The discipline which birthed Bitcoin, blockchains, and the burgeoning ecosystem called Web 3.0
The word ‘cryptoeconomics’ sounds cool, but doesn’t inherently scream a definition. For people looking for a way to understand Bitcoin, blockchains, and everything else your technology friends and questionable investment advisors are saying, cryptoeconomics is the place to start. Here, you’ll understand how the “blockchain” industry works from the ground up — not only technically, but via economic incentives.
The purpose of this article is to define cryptoeconomics, call out by name some current tools available, and to review some interesting use cases of these designs in live projects. Standing on the shoulders of thinking giants like Kahneman (“Thinking Fast And Slow”) and Munger (Mental Models), the goal of the article will be to open up the conversation about the fundamental tools which were used to create Bitcoin, and how they are being re-used and built upon in other blockchains.
Furthering cryptoeconomic research is the best way to ensure the community has knowledge of the tools available when designing the next generation of the world wide web. Now is the time to build and iterate on these tools — when user counts are in millions, not billions (thanks Jeff Coleman, for that thought).
A little pre-history
As the name suggests, ‘cryptoeconomics’ is a coming together of fields: cryptography, computer science, and economics.
Cryptography evolved from ancient ciphers written by Hebrew scholars, the Spartan military, and other early civilizations. One famous early cipher was the ‘Caesar Cipher’, where each letter in a string was shifted forward a fixed amount. For example, if the shift is 3, and the letter is ‘c’, it becomes ‘f’.
In this Caesar Cipher, “cryptography” → “fubswrjudskb”.
This simple example displays the main feature of cryptography: the defender’s advantage. Cryptographic systems are much more difficult to crack than to use. To test: Give your friends “fubswrjudskb” and tell them to figure out what you mean.
Today’s cryptographic systems have evolved. It is now the goal of cryptographic systems to be resistant to attack, even if their inner workings are known. While someone could easily figure out “fubswrjudskb” by threatening one person, a cryptographically secure system should stand even if this person (or even, let’s say, 25% of the network) was independently compromised. Such strength leads to disincentives to even bother trying to break the code. Speaking of incentives…
Mechanism design is a field of economics dedicated to the study of mechanisms to (dis)/incentivize actions. If game theory is the study of different possible actions in a game, mechanism design is the study of creating a game.
A game designer must consider a) what tools are available to create a game, b) what to incentivize in the game, c) how to learn from these rules, and d) how to iterate along the way. It is the job of the designer of the game to lead to actions which lead to a fair, secure game.
To bring this to light, I’ll bring up my favorite game — basketball.
Some of you proud Canadians may know James Naismith. In 1891, Naismith created the thirteen original rules of “basket ball”. The first game was 9-on-9, no dribbling, 15 minute halves with a five minute break for halftime. The main goal of the game? Make more shots into the peach basket than the other team. The first game ended with a strong score: 1–0.
The original rules incentivized players to put the ball in the hoop. Players were constrained by their ability to only move the ball by passing. In the original version, 18 basketball players shared physical space, endured athletic strain, and communicated with teammates…all in efforts to to score the basketball and win the game.
As time went on, the ‘beta’ version of basketball has shifted quite a bit. The peach basket was traded for a metal hoop, backboards and nets (read: infrastructure updates). Rules were changed. Dribbling was added, increasing the ability for players to move around the court and adding complexity (and beauty) to the game. Eighteen players on the court was reduced to ten. A three point line was introduced, to add a one-point incentive to players to practice, take, and make long-distance shots. More recently, rules on fouls became more stringent. This update made the role of the defender harder, thereby increasing the scoring in games.
These ‘mechanism updates’ have been ways for the NBA to continuously improve the viewer experience and the game itself. The basketball we know has changed based upon changes in the rules of the game. We’ll come to find that designing a blockchain protocol like Bitcoin isn’t too far off from designing the game of basketball.
While economics obviously has a long history, the field of mechanism design is rather new — about 50 years since inception. Only in 2007, a year before Satoshi Nakamoto published the Bitcoin whitepaper, Leonid Hurwicz, Eric Maskin, and Roger Myerson won the Nobel Prize in Economics “for having laid the foundations of mechanism design theory.” It is an interesting field which I hope to delve into further in the future.
On Monday, Leonid Hurwicz, Eric Maskin and Roger Myerson were awarded the 2007 Nobel Prize in Economics for their…voxeu.org
Now that we have defined ‘mechanism design’ and ‘cryptography’ more broadly, we can define cryptoeconomics. And I quote, from Vlad:
“Cryptoeconomics is the application of incentive mechanism design to information security problems.”
Cryptoeconomics brings home the idea that through cryptography and properly-aligned incentives, we can secure protocols like Bitcoin and Ethereum.
