I haven’t written much about them here yet, but there are a large number of cryptocurrencies which are not Bitcoin. But it’s an interesting topic, and I think it’s an important one. So I’m kicking off a series of articles I’m calling “Cryptocurrency 101″ starting here.
Mostly, I think the alternate cryptocurrencies are unlikely to succeed. Bitcoin has a strong network effect, in that it has more holders and more people accept it. A different cryptocurrency has to have greater utility than Bitcoin, and it has to achieve that without starting with that particular advantage. So all of these alternate cryptocurrencies, or “altcoins” as they’re called, have a pretty severe uphill fight in front of them. In the long run, we will have something better than Bitcoin. But that’s not a reason to believe in an alt, because that better thing is at least as likely to be developed from the current implementation of Bitcoin as from any of these altcoins. So I’m not an optimist about any particular altcoin.
But then, when I first heard of Bitcoin, I was reviewing its crypto code, it hadn’t even launched yet and I already wasn’t terribly optimistic about its chances. I guess I’m not a terribly optimistic guy; I could have mined it from the beginning, but instead I bought in much later, and got a much smaller number of coins.
Altcoins, in their quest for a niche Bitcoin doesn’t serve, need a fair number of alterations from the Bitcoin codebase. One of these variations is that alternate cryptocurrencies must use a different difficulty adjustment algorithm for their hashing. A cryptocurrency in general uses hashing as a “proof of work”, or a way for people to demonstrate that a limited resource (in this case computing power) has been committed to extending a particular view of what the consensus history ought to be. It doesn’t really matter what this resource is, but the fact that it’s a limited resource is a guarantee that it hasn’t also been committed to extending a different view of what the consensus history ought to be, which prevents certain kinds of cheating.
This is a pretty crucial aspect of the Nakamoto protocol. We use hashing to frame a problem. One input to this problem is a random number which we pick. The other input is our desired extension to the blockchain. The odds of a particular hash being a solution to the problem are very very small, but people try different hashes until somebody finds one that solves the problem. Whoever found it, gets to add her new block to the blockchain, which means she gets to write herself a “coinbase” transaction where she gets paid some coins.
This is how the Nakamoto protocol tries to ensure that there is only one view of consensus history; the requirement to solve a hash problem, and the automatic adjustment to make sure only one solution is found every few minutes, limits the rate at which potentially conflicting additions to consensus history can be proposed. A block usually has time to be accepted and agreed on before a conflicting block is found, and when disagreements arise, any imbalance in acceptance rapidly snowballs into complete acceptance of one or the other.
The agreement mechanism is simply the application of hashing power – extending the blockchain including the most recent block found. If you try to extend a blockchain from a previous block (ie, if you try to find a conflicting block) peers who have already accepted the new block will ignore you. And if someone else who has accepted the new block finds another block based on it, they won’t ignore him – so trying to produce a conflicting block is a waste of effort. It’s always better, meaning more profitable, to try to extend the most recent block found if you’re an honest miner (I’ll write more about dishonest mining later).
As I write this, Bitcoins are worth about $650 and the reward for solving a block on the Bitcoin chain is 25 coins. That amounts to over sixteen thousand dollars per block. Which means people are willing to pay any amount up to about sixteen thousand dollars in order to solve a Bitcoin block. And one of these blocks comes along every ten minutes on average. So there are entire multimillion dollar installations built, stocked with special-purpose chips and fed with massive cables from the local power utility, just to solve hashes on Bitcoin blocks. And, worldwide, about sixteen thousand dollars is actually getting spent for each Bitcoin block solved.
But that hardware is out there, and what else can people do with it? Well, they can solve altcoin blocks instead. And, for altcoins that use the same SHA256D hashing algorithm as Bitcoin, some number of them do exactly that. At any given moment, the amount of this hashing infrastructure devoted to any altcoin is proportional to the real-money value of its block rewards per minute.
So, something whose blocks are one one-thousandth as valuable as Bitcoin’s blocks can expect that one one-thousandth as much hashing power will be devoted to trying to solve each of its blocks. Very roughly. In practice, that hashing power is allocated in big chunks, often larger than the entire hashing power currently working on blockchain of any of the smaller alternate cryptocurrencies. The people doing the allocation do not consult each other; often several different “hash farms” will spot something that is the “most profitable coin to mine” and jump on it all at once. And later when the difficulty adjustment has adjusted for their presence, it’ll no longer be the most profitable coin to mine, so they all jump off again.
