Towards an Analytical Discipline of Forkonomy (Summer 2018)

[Note: This work was written and self-published in manuscript form on in summer 2018 with . Figures come from tweets, original manuscript and presentation slides from in September 2018. . TLDRs in video and tweet form, scroll down for the full text.] pllel.com last revision 10th August ETC Summit Forkonomy talk A follow-up commentary was just published 3.3 : The Impact of Fork-Merging on Monetary Networks Forkonomics The fork-merge process has effectively created an BTCP blockchain between third and fourth halvings (as seen in Figure 2), with little incentive for miners to protect and therefore minimal value proposition as a PoW monetary network. Much of the BTCP UTXOs involuntarily assigned to BTC UTXO owners have gone uncollected, undoubtedly due to the low value of the 1:1 airdrop for the BTC side or prevention of private key compromise risk. In many respects BTCP is now experiencing an eternal post-fork hangover caused by the lopsided incentive structures engineered into the fork-merge. The event asymmetrically benefited ZCL holders which had a much lower per coin price than BTC but also entitled holders to a 1:1 airdrop. This was particularly the case for those who held ZCL balances prior to the announcement of the fork-merge, as the market price of ZCL experienced an approximate hundredfold increase in USD terms within a 30 day period prior to the fork-merge [43]. elderly Due to the disparity in mining subsidy value and network age (not “effective maturity” as discussed above) between ZCL and BTCP, ZCL appears to retain a reasonably cohesive constituency of stakeholders — miners, exchanges, users and so on — despite many developers abandoning the project at time of fork. In contrast, BTCP seems to have lost most of its pre-fork proponents and has failed to acquire listing on major exchanges to access liquidity in order to improve its value proposition as a speculative asset. BTCP vs ZCL may be considered an extreme case of . That is to say that the fork-merge process has resulted in a cryptocurrency network simultaneously vulnerable to majority attacks and unable to bootstrap itself into a secure and reliable state as the block subsidy available in an elderly network does not sufficiently incentivise computational resource in the absence of an on-chain transaction fee market. The lack of evidence of such attacks on BTCP may be due to the lack of on-chain transaction volume and associated fiat equivalent value making even a low-cost attack a waste of resource. Furthermore trading platforms do appear to anticipate the likelihood of such an attack as typically 25–50 confirmations are required to consider a BTCP deposit confirmed and spendable at an exchange. fork-induced emission curve fatigue In 2018 there has been an emerging trend of ledger forks of BTC possessing greatly inflated market capitalisations in comparison to codebase forks with virgin genesis blocks and ledgers. This is at least in part due to the effective sequestration of large proportions of the supply, essentially attention-locked since BTC UTXO owners have neither financial nor ideological motivation to participate at the potential expense and inconvenience of accessing private keys. Observable on-chain transaction volume (not including shielded transactions which typically constitute a tiny minority of usage) is minimal on both BTCP and ZCL networks with significantly under one million USD average daily volume, whilst BTC moves approximately several billion USD equivalent per day. In terms of hashrate ZCL has approximately 25 times more network hashrate than BTCP with a nominal market capitalisation of 3 times less [44]. The consequence of this is that the BTCP chain is rendered extremely vulnerable to 51 % attacks with a trivial vector employing rented hashrate — using figures at time of writing the 1 hour cost of a majority attack was approximately 200 USD. For a network with a nominal value (using market capitalisation as a coarse heuristic) of approximately one hundred million USD, the prospect for transaction disruption seems sufficiently high to preclude any realistic proposition of BTCP as a monetary network. If majority takeovers become trivial in a cryptocurrency network, exchanges will be reticent to list it as they would be the primary victims of double-spending attacks when not requiring sufficient confirmations for transaction finality to be beyond doubt [45]. Fig. 2. Generalised emission curve and supply schema for cryptocurrency networks deriving their accounting and monetary characteristics from Bitcoin. Each “step down” represents a halving of block subsidy, halving in effective supply inflation rate and an advancement in the lifecycle phase of a blockchain network. Emission curve and supply schema for ZCL (blue), BTC (green) and BTCP (orange) networks compared visually. 