Bitcoin Thoughts


I saw this recently:

Bitcoin is the most stable store of value in history

It’s a provocative title, and spawned a bit of an interesting thread.

It made me realize I had a few things to say about bitcoin and blockchains generally.  I’m not particularly for or against them, but I had a few things to say.

First the good things.  I was caught off-guard when it came out in 2010. It’s an amazing bit of technology, lots of interrelated ideas hooked together in many neat ways.  It’s going up in value.  It sort of promises something we haven’t had before, but in many cases, the more you look at it, the more you think we had it before, or we don’t actually want it.  That doesn’t mean it’s not a good short-term investment.

How It Works



Technical and Longer


Bitcoin Prices

Click here for latest prices, because I can’t embed a live chart.


Buying Bitcoin

Here is a list of bitcoin exchanges.  If you’re in the US, I would recommend coinbase for beginners, and gemini for people familiar with stock trading.  Go ahead and open an account now, because sometimes approval can take days.  Expect that you won’t actually get control of bitcoins for a week or so, unless you pay cash via LocalBitcoins or BitQuick.

What is a good price?  Here are the active trades in the USA.

So there’s basically two ways to control your bitcoins.

  1. You can rely on “hosted wallets” like coinbase where the companies control your bitcoins for you.  This is nice for people who are not security experts, and allows you to recover your property if you lose a password, your hard disk crashes, your house burns down in a fire, you get amnesia, or you die and your heirs need to access your property.
  2. You can rely on “online wallets” stored on your computer.  This is a little scary even to a security expert and I don’t recommend it for amounts much greater than $100.
  3. You can rely on a “hardware wallet” like the Ledger Nano S.  They store your keys in a hardware device that doesn’t run much software, so is less likely to be infected with malware.  They are on sale as I am updating this (27 Nov 2017) and can be purchased off Amazon if you are in the USA.

Key Technical Features

This part is meant for techies, and you should not feel bad if you find it confusing. Skip what you don’t understand, because I bounce around between hardcore crypto stuff and basic economics.

A lot has been written about bitcoin and blockchain, and I found this (somewhat dated?) article particularly good: On the Dangers of a Bitcoin Monoculture

One of his points is that the blockchain has several properties that make it interesting (I have reordered these slightly to front-load the interesting stuff):

  1. Decentralized “consensus by lottery” using a proof-of-work
  2. Scripting language / “Smart contracts”
  3. Merkle tree
  4. “Transactions” authenticated with public-key cryptography
  5. Public decentralized transaction ledger
  6. Broadcast protocol
  7. Replicated log

I’m going to number these sections so you don’t get lost.

1. Decentralized “consensus by lottery” using a proof-of-work

Proof of Work is a relatively well-known thing among cryptographers.

[The late] computer scientist Hal Finney built on the proof-of-work idea, yielding a system that exploited reusable proof of work (“RPOW”).[18] The idea of making proofs-of-work reusable for some practical purpose had already been established in 1999.[2] Finney’s purpose for RPOW was as token money. Just as a gold coin’s value is thought to be underpinned by the value of the raw gold needed to make it, the value of an RPOW token is guaranteed by the value of the real-world resources required to ‘mint’ a POW token. In Finney’s version of RPOW, the POW token is a piece of Hashcash.

It was proposed as a solution to spam, and found to be wanting.  I can’t recall much about this (too lazy to re-read now), but I think it was because the POW was supposed to be on CPUs, and it was far too easy to get unsuspecting web users to do some of the POW in their browser.  That is, POW creates incentives for stealing computation.

In fact, that actually happened.  A competitive gaming league that secretly installed Bitcoin-mining software on its members’ computers has agreed to a $1 million settlement with the state of New Jersey to avoid criminal prosecution.

This reminds me a bit of Ross Anderson’s book “Security Engineering”, where he suggests that organized crime could bypass CAPTCHAs simply by requiring porn site viewers to solve them in order to see more free porn.  They simply pass the CAPTCHA through to the user, and he solves it, and they send it back.

Things are a little different for bitcoin now since a browser isn’t enough computational power to move the needle, with most miners using ASICs.

At the moment, bitcoin mining is arguably the largest compute cluster in the world, and each miner is racing to solve a puzzle faster than everyone else (a hash partial preimage problem).  That means they are attempting to burn as much electricity as they need to, to hash as many times as they can, to win the race.

This is energy consumption by country… or cryptocurrency:

This is the world we are creating.

Beijing, modern day



This image is so cyberpunk-dystopia it hurts


From an environmental perspective, this is unsustainable.

Computer cooling firm Allied Control estimates the total power consumption of the Bitcoin network at 250 to 500 Megawatts. Looking at the total hashrate, which is the number of calculations the network can perform per second, and applying a generous miner efficiency of 0.6 watts per gigahash, we can estimate our own back-of-the-envelope Bitcoin network constant power draw at just under 215 MW, although this figure is always in flux (it’s important to note that many of the variables in my calculation are constantly changing slightly). That’s around enough zap to power 173,000 average American households‘ daily electricity usage.

With about 110,000 transactions per day, that works out to 1.57 households daily usage of electricity per Bitcoin transaction. Yes, every time you buy something in Bitcoin, you could be using as much electricity as 1.57 American families do in a day.

“The actual figure is likely worse, given that a large number of transactions are exchanges and miners moving bitcoins around and other low-value ‘dust’ transactions,” said Matthew Green, a cryptography expert at Johns Hopkins University. “So each transaction where there’s an exchange of goods or services happening is really representing even more electricity.”

And the weird thing about this is, the proof of work problem (brute forcing partial hash preimages) is a fundamentally useless problem.  It’s basically solving (“satisfying”) a number of simultaneous linear boolean equations in 256 variables (the exact number varies depending on the difficulty level).  They are essentially random equations – random in the sense of “fixed but arbitrary, and uniformly distributed” as in “random oracle“.

There are plenty of problems it could be solving of use to the world.  But bitcoin solves almost none of them.  It’s a great example of the paradox of value.  It’s like something out of a Douglas Adams novel.


