Bitcoin's Amateurish, But Cryptographic Payment Networks Are The Future
This blog post represents opinion, and is absolutely not investment advice. It is provided with absolutely no guarantees or recommendations whatsoever.
One day, the vast majority of financial transactions will be processed via cryptographically-secured payment networks. Bitcoin popularized this idea. But when this idea takes over the world, Bitcoin won’t be part of any successful, large-scale implementation. Because it’s a mess.
Unlike a lot of people with opinions about Bitcoin, we’ve looked at the code base. We didn’t like what we saw, but we can make our case without walking you through bad C++, line by line.
Bitcoin fell from a high of well over $1K each to $237 as of this writing. Speculators have been leaving the market, and most of the financial world has continued on like Bitcoin never happened. The financial world will incrementally adopt payment technologies similar to Bitcoin, because these technologies will reduce transaction costs. But Bitcoin itself is too deeply flawed to be the basis of any real revolution in finance.
The Byzantine Generals’ Problem
Let’s begin with one of the grandest claims that the Bitcoin community’s made: that Bitcoin solves the Byzantine Generals’ problem (BGP). To quote Marc Andreessen, among the most credible advocates for Bitcoin, from an article he penned for the New York Times:
First, Bitcoin at its most fundamental level is a breakthrough in computer science… Bitcoin is the first practical solution to a longstanding problem in computer science called the Byzantine Generals Problem… Bitcoin gives us, for the first time, a way for one Internet user to transfer a unique piece of digital property to another Internet user… The consequences of this breakthrough are hard to overstate.
The “breakthrough” itself is easy to overstate. Although Mr. Andreessen is usually quite brilliant, his boast was based on a more modest claim made by Bitcoin’s pseudonymous architect Satoshi Nakamoto, in a message posted to a cryptography mailing list back in 2008:
The proof-of-work chain is a solution to the Byzantine Generals’ Problem.
To be clear, that wasn’t in Nakomoto’s original paper. And he didn’t claim that it was any sort of major breakthrough. He just said it was a solution. In his paper describing Bitcoin, he offers an informal “calculation,” citing a 1957 paper entitled Introduction to Probability Theory.
Somehow, the Bitcoin community went from an informal calculation, based on an introductory paper an engineering student might read in their freshman year, to proclaiming a fundamental breakthrough in computer science. This would have come as a surprise to Turing Awards recipients Leslie Lamport (2013) and Barbara Liskov (2008), who had already solved the BGP many years earlier. However, they showed no reaction at all.
Lamport, of course, co-authored the original paper on the BGP back in 1982, which included solutions for the problem and its permutations, along with mathematical proofs of the solutions’ limitations. In 1989, Professor Liskov co-authored a paper demonstrating a distributed filesystem capable of functioning reliably in the face of Byzantine failures.
If Bitcoin’s BGP solution were truly big news, as Andreessen claimed, then you might expect to hear about it from Liskov or Lamport. But, while both professors have continued to publish papers on distributed systems, neither has made any public statements about Bitcoin. For example, in his 2014 interview with the MIT Technology Review, conducted shortly after he’d been presented with the Turing award, Dr. Lamport mentions Microsoft, Amazon, Google, and NASA—but nothing about Bitcoin. This is very likely because Bitcoin does not, in fact, solve any fundamental problem in computer science.
Lamport’s original paper proved mathematically that a naive network could not reach reliable consensus unless more than two-thirds of the nodes are trustworthy.
no solution with fewer than 3m + 1 generals can cope with m traitors
The paper goes on to outline solutions employing signed messages and operating over partially connected networks. Lamport, et al., conclude:
Algorithms [guaranteeing reliability] involve sending up to (n - 1)(n - 2) … (n - m - 1) messages [where n is the number of nodes and m is the number of traitors]. The number of separate messages required can certainly be reduced by combining messages. It may also be possible to reduce the amount of information transferred… Achieving reliability… seems to be inherently expensive.
In other words, we had solutions for reaching reliable consensus back in 1982. The question was whether we could make them cost-effective.
By 1989, Professor Liskov (along with Miguel Castro) had demonstrated the use of state-machine replication to achieve reliability without sacrificing performance. The following year, Lamport submitted a paper describing the Paxos consensus protocol, based on similar principles, although it wasn’t published until 1998.
