BIS Blasts Cryptos in Special Report: "Beyond the Hype"
A Bank of International Settlements (BIS) report examines cryptocurrencies in depth. The study, called "Looking Beyond the Hype" investigates whether cryptocurrencies could play any role as money.
Bloomberg, Reuters, and the Bitcoin Exchange guide all have articles on the report but not one of the bothered to link to it.
After a bit of digging, I found the crypto report is part of an upcoming BIS annual report. The BIS pre-released the crypto report today (as chapter 5).
Here's a link to the page that contains a download for two Pre-Released BIS Chapters, one of them is on cryptos. I provide some snips below.
Note: I start with some lengthy snips that explain in detail how blockchain works.
Cryptocurrencies: Looking Beyond the Hype
- Cryptocurrency technology comes with poor efficiency and vast energy use.
- Cryptocurrencies cannot scale with transaction demand, are prone to congestion and greatly fluctuate in value.
- Overall, the decentralised technology of cryptocurrencies, however sophisticated, is a poor substitute for the solid institutional backing of money.
- The underlying technology could have promise in other applications, such as the simplification of administrative processes in the settlement of financial transactions. Still, this remains to be tested.
The Money Flower: A Taxonomy of Money
The money flower distinguishes four key properties of moneys: the issuer, the form, the degree of accessibility and the payment transfer mechanism. The issuer can be a central bank, a bank or nobody, as was the case when money took the form of a commodity. Its form can be physical, eg a metal coin or paper banknote, or digital. It can be widely accessible, like commercial bank deposits, or narrowly so, like central bank reserves. A last property regards the transfer mechanism, which can be either peer-to-peer, or through a central intermediary, as for deposits. Money is typically based on one of two basic technologies: so called “tokens” or accounts. Token-based money, for example banknotes or physical coins, can be exchanged in peer-to-peer settings, but such exchange relies critically on the payee’s ability to verify the validity of the payment object – with cash, the worry is counterfeiting. By contrast, systems based on account money depend fundamentally on the ability to verify the identity of the account holder.
Cryptocurrencies: The Elusive Promise of Decentralised Trust
In terms of the money flower taxonomy, cryptocurrencies combine three key features. First, they are digital, aspiring to be a convenient means of payment and relying on cryptography to prevent counterfeiting and fraudulent transactions. Second, although created privately, they are no one’s liability, ie they cannot be redeemed, and their value derives only from the expectation that they will continue to be accepted by others. This makes them akin to a commodity money (although without any intrinsic value in use). And, last, they allow for digital peer-to-peer exchange.
The technological challenge in digital peer-to-peer exchange is the so-called “double-spending problem”. Any digital form of money is easily replicable and can thus be fraudulently spent more than once. Digital information can be reproduced more easily than physical banknotes. For digital money, solving the double-spending problem requires, at a minimum, that someone keep a record of all transactions. Prior to cryptocurrencies, the only solution was to have a centralised agent do this and verify all transactions.
Cryptocurrencies overcome the double-spending problem via decentralised record-keeping through what is known as a distributed ledger. The ledger can be regarded as a file (think of a Microsoft Excel worksheet) that starts with an initial distribution of cryptocurrency and records the history of all subsequent transactions. An up-to-date copy of the entire ledger is stored by each user (this is what makes it “distributed”). With a distributed ledger, peer-to-peer exchange of digital money is feasible: each user can directly verify in their copy of the ledger whether a transfer took place and that there was no attempt to double-spend.
While all cryptocurrencies rely on a distributed ledger, they differ in terms of how the ledger is updated. One can distinguish two broad classes, with substantial differences in their operational setup (Graph V.2).
While cryptocurrencies based on permissioned systems differ from conventional money in terms of how transaction records are stored (decentralised versus centralised), they share with it the reliance on specific institutions as the ultimate source of trust.
In a much more radical departure from the prevailing institution-based setup, a second class of cryptocurrencies promises to generate trust in a fully decentralised setting using “permissionless” DLT. The ledger recording transactions can only be changed by a consensus of the participants in the currency: while anybody can participate, nobody has a special key to change the ledger. The concept of permissionless cryptocurrencies was laid out for the case of Bitcoin in a white paper by an anonymous programmer (or group of programmers) under the pseudonym Satoshi Nakamoto, who proposed a currency based on a specific type of distributed ledger, the “blockchain”. The blockchain is a distributed ledger that is updated in groups of transactions called blocks. Blocks are then chained sequentially via the use of cryptography to form the form the blockchain. This concept has been adapted to countless other cryptocurrencies.
Underlying this setup, the key feature of these cryptocurrencies is the implementation of a set of rules (the protocol) that aim to align the incentives of all participants so as to create a reliable payment technology without a central trusted agent.
