinex exchange, as the table below illustrates. This is approximately when Tether is said to have received a subpoena from the US Commodities Futures Trading Commission (6 December 2017). Prior to this point, Tether did not disclose its management team — on the website, at least — although it was widely believed that Bitfinex was behind Tether. The timing appears to suggest that the subpoena may have prompted the greater transparency.

Bitfinex Senior Team Tether Team
JL van der Velde (CEO) JL van der Velde (CEO)
Giancarlo Devasini (CFO) Giancarlo Devasini (CFO)
Philip Potter (CSO) Philip Potter (CSO)
Stuart Hoegner (general counsel) Stuart Hoegner (general counsel)
Matthew Tremblay (chief compliance officer) Matthew Tremblay (chief compliance officer)
Paolo Ardoino (CTO)
Chris Ellis (community manager)

Tether and Bitfinex have essentially the same management team. (Source: Tether, Bitfinex)

The Paradise Papers, released in November 2017, revealed that Bitfinex’s CFO and CSO are owners and directors of Tether respectively. There was already little doubt about the link between Tether and Bitfinex prior to full disclosure on Tether’s website.

Tether management and owners. (Source: Paradise Papers)

Some think that Tether may have previously implied that Bitfinex doesn’t control Tether. For example, Craig Sellars, a Tether founder and advisor — and a former CTO of Bitfinex — stated on Reddit in spring 2017:

Bitfinex is a customer of Tether. If Bitfinex wants more USD, they make a request to Tether, just like all other Tether customers. Tether waits for USD to show up, and when it does, creates the necessary tethers and credits Bitfinex.

That comment left much open to interpretation but certainly did not explicitly state that Bitfinex does not control Tether. In this comment, a month prior to the above one, Sellars specifically states that he and Bitfinex CSO Phil Potter were discussing how to improve Tether. Sellars was also open about his simultaneous involvements in Tether and Bitfinex, as his LinkedIn profile indicates:

  • April 2014 to present: Tether founder and advisor
  • January 2015 to May 2016: Bitfinex CTO
  • April 2014 to May 2016: Tether founder and CTO

We do not think there is evidence that Tether misled the public about Bitfinex’s involvement, which some have claimed.

The Tether audit

The Tether homepage states that:

Our reserve holdings are published daily and subject to frequent professional audits.

The accounting firm Friedman LLP (FLLP) published a report in September 2017 in which  it confirmed that the USD balances that Tether was supposed to hold. The report stated that as of 15 September 2017, a bank held $382,064,782 in an account in the name of Tether.

However, the report did not disclose the names of any of the banks nor did it mention the jurisdictions in which the banks operate. The report also stated that:

FLLP did not evaluate the terms of the above bank accounts and makes no representations about the Client’s ability to access funds from the accounts or whether the funds are committed for purposes other than Tether token redemptions.

In January 2018, Tether ended its relationship with FLLP and explained with this emailed statement.

We confirm that the relationship with Friedman is dissolved.  Given the excruciatingly detailed procedures Friedman was undertaking for the relatively simple balance sheet of Tether, it became clear that an audit would be unattainable in a reasonable time frame. As Tether is the first company in the space to undergo this process and pursue this level of transparency, there is no precedent set to guide the process nor any benchmark against which to measure its success.

The statement indicates that there is a lack of transparency and the audit processes appears inadequate, or at least inconsistent with the promises made on the Tether website. This  likely contributed to the rumors in the cryptocurrency community — for example, claims that Tether is a Ponzi scheme.

Lack of transparency does not necessarily indicate fraud

Tether allows its users to send and receive USD. Transactions cannot easily be blocked and users require no permission — although one notable exception to this is Tether requiring all users to upgrade to a new client in order to block transactions, which is the cumbersome process that occurred after the $31 million hack.

Tether also potentially allows users a degree of anonymity when making or receiving transactions. Its characteristics potentially make it attractive to criminals, just like Bitcoin. While those with the ability to issue and redeem Tether, such as exchanges, are required to go through approval and KYC processes, individual users can use Tether merely by generating a public/private key pair, again just like Bitcoin.

Regulators are unlikely to be particularly happy about this and banks are likely to consider Tether with scepticism. Tether also requires the use of a bank, to hold the USD reserves required to back Tether. Many banks are likely to approach Tether cautiously, and accepting Tether as a client may violate a bank’s compliance procedures such as rules meant to prevent money laundering.

Therefore, Tether may have a problem: either the company may try to conceal aspects of how Tether operates from the reserve bank or the company may need to find a bank with compliance procedures that are not as strict as those of the most prominent financial institutions. We suspect that Tether may have struggled to find appropriate banking relationships and may have had accounts with many banks in many jurisdictions as it tried to find the right partner. We believe this is likely to be the primary reason for the apparent lack of transparency, rather than a lack of USD reserves. The transparency that some Tether stakeholders seem to expect may not be possible in the financial sector when the underlying activity is not clearly authorized or regulated by the authorities.

The Bitfinex exchange may have revenues in excess of US$1 million per day during the recent crypto currency bubble (assuming 100,000 BTC volume per day, 0.1% commission, and a $10,000 BTC price). Even if Tether were experiencing problems, Bitfinex may have resources sufficient to bail out the system. This wealth may also remove some of the incentive to run a fraud or a Ponzi scheme of the type some of the Tether sceptics allege.

Financial data from Puerto Rico

Rumors have been circulating that Tether may have some link to the unincorporated American territory of Puerto Rico. We decided to analyse public financial data to look for signs of unusual activity or strong growth.

We noticed strong growth in the cash balance (and the deposit balance) in the International Financial Entities (IFE) banking category. This sharp increase in cash reserves could be related to Tether. It is also possible for this growth to be related to a non-Tether aspect of the crypto currency ecosystem — for example, plans to make Puerto Rico a crypto utopia.

The chart below compares the value of Tether issued versus the deposit balance for the IFE banking category in Puerto Rico. The match is far from perfect and we cannot draw any strong conclusion from the data. It will be interesting to see what figures the regulators in the region produce going forwards.

Puerto Rico’s IFE aggregate deposits versus Tether in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

In addition to the growth of the total cash balance, we noticed that the cash balance was growing as a proportion of total assets, as the chart below illustrates.

 Puerto Rico’s IFE aggregate cash as a proportion of total assets. (Source: IFE Accounts, BitMEX Research)

This kind of balance-sheet structure is unusual. Normally, banks lend most of their assets and only keep a small balance as cash. The table below shows a simplified typical structure of bank balance sheets.

Illustrative example of the balance sheets of a typical bank and a 100% reserve bank respectively. (Source: BitMEX Research)

Full-reserve banking results in a different balance sheet, which should be detectable by financial analysts even when looking at macroeconomic data. As of the end of September 2017, the ratio of cash to total assets for this category of financial institution in Puerto Rico rapidly climbed to over 70%. This may indicate the presence of full-reserve banking in the territory and that the practice is growing.

Full-reserve banking

Full-reserve banking (also called 100% reserve banking) is when a bank does not lend deposits but keeps all deposited funds either in the form of physical cash or electronically on deposit at a custody bank or the central bank. Full-reserve banking is a fringe concept in modern finance often associated with the Austrian School of economics and libertarianism (or even a Bitcoin type of philosophy). Full-reserve banking is said to make the financial system less susceptible to credit expansion, something Bitcoin is also said to be able to achieve. The main benefit of this is that it could make the economy less likely to experience business cycles, as we explained in our earlier piece.

Noble Bank

We looked at all the financial institutions in the IFE category in Puerto Rico, and identified two banks which claim to be full-reserve banks: Euro Pacific International Bank and Noble Bank International. Full-reserve banks are rare, so while we can’t rule out the existence of any others, it may be unlikely that any others are operating.

