The discipline which birthed Bitcoin, blockchains, and the burgeoning ecosystem called Web 3.0 The word ‘cryptoeconomics’ sounds cool, but doesn’t inherently scream a definition. For people looking for a way to understand Bitcoin, blockchains, and everything else your friends and questionable investment advisors are saying, cryptoeconomics is the place to start. Here, you’ll understand how the “ ” industry works from the ground up — not only technically, but via economic incentives. technology blockchain The purpose of this article is to define cryptoeconomics, call out by name some current tools available, and to review some interesting use cases of these designs in live projects. Standing on the shoulders of thinking giants like ( ) and ( ), the goal of the article will be to open up the conversation about the fundamental tools which were used to create Bitcoin, and how they are being re-used and built upon in other blockchains. Kahneman “Thinking Fast And Slow” Munger Mental Models Furthering cryptoeconomic research is the best way to ensure the community has knowledge of the tools available when designing the next generation of the world wide web. Now is the time to build and iterate on these tools — when user counts are in millions, not billions ( ). thanks Jeff Coleman , for that thought A little pre-history As the name suggests, ‘cryptoeconomics’ is a coming together of fields: cryptography, computer science, and economics. Cryptography Cryptography evolved from ancient ciphers written by Hebrew scholars, the Spartan military, and other early civilizations. One famous early cipher was the ‘Caesar Cipher’, where each letter in a string was shifted forward a fixed amount. For example, if the shift is 3, and the letter is ‘c’, it becomes ‘f’. In this Caesar Cipher, “cryptography” → “fubswrjudskb”. This simple example displays the main feature of cryptography: . Cryptographic systems are much more difficult to crack than to use. : Give your friends “fubswrjudskb” and tell them to figure out what you mean. the defender’s advantage To test Today’s cryptographic systems have evolved. It is now the goal of cryptographic systems to be resistant to attack, even if their inner workings are known. While someone could easily figure out “fubswrjudskb” by threatening one person, a cryptographically secure system should stand even if this person (or even, let’s say, 25% of the network) was independently compromised. Such strength leads to to even bother trying to break the code. disincentives Speaking of incentives… Mechanism Design Mechanism design is a field of economics dedicated to the study of mechanisms to (dis)/incentivize actions. If game theory is the study of different possible actions in a game, mechanism design is the study of creating a game. A game designer must consider a) what tools are available to create a game, b) what to incentivize in the game, c) how to learn from these rules, and d) how to iterate along the way. It is the job of the designer of the game to lead to actions which lead to a fair, secure game. To bring this to light, I’ll bring up my favorite game — . basketball Some of you proud Canadians may know James Naismith. In 1891, Naismith created the thirteen original rules of “basket ball”. The first game was 9-on-9, no dribbling, 15 minute halves with a five minute break for halftime. The main goal of the game? Make more shots into the peach basket than the other team. The first game ended with a strong score: 1–0. The original rules incentivized players to put the ball in the hoop. Players were constrained by their ability to only move the ball by passing. In the original version, 18 basketball players shared physical space, endured athletic strain, and communicated with teammates…all in efforts to to score the basketball and win the game. As time went on, the ‘beta’ version of basketball has shifted quite a bit. The peach basket was traded for a metal hoop, backboards and nets ( infrastructure updates). Rules were changed. Dribbling was added, increasing the ability for players to move around the court and adding complexity (and beauty) to the game. Eighteen players on the court was reduced to ten. A three point line was introduced, to add a one-point incentive to players to practice, take, and make long-distance shots. More recently, rules on fouls became more stringent. This update made the role of the defender harder, thereby increasing the scoring in games. read: Black magic… These ‘mechanism updates’ have been ways for the NBA to continuously improve the viewer experience and the game itself. The basketball we know has changed based upon changes in the rules of the game. We’ll come to find that designing a blockchain protocol like Bitcoin isn’t too far off from designing the game of basketball. While economics obviously has a long history, the field of mechanism design is rather new — about 50 years since inception. Only in 2007, a year before Satoshi Nakamoto published the Bitcoin whitepaper, , , and won the Nobel Prize in Economics “for having laid the foundations of mechanism design theory.” It is an interesting field which I hope to delve into further in the future. Leonid Hurwicz Eric Maskin Roger Myerson _On Monday, Leonid Hurwicz, Eric Maskin and Roger Myerson were awarded the 2007 Nobel Prize in Economics for their…_voxeu.org Nobel Prize: What is mechanism design and why does it matter? Cryptoeconomics Now that we have defined ‘mechanism design’ and ‘cryptography’ more broadly, we can define cryptoeconomics. And I quote, from : Vlad “Cryptoeconomics is the application of incentive mechanism design to information security problems. ” Cryptoeconomics brings home the idea that through cryptography and properly-aligned incentives, we can secure protocols like Bitcoin and Ethereum. Bitcoin is a dazzling showcase of cryptoeconomics. For the first time, someone answered how to fit together these important, abstract puzzle pieces ( ) in a way that worked to create a digital currency which works. tools **But…**we have some learning to do before we get there. First, the cryptographic primitives. Then, how they work together in Bitcoin. Cryptographic Primitives Cryptographic primitives are judged on their ability to achieve three qualities: The message truly came from the stated sender Authenticity: Private data remained so during the transfer process Confidentiality: Data (public or private) was unchanged Integrity: A good example, modified slightly from a good Stack Overflow answer: Suppose Alice and Bob are talking to each other. would mean that messages received by Alice are actually sent by Bob. means that on the route from Bob to Alice, the message has not changed in between. Authenticity Integrity In general, authenticity would imply integrity but integrity wouldn't imply authenticity. For example, the message may retain its integrity but it could have been sent by Mallory instead of Bob. [Added by me]: holds that private information of both Alice and Bob remained so throughout the process. Confidentiality We’ll start with the primitives which allow Bitcoin to work, which have been around for decades. Cryptographic Hashes A takes an input (like “hello”) and turns it into a complex, hard-to-recreate output (like , but longer). To test yourself, type in ‘hello’ and then ‘hello…’ . Almost as big of a difference as receiving ‘hello’ vs. ‘hello…’ from a significant other. cryptographic hash 2cf24dba5f0a30e26e83b2ac5b9e9e1b161e5c1f984 at this link The hash is easy to verify if you know the input. If you don’t know what you’re looking for, it won’t be easy to find — even with the help of a large computer. In computer science, this is called a , and underlies security of many systems we use today. one-way function A one-way function is easy to compute on every input, but hard to invert given the image of a random input. There are many types of cryptographic hashes, dubbed the Swiss-army knife of cryptography for their varied use in the field. The example above is a ‘SHA-256' hash — our first Bitcoin cryptographic primitive. Digital Signature A digital signature is cryptographic proof that the person who signed off on the transaction was really the person it claims to be. Similar to our real-life signatures (formally known as ), signatures should be unforgeable. scribble-scrabble is how this is done. Each actor, and (get used to these homies) both have a public key — which is used to share their account address with the world — and a secret (private) key. Public-key cryptography Alice Bob The three important algorithms are with a private key and to prove a transaction**.** a) generating a public-private key pair, b) signing c) verification From Arvind Narayanan’s seminal book, ‘Bitcoin & Cryptocurrencies’ An example would be Alice sending $10 to Bob. To do so, she sends her (a combo of the $10 message + her private key) to his public key. digital signature When Bob receives the message, Alice’s signature is cross-referenced to her public key. If a match is verified, the $10 exchanges hands. Designing Bitcoin With hashes and digital signatures alone, it is possible for a transaction to be made and securely sent from one party to the next. We’re building something here... From Satoshi’s Bitcoin White Paper From here, computer science — — help organize these transactions neatly into ‘blocks’, and links them together to form a . The same ability to ‘hash’ information comes in handy here: each block is represented by a hash, which ties it to the next block. The fact that the hash changes drastically with even the tiniest data modification allows us to check (very easily) whether data has been changed. linked lists and Merkle trees blockchain Now that we see the primitives from both cryptography and computer science which allow for a blockchain to function, let’s see how economics brings this model home. The Game Inside The Game: Proof-Of-Work Consensus Satoshi, the Bitcoin creator, had to create a way for every computer in the Bitcoin network to agree on the transaction history in this ledger. He also had to decide how to introduce new bitcoin into the network. Eloquently, ‘proof-of-work’ ( ) accomplishes both of these goals. repurposed from Hashcash Proof-of-work uses the primitives above — leaning heavily on hashes (+ ) — to create a game for all the computers on Bitcoin’s network. The game creates a) competition for the chance to add the next block to the Bitcoin blockchain and b) provides an economic incentive for the block proposed to hold accurate transactions. nonces The competition starts with using your computer power to solve an incredibly difficult math problem, where the goal is to find a hash smaller than the target . To solve the puzzle, there’s not much your computer can do but iterate through millions of hashes to get to the answer. While computer plays this game, all the computers are playing, too. Collectively, these computers are the Bitcoin ‘miners’, working for digital gold (bitcoin). difficulty per second your If the miner wins the race, then their block is valid, and can be sent around to other miners. The winning miner has a great chance at winning a reward — bitcoin (12.5 bitcoin, in 2017 — worth ~$75,000)! To get this reward, however, your block should only include valid transactions: no funny business. If you propose even one transaction in the block which is invalid, it’s likely your block will not make it onto the main Bitcoin blockchain because no one wants to build on an invalid block. This means no more bitcoin for you… and who knows when you’ll get your next chance? You are thus to have a honest, accurate block. The miners incentive to be honest makes the Bitcoin network move forward truthfully and honestly. x strongly incentivized Monetary Supply Every 210,000 blocks, the bitcoin reward for mining and proposing accurate blocks halves. Satoshi and team also decided that 21 million bitcoin would be the total supply for the currency. _Bitcoin Block Reward Halving Countdown website_www.bitcoinblockhalf.com Bitcoin Block Reward Halving Countdown This decision, as with others, comes with tradeoffs. Bitcoin that are lost — are simply lost, deflating the currency slowly, long-term. Ethereum, a protocol with a different goal than bitcoin — decided on a monetary base which adds Ether to the system every year, but slightly less year-over-year. explains their thought-process in an early Ethereum blog post: disinflationary Joseph Lubin One of Bitcoin’s great value propositions (is) the algorithmically fixed total issuance of the currency which mandated that only 21,000,000 BTC will ever be created. In a time of profligate legacy currency printing in an exponentially doomed attempt to patch over the fact that there is too much debt in the global economic system (with more debt), the prospect of a universally accepted cryptocurrency that can serve eventually as a relatively stable store of value is attractive. Ethereum recognizes this and seeks to emulate this core value proposition. Ethereum also recognizes that a system intended to serve as a distributed, consensus-based application platform for global economic and social systems, must strongly emphasize inclusiveness. One of the many ways we intend to foster inclusiveness is by maintaining an issuance system which possesses some churn. New participants in the system will be able to purchase new ETH or mine for new ETH whether they are living in the year 2015 or 2115. We believe we have a achieved a good balance between the two goals of fostering inclusiveness and maintaining a stable store of value. Mining is not in Ethereum’s long-term vision anymore, but the original choice to increase monetary supply (slower and slower) remains, as an example. All in a day’s work designing an game… Economic Costs The competition aspect of mining proves to be important for security reasons, as well. It makes the system expensive to attack. To effectively ‘take-over’, an attacker would need to buy enough equipment and take on enough electricity costs to control more than 51% of the network. See what a cost of a 51% attack would be, today (over ). $3 billion _Calculation of the cost of a 51% attack on the Bitcoin network_gobitcoin.io Cost of a 51% attack — GoBitcoin Note that some miners already are close to spending $3 billion, so this may not be as infallible as we want it to be, ideally. Along with this monetary baseline**,** there are against an attacker. additional lines of defense A Giant Book Of Transactions The net result is a giant book, maintained by the global community — where everyone is in agreement on the state of transaction history (thanks , for this analogy). This book tells the ‘story of money’ in a non-tamperable way. Naval Why is this important? Because today’s money is also a story, which we trust to be non-tamperable due to the trust we have in our governments — who issue and control the money. These governments have done a good job in a lot of cases. , perhaps less so. In other cases The Next Generation Of Games The Bitcoin game was the first of many blockchain based games. came along in 2014 and is at the forefront of many cryptoeconomic ‘updates’, including , sharding, and state channels. If you’re excited about cryptoeconomics, here is from , co-founder of Ethereum. Ethereum Proof-of-Stake consensus Cryptoeconomics 307 Vitalik Ethereum and Bitcoin are base-layer protocols (games), Lots of tools are being built (Plasma, Lightning, 0x Protocol) to directly affect and surround this base-layer. People are also building tokens on top with cryptoeconomic incentives. Many are early, given the work still to do on the ground level — but some will be right on time. There is lots of work to be done, starting here. both still tinkering with cryptoeconomics to find what’s right. _Contribute to Ethereum research development._github.com ethereum/research In , the protagonist, Ender, plays ‘a game’ which turns out to massively shape reality. As with all great sci-fi, this has already shown to be a true story in reality. Ender’s Game Cryptoeconomics is helping us create games which lean on the (semi)rationality of man + security provided by computers. For those who protect the rules of the game, rewards are given. For attackers, large financial walls are put up to disincentivize bad behavior. For every bad actor out there — we remember, cryptography helps us . heavily favor the defender In future posts, we’ll explore cryptoeconomics in new protocols, and dive deep into novel research. Ideally, we find novel ways to use old, tested economics and cryptography in new, interesting ways. Diving deeper into well designed economic systems of the past and learning quickly from the first applications here will be important. The future of blockchain universe is being built today. It’s possible these systems, one-day, will seem as entrenched as the Federal Reserve does today. There will come a time where a future group sits down, looks at the work done around 2017, and asks questions about the implications of our decisions on how money and information flows. It’s better to make mistakes now, before we reach a critical mass. For a growing group, cryptoeconomics seems like the right place to focus attention, as a result. All viewpoints and ideas are helpful at this stage — the more divergent thoughts, the better. Hopefully, this article gives you footing to be a part of the ride. Thanks to L4 Ventures founders Josh Stark and Jeff Coleman for the inspiration for this post, as well as Nate Rush , Adi Kancherla , and Connor Davis for their early feedback. About the author: Vivek Singh started Kryptos Studio to share thoughts on cryptoeconomics and to highlight projects and thinkers working on the blockchain. He writes and builds in the blockchain space, and has a laugh which more resembles a prolonged chuckle. Follow him and reach out anytime @vsinghdothings on Twitter!
