From Oct 2-3, 2017, Blockchain at Berkeley is hosting the first Cryptoeconomics Security Conference. Day one was filled with discussions of consensus algorithms, mining incentives, and potential scaling solutions.
At 9:00 a.m., the day began with a heartfelt keynote speech from Jae Kwon, founder and CEO of Tendermint/Cøsmos. Kwon preached the importance of developing modular blockchain infrastructure rather than repeatedly building full stack solutions from scratch. This is like the invention of the assembly line. By standardizing and manufacturing parts that can fit together, you don't need to rely on a single specialist for the entire production process. Interchangeable components enable testing in consistent environments, thereby enabling steady progress for all. Kwon also boldly declared that "monetarism is dead," a proclamation that surely made economists uneasy.
In the first presentation of the day, Jordan Earls, co-founder of Qtum (pronounced "Quantum") gave an overview of the economics of fees and gas. He briskly explained that data storage methods fall into four categories: external, internal, storage, and transactions. Depending on how frequently a person accesses a given piece of data and how often a person modifies its information, different storage classes are more economical. In some cases, unfortunately, the current incentive structure is completely broken. For example, at times, it can be more expensive to measure the cost of gas than to simply execute a transaction.
MIT professor Silvio Micali gave the most visually appealing presentation of the day, a PowerPoint filled with quirky animations and cartoons. A career cryptographer and recipient of the Turing Award, the Gödel Prize, and the RSA prize, Micali discussed "ALGORAND," which he deemed a "truly distributed ledger." Blockchain consensus algorithms, he suggested, ought to use a decentralized lottery system to select consensus committees. This model would significantly address many of the "technical problems" affiliated with current technology, including electricity and fees, mining pools, corruption vulnerability, scalability, ambiguity (due to forks), and latency.
"Player replaceability" is the key feature of his theoretical model, which makes it virtually impossible to corrupt the members of the consensus committee. Every "round" there would be a new set of committee members, so coordinating an attack would be close to impossible – and bribery just wouldn't be feasible.
Micali pronounced that most people in society are honest. "How else would we have societies?" he asked. Nonetheless, Micali insisted, it would be "insane" to not prepare for the worst. He might be an engineering professor, but these words were spoken like a true economist.
Micali was followed by one of his protégés, Rafael Pass, now an associate professor at Cornell. Pass spoke of "Thunderella," a proposal for a rapid and scalable blockchain that can apparently alternate between fast and slow modes depending on whether a designated leader was suspected of falsifying a transaction. His proposal appears to streamline the process by enabling proxies, but defaults to the regular blockchain protocol if there is doubt about a transaction's veracity.
Next up was Sinclair Davidson, professor of institutional economics at RMIT University in Australia. Tokens, he said, are rules-based and asset-specific. They exist at the intersection of debt and equity, and in his view, ICOs (also called token offerings) ought to be treated like IPOs (initial public offerings). Australia has been far ahead of the curve in establishing regulatory standards, so Davidson offered tremendous insight into the potential regulatory treatment of tokens. This morning, in a conversation with Sinclair, he explained to me that one of the major obstacles to blockchain adoption and development is the lack of certification programs. At RMIT, he is working with colleagues Jason Potts and Chris Berg to develop a blockchain course. They recently received approval and funding for a 15-hour online course, with five 3-hour modules appropriately called "blocks."
In "Escrow Protocols for Cryptocurrencies," Princeton PhD student Steven Goldfeder examined purchasing physical assets with cryptocurrency. Ensuring that a customer receives a good and that the merchant receives payment is a difficult problem. As Goldfeder explained, in cryptocurrency, "payments are irreversible, so escrow is a necessity." He surmised that decentralized currency "does not equal" decentralized commerce.
The issues that you face with an escrow system are manifold. For one, there is the issue of blatant theft (i.e., a merchant simply takes off with the customer's cash). Then, there's the possibility of a denial of service (DOS), wherein nobody actually gets the money. It's virtually locked up forever, kind of like sending cryptocurrency to the wrong address. For all intents and purposes, the customer's cash is lost forever. Ultimately, the protocol that Goldfeder explored is a kind of "encrypt and swap," which only introduces a mediator when there is a dispute.
Following a brief lunch, attendees reconvened for discussions on mining pools and attack vectors. Yoad Lewenberg, a PhD student at The Hebrew University of Jerusalem, spoke about incentive structure for mining pools, and when actors might have incentives to form alliances or cheat on agreements. Then, Ratul Saha, a PhD student at the National University of Singapore made a presentation on the potential for block withholding attacks.
Ryan Zurrer, a venture partner at Polychain Capital, was up next. He discussed the "network effect" of tokens, suggesting that financiers and capitalists will see value propositions in controlling network applications themselves. His description seemed to convey the idea of placing a massive bet on potential without a clear definition of underlying value. He called these tokens "keepers," and suggested that keepers should be separate from the actual application tokens (those that are used to pay for and use the platform). Perhaps, Zurrer suggested, these "keeper" tokens could gain value because of simple belief and speculation.
One of the most exciting – though thoroughly complex – talks was by Alessandro Chiesa, co-founder of Zcash and an assistant professor in UC Berkeley's EECS department. Chiesa spoke of the "deanonymization" of bitcoin, as evidenced by tales like Silk Road. By now, it should be obvious that bitcoin transactions are completely public. Through Zcash, which recently had its first confirmed transaction on the Ethereum Ropsten testnet, it's possible to conceal transaction data, including the sender, receiver, and amount. The trick is in destroying coins and minting new ones, which are given as payment to the receiver. It relies on a lot of convoluted mathematics, but what it boils down to is that using public and private keys, in conjunction with this minting system, it's possible to prevent double spending and linking of transactions. It appears that Zcash faced many obstacles throughout its development, including the barrier of fixed denominations and how to effectively utilize a serial number system. Ultimately, it's a brilliant concept that relies on zk-SNARKs.
A crowd favorite was Neil Gandal, an energetic professor of economics at Tel Aviv University. As the sun began to fade, Gandal injected the room with life and fervor, enthusiastically gesticulating while urgently conveying the danger of trading bots. Presenting research on MtGox, Gandal explained that Markus and Willy are two trading bots (which were named in chatrooms) that essentially propped up the failing exchange. He conducted regression analysis to determine that bitcoin's price rose by an average of about four percent per day when these bots were active, but the price of bitcoin remained basically unchanged on days when the bots were inactive. Gandal described it as a perfect natural experiment.
The most frightening part of Gandal's presentation was the implication that the same sort of activity might be happening right now. As the price of bitcoin leaps past $4,000 it's fair to wonder whether trading bots are at play once again. The price graphs from Gandal's presentation certainly seemed to indicate as much – though he declined to provide such an assessment himself. As bitcoin futures and options cross into the mainstream, the incentives for price manipulation might grow higher still, so even greater volatility could be possible.
As an economist, I was drawn in by Gandal's work for two reasons. First, he did an excellent job of constructing his independent/dummy variables (Willy, Markus, DDoS, Day After DDoS, and Other). And second, I was impressed by his analysis of prices in percentages rather than strict numbers. This means that he was able to evaluate the impact of the trading bots without getting mired in the actual prices themselves. He even addressed a question from an audience member about analyzing the logarithm of price data, which would provide a clearer picture of price manipulation than the actual prices themselves. Overall, Gandal's work was tremendously impressive – even if it mostly focused on events from 2013. The data he examined is entirely in the public domain, but the sheer difficulty of analysis makes his study very notable. Gandal closed by announcing that he and his colleagues will soon undertake similar analyses for many other coins.
In all, the first day of the Cryptoeconomics Security Conference was a whirlwind of algorithms and incentives. Regulators brushed shoulders with cryptocurrency hedge fund managers, and aspiring traders probably learned more about the detailed layers of blockchain technology than they anticipated. With a collection of academics and industry experts, Blockchain at Berkeley put together a fantastic group of speakers, and the high-level discussion was intoxicating. The world's most brilliant minds are working together, arguing together, and achieving together. And that is a sign of great things to come.
Be sure to read tomorrow's recap from day 2 of CESC2017!