Extract from the list of registered IFEs in Puerto Rico. Noble is highlighted in red by BitMEX Research.(Source: Commissioner of Financial Insitutions of Puerto Rico)

Euro Pacific Bank is run by Peter Schiff, a well-known Austrian economist and Bitcoin sceptic. Due to this scepticism, we think it is unlikely that Schiff would become involved in a Bitcoin-related entity like Tether.

Noble Bank, however, is involved in the crypto space and therefore could be involved in Tether. Evidence of Noble’s involvement in cryptocurrency includes the following extract from a letter to the regulator that the bank sent in 2015:

Noble intend to operate an integrated financial market network for the trading, clearing, and settlement of real currency, Bitcoin and other digital currencies

Noble is also the bank that entered into a Bitcoin-related business partnership with Nasdaq in 2015. We suspect that the growth in reserves in this section of the financial services industry in Puerto Rico is related to Noble Bank and cryptocurrency, whether or not this involves Tether.

The founder and CEO of Noble Bank, John Betts, was also behind the 2014 Sunlot Holdings move to take over and potentially rescue MtGox. Sunlot was backed by Brock Pierce, one of the founders of Tether.

Of course, a previous professional relationship between the Noble Bank CEO and one of the Tether founders proves nothing, and the blockchain ecosystem is a small space so such connections are likely. We would like to emphasize that even if Noble Bank is the primary reserve bank of Tether, none of this is evidence that Noble Bank has done anything inappropriate or illegal.

In a Medium post, Noble describes how it lets “clients to create their own pools of credit” and explains the structure of this system with the following illustration.

(Source: Medium)

It is possible that the above model could be the underlying structure behind Tether, and this could explain how it is backed by US dollars. This would indicate the USD that back Tether are inside the Puerto Rican banking system with the reserves held by BNY Mellon, Noble’s custody bank, which is the largest custody bank in the world. If true, this would imply that Tether is not a Ponzi scheme, since the USD reserves are present and being reported to the authorities, and that the reserves may be relatively safe. Although, as we explain later in this report, this should not provide complete comfort for Tether holders in the long term.

Case studies

As we mentioned above, Tether has the following characteristics:

  • No permission is required to send or receive Tether.
  • Transactions cannot be easily blocked.
  • Tether users may be able to obtain a degree of anonymity.

These characteristics may make the system attractive for criminals and money launderers — and if criminal activity becomes too prevalent, the authorities may wish to shut the system down. This has already happened numerous times in the past, as the case studies below demonstrate. In a later report, we may dig into the history of these case studies in more detail.

Liberty Reserve (2006-2013)

Liberty reserve was a Costa Rica-based centralized digital-currency service that let users  send and receive USD-denominated payments over the Internet. Payments could be made using email addresses and there was no procedure to identify those using the system. In 2013, Costa Rican authorities closed the service, accusing the system of facilitating the laundering of US$6 billion of criminal proceeds in the indictment. The founder of the service was arrested and sentenced to prison. The BBC described the service as follows:

Cash could be put into the service using a credit card, bank wire, postal money order or other money transfer service. It was then “converted” into one of the firm’s own currencies – mirroring either the Euro or US dollar – at which point it could be transferred to another account holder who could then extract the funds.

GoldAge (1999-2006)

Prior to founding Liberty Reserve, the same founders ran GoldAge, a gold-based payment platform that was also shut down by the authorities. As the US Justice Department put it:

The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme.

e-Bullion (2001-2008)

e-Bullion was a centralized Internet-based gold-payment system. In 2008, the co-founder of the system was murdered. As a result, the US government confiscated the company’s assets and the system was shut down.

DigiCash (1994-1998)

Perhaps one of the most interesting of the centralised pegged-payment platforms was DigiCash. Developed by David Chaum, DigiCash had strong anonymity technology based on blind signatures built into the system. The platform resembled modern distributed anonymity-based tokens like Monero.