Bitcoin is a dazzling showcase of cryptoeconomics. For the first time, someone answered how to fit together these important, abstract puzzle pieces (tools) in a way that worked to create a digital currency which works.
But…we have some learning to do before we get there. First, the cryptographic primitives. Then, how they work together in Bitcoin.
Cryptographic primitives are judged on their ability to achieve three qualities:
- Authenticity: The message truly came from the stated sender
- Confidentiality: Private data remained so during the transfer process
- Integrity: Data (public or private) was unchanged
A good example, modified slightly from a good Stack Overflow answer:
Suppose Alice and Bob are talking to each other. Authenticity would mean that messages received by Alice are actually sent by Bob. Integrity means that on the route from Bob to Alice, the message has not changed in between.
In general, authenticity would imply integrity but integrity wouldn't imply authenticity. For example, the message may retain its integrity but it could have been sent by Mallory instead of Bob.
[Added by me]: Confidentiality holds that private information of both Alice and Bob remained so throughout the process.
We’ll start with the primitives which allow Bitcoin to work, which have been around for decades.
A cryptographic hash takes an input (like “hello”) and turns it into a complex, hard-to-recreate output (like
2cf24dba5f0a30e26e83b2ac5b9e9e1b161e5c1f984, but longer). To test yourself, type in ‘hello’ and then ‘hello…’ at this link. Almost as big of a difference as receiving ‘hello’ vs. ‘hello…’ from a significant other.
The hash is easy to verify if you know the input. If you don’t know what you’re looking for, it won’t be easy to find — even with the help of a large computer. In computer science, this is called a one-way function, and underlies security of many systems we use today.
A one-way function is easy to compute on every input, but hard to invert given the image of a random input.
There are many types of cryptographic hashes, dubbed the Swiss-army knife of cryptography for their varied use in the field. The example above is a ‘SHA-256' hash — our first Bitcoin cryptographic primitive.
A digital signature is cryptographic proof that the person who signed off on the transaction was really the person it claims to be. Similar to our real-life signatures (formally known as scribble-scrabble), signatures should be unforgeable.
Public-key cryptography is how this is done. Each actor, Alice and Bob (get used to these homies) both have a public key — which is used to share their account address with the world — and a secret (private) key.
The three important algorithms are a) generating a public-private key pair, b) signing with a private key and c) verification to prove a transaction.
An example would be Alice sending $10 to Bob. To do so, she sends her digital signature (a combo of the $10 message + her private key) to his public key.
When Bob receives the message, Alice’s signature is cross-referenced to her public key. If a match is verified, the $10 exchanges hands.
With hashes and digital signatures alone, it is possible for a transaction to be made and securely sent from one party to the next. We’re building something here...
From here, computer science — linked lists and Merkle trees — help organize these transactions neatly into ‘blocks’, and links them together to form a blockchain. The same ability to ‘hash’ information comes in handy here: each block is represented by a hash, which ties it to the next block. The fact that the hash changes drastically with even the tiniest data modification allows us to check (very easily) whether data has been changed.
Now that we see the primitives from both cryptography and computer science which allow for a blockchain to function, let’s see how economics brings this model home.
The Game Inside The Game: Proof-Of-Work Consensus
Satoshi, the Bitcoin creator, had to create a way for every computer in the Bitcoin network to agree on the transaction history in this ledger. He also had to decide how to introduce new bitcoin into the network. Eloquently, ‘proof-of-work’ (repurposed from Hashcash) accomplishes both of these goals.
Proof-of-work uses the primitives above — leaning heavily on hashes (+ nonces) — to create a game for all the computers on Bitcoin’s network. The game creates a) competition for the chance to add the next block to the Bitcoin blockchain and b) provides an economic incentive for the block proposed to hold accurate transactions.
The competition starts with using your computer power to solve an incredibly difficult math problem, where the goal is to find a hash smaller than the target difficulty. To solve the puzzle, there’s not much your computer can do but iterate through millions of hashes per second to get to the answer. While your computer plays this game, all the computers are playing, too. Collectively, these computers are the Bitcoin ‘miners’, working for digital gold (bitcoin).
If the miner wins the race, then their block is valid, and can be sent around to other miners. The winning miner has a great chance at winning a reward — x bitcoin (12.5 bitcoin, in 2017 — worth ~$75,000)! To get this reward, however, your block should only include valid transactions: no funny business. If you propose even one transaction in the block which is invalid, it’s likely your block will not make it onto the main Bitcoin blockchain because no one wants to build on an invalid block. This means no more bitcoin for you… and who knows when you’ll get your next chance? You are thus strongly incentivized to have a honest, accurate block. The miners incentive to be honest makes the Bitcoin network move forward truthfully and honestly.
Every 210,000 blocks, the bitcoin reward for mining and proposing accurate blocks halves. Satoshi and team also decided that 21 million bitcoin would be the total supply for the currency.
Bitcoin Block Reward Halving Countdown websitewww.bitcoinblockhalf.com
This decision, as with others, comes with tradeoffs. Bitcoin that are lost — are simply lost, deflating the currency slowly, long-term. Ethereum, a protocol with a different goal than bitcoin — decided on a disinflationary monetary base which adds Ether to the system every year, but slightly less year-over-year. Joseph Lubin explains their thought-process in an early Ethereum blog post:
One of Bitcoin’s great value propositions (is) the algorithmically fixed total issuance of the currency which mandated that only 21,000,000 BTC will ever be created. In a time of profligate legacy currency printing in an exponentially doomed attempt to patch over the fact that there is too much debt in the global economic system (with more debt), the prospect of a universally accepted cryptocurrency that can serve eventually as a relatively stable store of value is attractive. Ethereum recognizes this and seeks to emulate this core value proposition.
Ethereum also recognizes that a system intended to serve as a distributed, consensus-based application platform for global economic and social systems, must strongly emphasize inclusiveness. One of the many ways we intend to foster inclusiveness is by maintaining an issuance system which possesses some churn. New participants in the system will be able to purchase new ETH or mine for new ETH whether they are living in the year 2015 or 2115. We believe we have a achieved a good balance between the two goals of fostering inclusiveness and maintaining a stable store of value.
Mining is not in Ethereum’s long-term vision anymore, but the original choice to increase monetary supply (slower and slower) remains, as an example. All in a day’s work designing an game…
The competition aspect of mining proves to be important for security reasons, as well. It makes the system expensive to attack. To effectively ‘take-over’, an attacker would need to buy enough equipment and take on enough electricity costs to control more than 51% of the network. See what a cost of a 51% attack would be, today (over $3 billion).
Calculation of the cost of a 51% attack on the Bitcoin networkgobitcoin.io
Note that some miners already are close to spending $3 billion, so this may not be as infallible as we want it to be, ideally. Along with this monetary baseline, there are additional lines of defense against an attacker.
A Giant Book Of Transactions
The net result is a giant book, maintained by the global community — where everyone is in agreement on the state of transaction history (thanks Naval, for this analogy). This book tells the ‘story of money’ in a non-tamperable way.
Why is this important? Because today’s money is also a story, which we trust to be non-tamperable due to the trust we have in our governments — who issue and control the money. These governments have done a good job in a lot of cases. In other cases, perhaps less so.
The Next Generation Of Games
The Bitcoin game was the first of many blockchain based games. Ethereum came along in 2014 and is at the forefront of many cryptoeconomic ‘updates’, including Proof-of-Stake consensus, sharding, and state channels. If you’re excited about cryptoeconomics, here is Cryptoeconomics 307 from Vitalik, co-founder of Ethereum.
Ethereum and Bitcoin are base-layer protocols (games), both still tinkering with cryptoeconomics to find what’s right. Lots of tools are being built (Plasma, Lightning, 0x Protocol) to directly affect and surround this base-layer. People are also building tokens on top with cryptoeconomic incentives. Many are early, given the work still to do on the ground level — but some will be right on time. There is lots of work to be done, starting here.
In Ender’s Game, the protagonist, Ender, plays ‘a game’ which turns out to massively shape reality. As with all great sci-fi, this has already shown to be a true story in reality.
Cryptoeconomics is helping us create games which lean on the (semi)rationality of man + security provided by computers. For those who protect the rules of the game, rewards are given. For attackers, large financial walls are put up to disincentivize bad behavior. For every bad actor out there — we remember, cryptography helps us heavily favor the defender.
In future posts, we’ll explore cryptoeconomics in new protocols, and dive deep into novel research. Ideally, we find novel ways to use old, tested economics and cryptography in new, interesting ways. Diving deeper into well designed economic systems of the past and learning quickly from the first applications here will be important.
The future of blockchain universe is being built today. It’s possible these systems, one-day, will seem as entrenched as the Federal Reserve does today. There will come a time where a future group sits down, looks at the work done around 2017, and asks questions about the implications of our decisions on how money and information flows. It’s better to make mistakes now, before we reach a critical mass.
For a growing group, cryptoeconomics seems like the right place to focus attention, as a result. All viewpoints and ideas are helpful at this stage — the more divergent thoughts, the better. Hopefully, this article gives you footing to be a part of the ride.
About the author: Vivek Singh started Kryptos Studio to share thoughts on cryptoeconomics and to highlight projects and thinkers working on the blockchain. He writes and builds in the blockchain space, and has a laugh which more resembles a prolonged chuckle. Follow him and reach out anytime @vsinghdothings on Twitter!