4. Discussion: Implications for Ageing Blockchains and Prominent Minority Forks The emission curve fatigue that BTCP is experiencing, combined with lack of transaction fee market results in an insecure network with absent value proposition. Indeed this is one of the possible futures for any elderly PoW blockchain. By analogy with stellar lifecycles, the moniker may be applied to BTCP. In common with the celestial remnant, high maturity and low economic gravity prevent the network from attracting substantive accretion, eventually no longer possessing the critical mass to function. There is a prospect that BTCP will attempt a transition to PoS or dPoW in order to seek refuge from thermodynamic attacks. Recently the prospect of confiscation of “inactive” UTXOs in order to liberate coin supply from attention-locked holders of BTCP in order to provide further miner subsidy in order to attract greater hashrate has emerged [39]. The disingenuous trope of “Satoshi’s Vision” was invoked by BTCP proponents in the pre-fork marketing, though it is difficult to see how Satoshi Nakamoto’s cypherpunk principles were respected and honoured through the mechanism of confiscating UTXOs under his control. white dwarf chain An alternative outcome termed a chain death spiral is also a possibility for BTCP. Should Equihash resource be sufficiently incentivised to be directed elsewhere, the network may stop issuing blocks altogether. This was a particular concern for BTC at the time of the BCH chain split, though ironically it was BCH that produced severely tardy blocks with block intervals reaching many hours for some time. This was due to the BCH network inheriting the BTC network’s difficulty whilst only possessing a fraction of the former BTC hashrate. A customised difficulty adjustment algorithm was invoked to rapidly adjust the BCH network difficulty downwards to reflect the much lower nethash of the minority SHA-256 BCH network fragment. The lack of such a difficulty adjustment mechanism in BTC beyond the original specification’s 2016 block window came to be perceived as a potential attack vector from a hostile ledger fork [46]. The significance of implications arising from the BTCP case study are due to the lack of organically elderly blockchain networks in existence today. Emergent behaviours that are observed in these distributed environments may vary from hypothetical studies utilising cryptoeconomic, distributed systems or game theoretical perspectives. Due in part to the BCH difficulty adjustment process — and successor algorithms performing analogous functions — BTC and BCH have already diverged by approximately seven thousand blocks chain length (Figure 3) which corresponds to around 50 days greater effective age of BCH in the year since chain split. The consequence is that, ceteris paribus, the BCH blockchain will reach its next block subsidy halving sooner than BTC. Coupled with the fact that BCH shares the SHA-256 mining algorithm with BTC but now has approximately ten times less hashrate (Figure 4), there is declining economic incentive for miners to secure the minority BCH network [47]. With no fix currently implemented for transaction malleability due to BCH’s rejection of SegWit and no alternative ready to deploy, 51 % attacks have become trivial to conduct by several BTC mining pools and double spent transactions are growing in frequency, calling any notion of monetary soundness or payment utility proposition into serious question [48]. Fig. 3. Chain dynamics of BTC (blue) and BCH (red) networks August 2017–18, as visualised through the benchmarking of “chain time” versus Earth time. Data from Blockchair.com. Forkonomy assessment of BTCP (Aug/Sep 2018) Through the observation of networks which in the past competed for ASIC hashrate such as Litecoin and Dogecoin, it has been observed that once the security of a PoW network sharing a mining algorithm with a dominant competitor is believed to be compromised, two main categories of remedial action may be utilised. To preserve decentralisation and network sovereignty, the adoption of an alternative and unique PoW algorithm is an option but would be unpalatable for an ASIC-oriented network such as BCH. An alternative is to implement merge-mining whereby PoW on the dominant network for a particular algorithm counts towards PoW on the merge-mined network [49], or periodic checkpoint notarisation - also known as delayed PoW - of latest block hash into the most secure blockchain as utilised by minority Equihash network Komodo [50]. Confiscation of “inactive” UTXOs or account balances has also been proposed by minority forks such as United Bitcoin and Bitcoin Private as discussed above. The canonical Ethereum network ETC may have a different future to the typical minority branch, as development paths between forks have diverged and ETH intends to attempt transition to PoS with the Casper family of consensus protocols [51], accompanied by a significant reduction in block issuance subsidy to 0.6 ETH per block [52]. Should this occur as multiple competing Ethash ASICs and high performance FPGA bitstreams are distributed more widely, ETC may retain a strong value proposition as the canonical, decentralised and immutable Ethereum network with a sound monetary policy and thermodynamically assured network security. As Figure 5 shows, ETH has an annual equivalent supply inflation of approximately 7.5 % and no maximum limit on token supply, whereas ETC’s inflation is around 5.75% and projected to decrease much more rapidly due to a fixed supply limit. ETC has also removed the so-called difficulty bomb which is intended to disincentivise mining by making it increasingly unprofitable. Fig. 4. Difficulty (as proxy heuristic for hashrate) comparision of BTC (black) and BCH (grey) networks August 2017–18. Data from Blockchair.com Fig. 5. All-time supply inflation comparison of ETC (black) and ETH (grey). Data from ECIP1017 [53]. 5. Future Perspectives on Forks As with any novel field of study many open questions remain as to how new technologies, emergent phenomena and threats caused by internal factions within open source protocol networks or external entities such as rival blockchains, lawmakers and silicon foundries may influence the forking tendencies of cryptocurrency networks. Sztorc’s notion of fork futures has merit insofar as competing visions may be assessed and priced in real time by the marketplace prior to implementation. This facilitates the assessment of support for the various options proposed by competing factions, potentially preventing quite a substantial proportion of chain splits by using the market to assess the value of competing ideas. [54]. Velvet forks as proposed by Kiayias et al. could help mitigate potential network consensus failures by increasing inclusiveness and compatibility of protocol upgrades, by being minimally invasive with respect to network participants not running the velvet fork upgrade [28]. An example of successful implementation of a velvet fork has been found in decentralised mining pool P2Pool’s sharechain, which keeps track of mining shares which correspond to block hashes close to but not below the network difficulty limit. In order to reduce reward variance for individual participants in the mining pool, shares are kept track of by the sharechain [55]. The ongoing litigation against the cryptocurrency exchange Bitgrail involves an attempt to legally enforce a rollback of the Nano (formerly Raiblocks) block-lattice network to reclaim tokens which were lost due to software vulnerabilities. It is hard to envisage an outcome whereby a legal pronouncement is made which carries sufficiently global or borderless jurisdiction to coerce large constituencies of a network to behave contra to their incentives. Most likely this would trigger a factional network disintegration event [56]. Hypothesising more broadly, as the canon of forkonomy expands to include new and emergent phenomena there may develop further aesthetic disciplines with which to codify, classify and characterise trust-minimised network partitions in all their forms. As with celestial outcomes, the interplay of enthalpy and entropy could provide a generalised basis for modelling the fate of cryptocurrency networks and further work is underway in this area. Moving from the ontological and observational basis presented here as forkonomy (by analogy with astronomy) and forkonomics (by analogy with economics), epistemological treatises may be considered [57] and philosophical approaches . forkology forkosophy Acknowledgements Thanks to numerous esteemed colleagues for proof-reading, comments and corrections. References 1. List of Linux Distributions, Wikipedia. . Last accessed 10 August 2018. https://en.wikipedia.org/wiki/List_of_Linux_distributions 2. Nakamoto, S. (2008) Bitcoin: A Peer-to-Peer Electronic Cash System. http://bitcoin.org/bitcoin.pdf. 3. Delgado-Segura, S., Prez-Sol, C., Navarro-Arribas, G., and Herrera-Joancomart, J. (2017) Analysis of the Bitcoin UTXO set. IACR Cryptology ePrint Archive, 1095. https://eprint.iacr.org/2017/1095.pdf 4. BCH Node Status, Coin Dance. Last accessed 10 August 2018. https://cash.coin.dance/nodes#nodeVersions. 5. Metcalfe, B. (2013) Metcalfe’s Law after 40 Years of Ethernet. In: Computer, vol. 46, no. 12, 26–31. https://doi.org/:10.1109/MC.2013.374. 6. Bonneau, J. (2018) Hostile Blockchain Takeovers. In Bitcoin ’18: Proceedings of the 5th Workshop on Bitcoin and Blockchain Research. 7. Mark, D., Zamfir. V., and Sirer, E. G. (2016) A Call for a Temporary Moratorium on The DAO, http://hackingdistributed.com/2016/05/27/dao-call-for-moratorium. 8. BitMEX Research (2018) Revisiting The DAO, https://blog.bitmex.com/revisiting-the-dao. 9. Buterin, V. (2017) Notes on Blockchain Governance, https://vitalik.ca/general/2017/12/17/voting.html. 10. van Wirdum, A. (2016) Ethereum Classic Community Navigates a Distinct Path to the Future, . https://bitcoinmagazine.com/articles/ethereum-classic-community-navigates-a-distinct-path-to-the-future-1471620464/ 11. Conner, E. (2018) EIP 1234: A Case For Ethereum Block Reward Reduction in Constantinople, . https://medium.com/@eric.conner/a-case-for-ethereum-block-reward-reduction-in-constantinople-eip-1234-25732431fc77 12. Ethereum Uncle Rates, Etherscan. Last accessed 10 August 2018. https://etherscan.io/chart/uncles. 13. Eyal, I., and Sirer, E. G. (2014) Majority is Not Enough: Bitcoin Mining is Vulnerable. In International Conference on Financial Cryptography and Data Security, 436–454. Springer, Berlin, Heidelberg. 14. Grunspan, C., and Perez-Marco, R. (2018) On Profitability of Selfish Mining. IACR Cryptology ePrint Archive, 1805. 15. Bitcoin Empty Blocks Blockchair. Last accessed 10 August 2018. https://blockchair.com/bitcoin/blocks?s=size(asc). 16. Monacoin Block Explorer. Last accessed 10 August 2018. https://bchain.info/MONA/. 17. Nayak K., Kumar, S., Miller, A., and Shi, E. (2016) Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack. IEEE European Symposium on Security and Privacym 305–320. EuroS&P, Saarbrucken. https://doi.org/:10.1109/EuroSP.2016.32 18. Zhang, R., and Preneel, B. (2017) Publish or Perish: A Backward-compatible Defense against Selfish Mining in Bitcoin. In Cryptographers’ Track at the RSA Conference, 277–292. Springer, Cham. 19. Miller, A. (2013) Feather-forks: enforcing a blacklist with sub-50% hash power. Last accessed 10 August 2018. https://bitcointalk.org/index.php?topic=312668.0. 20. Hacken (2017) The Rush for Hashpower. Last accessed 10 August 2018. https://hacken.io/wp-content/uploads/The-Rush-for-Hashpower.pdf. 21. Sclavounis, O. (2017) Understanding Public Blockchain Governance, https://www.oii.ox.ac.uk/blog/understanding-public-blockchain-governance 22. BitMEX Research (2018) Covert versus overt AsicBoost, https://blog.bitmex.com/graphical-illustration-of-a-bitcoin-block 23. Hilliard, J. (2017) BIP91, Last accessed 10 August 2018. https://github.com/bitcoin/bips/blob/master/bip-0091.mediawiki. 