Although DigiCash was centralised, the operator was unable to obtain details about the transactions because everything was anonymous, and therefore the transactions themselves were, in a sense, fully censorship resistant. However, the company eventually failed and in 1998 filed for bankruptcy.

Censorship resistance has two sides: one, that transactions themselves cannot be blocked and the second being that the entire system cannot easily be shut down. The first is relatively easy to achieve though anonymity-based technology such as ring signatures, while the second is more challenging.

The US Justice Department lists other examples of shut-down Internet-based payment systems, including the following.

E-gold (1996-2007)

On April 27, 2007, a federal grand jury in Washington, D.C., indicted two companies operating a digital currency business and their owners. The indictment charges E-Gold Ltd., Gold and Silver Reserve, Inc., and their owners with one count each of conspiracy to launder monetary instruments, conspiracy to operate an unlicensed money transmitting business, operating an unlicensed money transmitting business under federal law, and one count of money transmission without a license under D.C. law. According to the indictment, persons seeking to use the alternative payment system E-Gold were only required to provide a valid Email address to open an E-Gold account–no other contact information was verified. The indictment is the result of a 2½-year investigation by the U.S. Secret Service with cooperation among investigators, including the Internal Revenue Service (IRS), the Federal Bureau of Investigation (FBI), and other state and local law enforcement agencies. According to Jeffrey A. Taylor, U.S. Attorney for the District of Columbia, “The defendants operated a sophisticated and widespread international money remitting business, unsupervised and unregulated by any entity in the world, which allowed for anonymous transfers of value at a click of a mouse. Not surprisingly, criminals of every stripe gravitated to E-Gold as a place to move their money with impunity.”

ShadowCrew

On June 29, 2006, Andrew [Mantovani] was sentenced to 32 months in federal prison for cofounding Shadowcrew.com, an international online discussion forum with more than 4,000 members, many of whom specialized in identity theft and fraud. Shadowcrew members sent and received payments for goods and criminal services through digital currencies. One indicted member, Omar Dhanani, operated an illegal currency exchange, providing members a money laundering service in digital gold by anonymously converting their illicit cash. Dhanani stated that Shadowcrew members used digital gold in order to avoid traditional banking systems. A yearlong investigation by the U.S. Secret Service led to the October 2004 arrest of 21 individuals in the United States, with several other arrests in foreign countries.

Western Express International Currency Exchange Company (2002-2005)

On February 22, 2006, Vadim Vassilenko, Yelena Barysheva, and Alexey Baryshev were indicted by the state of New York for operating an illegal check-cashing and money transmittal business from 2002 through 2005. Their company, Western Express International, acted as a currency exchanger, knowingly exchanging criminal proceeds for digital currencies. Through its web sites, Western Express actively solicited overseas clients in eastern Europe, Russia, and the Ukraine to operate illegally in the United States. Clients using fictitious, often multiple identities committed a variety of cyber crimes, such as reshipping, phishing, spoofing, and spamming. Items purchased with stolen credit card numbers were resold for digital gold, which was further laundered through Western Express. A total of $25 million flowed through the company’s bank accounts over the 4-year period, in violation of New York banking regulations.

Conclusion

History has shown that centralised systems with certain characteristics (censorship resistance or anonymous transactions) tend to get shut down by the authorities. Tether shares some of the same characteristics as these extinguished services so it may also attract criminals and ultimately suffer the same fate.

In our view, Tether has two choices:

  1. Reform the system to include KYC/AML procedures that allow the operator to easily block transactions or freeze funds. In order to do this, Tether may need to fundamentally change its technological architecture and perhaps leave the public blockchains. Essentially, Tether would just be turning into a traditional (or full-reserve) bank.
  2. Continue as is and risk being be shut down by the authorities at some point.