First, the rules entail a cost to updating the ledger. In most cases, this cost comes about because updating requires a “proof-of-work”. This is mathematical evidence that a certain amount of computational work has been done, in turn calling for costly equipment and electricity use. Since the proof-of-work process can be likened to digging up rare numbers via laborious computations, it is often referred to as mining. In return for their efforts, miners receive fees from the users – and, if specified by the protocol, newly minted cryptocurrency.
Second, all miners and users of a cryptocurrency verify all ledger updates, which induces miners to include only valid transactions. Valid transactions need to be initiated by the owners of funds and must not be attempts to double-spend. If a ledger update includes an invalid transaction, it is rejected by the network and the miner’s rewards are voided. The verification of all new ledger updates by the network of miners and users is thus essential to incentivise miners to add only valid transactions.
[Problems] - Assessing the Economic Limitations of Permissionless Cryptocurrencies
Cryptocurrencies such as Bitcoin promise to deliver not only a convenient payment means based on digital technology, but also a novel model of trust. Yet delivering on his promise hinges on a set of assumptions: that honest miners control the vast majority of computing power, that users verify the history of all transactions and that the supply of the currency is predetermined by a protocol. Understanding these assumptions is important, for they give rise to two basic questions regarding the usefulness of cryptocurrencies. First, does this cumbersome way of trying to achieve rust come at the expense of efficiency? Second, can trust truly and always be achieved?
As the first question implies, a key potential limitation in terms of efficiency is the enormous cost of generating decentralised trust.
At the time of writing, the total electricity use of bitcoin mining equaled that of mid-sized economies such as Switzerland, and other cryptocurrencies also use ample electricity (Graph V.4, left-hand panel). Put in the simplest terms, the quest for decentralized trust has quickly become an environmental disaster. [Mish Comment: The Lead-In Graph]
But the underlying economic problems go well beyond the energy issue. They relate to the signature property of money: to promote “network externalities” among users and thereby serve as a coordination device for economic activity. The shortcomings of cryptocurrencies in this respect lie in three areas: scalability, stability of value and trust in the finality of payments.
First, cryptocurrencies simply do not scale like sovereign moneys. At the most basic level, to live up to their promise of decentralised trust cryptocurrencies require each and every user to download and verify the history of all transactions ever made, including amount paid, payer, payee and other details. With every transaction adding a few hundred bytes, the ledger grows substantially over time. For example, at the time of writing, the Bitcoin blockchain was growing at around 50 GB per year and stood at roughly 170 GB. Thus, to keep the ledger’s size and the time needed to verify all transactions (which increases with block size) manageable, cryptocurrencies have hard limits on the throughput of transactions (Graph V.4, centre panel).
A thought experiment illustrates the inadequacy of cryptocurrencies as an everyday means of payment (Graph V.4, right-hand panel). To process the number of digital retail transactions currently handled by selected national retail payment systems, even under optimistic assumptions, the size of the ledger would swell well beyond the storage capacity of a typical smartphone in a matter of days, beyond that of a typical personal computer in a matter of weeks and beyond that of servers in a matter of months. But the issue goes well beyond storage capacity, and extends to processing capacity: only supercomputers could keep up with verification of the incoming transactions. The associated communication volumes could bring the internet to a halt, as millions of users exchanged files on the order of magnitude of a terabyte.
Another aspect of the scalability issue is that updating the ledger is subject to congestion. For example, in blockchain-based cryptocurrencies, in order to limit the number of transactions added to the ledger at any given point in time, new blocks can only be added at pre-specified intervals. Once the number of incoming transactions is such that newly added blocks are already at the maximum size permitted by the protocol, the system congests and many transactions go into a queue. With capacity capped, fees soar whenever transaction demand reaches the capacity limit (Graph V.5). And transactions have at times remained in a queue for several hours, interrupting the payment process. This limits cryptocurrencies’ usefulness for day-to-day transactions such as paying for a coffee or a conference fee, not to mention for wholesale payments. Thus, the more people use a cryptocurrency, the more cumbersome payments become. This negates an essential property of present-day money: the more people use it, the stronger the incentive to use it.
The second key issue with cryptocurrencies is their unstable value. This arises from the absence of a central issuer with a mandate to guarantee the currency’s stability. Well run central banks succeed in stabilising the domestic value of their sovereign currency by adjusting the supply of the means of payment in line with transaction demand. They do so at high frequency, in particular during times of market stress but also during normal times.
The third issue concerns the fragile foundation of the trust in cryptocurrencies. This relates to uncertainty about the finality of individual payments, as well as trust in the value of individual cryptocurrencies. In mainstream payment systems, once an individual payment makes its way through the national payment system and ultimately through the central bank books, it cannot be revoked. In contrast, permissionless cryptocurrencies cannot guarantee the finality of individual payments. One reason is that although users can verify that a specific transaction is included in a ledger, unbeknownst to them there can be rival versions of the ledger. This can result in transaction rollbacks, for example when two miners update the ledger almost simultaneously. Since only one of the two updates can ultimately survive, the finality of payments made in each ledger version is probabilistic.