Finally, there’s necessarily a delay in time between application of hashing power and adjustment of difficulty to the new hashing power. When combined with the fact that the people who allocate the hashing power react in realtime, that delay can be crippling.
This presents alternate cryptocurrencies with a difficulty that Bitcoin itself doesn’t face. Bitcoin’s hour to hour and day to day variance in hashing power is small; it varies according to how many SHA256 ASICs have been produced and, somewhat, according to the cost ratio of electricity to Bitcoins wherever the biggest ASIC farms are operating. Bitcoin doesn’t have to worry about huge variances, because it dominates the value of cryptocurrency produced per minute to such an extent that it can treat the hashing power allocated to alternate SHA256D cryptocurrencies as “noise”. So Bitcoin’s difficulty adjusts every two weeks approximately, and usually by a fairly small amount.
But for a different cryptocurrency, the hour to hour and day to day variance can be huge. Let’s say you’re looking at FictionalCoin, a fictional cryptocurrency that’s using SHA256D hashing and the same difficulty adjustment mechanism as Bitcoin. But FictionalCoins are worth only a dime each, so you expect, on average, a bit less than two dollars and fifty cents worth of resources to be devoted to finding each FictionalCoin block and earning twenty-five FictionalCoins. Because the FictionalCoin developer didn’t change anything from the Bitcoin code, FictionalCoin is trying to achieve ten-minute blocks and on every 2016th block it adjusts the difficulty of its hashing problems.
So let’s say that a FictionalCoin fan just plugged in a nice new ASIC miner and pointed it at FictionalCoin hashing, singlehandedly tripling the amount of hashing power devoted to it (one person having more than half the hashing power is also a problem, but more on that later…). This doesn’t immediately affect the ratio of return per hashing effort invested; for a couple of days, FictionalCoin just produces blocks three times as fast. Then Fictionalcoin hits an adjustment. Because blocks have been coming three times as fast, it triples the difficulty adjustment to get back to ten minute blocks. As a result, FictionalCoin is now producing one third the number of blocks per gazillion hashes.
And that means it is suddenly producing one-third the value per unit of hashing resources invested. Which in turn means is that there are now some much more profitable things for the miners to do with their hashing rigs. So miners, let’s say 90% of them anyway, abandon Fictionalcoin, pointing their rigs at more profitable offerings. FictionalCoin is now facing about one-tenth the hashing power it just calibrated for, and goes from producing blocks about three minutes apart to producing blocks about an hour and forty minutes apart. And it has to get two weeks’ worth of blocks before it adjusts again. That’ll take five months at this new rate. If the few remaining miners are diehard enough to hang on for five months, while getting one-third what they could get by pointing their hashing rigs somewhere else, Fictionalcoin will reach another difficulty adjustment. Whereupon the difficulty goes down by a factor of ten, trying to get back to ten minute blocks.
Fictionalcoin, assuming its price hasn’t changed, is now producing about triple the average amount of return per hashing effort invested. That rapidly attracts the attention of a horde of miners who are always looking for the most profitable altcoin to mine, and mining effort goes up by a factor of a hundred! (to about ten times the level FictionalCoin had at the start of this scenario). This rate has one of those nominally ten-minute blocks coming out every six seconds or thereabouts. That makes our two-week adjustment period fly by in less than four hours.
And so on… This pattern of always adjusting difficulty to the mining activity over a past period, and then having miners adjust to the difficulty presented in realtime, turns into a severe positive feedback loop for an alt having a value that’s small compared to the value of Bitcoin.
Now, it isn’t quite as bad as I described above, because there’s a limit to how big an adjustment can happen each period. But those very limits make other problems possible. For example, if for whatever reason the price of FictionalCoin triples, or falls to one third its previous value, in the course of two weeks (which is not at all unlikely, volatile small issues being what they are), a limited adjustment that doesn’t allow FictionalCoin to more than double or halve its difficulty will not make the hashing power allocated proportional to the value of the block, and the remaining imbalance will continue to elicit miner reactions that drive nonlinear adjustments in following adjustment periods.
Anyway, for this reason, every surviving altcoin, without exception, has changed the difficulty adjustment algorithm from Bitcoin in major ways. They must, or else the nonlinearity of miners’ reallocations of power will destroy them. All adjust difficulty using block time averages from much shorter sequences of blocks; many adjust difficulty literally every block. Some, in fact, have gone to the ultimate extreme of adjusting difficulty literally every block, based on no input at all except the most recent block interval.