Like the paper on the Byzantine Generals’ Problem, this paper defines the problem of reliability via an extended analogy. This time the culprits were easily-distracted legislators. This paper became the basis for an entire family of protocols, each optimized for dealing with specific kinds of failures. So, thanks to Dr. Lamport, we not only had solutions to the BGP, we had an entire taxonomy of them.
Practical implementations of consensus algorithms typically accept that you need more than a majority of the nodes on the network to be trustworthy. At its best, this is what the Bitcoin protocol achieves. However, unlike state-of-the-art consensus algorithms, it cannot guarantee this. This is clearly acknowledged on the Bitcoin wiki (emphasis added):
An attacker that controls more than 50% of the network’s computing power can, for the time that he is in control, exclude and modify the ordering of transactions… With less than 50%, the same kind of attacks are possible, but with less than 100% rate of success. For example, someone with only 40% of the network computing power can overcome a 6-deep confirmed transaction with a 50% success rate.
In other words, it’s not just that the Bitcoin protocol is not a “breakthrough in computer science” after all. It’s actually a step backwards. But that’s not even really the worst of it.
Proof-Of-Work Is Just A Waste Of CPU
The Bitcoin protocol requires nodes to expend significant CPU cycles to participate in the network, basically just playing a guessing game. This is known as a proof-of-work algorithm. The entire point is to artifically inflate the cost of participating on the network. Once you’ve accepted that the Bitcoin protocol doesn’t offer any novel guarantees, you can’t really defend the proof-of-work scheme. It significantly increases the cost of reaching consensus without even being able to match the guarantees provided by existing consensus protocols.
And the rationale for this is like something right out of Alice in Wonderland. Supposedly, proof-of-work makes it prohibitively expensive for an attacker to control more than half the network. But it also makes it similarly expensive for anyone else to participate in the network at all. So the only people who’d be deterred from participating in the network with malicious intent are people who would also be deterred from participating in the network with any other intent.
Meanwhile, in reality, a group of nodes, known as GHASH, controlled more than half the network anyway. They had to issue a public announcement that they weren’t going to use their power for evil. The bottom line is that the Bitcoin protocol’s proof-of-work component is simply a giant waste of resources, both in compute cycles and power consumption. It doesn’t prevent attackers from taking control of the network, and doesn’t improve the guarantees the network can make.
Bitcoin was a great story. In the wake of massive bailouts for dishonest bankers, an anonymous hacker discovers a way to subvert the entire financial system. This was better than stockpiling gold because you could use Bitcoin to buy drugs over the Internet! The story led to hype which led to speculation. Silk Road got busted. Mount Gox collapsed. Speculators fled. And Bitcoin’s capitalization returned to pre-bubble levels.
The Real Future Of “Cryptocurrency”
However, many people now understand the basic concept of financial transactions processed via a decentralized network. Many new cryptocurrencies sprang into existence, inspired by Bitcoin. Today there are thousands of developers thinking about how to implement Bitcoin-like networks who wouldn’t have been thinking about it otherwise.
One of them will leverage the great research that’s already been done on this subject to implement a payment network which is superior to Bitcoin. In fact, that may have already happened. And that will be Bitcoin’s legacy.
Which isn’t a bad thing (unless you’re holding lots of Bitcoin). Five years ago, it was difficult to explain things like digital signatures and consensus protocols. It’s still difficult to explain those things, but at least now people have heard of themThen again, Bitcoin also made it a little harder to explain digital signatures, since Bitcoin uses this term incorrectly, compared to established usage among cryptographers.. Engineers are in love with the possibilities, and Bitcoin has given us a kind of shorthand to talk about them.
For example, you might hear someone propose using the blockchain to record votes, allowing for reliable electronic voting. But what they usually mean is “the blockchain, or something like it.” Which is much easier to say than “an electronic ballot based on a decentralized database that relies on digital signatures and consensus protocols to prevent fraudulent voting.” And, thanks to the work of people like Professors Lamport and Liskov, these kinds of innovations are hardly science fiction.
Already, there’s a strong market opportunity for Bitcoin-like technologies. Very large retailers lose extravagant amounts of money on a very regular basis to the transaction fees imposed by banks and credit card companies. If a company like Wal-Mart or Amazon created a cryptographically-secured payment network like Bitcoin and used it internally, they could save millions or even billions. And since the network wouldn’t be public, they could skip a lot of the backflips Bitcoin performs in its superfluous attempts to prevent malicious actors from altering the payment ledger.
But for now, you might as well just play a fun Web game which satirizes the Bitcoin subculture.