The world’s largest supercomputer, you see, was actually a cluster of computers, working on an entirely useless problem; a problem whose only redeeming characteristic was that it was very difficult to do, which allowed one to measure very precisely how conspicuously consumptive one was being. For every unit of uselessness you completed, you got a ticket to a lottery, and if you won, you got something that was different than, but not entirely unlike, money. This process, inasmuch mirrored society, was either entirely accidental, or the product of a much deeper motive to create in one’s own image than anyone was willing to admit. Man has voluntarily created a system consisting entirely of futile, Sisyphean toil with gluttonous consumption of resources for personal enrichment for his computer prodigies.  The idea that this phenomenon might lead to deeper insights into the nature of either society or man was a relatively uncomfortable topic and not brought up in polite company. And even though the “proof of work” problem was widely believed to be a bad idea, it was still an incredibly popular thing to do, which is where Microways got its famous slogan, “if you’ve done four billion useless things today, why not finish it up with a virtual breakfast at Microways, the restaurant at the end of the darknet?”

POW Alternative 1: Solving Every NP Problem, Ever

This part is a little thick with computer science jargon, so just skim the bold sections if you need to.

Screen Shot 2017-06-22 at 3.44.12 PM

But it could be solving real problems.  For example, partial hash pre-images are special cases of the SAT problem (short for “satisfiability”).  The SAT problem is basically, given a set of simultaneous boolean equations, give me the truth values for the input variables that make the output variables all true.  For example, the formula “a AND NOT b” is satisfiable because one can find the values a = TRUE and b = FALSE, which make (a AND NOT b) = TRUE.  In this case, the value that satisfies the equations is known as a “witness“, and if you have it, you can easily show it makes the equations true.  The SAT problem is NP complete, which means two things:

  1. It exists in the NP class of problems.  If a problem is known to be NP, and a solution to the problem is somehow known, then demonstrating the correctness of the solution can always be reduced to a single P (polynomial time) verification.
    A consequence of this is that it’s (theoretically) hard to solve all of the SAT problems without exhaustive search, but you can check an answer easily.  You can think of this like the current POW function, in that everyone is trying different input values to the hash, and a successful lottery winner has the first N bits set to zero.  It’s hard to find the input that gives a particular output, but it’s easy for the network to validate the block – you just have to hash it once.
  2. A solution for any SAT problem is a solution for an isomorphic problem in every NP complete class of problems.  In fact, the Cook-Levin theorem says that any problem in NP can be reduced in polynomial time by a deterministic Turing machine to the problem of determining whether a Boolean formula is satisfiable.  And that in turn means that, if you used SAT problems as the POW function, you the blockchain would be a list of solutions to the SAT problem.  Assuming that you walk the input space in some reasonable order, you will hit every instance along the way.  You can think of it like a spiral, starting with one input variable, and working your way outward to bigger and bigger problems.  With each new variable, you get a doubling of the input space, and a doubling of difficulty – something which should sound very familiar to bitcoin enthusiasts.  And that means it should be fast to convert any NP problem into a blockchain query, and get an answer, and convert it back to your problem.

Screen Shot 2017-06-22 at 3.46.37 PM

This is a diagram of the formal reductions of NP-C problems.
It shows that (e.g.) if you can solve SAT, you can solve TSP.

For example one day gcc could query the block chain for register allocation solutions (those are NP complete). The first things you brute-force optimize should, of course, be:
  1. the mining software and/or FPGA layouts, so you acquire more NP-complete problem solutions, faster
  2. the compiler binary (maybe?)
  3. mobile device software (because power is limited in mobile devices)
  4. Unix kernels

Via this method, you’d be doing computational geoarbitrage, by precomputing solutions where energy is essentially free, memoizing them, and creating some as-yet-undefined incentive to provide them to other problem domains as an essentially free byproduct, and reaping the work product n times over.  That might even lead to a net energy decrease in the world compared to one without bitcoin; although I wouldn’t count on it, it would at least offset the energy we are spending on POW.

As I understand it, many compiler optimizations are NP or NP-hard problems. I would imagine many EDA problems are, as well.

POW Alternative 2: A Market for Computation

This is an idea inspired by SETI@Home which was proposed in 1995 and launched in 1999.
The idea here is to create a market where people who want hard problems solved place paid requests for solutions to search systems, and the search systems fulfill the request, or submit them to miners pools to solve them. That would allow for cases where the size of the specific problem people need solved exceeds the “brute force enumeration” system’s size; for example, if I don’t need all 50-variable SAT problems solved, I just want this one solved.  It could also allow for (e.g.) doing protein folding or computational biology problems or something with tangible existential value to the human race.
If the problem isn’t easily represented as a NP problem, perhaps it could involve some virtual machine language (Tezos has something like this for Michelson, its language for smart contracts)… not really sure about the most practical general form.  Presumably you’d have to do something like SETI@Home or reCaptcha where you have two separate workers working on the same problems, so that you can cross-check them.  I’m not terribly confident about this setup in the face of collaborating Sybil cheaters, but I imagine clever minds could figure something out, if they gave it more thought than me.
And of course all the payments for solving problems would be done with the very same system for which we are implementing proof of work, which could potentially reduce the need for actual mining.

POW Alternative 3: Proof of Stake

There’s an alternative used by Tezos called Proof of Stake.  It seems much more reasonable from an environmental perspective.

The main bitcoin competitor, ethereum, is moving to Proof of Stake.

POW and POS: Other Resources

POW: Unanswered Questions

It turns out that Bitcoin is surprisingly well balanced in its interlocking assumptions. Although it looks like a grab-bag of tricks, it is actually carefully interconnected. The key assumption(s) is that all are equivalently anonymous. Therefore anyone can pretend to be as many as one likes. Hence the vote on control is required to isolate over some unforgeable differentiating thing, which ends up being energy (PoW) in Bitcoin’s case (proof of stake is also popular). Energy costs money so it has to be paid for somehow, so we need the money creation to empower the mining, and we need to provide a payment system so as to encourage people to demand the money to incentivise the miners to produce otherwise worthless leading-zero hash numbers.

Would there be problems in allowing people to solve a problem defined in advance, rather than having it vary based on the current block?  Currently the lottery using the previous block as input sort of forces everyone to start at the same position, but if your goal is to solve blocks and not perform a lottery, that’s not necessarily a problem – if a person starts a problem early, they can jump on the solution as soon as it comes available – there’s nothing wrong with that, is there?  Maybe.  It could lead to a number of blocks coming on the market all at once, which could crash it.
 Is it an insurmountable problem if the POW instances are of different difficulties?
 Assuming using SAT as a POW stimulate research into SAT solvers, would that be good or bad?
 Would it be useful to decouple any aspects of the blockchain from each other?  Could we decouple the financial impacts from the crypt from the persistent, distributed storage?
Would it be useful to get rid of the synchronized database and instead use hash lattices?
 Are there other structures that might prove useful?  There’s some thinking about sharding the blockchain because that’s the only way to go massively scaled.  Similarly, there’s IBM’s HyperLedger and some other things for using hashchains for non-financial transactions.  So this appears doable.
 Could we create markets around the various services requried to implement the block chain in a way that creates incentives that align with bigger goals?  In other words, can we create a game-creating game?  For example, if the blockchain is full of answers to NPC problems, and a distributed compiler company wants to query it, they could pay a node to function as a BTC node as well as a query server.  That can offset the (increasing) cost of running a BTC node.

One of the problems in markets is that it is terrifically hard to get specialisations up and going by planning, because you need to coordinate multiple groups at the same time. In this sense, bitcoin started out as “everyone was a node” and then it bifurcated to miners and payments nodes and then again to full nodes and SPV nodes. Evolution worked, but if you planned it to bootstrap like that you’d likely fail because of chicken & egg mechanics.

 If we can mine in a way that allows us to create more efficient hardware and software, we have a virtuous cycle that can bootstrap computer architecture and software generally.

The doctrinal argument is that if there is another purpose to the mining, then the security is weakened because it comes for less money. This goes back to Gresham’s observation that money with multiple purposes has strange artifacts. Popularly “bad money beats out the good” although that is only a popular saying, it’s different in the analysis. So in the bitcoin world of today there are multiple issues going on with the money source – i.e. the power costs vary which causes those artifacts to kick in and impact back into the ecosystem.

2. Scripting language / “Smart contracts”

These aren’t necessarily part of blockchain, but they came along fast.  I’m going to write about them before other features because they’re more interesting.

Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. The code and the agreements contained therein exist across a distributed, decentralized blockchain network. Smart contracts permit trusted transactions and agreements to be carried out among disparate, anonymous parties without the need for a central authority, legal system, or external enforcement mechanism. They render transactions traceable, transparent, and irreversible.

Blockchain was the technology originally developed for Bitcoin​, but blockchain technology has since evolved far beyond the scope of virtual currency. 

Smart contracts were first proposed in 1994 by Nick Szabo, an American computer scientist who invented a virtual currency called “Bit Gold” in 1998, fully 10 years before the invention of Bitcoin. In fact, Szabo is often rumoured to be the real Satoshi Nakamoto, the anonymous inventor of Bitcoin, which he has denied.

Szabo defined smart contracts as computerized transaction protocols that execute terms of a contract. He wanted to extend the functionality of electronic transaction methods, such as POS (point of sale), to the digital realm. 

In his paper, Szabo also proposed the execution of a contract for synthetic assets, such as derivatives and bonds. “These new securities are formed by combining securities (such as bonds) and derivatives (options and futures) in a wide variety of ways. Very complex term structures for payments can now be built into standardized contracts and traded with low transaction costs, due to computerized analysis of these complex term structures,” he wrote. In simple words, he was referring to the sale and purchase of derivatives with complex terms. 

Many of Szabo’s predictions in the paper came true in contexts preceding blockchain technology. For example, derivatives trading is mostly conducted through computer networks using complex term structures.

Smart Contracts

First attempt: security failure.  The DAO was the largest crowdfunded project ever, and thanks to a bug in its smart contract system, it was hacked to the tune of $50 million.

So, basically, I don’t know.  I have a high regard for Tezos, which has some formal proofs, and describes its language for smart contracts fairly well.  It also cleverly uses the OCaml compiler.  That they even know what Ocaml is, is a good sign.


3. Merkle Trees

Hash Chains – a degenerate form of hash trees – aka Merkle Trees – are not a fundamentally new idea.  This isn’t really anything for or against the blockchain (which are just blocks strung together by hashing), but I feel like there’s enough people describing it as revolutionary that I wanted to point out prior art.  The concept of merkle trees is named after Ralph Merkle who patented it in 1979.

Screen Shot 2017-06-25 at 10.55.15 PM

The Internet also already had linked timestamping services by the 90s – they were a kind of trusted timestamping service, as formalized in RFC 3161.  Haber and Stornetta described this technique in 1990, and patented it.  This patent held out until 7 months after the launch of bitcoin.

They are clearly visible as “PGP timestamping servers” available by 1995:

Every signature made by Stamper will have a unique serial number. This number automatically increments by one every time a document is signed. Stamper also stamps summaries of its own signatures from the previous day.

Presumably, these people didn’t know about the patent.

Bruce Schneier re-described the fundamental idea – the hash chain – and some improvements on it, such as asynchronously-coupled hash lattices, in 1998 in a paper called Cryptographic Support for Secure Logs on Untrusted Machines

4. “Transactions” authenticated with public-key cryptography


This is interesting.  The progenitor of elliptic curve cryptography, the NSA, having spent 20 years promoting it, has publicly told its contractors to not bother implementing ECC if they haven’t already.  The speculation is running wild.