24. Ver, R. (2018) Why I Think Bitcoin Cash is Bitcoin, https://www.yours.org/content/why-i-think-bitcoin-cash-is-bitcoin-6cb2dda7ca08 25. O’Hagan, A. (2016), The Satoshi Affair, https://www.lrb.co.uk/v38/n13/andrew-ohagan/the-satoshi-affair 26. Castor, A. (2018) No Incentive, https://www.coindesk.com/no-incentive-algorand-blockchain-sparks-debate-cryptography-event 27. Poelstra, A. (2016) A Treatise on Altcoins, https://download.wpsoftware.net/bitcoin/alts.pdf 28. Kiayias, A., Miller, A., and Zindros, D. (2018) Non-interactive Proofs of Proof-of-work. IACR Cryptology ePrint Archive, https://eprint.iacr.org/2017/963.pdf 29. Decred Politeia Github, Last accessed 10 August 2018. https://github.com/decred/politeia. 30. Crystal Blockchain Analytics, Last accessed 10 August 2018. https://crystalblockchain.com. 31. Sayres, N. (2018) Bitmain Faces New Accusations of Secret Mining, . Last accessed 10 August 2018. https://hacked.com/bitmain-faces-new-accusations-of-secret-mining/ 32. BitMEX Research (2018) New Ethereum Miner Could be a Game Changer, Last accessed 10 August 2018. https://blog.bitmex.com/nextstageinmining. 33. Daian, P. (2018) Anti-ASIC Forks Considered Harmful, Last accessed 10 August 2018. https://pdaian.com/blog/anti-asic-forks-considered-harmful. 34. Wilmoth, J. (2018) Manufacturer Holds CryptoNight ASIC Firesale after Monero Hard Forks, Last accessed 10 August 2018. https://www.ccn.com/manufacturer-holds-cryptonight-asic-firesale-after-monero-hard-forks. 35. Source: Bitinfocharts, Last accessed 10 August 2018. https://bitinfocharts.com/comparison/monero-hashrate.html. 36. Vorick, D. (2018) The State of Cryptocurrency Mining, . Last accessed 10 August 2018. https://blog.sia.tech/the-state-of-cryptocurrency-mining-538004a37f9b 37. Lombrozo, E. (2017) Speech at Breaking Bitcoin Conference, https://www.youtube.com/watch?v=0WCaoGiAOHE 38. Biryukov, A., and Khovratovich, D. (2016) Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem. https://eprint.iacr.org/2015/946 39. Bitcoin Private Whitepaper, Last accessed 10 August 2018. https://btcprivate.org/whitepaper.pdf. 40. Bitcoin Block 500439, Source: Blockchair Explorer, Last accessed 10 August 2018. https://blockchair.com/bitcoin/block/500439. 41. Ammous, S. (2018) The Bitcoin Standard: The Decentralized Alternative to Central Banking. John Wiley & Sons. 42. Let’s talk about ASIC mining, Zcash Forum, Last accessed 10 August 2018. https://forum.z.cash/t/let-s-talk-about-asic-mining/27353. 43. Source: OnChainFX, Last accessed 10 August 2018. https://onchainfx.com/asset/zclassic. 44. Source: MiningSpeed Pool Monitor, Last accessed 10 August 2018. https://pool.miningspeed.com. 45. Source: PoW 51% Attack Cost, Last accessed 10 August 2018. https://www.crypto51.app. 46. Wong, J. I., Bitcoin cash could lead to bitcoin “death spiral”, Quartz, https://qz.com/1127817/bitcoin-cash-bch-price-could-lead-to-bitcoin-death-spiral 47. Source: Blockchair, Last accessed 10 August 2018. http://www.blockchair.com. 48. Source: BCH Doublespend Monitor, Last accessed 10 August 2018. http://doublespend.cash. 49. Judmayer, A., Zamyatin, A., Stifter, N., Voyiatzis, A. G., and Weippl, E. (2017) Merged Mining: Curse or Cure? In Data Privacy Management, Cryptocurrencies and Blockchain Technology, 316–333. Springer, Cham. 50. Delayed Proof of Work Whitepaper, https://github.com/SuperNETorg/komodo/wiki/Delayed-Proof-of-Work-(dPoW)-Whitepaper 51. Casper Ethereum Github, Last accessed 10 August 2018. https://github.com/ethereum/casper. 52. Griffith, V., and Buterin, V. (2017) Casper the Friendly Finality Gadget, https://arxiv.org/pdf/1710.09437.pdf 53. Mazur, M. (2016) ECP1017, Last accessed 10 August 2018. https://github.com/ethereumproject/ECIPs/pull/20/files. 54. Sztorc, P. (2017) Fork Futures (via the Exchanges), http://www.truthcoin.info/blog/fork-futures/ 55. Zamyatin, A., Stifter, N., Judmayer, A., Schindler, P., Weippl E., and Knottenbelt W. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In Bitcoin ’18: Proceedings of the 5th Workshop on Bitcoin and Blockchain Research. 56. Gordon, S. (2018) Nano Team Target of Cryptocurrency Class Action Lawsuit, https://bitcoinmagazine.com/articles/nano-team-target-cryptocurrency-class-action-lawsuit/ 57. Antonopoulos, A. M. (2017) Forkology: A Study of Forks, https://www.youtube.com/watch?v=rpeceXY1QBM. Thanks for reading. Before you go! If you found this essay interesting please do 👏 and share it where you can. Remember, you can clap up to 50 times — it really makes a big difference for visibility and warm fuzzy feelings. Y’all welcome to come hang out at and on . www.pllel.com Twitter