Memory is Money: useless crypto effort in Bitcoin


Baffling inefficiency, scale economies, and opportunities for inter-temporal manipulation in the Bitcoin  protocol

Memory is Money is a sequence of posts describing the internals of the Bitcoin network. The intended audience are professional (academic) economists. Memory is Money is not a tutorial series on how to use Bitcoin, there are many excellent resources on the internet. In this post I build on my previous post describing the transaction fee protocol. Here I will talk about the use of cryptographic puzzles to regulate mining competition.

Bitcoin is a distributed network for publicly memorising Bitcoin denominated transactions. I suspect that part of the less informed animus against Bitcoin within economics is related to what Edward Said describes, in a wholly different context, as “the professional caste-consciousness of a corporation of experts protecting their terrain and their credentials.” It is clear to me that the Bitcoin protocol was not designed by professional economists but designed by academic cryptographers motivated by beliefs regarding a political role for cryptography. The design evades considerations of economic efficiency and welfare, directing and motivating individuals in the network by means of cryptographic puzzles. It seems to me that the designers have not considered basic principles of market competition. I shall attempt to describe the miner-contest protocol and why informed economists would indeed be critical of this.

Transactions between Bitcoin accounts are recorded by a network of competing accountants (miners) in a public ledger that contains a record of all transactions. Miner competition involves a contest in which miners are required to solve a cryptographic puzzle whose difficulty is dynamically set by the Bitcoin protocol depending on the extent of previous period mining competition. The solutions to the cryptographic puzzles has no private value to anyone. It is simply a method for adding friction in the dynamics involving competition between miners. I have had a hard time interpreting the ability to solve these puzzles in terms of signalling or screening in a standard model. That ability seems to be unrelated to any prevailing incompleteness of information.

Presently, a miner who solves a cryptographic puzzle is rewarded with 25 Bitcoins. When Bitcoin first emerged the puzzles could be competitively solved by, I’m only guessing, commandeering a network of office desktops in a typical academic department. As Bitcoins increased in value dedicated mining hardware was adopted in what appears to be a mining arms race. Here is an example of the cooling system for a Bitcoin mining consortium based in Hong Kong:



As Bitcoin prices have increased in value we have seen an agglomeration of small miners into a handful of competing mining pools, reflecting extensive incentives for coalition formation arising, as I shall argue, from the adoption of Adam Back’s Hashcash crypto puzzles in the mining protocol. I do not see any way of preventing this or even preventing the eventual emergence of a dominant mining coalition that will have tremendous incentives for market manipulation. The medium-term survival of Bitcoin, to my mind, may require extensive changes to the contest protocols, avoiding the use of useless cryptographic puzzles by either adopting randomised contests (lotteries) or using computational problems that have a demand side that is willing to pay for their solution (e.g., solving computational problems for scientists). I’m not sure if such changes are feasible. Here is the present structure of the miners market (where market power is measured by computational power):



Review of network protocol

The software of a Bitcoin user announces to the network that a quantity of Bitcoins are to be sent to another user. The miners on the network make a list of unconfirmed transactions according to a certain rule. The competing miners try to solve a computational problem associated with this list. The miner who solves the puzzle receives a reward of  25 newly minted Bitcoins and an insignificant transaction fee. This new list of transactions gets listed in public memory.

Inefficiency and Economies of scale:  Adam Back’s Hashcash replacement for micro-payments

The Bitcoin miner contest is based on a 1997 proposal by Adam Back (see for example here) to make bulk email spamming costly. Back’s Hashcash proposal was a cryptographic based alternative to the unworkable, but economically intuitive, idea of pricing spammers out of business by means of  dollar micro-payments for each sent email. The fundamental innovation of Back is the introduction of a parametrised class of  cryptographic puzzles, using existing technology, whose difficulty can be regulated  and whose solution can be easily verified.

I’ll try to explain these puzzles by means of an analogous computational problem that has arisen in my own work on computing Nash equilibria of games. Imagine a function from real numbers to real numbers with the following properties:

  1. It is an oracle in the sense that it can be evaluated at little economic cost and it does not have a useful analytical form, so you can’t plug it into Mathematica and invert it.
  2. It is very discontinuous, so knowing the value of the function at any point tells you nothing about its value near that point (a note for sanity’s sake, like independently flipping a coin at each number between zero and one, such a function cannot actually be constructed but its behaviour can be mimicked in the relevant computational region).
  3. If you divide the interval [-1,1] into a grid of size e, then at atleast one of the points in the grid the value of the function will be approximately zero and this approximation depends on how finely you have broken up the grid.

So if I give you this function and tell you to find a point whose value is approximately zero the best that you can do is cut up the domain into a fine enough grid and search through this grid until you find the required point. Once you have found the required approximate zero, it is easy for me to verify that you have solved my puzzle. Moreover, it is easy for me to be confident that you have put a certain amount of effort into my puzzle.

Back’s Hashcash method gives a parametrisation of  functions similar to ones I describe above, so I can chose my puzzle from essentially a class of infinitely many functions and for each choose a level of approximation that indicates to me the amount of computational effort required to solve the puzzle.

The Bitcoin miners compete to solve Hashchash inspired puzzles. Solving these puzzles is useful in the sense of providing proof that work has been done by the miner,  but I don’t think that anyone, outside the Bitcoin framework, would pay a positive amount of money for a solution to any particular Hashcash puzzle.

Miners may have different approaches to solving the puzzle: they could be using different algorithms that each believe is a fast(er) algorithm. This is one reason why there is a plethora of mining pools each with its own technology.   If, however, one believes the idea behind the Hashcash algorithm whereby the only way to solve the puzzle is by brute force computation (something that seems to be very likely), then it is clear that any two miners have an incentive to pool their efforts in solving the Hashcash problem.

The puzzle difficulty and supply of money

The difficulty of the Hashcash puzzle does not determine the length of time it takes to solve the problem. That depends on the computing power at your disposal. However, if I know the amount of computing power that you have, I can estimate the length of time it would take you to solve the puzzle at each difficulty level. Further, if I observe the length of time it took you to solve the puzzle at a given difficulty level, then I can estimate the amount of computing power that you have at your disposal.

To maintain a reasonably constant growth in the supply of Bitcoins the protocol iteratively adjusts the difficulty of the puzzle.  This is based on the assumption that average computing power cannot be changed in the short run. Thus, by observing the recent rate of puzzle solutions, the network estimates average computing power, and determines the difficulty level that targets the required Bitcoin growth rate. The iterative difficulty adjustment mechanism is common knowledge and miners can reasonably estimate short run fluctuations in difficulties.  This undoubtably allows for inter-temporal market manipulation strategies on a massive scale by large mining pools and should become a major issue for Bitcoin as the market becomes more concentrated. After all, average computational power is not in fact fixed in the short run: you can switch off your computer for a week or two.

%d bloggers like this: