I was asked to make a brief contribution to discussion of the President’s Executive Order on Ensuring Responsible Development of Digital Assets, concentrating on the technological risks they involve over and above those of conventional financial assets. Below the fold is my contribution with links to the sources.
I’m a retired software engineer so I focus here on the technological risks. I have no positions in cryptocurrencies or related companies. Nearly a quarter-century ago I started work at Stanford on a decentralized peer-to-peer consensus system using Proof-of-Work. It won a Best Paper award five years before Satoshi Namakoto published the Bitcoin protocol.
This discussion is badly framed; the term “digital asset” is counter-productive. My checking accounts are digital assets. What you want to talk about are “cryptocurrencies” or “digital ledger technologies” or “blockchains”, but these terms cover two completely different technologies:
- permissioned or centralized systems with an obvious locus of control to which regulations can be applied,
- and permissionless or decentralized systems which claim to lack a locus of control, and thereby to be immune from regulation.
The major design goal of permissionless cryptocurrencies such as Bitcoin and Ethereum was to evade regulation by diffusing responsibility; conflating the two systems suggests permissioned systems are “digital assets” just like Bitcoin, so immune from regulation.
That a system is permissionless is a fact, that it is decentralized is a claim. In practice the claim is false, they do have loci of control. The spurious claim is used to deter regulation, so don’t accept it by using the “decentralized” word.
The “digital asset” frame includes talking about “innovation” and pie-in-the-sky benefits. Both are again spurious, used to deter regulation. First, permissioned blockchain technology is thirty years old, and permissionless blockchain technology is not that innovative either; Satoshi Nakamoto simply assembled a set of well-known techniques to implement a cryptocurrency. Second, the products built on these technologies are not at all innovative, they simply replicate existing financial products without all the pesky regulation that would prevent their insiders ripping off the suckers.
Centralized systems, whether they use a conventional database or a permissioned blockchain, don’t raise significant new risks or regulatory problems, but permissionless systems do. They are not fit for purpose in at least five areas:
- User Experience
First, nodes in permissionless systems must achieve consensus on the next block of transactions. They are vulnerable to Sybil attacks, in which the attacker controls many ostensibly independent nodes. The only defense is to impose costs on nodes such that the cost of mounting an attack is greater than the reward from it. Imposing costs via Proof-of-Work is simple and effective but involves catastrophic environmental costs, via Proof-of-Stake is complex and centralizing due to cryptocurrencies extreme Gini coefficients.
Transactions bid fees in an auction for inclusion in a block. When everyone wants to transact, the cost (fixed reward + variable fees) of the average transaction can reach $300, and median finality can reach 75 minutes. Low-fee systems, as Bitcoin will become, are insecure and vulnerable to DDoS attacks. Since Bitcoin and Ethereum launched, many thousands of other cryptocurrencies, some with much better technology, have failed to dent their market dominance.
Second, users of permissionless systems can create arbitrarily many identities, pseudonyms. Newly created pseudonyms are anonymous, but in systems such as Bitcoin and Ethereum as they become enmeshed in the web of transactions they can be linked to real-world identities fairly easily.
|BitFinex loot transfers|
Users attempt to avoid this in two ways. About 90% of Bitcoin transactions are not “economically meaningful”, attempting to obscure the user’s identity. Thus the average cost of a real Bitcoin transaction at busy times can be about $1500, and the network processes less than 20 such transactions per minute on average.
More sophisticated miscreants use “mixers” such as Tornado Cash, or coins such as Monero or Zcash that use advanced cryptography to obscure transactions. These capabilities of permissionless cryptocurrencies enable a massive crime wave including sanctions evasion, ransomware and drug dealing. Further, even with escrow “smart contracts”, users cannot safely purchase physical goods.
Third, permissionless systems’ transactions are immutable, there is no trust locus that could enforce reversals. This greatly enhances their criminogenic nature; make a single mistake and your assets are irretrievable. Systems that cannot recover from mistakes are not usable in the real world.
Fourth, the history of transactions in a permissionless system is necessarily public. Maintaining anonymity requires operational security beyond ordinary users’ ability. Thus in practice most users’ transaction history is effectively both public and immutable, enabling abuse and harassment on an unprecedented scale.
Fifth, because of the catastrophic nature of mistakes, users of these purportedly “trustless” systems generally do not access permissionless systems directly, but must place their trust in a user experience layer above the base system’s API. As is normal in software, increasing returns and network effects mean that these layers have one or two dominant applications (Alchemy and Infura for Ethereum, for example). A compromise of these systems would place the whole ecosystem at risk.
As you see, permissionless cryptocurrency technology really doesn’t work well at all. Evidence for this is the need for so-called “layer-2 systems” such as the Lightning Network, which doesn’t really work either. So why put up with this inadequate technology? To deflect regulation so that the insiders and the criminals can continue to rip off everyone else. Encouraging “responsible development” of a technology whose main purpose is to enable irresponsibility is a fool’s errand.
Update: 3rd July 2022
I should have pointed out that, while it is often easy to show that a permissionless system is not decentralized, the possibility that ostensibly independent actors are using clandestine channels to coordinate means that it is impossible to prove that it is decentralized. Thus any numerical estimate of decentralization, such as the Nakamoto coefficient, must be treated as a upper bound.