If Tether is shut down, there is a risk that some users may lose access to their funds, perhaps temporarily. We do not recommend holding Tether for the long term, but not for the reasons some of the sceptics typically pronounce. We think that criminal usage of Tether is likely to be relatively low because of the use of Tether for financial speculation, which is probably the system’s dominant use case. Furthermore, we have not found any evidence of criminals using Tether to launder funds. As it stands, we think an imminent shutdown is unlikely.

The case studies above illustrate the two angles to censorship resistance (individual transactions and the system as a whole) and what distributed crypto tokens need to achieve in order to be sustainable in the long run. If a payment system cannot block transactions, doesn’t require permission for use, or offers anonymous use, it will probably eventually be shut down. This could be just as true for systems like Tether and Ripple as it was for Liberty Reserve, E-gold, and DigiCash. A potential way around this is to try to build a distributed system that cannot be shut down (i.e., censorship resistance for the system as a whole).  Whether Bitcoin or other proof-of-work-based systems can achieve this is still unproven, in our view.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

A blockchain-specific defensive patent licence

Abstract: Although the impact of patents on society is debatable, they can have negative impact on the blockchain space. Opening patents up is potentially crucial to the blockchain industry. Unfortunately, however, technology innovators may need to obtain patent protection for defensive purposes. A defensive patent licence (DPL) may be able to protect the ecosystem from the harmful restrictions of patents or mitigate some of the risks. We explain some potential deficiencies and loopholes in the current DPL and take a look at a new, improved licence, a blockchain DPL (BDPL).

(Source: Mises Institute)

 

Please click here to download the pdf version of this report

 

Patents in the blockchain space

The issue of intellectual property (IP) is somewhat controversial in the libertarian and blockchain communities. Although patents and copyrights are generally accepted by most, many libertarians regard these systems as unethical state-granted monopolies that impede economic prosperity. This negative view of IP is articulated by Stephan Kinsella in his article “Against Intellectual Property“, in which he describes a patent as follows:

A patent is a property right in inventions, that is, in devices or processes that perform a “useful” function. A new or improved mousetrap is an example of a type of device which may be patented. A patent effectively grants the inventor a limited monopoly on the manufacture, use, or sale of the invention. However, a patent actually only grants to the patentee the right to exclude (i.e., to prevent others from practicing the patented invention); it does not actually grant to the patentee the right to use the patented invention.  Not every innovation or discovery is patentable. The U.S. Supreme Court has, for example, identified three categories of subject matter that are unpatentable, namely “laws of nature, natural phenomena, and abstract ideas.” Reducing abstract ideas to some type of “practical application,” i.e., “a useful, concrete and tangible result,” is patentable, however.

Copyright, on the other hand, covers original works such as books, articles, movies, and computer programs. When it comes to the IP of blockchains or other technologies, patents seem to be more relevant than copyright, which applies more to works of art.

Whatever one thinks of the merits of patents, when it comes to assessing the efficacy of patents in the blockchain space, there are some specific considerations:

  1. A key feature of blockchains is their permission-less architecture, in which nobody has the ability to censor usage of the system (a.k.a. censorship resistance). If one patents a use or function in a blockchain-based system (such as a new transaction format), the patent holder and legal authorities may be unable to prevent its usage by others, potentially making patents unsuitable or unenforceable.
  2. A patent on a cryptocurrency mining technology could give the patent holder a competitive advantage over other miners. This could undermine the whole point of mining, which requires a degree of competition in order to be useful. If a miner or mining coalition achieves a significant proportion of the hashrate, they could censor some or all of the transactions, or even attempt to reverse transactions, potentially rendering the blockchain useless.

Therefore, although the efficacy of patents is debatable in general, many consider them negative with respect to blockchains and desire to avoid the usage of enforceable patents in the blockchain space altogether. Achieving this preferred outcome is not simple; it’s not sufficient for those who develop technology in this space simply to avoid patents. This approach would be vulnerable to so-called patent trolls who could patent these technologies at a later date and possibly hold hostage those blockchain businesses and users who use the patented technology. A form of protection against patent trolls is required.