The lack of payment finality is exacerbated by the fact that cryptocurrencies can be manipulated by miners controlling substantial computing power, a real possibility given the concentration of mining for many cryptocurrencies (Graph V.7, left-hand panel). One cannot tell if a strategic attack is under way because an attacker would reveal the (forged) ledger only once they were sure of success. This implies that finality will always remain uncertain. For cryptocurrencies, each update of the ledger comes with an additional proof-of-work that an attacker would have to reproduce. Yet while the probability that a payment is final increases with the number of subsequent ledger updates, it never reaches 100%.
Not only is the trust in individual payments uncertain, but the underpinning of trust in each cryptocurrency is also fragile. This is due to “forking”.This is a process whereby a subset of cryptocurrency holders coordinate on using a new version of the ledger and protocol, while others stick to the original one. In this way, a cryptocurrency can split into two subnetworks of users. While there are many recent examples, an episode on 11 March 2013 is noteworthy because – counter to the idea of achieving trust by decentralised means – it was undone by centralised coordination of the miners. On that day, an erroneous software update led to incompatibilities between one part of the Bitcoin network mining on the legacy protocol and another part mining using an updated one. For several hours, two separate blockchains grew; once news of this fork spread, the price of bitcoin tumbled by almost a third (Graph V.7, right-hand panel). The fork was ultimately rolled back by a coordinated effort whereby miners temporarily departed from protocol and ignored the longest chain. But many transactions were voided hours after users had believed them to be final. This episode shows just how easily cryptocurrencies can split, leading to significant valuation losses.
An even more worrying aspect underlying such episodes is that forking may only be symptomatic of a fundamental shortcoming: the fragility of the decentralised consensus involved in updating the ledger and, with it, of the underlying trust in the cryptocurrency. Theoretical analysis (Box V.A) suggests that coordination on how the ledger is updated could break down at any time, resulting in a complete loss of value.
Frequent episodes of forking may be symptomatic of an inherent problem with the way consensus is formed in a cryptocurrency’s decentralised network of miners. The underlying economic issue is that this decentralised consensus is not unique. The rule to follow the longest chain incentivises miners to follow the computing majority, but it does not uniquely pin down the path of the majority itself. For example, if a miner believes that the very last update of the ledger will be ignored by the rest of the network of miners, it becomes optimal for the miner to also ignore this last update. And if the majority of miners coordinates on ignoring an update, this indeed becomes a new equilibrium. In this way, random equilibria can arise – and indeed frequently have arisen, as indicated by forking and by the existence of thousands of “orphaned” (Bitcoin) or “uncle” (Ethereum) blocks that have retroactively been voided. Additional concerns regarding the robustness of the decentralised updating of the blockchain relate to miners’ incentives to strategically fork whenever the block added last by a different miner includes high transaction fees that can be diverted by voiding the block in question via a fork.
Beyond the bubble: making use of distributed ledger technology
While cryptocurrencies do not work as money, the underlying technology may have promise in other fields. A notable example is in low-volume cross-border payment services.
To be sure, such payment solutions are fundamentally different from cryptocurrencies. A recent non-profit example is the case of the World Food Programme’s blockchain-based Building Blocks system, which handles payments for food aid serving Syrian refugees in Jordan. The unit of account and ultimate means of payment in Building Blocks is sovereign currency, so it is a “cryptopayment” system but not a cryptocurrency. It is also centrally controlled by the World Food Programme, and for good reason: an initial experiment based on the permissionless Ethereum protocol resulted in slow and costly transactions. The system was subsequently redesigned to run on a permissioned version of the Ethereum protocol. With this change, a reduction of transaction costs of about 98% relative to bank-based alternatives was achieved.
That was a scathing, but honest, and well-researched report.
The odds that cryptocurrencies as originally designed can live up to their hype are approximately zero.
The Bitcoin crowd will no doubt respond with the notion that the protocols will evolve and the problems will be fixed.
They won't. There are simply too many flaws, too many disagreements and too many forks. The soaring number of cryptocurrencies is proof enough. At last count there were 1906 cryptos.
One Strong Disagreement With BIS
I strongly disagree with one aspect of the report. The BIS says "Independent central banks have largely achieved the goal of safeguarding society’s economic and political interest in a stable currency."
There is no price stability. And central banks are to blame. There may be some trust in central banks, but that trust is misplaced.
The irony in the BIS study is that cryptocurrencies arose in the first place due to inability of central banks to produce a stable currency.
Alas, the cryptocurrency design as we see today is fatally flawed. It is not a monetary solution. As designed, the only real use for the current set of cryptos is speculation.
However, the technology will survive and prosper in various applications.
Mike "Mish" Shedlock