BIS Blasts Cryptos in Special Report - "Beyond the Hype"
The issuer can be a central bank, a bank or nobody, as was the case when money took the form of a commodity.
Its form can be physical, e.g. a metal coin or paper banknote, or digital. It can be widely accessible, like commercial bank deposits, or narrowly so, like central bank reserves.
A last property regards the transfer mechanism, which can be either peer-to-peer, or through a central intermediary, as for deposits.
Money is typically based on one of two basic technologies: so called "tokens" or accounts.
Token-based money, for example banknotes or physical coins, can be exchanged in peer-to-peer settings, but such exchange relies critically on the payee's ability to verify the validity of the payment object - with cash, the worry is counterfeiting.
By contrast, systems
based on account money depend fundamentally on the ability to verify
the identity of the account holder.
First, they are digital, aspiring to be a convenient means of payment and relying on cryptography to prevent counterfeiting and fraudulent transactions.
Second, although created privately, they are no one's liability, i.e. they cannot be redeemed, and their value derives only from the expectation that they will continue to be accepted by others. This makes them akin to a commodity money (although without any intrinsic value in use).
And, last, they allow for
digital peer-to-peer exchange.
Digital information can be reproduced more easily than physical banknotes. For digital money, solving the double-spending problem requires, at a minimum, that someone keep a record of all transactions.
Prior to cryptocurrencies,
the only solution was to have a centralized agent do this and verify
An up-to-date copy of the entire ledger is stored by each user (this is what makes it "distributed").
With a distributed
ledger, peer-to-peer exchange of digital money is feasible: each
user can directly verify in their copy of the ledger whether a
transfer took place and that there was no attempt to double-spend.
The ledger recording transactions can only be changed by a consensus of the participants in the currency: while anybody can participate, nobody has a special key to change the ledger.
The concept of permissionless cryptocurrencies was laid out for the case of Bitcoin in a white paper by an anonymous programmer (or group of programmers) under the pseudonym Satoshi Nakamoto, who proposed a currency based on a specific type of distributed ledger, the "blockchain".
The blockchain is a distributed ledger that is updated in groups of transactions called blocks. Blocks are then chained sequentially via the use of cryptography to form the form the blockchain.
This concept has been
adapted to countless other cryptocurrencies.
This is mathematical evidence that a certain amount of computational work has been done, in turn calling for costly equipment and electricity use. Since the proof-of-work process can be likened to digging up rare numbers via laborious computations, it is often referred to as mining.
In return for their
efforts, miners receive fees from the users - and, if specified by
the protocol, newly minted cryptocurrency.
If a ledger update includes an invalid transaction, it is rejected by the network and the miner's rewards are voided.
The verification of all
new ledger updates by the network of miners and users is thus
essential to incentivise miners to add only valid transactions.
Yet delivering on his promise hinges on a set of assumptions:
Understanding these assumptions is important, for they give rise to two basic questions regarding the usefulness of cryptocurrencies.
First, does this
cumbersome way of trying to achieve rust come at the expense of
efficiency? Second, can trust truly and always be achieved?
Put in the simplest
terms, the quest for decentralized trust has quickly become an
environmental disaster. [Mish Comment: The Lead-In Graph]
The shortcomings of cryptocurrencies in this respect lie in three areas:
First, cryptocurrencies simply do not scale like sovereign moneys.
At the most basic level, to live up to their promise of decentralized trust cryptocurrencies require each and every user to download and verify the history of all transactions ever made, including amount paid, payer, payee and other details.
With every transaction adding a few hundred bytes, the ledger grows substantially over time. For example, at the time of writing, the Bitcoin blockchain was growing at around 50 GB per year and stood at roughly 170 GB.
Thus, to keep the
ledger's size and the time needed to verify all transactions (which
increases with block size) manageable, cryptocurrencies have hard
limits on the throughput of transactions (Graph V.4, centre panel).
To process the number of digital retail transactions currently handled by selected national retail payment systems, even under optimistic assumptions, the size of the ledger would swell well beyond the storage capacity of a typical smartphone in a matter of days, beyond that of a typical personal computer in a matter of weeks and beyond that of servers in a matter of months.
But the issue goes well beyond storage capacity, and extends to processing capacity: only supercomputers could keep up with verification of the incoming transactions.
communication volumes could bring the internet to a halt, as
millions of users exchanged files on the order of magnitude of a
Once the number of incoming transactions is such that newly added blocks are already at the maximum size permitted by the protocol, the system congests and many transactions go into a queue.