The DPL

One such tool to prevent or mitigate the risks of patent trolls is the DPL. Companies already using this include the Internet Archive and Blockstream. By signing the DPL, these companies essentially allow any company or individual to use all of their patented technologies for free, as long as they also join the DPL. In order to join the DPL, one must commit to put all one’s respective patents inside the DPL and to not make an infringing patent claim against any DPL member. This effectively forms a club, which anyone may join, whose members need not worry about using the patents owned by any other member. The use of DPLs is purely defensive, and the more entities that join the DPL, the better it is for the blockchain community.

Problems with the DPL

We have spoken to some patent holders in the ecosystem as well as legal experts, and some have identified potential deficiencies within the DPL. The DPL is a first-draft attempt at this scheme and many seem to acknowledge that there is significant scope for improvement.

Potential DPL loopholes include:

  1. The DPL mentions the licence can be revoked if a member transfers a patent to a separate, non-DPL entity that does not abide by the terms of the DPL. However, this restriction only applies once member has joined the DPL. It is possible, in theory, for an entity to transfer patents to an associated company before joining the DPL. In this scenario, the new DPL member who transferred the patent could collude with the company who received it to engage in aggressive patent claims against other DPL members, while still being free to use other patents in the DPL.
  2. Although the DPL prevents members from enforcing their patents among other members, it does not prevent third parties from enforcing patents. A third party may restrict some DPL members from using a patent while licensing that same patent to other DPL members. If this occurs, as in the figure below, any DPL members obtaining the rights to use the patent could have an advantage over other DPL members, which is exactly what the DPL was set up to prevent.

Company H is not a member of the DPL but it licenses the use of its patented technology to DPL member company A while engaging in enforcement action against the other DPL members. This gives company A an advantage, while company A is still a valid member of the DPL. (Source: BitMEX Research)

The new BDPL

A proposed blockchain-specific DPL scheme, the BDPL, aims to improve on the DPL with amendments and additional terms that hope to correct the loopholes identified above. The BDPL still retains the core defensive properties of the original DPL, granting a licence to all members who join the BDPL.

This first loophole is fixed with an amendment to one of the terms in the licence. The original DPL merely prevents a member from making any non-defensive patent claim against another member. The new terms also prevent a member, “whether individually or in collusion with each other or with any other person”, from making a non-defensive claim. This stricter requirement may make the type of collusion mentioned above more difficult.

The second loophole is fixed by adding a new term to the licence. This is a requirement that specifies that the licence will be revoked if members use any patent licensed by a third party, when such a licence “is or is likely to be” enforced and restricted from use by another BDPL member. This should prevent a scenario such as the one illustrated above.

Conclusion

In our view, this new BDPL offers an improved, more robust alternative to the existing system. However, it is more onerous in some respects than the old scheme — for example, there are stricter requirements about making public notices. In addition, closing the circumvention loopholes requires a tradeoff: a BDPL member could be caught between a rock and a hard place if it licenses a crucial technology from a non-BDLP member who then begins enforcement action against other BDLP members without the knowledge of the licensee. Fixing this problem within the licence may not be possible, although mitigating this risk could be possible with additional licensing terms preventing aggressive action against other BDPL members.

Providing patent owners with more choices can only be beneficial and this new licence is a positive addition to the blockchain space. This scheme may be more robust and therefore more attractive to patent holders, while maintaining the defensive nature that can protect the ecosystem from the harmful effects of patents. We have spoken to patent owners who have indicated that they may prefer the BDPL to older schemes. While it would be beneficial were such defensive schemes to become popular, it is difficult to predict which, if any, will succeed.

We think the BDPL is both a significant improvement and more likely to be adopted than the DPL. If adopted, the BDPL could substantially benefit the ecosystem, mitigating one of the risks silently looming over the blockchain space.