University College Oxford Blockchain Research Centre

My Views on Cryptocurrencies

It is easy to argue that blockchains and cryptocurrencies go together like strawberries and cream. Blockchains provide a nice solution to the double spending problem that is fundamental to digital assets and currency: how can we stop someone that has a digital token spending it twice: after all, unlike a banknote, it is easy to copy a string of bits. So if you want to hold cash in a distributed digital setting a blockchain implementation is ideal. If the community needs to pay people to perform tasks such as mining and maintaining a blockchain, it is much cheaper (I.e. free) to do this by minting a new currency rather than having to pay with real pounds, euros, yen or dollars. A cynic might hold this up as a perfect illustration of the old adage that “bad money drives out good”.

Blockchains are held up as an ideal distributed platform for maintaining records with integrity in a way that is publicly open and visible, all the more so in a public context where no organisation or small clique of organisations can dominate it. It can be seen to be managed with high integrity.

They come in two basic varieties

  • A private blockchain is one where block creation is a fully permissioned activity: it can only be done by a relatively closed community who generally take managing the structure as part of their duty. These do not create or require cryptocurrencies. Many applications that depend on them can be criticised for not really requiring a blockchain at all: for a private blockchain to make sense there cannot be a single party who is trusted to maintain the data records by everyone. They can also be criticised for being dominated by what might be seen as a clique. They may find it difficult to evolve or become heterogeneous.
  • A public blockchain is one where block creation is a free for all. Nodes have to be motivated to create them correctly and to check the correctness of others’ work. Given that we cannot control the motivation of those who choose to do the work, it is generally agreed that a way of choosing them and motivating correct mining is essential. These schemes usually involve a cryptocurrency. They either motivate (correct) mining as in proof of work or divide up the duty to mine as in proof of Stake.

The users of a blockchain need to trust it. The beauty of a good mining model is that incentivises good behaviour, not least because if some demonstrably bad mining is done it will not be accepted. The key word here is “demonstrably”: mining is done in the open and everything relevant to it is also there for all to see, except perhaps the real identity of the responsible party.

Aside from this, the crucial features of mining models are

  1. They ensure that mining is motivated so that good players want to do it.
  2. They ensure that block formation happens at about the right rate: in particular it prevents the chaos that would result from too many and probably overlapping blocks.
  3. They achieve a fair selection mechanism for who gets to mine the next block, where “fair” means according to published criteria.

The state of the nation

It is unreasonable to have expected that those who demonstrated the practicality of blockchain would anticipate everything that would happen to them, or align what they were doing with the many “for the good of society” use cases that would be attached aspirationally to their creations. Proof of Work was invented as a very clever way to avoid having to actually collect micro payments in a context (spam prevention) where having to pay was much more important than collecting the money. It satisfies all the objectives above, when coupled with successful miners being rewarded. Unfortunately this experiment has grown because of its sheer success and become an energy consuming monster. We need an alternative that is acceptable to the community in terms of attractiveness and security, and which does not waste a precious commodity like energy.

Cryptocurrencies arise from mining models like proof of work. It is not surprising that the idealistic designers of such currencies wanted to make them anonymous (like the owners and users of actual banknotes) and free of national boundaries. They would, for example, appeal to those living in restrictive jurisdictions that prevented money being moved freely. It is telling that in the present day governments frequently limit the scale of cash transactions: when I bought my present car in 2017 I was told by the dealer that I was not allowed to pay more than £8,000 of the price in cash. Not that I wanted to pay any of it this way.

Anonymity of ownership and transactions is also highly desirable as a consequence of the very openness of blockchains. Since ownership and transactions are, as data, publicly visible, and not many people would willingly expose all their dealings to the public gaze, it is natural that people use multiple anonymous identities to hold and trade their assets. Thus anyone can see that there is someone who has assets X, but no-one else knows it is me. This privacy is greatly enhanced by my holding of other assets in further names, as transactions are not publicly linked.

It is regrettable that this anonymity made cryptocurrencies attractive to various criminal fraternities, whether for trading in narcotics and weapons, money laundering or extracting ransom payments. It is yet more regrettable that some developing cryptocurrencies have sought to facilitate enhanced privacy and anonymity despite their knowledge of this behaviour. We might note that the PoW model has also frequently led to the theft of other people’s computing resources for mining.

But there is nothing inevitable about blockchains permitting the holding and transfer of assets to be done anonymously. I believe that to encourage mainstream use of public blockchains it is essential that Know Your Customer, or KYC, Technology is incorporated. I will discuss the potential mechanisms for this later. The rationale for including it is as follows:

  1. It makes individuals accountable for their assets and transactions, though we would generally allow these to remain anonymous except in special circumstances discussed below.
  2. Consequently it will discourage criminal use. Plainly mainstream users would prefer not to share a platform with the type of criminal activity discussed above. Such users will further discourage anyone who realises that these also have the right to participate in mining, activities ancillary to mining such as checking and voting, and being available to perform other critical activities individually or as part of a group.
  3. The lack of KYC means that even if a party wants to act openly it does not have an integral mechanism to prove who it is. (Of course we could build in, or use an external, PKI, which it could use to sign its actions.)

If energy consumption and criminal use are two negative qualities of initial generation public blockchains, a third is the behaviour of cryptocurrencies. With little or nothing to tie their value to aside from their use on the dark net, they have become vehicles for speculation. Some attractively pitched ICOs and similar have appeared to be little more than “get rich quick” schemes, and those who speculate either make or lose vast quantities of money based on scant real indicators such as banks’ plans to run exchanges, and an awful lot of rumour and sentiment. If we are to kill off the perception that cryptocurrencies are “bad money” we need to tie them to genuine assets, whether actual piles of dollar bills or gold, or a capitalisation of the the income generating capability of the underlying Blockchain.

Mainstream blockchains

I think the main pros of public blockchains as being

  1. They provide an open platform where the integrity of the past is inviolate: no-one can claim that things were done differently from how they were.
  2. This integrity is established and protected in an open and collective way, preferably by the people and organisations that use it.
  3. It can naturally evolve to take on new and different roles.

However there is no necessity for participants to maintain anonymity. In this sense we differentiate between anonymity, meaning that a regular user cannot tell who is taking some action or vouching for something, and (the opposite of) accountability, which means that some authority can hold a participant accountable for its actions if a crime is detected or if ordered by a court.

Some players might want to remain anonymous, some might wish to be public in everything they do, and some might wish to do some things in public and some not. Why would someone want to do things in public? Because they want, or are mandated, to be completely transparent. A club might want its transactions to be visible, certainly to its members. It might be able to command a higher fee for some action because of who it is: it may be seen as more reliable and trustworthy than someone anonymous, Whether this is true or not, by performing an action in public (whether mining or keeping something secret), if it proves less than 100% reliable it is putting its name at risk.

I advocate a blockchain with KYC for accountability which gives its users the choice of performing some actions in public and some anonymously. Thus it can prove it has some assets publicly without revealing them all or its individual transactions.

For me, a mainstream blockchain is one which has this mixture of anonymous and public behaviour, and which attracts mainstream and essentially trustworthy participants who are prepared to offer services that are enhanced by this behaviour. To achieve this it requires KYC and needs green mining and a stable currency. We will discuss stability later.

The essential quality of a mainstream blockchain is that the typical party, particularly those whose reputations we trust, will be much more trustworthy than those in a typical public blockchain.

KYC

At present this role is carried out by the same party (typically a bank) that will hold your accounts and therefore has oversight of their operation.   Presumably in a blockchain the user does not want to give such power to a bank: otherwise there would be little or no point in using a blockchain.