With capacity capped, fees soar whenever transaction demand reaches the capacity limit (Graph V.5 below).
And transactions have at times remained in a queue for several hours, interrupting the payment process. This limits cryptocurrencies' usefulness for day-to-day transactions such as paying for a coffee or a conference fee, not to mention for wholesale payments.
Thus, the more people use a cryptocurrency, the more cumbersome payments become. This negates an essential property of present-day money: the more people use it, the stronger the incentive to use it.
The second key issue with cryptocurrencies is their unstable value (Graph V.6 below).
This arises from the absence of a central issuer with a mandate to guarantee the currency's stability. Well run central banks succeed in stabilizing the domestic value of their sovereign currency by adjusting the supply of the means of payment in line with transaction demand.
They do so at high
frequency, in particular during times of market stress but also
during normal times.
The third issue concerns the fragile foundation of the trust in cryptocurrencies.
This relates to uncertainty about the finality of individual payments, as well as trust in the value of individual cryptocurrencies.
In mainstream payment systems, once an individual payment makes its way through the national payment system and ultimately through the central bank books, it cannot be revoked.
In contrast, permissionless cryptocurrencies cannot guarantee the finality of individual payments.
One reason is that although users can verify that a specific transaction is included in a ledger, unbeknownst to them there can be rival versions of the ledger.
This can result in
transaction rollbacks, for example when two miners update the ledger
almost simultaneously. Since only one of the two updates can
ultimately survive, the finality of payments made in each ledger
version is probabilistic.
One cannot tell if a strategic attack is under way because an attacker would reveal the (forged) ledger only once they were sure of success.
This implies that finality will always remain uncertain. For cryptocurrencies, each update of the ledger comes with an additional proof-of-work that an attacker would have to reproduce.
Yet while the probability
that a payment is final increases with the number of subsequent
ledger updates, it never reaches 100%.
In this way, a cryptocurrency can split into two subnetworks of users.
While there are many recent examples, an episode on 11 March 2013 is noteworthy because - counter to the idea of achieving trust by decentralized means - it was undone by centralized coordination of the miners.
On that day, an erroneous software update led to incompatibilities between one part of the Bitcoin network mining on the legacy protocol and another part mining using an updated one.
For several hours, two separate blockchains grew; once news of this fork spread, the price of bitcoin tumbled by almost a third (Graph V.7, right-hand panel). The fork was ultimately rolled back by a coordinated effort whereby miners temporarily departed from protocol and ignored the longest chain.
But many transactions were voided hours after users had believed them to be final.
This episode shows just
how easily cryptocurrencies can split, leading to significant
An even more worrying aspect underlying such episodes is that forking may only be symptomatic of a fundamental shortcoming:
(Graph V.A below) suggests that coordination on how the ledger is updated could
break down at any time, resulting in a complete loss of value.
Frequent episodes of forking may be symptomatic of an inherent problem with the way consensus is formed in a cryptocurrency's decentralized network of miners.
The underlying economic issue is that this decentralized consensus is not unique. The rule to follow the longest chain incentivises miners to follow the computing majority, but it does not uniquely pin down the path of the majority itself.
For example, if a miner believes that the very last update of the ledger will be ignored by the rest of the network of miners, it becomes optimal for the miner to also ignore this last update.
And if the majority of miners coordinates on ignoring an update, this indeed becomes a new equilibrium.
In this way, random equilibria can arise - and indeed frequently have arisen, as indicated by forking and by the existence of thousands of "orphaned" (Bitcoin) or "uncle" (Ethereum) blocks that have retroactively been voided.
regarding the robustness of the decentralized updating of the
blockchain relate to miners' incentives to strategically fork
whenever the block added last by a different miner includes high
transaction fees that can be diverted by voiding the block in
question via a fork.
A recent non-profit example is the case of the World Food Program's blockchain-based Building Blocks system, which handles payments for food aid serving Syrian refugees in Jordan.
The unit of account and ultimate means of payment in Building Blocks is sovereign currency, so it is a "cryptopayment" system but not a cryptocurrency.
It is also centrally controlled by the World Food Program, and for good reason: an initial experiment based on the permissionless Ethereum protocol resulted in slow and costly transactions.
The system was
subsequently redesigned to run on a permissioned version of the
Ethereum protocol. With this change, a reduction of transaction
costs of about 98% relative to bank-based alternatives was achieved.
The BIS says,
may be some trust in central banks, but that trust is misplaced.