5. Public decentralized transaction ledger

Plenty of prior art in this one, but look at the stats for this database:

  • Uses approximately the same amount of electricity as could power an average American household for a day per transaction
  • Supports 3 transactions / second across a global network with millions of CPUs/purpose-built ASICs
  • Takes over 10 minutes to “commit” a transaction
  • Doesn’t acknowledge accepted writes: requires you read your writes, but at any given time you may be on a blockchain fork, meaning your write might not actually make it into the “winning” fork of the blockchain (and no, just making it into the mempool doesn’t count). In other words: “blockchain technology” cannot by definition tell you if a given write is ever accepted/committed except by reading it out of the blockchain itself (and even then)
  • Can only be used as a transaction ledger denominated in a single currency, or to store/timestamp a maximum of 80 bytes per transaction

6. Broadcast protocol

Don’t know what to say about bitcoin’s network protocol.  Certainly we had flood-model propogation networks starting back with Usenet.

7. Replicated Log

Don’t know what to say about this yet – basically it has a replicated, append-only data structure.

Random Comments

One Like, One Unpopular Blockchain Opinion

But Electronic Money is Novel!

This is not the first E-Cash. Chaum, 1983.  In 1990, he formed a company around the idea. Sadly, it didn’t work out.

Technically, all of this stuff dates back a long long time.   The form has mutated a little from the letter of credit to a credit card.  Then it mutated a lot to Bitcoin.  But the roots go deep.

Outrageous Fees

This is a great article.

In my Bitcoin texts, I have discussed the flawed economic reasoning of the users, the ludicrous idea that a new currency is created as a bubble of hot air, the crime- and similar reasons why government are going to ban it, the fact that the Chinese (most miners) are ultimately capable of decideeven though most of the young Bitcoin cultists deny this basic feature of the non-currency, and irreversibility and anonymity which are serious flaws of the currency often presented as virtues, among other big practical problems with the notion that the Bitcoin could be the future of the money.

The average fee for a Bitcoin transaction today

But I haven’t paid too much attention to some mundane technical properties of the Bitcoin as a system to make payments. Well, the simplest shocking number I want you to pay attention to is that the average Bitcoin transaction costs you $10 in fees these days. It’s virtually impossible to bring the fee beneath $5 – you may order cheaper transactions if you’re willing to increase the confirmation waiting period by something in between hours and days. And it’s a lot. It’s a “wow”, especially because the Bitcoin is often promoted as being a good method to make payments.

If you want a detailed and complicated chart with the distribution of payment fees, click at this link.

Among other things, the fact that the fee is some $10 implies that if your Bitcoin address has less than $10 on it, you can’t get any money out of it at all! 😉 If you want to buy a $5 coffee with a Bitcoin, you will pay at least a tripled price due to the transaction fees. It’s obviously not very practical.

But it’s even more interesting to realize what it means for the idea that much of the mankind could use this particular Bitcoin to make payments in the future. Is it possible? The answer is a resounding No.

Idea: Electric Space Heaters

By making e.g. electric space heaters which do the work, you’ve also created a sort of interesting incentive to participate in situations where none would have existed.

Bitcoin: Not Scalable

Because of its massive resource requirements, as you scale up, it seems to converge on the current banking system – only at much greater cost.

I am not up enough on all things bitcoin to know if segwit does everything they need it to.

“Trust the Math”

Except when it’s wrong, like in transaction malleability.

Heists Still Happen. Math Isn’t Usually the Problem.

The math isn’t usually the problem.

List of bitcoin heists

Please note that in most of these sorts of things, someone either “left the keys in the door”, or the attacker went around the door.  Your reinforced door is fine.  It’s the stuff around it that’s easy.


Hacker Redirects Traffic from 19 Internet Providers to Hijack Bitcoin

Routing attacks

Evil ISPs could disrupt bitcoin (note: evil ISP could include any hacker of any ISP)

Let’s cut through the hype.

It’s a Deflationary Currency

We can predict that, modulo any phase changes, it’s going up in the medium term. It’s a deflationary currency. And as long as it continues to go up nobody will ever spend it to invest, which is why it is not a good reserve currency for a country.

The Economist: Bitcoin’s Deflationary Problem

Deflation is also related to risk aversion. Where the risk-adjusted return on assets drops to near zero (or even negative), investors and buyers will hoard currency rather than invest it, even in the most solid of securities.

So let me make this really simple for you:


It’s a great vehicle for making money fast via quasi gambling, because hoarding ensures that it’ll continue to go up and up.. until it doesn’t.  And unlike fiat currency, there’s no way to adjust the money supply to match the growth of the market – Satoshi simply picked a growth factor ex nihilo, and bitcoin is stuck with it.

Now, nobody likes dilution of your wealth.  But you solve that with investing, and so inflation leads to investment rather than hoarding.  So let’s be a bit skeptical with regard to ideological solutions to money problems.

Flash Crashing



Bitcoin and Ethereum crash… for a few minutes

Market Watch: Opinion: Stay away from bitcoin — it’s complete garbage

Are they really protections against the ravages of “inflation” and “monetary debasement” imposed by wicked governments? If so, how come people who keep their money in bitcoin and ethereum and the like have experienced Weimar Republic levels of consumer-price inflation just this week?

That is, after all, what it means when the price of your “currency” plunges. Bitcoins aren’t just down 30% against the dollar in the past week. They’re down 30% against the potato, the sack of rice, the gallon of gasoline and the new car.

Here’s How Traders Lost Millions in the First Ethereum Flash Crash

The crash occurred at about 3:30pm ET Thursday, when a huge sale of ether was made on the GDAX exchange, an extension of the popular Coinbase exchange and cryptocurrency wallet geared towards professional traders. According to GDAX’s official statement, a single and as yet unknown actor sold millions of dollars worth of ether across a range of positions from $317 down to $224, meaning that ether was effectively trading at the lower end of this range. The consequence of this initial drop in trading value was to trigger a number of stop loss orders—mechanisms by which a trader’s holdings will automatically be sold when the price dips below a certain marker. In turn, these new sales drove the price lower, triggering additional stop loss order in a cascading effect. At its lowest point, ether was trading for $0.10 per unit.

The process was even more painful for the many traders who were engaged in margin trading, a feature that GDAX has only permitted on the exchange since March. In margin trading, traders are permitted to place buy and sell orders for larger sums than they have in their accounts, multiplying the potential size of both gains and losses. According to the support documents on the site, GDAX offered margin traders up to 3x leverage for the USD/ETH trading pair, meaning that someone with only a $1,000 account balance could buy or sell up to $3,000 of ether.

But as a precautionary measure, margin trading accounts are set to automatically liquidate in order to make up the money borrowed (i.e. sell all ether as quickly as possible) if losses exceeded a certain amount, a process called “margin calling.” With the crash happening so fast, traders were margin called almost instantly, and in some cases saw their entire holdings sold off at very low prices before they could react—selling, say, 100 ETH at $2 to cover just a few hundred dollars’ loss, right before the market bounced back to almost $300/ETH again.


There seems to be a “whale dive” every morning, about 1000-1230 EST.

I wonder what the sharpe ratio of bitcoin is?  There’s a whole science of volatility versus growth that should be considered by amateur investors.

Anyway, this instability can probably be considered a side effect of the deflationary aspects, which I cover later, which cause the marginal cost to exceed the average fundamental value to investors.

Further, it’s not clear that investing in another altcoin will help, since many of the cryptocurrencies are highly correlated.  For example, here are CC prices right after that crash:


Speculation and Bubbles

In his seminal book Margin of Safety, hedge fund manager Seth Klarman tells an old story about the market craze in sardine trading. One day, the sardines disappear from their traditional habitat off the Monterey, Calif., shores, the commodity traders bid the price of sardines up, and prices soar. Then, along comes a buyer who decides that he wants to treat himself to an expensive meal and actually opens up a can and starts eating. He immediately gets ill and tells the seller that the sardines were no good. The seller quickly responds, “You don’t understand. These are not eating sardines; they are trading sardines!

Economist John Quiggin has claimed that “Bitcoin is perhaps the finest example of a pure bubble”, and that it provides a conclusive refutation of EMHWhile other assets used as currency (such as gold, tobacco) have value independent of people’s willingness to accept them as payment, Quiggin argues that “in the case of Bitcoin there is no source of value whatsoever” and that:

Since Bitcoins do not generate any actual earnings, they must appreciate in value to ensure that people are willing to hold them. But an endless appreciation, with no flow of earnings or liquidation value, is precisely the kind of bubble the EMH says can’t happen.


What you will see, is that, when your grandmother asks if she should invest in it, that’s the time to get out. That means it’s way beyond fundamentals and into speculation – speculation driven by the deflationary hoarding, which inflates the marginal price.  That marginal price is not the average value, but the value of the “free” bitcoins – bitcoins that people are selling off at the moment because they need cash.  The volumes are so low you could probably move the market selling just a few hundred bitcoins.  Here is a volume chart from today, showing minute-totaled volumes of under 200 BTC.

Screen Shot 2017-06-25 at 11.36.02 PM

And you can’t really know when a sell off happens – anything could shake confidence unpredictably – and thats when the marginal price will fall quickly due to sell offs increasing the supply, which can cascade quickly. It might or might not stop sliding at any point it depends on confidence. So you won’t know a flash crash and rebound from a longer term crash, except maybe that a crash will probably have some reason underlying it. But not always. There was no reason for 2000. It just happened.

During the 2001 bubble pop the Nasdaq lost about 12%.  Compare that to the 30%+ losses in one week (June 2017) in Bitcoin and Ethereum.  Such a move would be disastrous for a country’s reserve currency.

And it happened a long time ago with tulips:


And again with railway shares:


And again with Tokyo real estate:


In the pump and dump world, a chart like that is called “the middle finger”.

In fact, the entire history of the stock market has some pretty weird stuff.

But certainly we’d never have another crash, right?


Kennard & Hanne: Boom & Bust – A Look at Economic Bubbles

Regulatory Risk

If somebody commits a terrorist attack and it is funded by bitcoin you can bet that many countries will ban. And that will dissuade enough people to drop the price.

So let’s just throw this out there: North Korea is Trying to Amass a Bitcoin War Chest.

Technology Risk

Bitcoin is now less than 50% of the crypto currency market. If another one takes over as the primary crypto current say you could see bitcoin lose value very very rapidly.

Limited Historical Information

Invented in 2009, you currently have a grand total of 8 years of information? That’s a drop in the bucket. Nobody knows about its long-term stability.

The Block Split – 1 Sep 2017

A plan to save blockchain democracy from bitcoin’s civil war is an interesting read.

The current process meltdown is an argument between people who want to make what they see as a simple and overdue change to increase the number of transactions, and people who want to stop it for various reasons ranging from algorithmic purity to protecting their transaction fees that their racks of mining hardware is collecting.  In other words, the investment has caused calcification that resists change.  And that complaint is something that bitcoin afficionados were quick to point out as a flaw with the mainstream economic system.

Non-Professionalism in the Industry

I can’t quite think of a less perjorative term, so I’m going with this.

The blockchain conferences are full of people who seem to be very interested in network (Sybil) attacks, game theory – and to a lesser extent, crypto – and not terribly interested in endpoint protection.  Admittedly, that’s a substantially less sexy problem, but it’s probably the most important one for real financial institutions.

For a long time the biggest Bitcoin Exchange was “Magic The Gathering Online eXchange” (MTGOX), a website for trading collectible playing cards.  It had admin consoles written in PHP and didn’t use version control.  They didn’t even have a test environment for a long time; they were pushing code directly to the live site, with no version control!  And yet, people trusted this 28-year-old with 850,000 bitcoins (worth about 6 billion dollars at today’s prices).

The problem with the blockchain conferences are, the presenters are thinking like academics, not like APTs.  And I don’t intend to go into detail on that, but if you’re doing computer security in the financial industry, you already know what I’m talking about.  Stuff goes undetected for years, because it’s incredibly stealthy.  And there are a tremendous set of attacks available (far more than people would naively expect) and the only thing stopping it is that there simply hasn’t been enough incentive to deploy the big guns.  Again, I don’t see a lot of gain in describing these attacks, so I’m afraid I can’t be as convincing as I would like.

To quote a page from The Wisdom of James Mickens:

My point is that security people need to get their priorities straight. The “threat model” section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN’T REAL. When it rains, it pours.

And that’s just the tip of the iceberg.  I don’t even want to get into what happens when billionaires start playing games with the market, when hedge funds start exchanges for the sole purpose of front-running, when you get low-latency high-frequency algorithmic trading platforms involved.  That’s a whole other league of attacks to be ported from a mature industry that I’m not sure Bitcoin is ready for.

Here’s just a single example of why you shouldn’t trust this system as much as the current financial system; people are using open-source intelligence techniques to hack miners.

View story at

51% Attack: Basically Already Happened

There’s something called the 51% attack, and it basically already happened:


Now maybe that isn’t true any more, because I see pie charts like this:

But my point is this; if you think the current financial system is an oligarchy, what do you think this is?

Not Controlled By Anyone?  Not So Fast

One of the selling points for cryptocurrency is that it’s not under anyone’s control.  But that denies the reality of supply and demand.  Major (but temporary) shocks have occurred because of semi-official pronouncements by large countries, which should tell you something.

Let’s look at exchange power (demand side):


Now let’s look at mining power (supply side):

Chinese mining pools control more than 60% of the Bitcoin network’s collective hashrate.

Electricity in China is extremely cheap compared to most other countries. Chinese electricity in industrial regions is either supplied by hydro-electric facilities or subsidized by the state – and it’s still mostly coal, which leads to smog like the picture above.


Majority of mining power in China, where electricity costs are 3x less than USA.  My marginal rates are $0.45/kWHr so mining is a completely pointless exercise for me.


So essentially, because of 51% attack, this is now a PRC-controlled currency.

A Digression on Coal

The coal industry in the USA exists almost entirely because of subsidies.  It employs about 70,000 workers – less than JC Penny’s.  And the entire process has serious health problems and negative externalities that are routinely underestimated, particularly when it comes to healthcare costs.  Which is why some doctor and nurse groups are banding together to try and stop subsidies – and hence, mining.  Mountain top removal is the cheapest way to do coal mining, requires the fewest humans, and contributes about 30 heavy metals to the environment (not just arsenic and mercury).  Other negative externalities include:

  • Reduction in life expectancy (particulates, sulfur dioxide, ozone, heavy metal, benzene, radionuclides, etc.)
  • Respiratory hospital admissions (particulates, ozone, sulfur dioxide)
  • Congrestive heart failure (particulates and carbon monoxide)
  • Non-fatal cancer, osteroporosia, ataxia, renal dysfunction (benzene, radionuclines, heavy metal, etc.)
  • Chronic bronchitis, asthma attacks, etc. (particulates, ozone)
  • Loss of IQ (mercury)
  • Degradation and soiling of buildings (sulfur dioxide, acid deposition, particulates)
  • Reduction of crop yields (NOx, sulfur dioxide, ozone, acid deposition); some emissions may also have a fertilizing effect (nitrogen and sulfur deposition)
  • Global warming (carbon dioxide, methane, nitrous oxide)
  • Ecosystem loss and degradation

Isn’t It Great As Transmission of Value?

Maybe.  From a bank point of view, adding all the cryptography is a bit like strapping a jet engine to a horse; it doesn’t actually solve the problems they have.  Jet engines are supposed to replace horses, not augment them.  Putting a jet engine (fancy cryptography) on thousands of transactions per second is simply going to make it cost a lot more, and with no added benefit to the bank.

Let’s put this in simple terms.  If you send paypal money to another paypal account, or Chase money to another Chase account, costs them about $0.0000 to flip a few bits in their database.  This is very similar to the three party card scheme used by American Express:


Let me point out that the relationships here are between the franchisee and the merchant, and a much looser one between franchisee and payer.  Each of those generates a cost (TLS, password security and resets, customer support, fraud, daily limits, monetary holding periods, etc) to prevent someone from looting any of the parties.  Of those, there’s risk of a bogus merchant, but the risk of the payer using a fraudulent payment scheme is higher, because the franchisee can vet their merchants, but must usually accept any payers in order to maintain their network.  And in order to keep the supply of money up, they usually settle disputes in favor of the customer, with the understanding that the merchant will probably have more transactions over which he can spread losses.  And they may have rolling holds on incoming money, so that transactions can be checked for fraud, and by delaying your withdrawal of the money, they can prevent exit scams and account takeover (ATO) attacks from allowing money to leave the system.

Now let’s look at some of the other payment models:

Screen Shot 2017-06-27 at 5.50.27 PM

The dynamics change a little bit with C2C payments.  For one thing, the amount of money is much smaller.  Compared to payroll or WIC or other disbursements, the amount of money spent splitting restaurant bills is a drop in the bucket.  But in this case, there’s not necessarily a more strict relationship between the franchisee and the payee.  In this case your fraud is going to be about 50/50 between payer and payee, and so it’s more difficult to find a set of rules that satisfies everyone.

Anyway, when you move into B2B payments – for example, you want to send money between banks, the external transfer fees between banks are very, very low – somewhere between $0.0000 and $0.0025 (on average, in bulk).  That’s because the banks have trust relationships between each other, and so there’s very little risk.  So the current banking system rests on a certain amount of trust, which makes it somewhat insular, but it’s cheap and they can easily sustain several thousand transactions per second.  Here, a commodity Intel server handles 3472 tps using the Montran software:

The Montran ACH is designed and sized to handle large volumes of payments and files. The Montran ACH system has been benchmarked, together with an independent Auditor, and proven to process more than 25,000,000 payments within two hours on a dual-socket Intel machine (8 cores).

Here’s what that four party model looks like:


And that looks complicated, but the key thing to remember here is that the riskiest operations are when the banks communicate with Bob and his Mortgage Lender.  Between the banks and the ACH network, there’s a long-term relationship that involves a lot of trust.  ML Bank can probably manage his or her crypto keys properly.  They can afford an HSM.  The network operator can do so.  Bob’s bank can do so.  They have bonded cashiers and background checks and so on.  So when they make a transfer, in most cases, it’s legitimate.  The risk of fraud is low, so the cost is low.  Most of these links have reciprocal trust between them.  They have arbitration clauses, they have dispute resolution processes, they have reciprocal indemnity, and they have minimum computer security guarantees.  They have agreed not to sue each other.  It’s all fairly low-cost, except for interacting with Bob and the Payee.

And with minor modifications it is possible to support relatively low-trust “banks”.  In this case, if the ACH network were actually mPesa, then we could be looking at Bob’s bank here:


In some ways this resembles the somewhat simpler hawala system, where I pay a hawaladar, he calls up his brother or cousin in another country, and relays the payment to him – there’s only an automatic payment between trusted parties.  It’s cheap and effective for remittances because of the trust.  I can’t just call the hawaladar and pretend to be another hawaladar – it just doesn’t work that way.  I have to trust the other party to settle with me.


And that similarity is not an accident.  You’re actually dealing here with a pattern that goes back to the letters of credit of the days of sailing ships, which are still used in international trade.


So let’s get more complex in our financial transactions.  For example, here’s a complicated Forex transaction:


So when you’re getting to this level of complexity, we’re approaching – but not quite reaching – bitcoin level of complexity.  One can assume that these relationships have cryptography teams on both ends securing the connections, and so on.  So this looks complicated, but it’s really not.  It’s basically just hawaladars talking over secured phone lines.

When you add a bunch of anonymous people into the system, that increases the risk. You then need to have fancy cryptography like they have in bitcoin, and you end up with a fleet of ASIC-enabled mining rigs that can manage three bitcoin transactions per second instead of 3724; over a 1000x speed decrease, and much more hardware involved (in fact, the biggest compute cluster in the world).  It’s the lack of trust because of fraud that leads to costs like real-time fraud detection, fancy cryptography and so on.

Because you have disintermediated banks in the transaction path, you now have no ability to prevent an account from being looted if the private key is obtained.  In theory that could be baked into the network, but it seems tricky to do without a trusted party.

Despite that, most people are still going to have to have a relationship with a financial institution (or exchange) to obtain the bitcoin in the first place, and they’re going to need to fund that purchase from something.  From the legal customer point of view, there’s some hurdles getting money into and out of the cryptocurrency system, because it’s essentially a non-reversible payment system, and mixing reversible and non-reversible causes problems.

So let’s look at the bitcoin payment ecosystem transaction flow and see how this affects overall cost per transaction:



Simple, right?  Okay maybe that’s unfair.  Let’s get a simpler diagram…


So, you can see that there’s plenty of nodes along this path, but in principle it’s not significantly simpler than the four-party ACH model we showed earlier.  It may be cheaper in the case of certain kinds of (usually international) payments, but that probably has more to do with regulatory risk and other impedance mismatches than inherent costs.  And certainly that will spur some innovation in international payments.  But it’s not clearly simpler, so it stands to reason it may not be fundamentally cheaper.

There are many immediate, real-time payment options now:

  1. Venmo
  2. Dwolla
  3. Paypal
  4. There’s like 40 FinTech options in cash-centric Africa alone

And offerings from traditional financial institutions, which are important because that’s where most people keep their money, and it’s easiest to spend on everyday things:

  1. Zelle by Wells Fargo
  2. Chase Pay
  3. Visa Direct

A lot of these came out because of the Federal Reserve Faster Payments Task Force which was indeed created in response to bitcoin.  And now you have realtime payments from these (and other) banks and financial institutions and money transfer agencies.  Not 10 minute payments, but instant, confirmed payments.

So, when you already have a mobile banking application on your phone, and you already have a bank account (or email address, phone number, credit/debit card number), there’s little reason for a person to learn about bitcoin in order to receive payment.  The established networks are already much larger in the payments world.

But What About What It Could Do?

I don’t know, we can’t keep moving the goal posts.  I admit, sometimes this article is about cryptocurrency, sometimes it’s about blockchain, and sometimes it’s about bitcoin.  But that’s because I’m disorganized and throwing this together after midnight.

Screen Shot 2017-06-22 at 12.57.14 AM

Misleading Anonymity Claims & Assumptions

Public decentralized ledger makes it great for deanonymizing bitcoin or tracing money flows.

It’s easy to deanonymize a dataset where identities have been converted to psuedonymous quasi-identifiers.  All you need is some external linkage information -even though neither gender, birth dates nor postal codes uniquely identify an individual, the combination of all three is sufficient to identify 87% of individuals in the United States.  In other words, the financial transactions are public, and identities are a separate, disjoint set, but you can treat it like a topology of covert conflict problem to re-identify the transactions.

It turns out that differential privacy is hard.

Bad guys, Sandia National Labs is paying attention.



That’s why keybase chooses zcash – because of things like this.  Here’s what I assume to be a tongue-in-cheek example:


In the above scenario, your mom can guess you sent money to a sex shop. And she also knows you got money from 2 unsavory characters, because their addresses are in turn connected to other unsavory characters.

This fuzzy region between 100% privacy and 100% transparency is what Bitcoin experts call Taint.

Worse, the white supremacist, who knows your real, actual home address from the return label on their eBay purchase, can guess what charities you support and where you buy your sex toys. He lives in your town, by the way. Uh-oh.

The sex toy shop knows you gave to UNICEF so that feels good.

Ethical Considerations?

I saved this for the last because I think it’s been fairly played out.