We believe that in a private or mainstream blockchain the higher degree of general trust enables the job to be split between a bank and the blockchain itself so that there is no unauthorised or improper access to accounts. In other words, while we maintain the rights of financial authorities to oversee things in a proper manner, we ensure that neither they nor anyone else can do so in an improper one.

We also believe that public blockchains can potentially carry out KYC scrutiny themselves, without having a single trusted party like a bank do it. However it is likely that this will be a step too far for the present. Therefore my recommendation for the present is to require a party A wanting to hold assets to obtain a digital KYC identity from an established provider. This provider will establish who A is and create an anonymous identity A’ which it associates with A, and place control of it with A by giving A a secret key for signing for A’ and a certificate of validity of A’. A can then create a set of A” identities. In a detailed paper we will show how these can be reliably attested and remain anonymous until valid reason exists for the links between A’ and A and/or A” and A’.

Economy

The main problem with the dominant cryptocurrencies of the present day is that they are mainly vehicles for speculation, with limited use to establish a proper value for it. With a normal security there are assets underpinning it such as the operations and assets of a company in the case of shares and company bonds, and the general economy and right to raise taxes in the case of national debt and currencies. With most cryptocurrency there is only the confidence in that currency and the expense of creating new coins.

Perhaps the closest traditional asset is gold: it is expensive to mine but it has few practical uses except that people like the look of it and have confidence in it retaining its value. There is no nation state or company underpinning its value. What gold does have is thousands of years of tradition and track record.   Despite this and the vast amount held by central banks (35,000 tonnes or rather more than a trillion dollars) it is subject to speculative swings largely caused by shifts in confidence of the world economy. An example of this took place in 1999-2001 when, with general optimism the perceived safety net of gold had gradually lost its attractions and the price of gold had declined steadily from over $800/oz. The then British finance minister Gordon Brown evidently thought this trend was going to continue and sold 395 tonnes (more than half) of the nation’s gold reserves for an average of about $290/oz   Very shortly afterwards sentiment changed and by 2008 it reached $1000. The nation thus lost billions on this transaction and this local minimum of the gold price has ever after been known as Brown’s bottom.

Further similarities with gold is that neither it nor most cryptocurrencies generate any income, and both need to be kept secure from robbers, which itself leads to inconvenience and cost. Breaking into a bank vault is a very different exercise from stealing bitcoins from an e-wallet or exchange. At the time of writing, based on stories in the media, the latter seems easier.

And yet gold and bitcoin have very different niches in the investment market. Most of all this is because of the way investors think other investors perceive these assets.

I think it makes much more sense to have a cryptocurrency where there is a clear rationale for the value that is a lot more convincing than the cost of mining. After all, if a substance or mineral is expensive to mine it will either not be mined at all, or only as much as people are prepared to pay a very high price for.

It follows that a reasonable fraction of the currency should be spent on services charged in the currency that have an identifiable real-world value. These could be custody, data or escrow, trading charges, charges for running databases or supply chains, providing security services or analysing smart contracts. The WyS mining model is a partial example, because although the payments are in tokens, so are the personal benefits which removes the external ties.

Of course there are blockchains that tie their currencies to external assets, and I have nothing against these. These naturally raise such questions as whether the backing has to be 1:1, who provides the backing, and what happens when the number of tokens in circulation changes? Would the sort of stabilisation mechanisms I suggested for WyS mining result in an amplification of the effect of having backing.

It is clear that one Blockchain with its own tokens can provide an implementation platform for other classes of tokens, just as it can for commodities, traditional securities and fixed assets. However it should really have sufficient liquidity and transactions in its own tokens to create a proper economy.

It is clear to me that there are ample opportunities for making cryptographic tokens into a well founded value system with the characteristics of currency, bonds, or shares.

There are going to be many research opportunities in the economics and legal and regulatory framework for cryptocurrencies as we strive to develop mainstream Blockchains.

Written by

  • Bill Roscoe (University College Oxford Blockchain Research Centre)