Market Watch: Opinion: Stay away from bitcoin — it’s complete garbage

What are its real-life uses? Online gambling and money laundering

On the one hand, you have people who are genuinely nice, productive citizens who might like to (for example) buy controlled substances for recreational or other uses.  They might be exposed to violence, fraud, or other risks if they meet in person without a reputational system, and bitcoin prevents that.  At least in theory; there are still exit scams.  And then there’s clearly violence being solicited, if not perpetrated.  We all heard about this possibility when Jim Bell promoted his idea of “Assassination Politics“, which is summarized in “Assassination Markets“.  If there are millions of people turning to criminal enterprise for unmet needs, we might need to address the broken political system so we can deal with this as social policy rather than criminal markets.
On the other hand, as I said in my essay on my former libertarianism, I think that not all choices which seem desirable actually are good social policy.  Sometimes people want what isn’t good for their neighbors, and for society, and that isn’t necessarily obvious except in hindsight.  For example, an 80-year Harvard study shows that the most detrimental behavior in life is alcohol abuse.  Presumably this extends to recreational drugs as well.

“Alcoholism is a disorder of great destructive power.” Alcoholism was the main cause of divorce between the Grant Study men and their wives; it was strongly correlated with neurosis and depression (which tended to follow alcohol abuse, rather than precede it); and—together with associated cigarette smoking—it was the single greatest contributor to their early morbidity and death.

Conversely, things that people would not voluntarily do, like take microdoses of lithium, might actually decrease risk of depression and suicide.  Can you imagine the reaction if the government was reported to be adding it to the water supply?  Even if it were within the range of naturally-occuring levels (like fluoridation, which led to the famously cavity-free “Texas teeth“), people would have a fit.
Thus, the balance between what specialists determine is good public policy and what people think they want is an important and complex one, one that should be approached in multiple ways, not just ideological ones.

Tax Evasion


If you traded bitcoin you should report capital gains to IRS
IRS Virtual Currency Guidance: Virtual Currency Is Treated as Property for U.S. Federal Tax Purposes; General Rules for Property Transactions Apply

Only 802 people told the IRS about their coinbase profits.

The IRS is going after them, and they might go to jail.

Money Laundering

How can bitcoin be used for money laundering?

What is the Threat of Money Laundering Associated with Bitcoin?

Currency Controls and Sanctions Evasion

While there are many reasons to believe that government should not be able to control the wealth you earned honestly and legally, and we can point to many cases where what they do during financial crises is immoral, there are also cases where international sanctions and embargoes are effective in limiting the ability of a rogue nation to adversely affect other countries.

For example, no modern democracy really supports the atrocities of the North Korean regime, from its terrorism to kidnapping of Japanese to kidnapping of South Koreans and it is prepared to do the same with Americans and employs organized crime for state purposes.  There are many stories of North Korean defectors that are heart-wrenching and should be watched.  It has demonstrated a ballistic missile capable of reaching the US, which is also capable of carrying a nuclear warhead and has threatened Australia and the United States (New York and San Francisco) with it.


Also, North Korea is probably behind the WannaCry malware, which used the exploits leaked by the Russian-linked Shadow Brokers.  Gathering all that bitcoin will allow it to buy prohibited items and generally bypass international sanctions.
So when countries as diverse as South Korea, Japan, the EU, and the United States all agree that North Korea is a rogue state, when China and Russia distance themselves… You have to admit there’s a lot of consensus among diverse countries.  And it’s a fairly reasonable argument that facilitating the evasion of sanctions and export controls truly does put lives at risk.


It’s not clear that the recent ransomware epidemic would exist at all without cryptocurrencies.  Locker, WannaCry, now Petya/notPetya… this is all made possible by cryptocurrencies – if there were an intermediary, this would be shut down quickly as organized criminal activity.

In fact, the ShadowBroker data dump service – is trafficking in purloined NSA hacking tools using ZEC, which is making money off the cybercrime world.  My suspicion is that they quickly realized they could not use the BTC in their original auction, and now they are migrating to more anonymous cash, to the detriment of non-criminal computer users everywhere.

Yay, right?

What’s The Deal with Russia and Cryptocurrencies

Speculation: money laundering, facilitating online cybercrime, insufficient banking system, looking to get in front of the parade, evading sanctions, looking to control cryptocurrency domestically by proposing RuCoin and then down-regulating others (“own the competition”).

Russia Caves In on Bitcoin to Open Front on Money Laundering

Why Russia Legalized Cryptocurrencies

Bullish Opinions

Presumably these are smart people… so I’m just going to drop some links here, you can go read them yourself.

Naval Ravikant


The World’s Money, In Perspective

The Bottom Line

It’s not clear what the fundamental driver is for valuation other than speculation. I don’t know what the metrics are on the size of the market for goods denominated in bitcoin, but that seems like a good metric to start with to determine whether it is overvalued or not.  Presumably most goods in bitcoin are also available in another currency, so we’re really want to express the preference for goods available in bitcoin over other currencies.  The compelling advantages appear to be in quasi-legal things like kratom, illegal things like drugs, ransomware payments, and things you want to buy that you don’t want traced to you.

For the moment the deflationary aspects are driving a lot of hoarding behavior and speculation.

My suspicion is that this will continue until:

  1. An altcoin takes over the black market as a medium of exchange
  2. Big countries suddenly decide to outlaw it perhaps because someone uses it to fund a terrorist attack – this tends to cause a cascade of similar regulations
  3. A major attack (cyber, crypto, or otherwise) causes “investors” to lose confidence.  But it’d have to be massive because even MTGOX didn’t change investor confidence much.
  4. General investor sentiment changes with respect to cryptocurrencies – somehow they get a negative association and that social concern outweighs the selfish concerns of greed.  That usually triggers a regulation, and it’s hard to imagine an association being powerful enough to prevent cryptocurrency purchases without turning into a regulation or law, since the penetration of cryptocurrencies is so low compared to mainstream investments.

Competitive effects will continue to drive financial institutions to innovate in real-time payments.  Lots of potential room for improvement in cross-border payments.

Might be desirable as a non-correlated asset class to diversify a traditional portfolio:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: