What is Cryptoeconomics?

Cryptoeconomics is about creating systems with certain desired properties. We do this with two tools: cryptography and economics. We use cryptography to prove properties about messages in the past. This is information we already have. We use economic incentives to encourage certain behavior of the system. It is about what people or agents want. Cryptography is backwards-facing, whereas economics is forward-facing.

Cryptography

What are some examples of cryptographic tools? There are many, but let’s start with the basics. We have hashes and digital signatures.

Hashes allow us to fingerprint some information with a short name. Anyone can take the hash of some file and save it. You can then use this hash to prove to others that you (a) have seen the file before (b) no one has tampered with the file.

For example, the Bitcoin whitepaper has a certain hash. A while ago the Bitcoin Core foundation wanted to change the official URL of the whitepaper. They wanted it to point to an “improved” version of this whitepaper that Satoshi wrote. Since they control the bitcoin.org URL they can do this. A long time ago someone with foresight saved the hash of this whitepaper in the Blockchain. This means it’s very easy to see if someone well-intentional changes the original file.

Digital signatures allow us to sign a transaction. Mathematics provide the security rather than some squiggly lines. If you have access to a secret, it means you can prove to others that you wrote a certain message. For example, that you authorized a transaction.

There are many other cryptographic tools. We can use them in conjunction with each other to get some surprising results. For example, proof of work relies on hashes, physics and basic mathematics. Another example is homomorphic encryption. This allows you to make claims about secrets that others can trust. This is useful for things like private transactions.

Economics

What about economics? This is a much older discipline, and it might come more natural to more people. That said, it definitely gets subtle and counter-intuitive in more involved examples. There are two ways of dealing with some behavior of a set of participants in economic terms. You can either reward them or you punish them. Rewards and punishments can come in different forms. For example, either as direct monetary reward or as some form of privileges. One example of a privilege is the right to make a certain decision.

In Bitcoin, when a miner finds a block they get a direct reward of some Bitcoin. More generally we can call this a token reward. The miner also has the privilege to decide which transactions to include in that block. In the case of Bitcoin this allows miners to extract rent in the form of Bitcoins.

A punishment is the flip side of a reward. For example, in proof of stake, a planned upgrade to Ethereum, nodes put down a security deposit. If they behave in a bad way, this deposit gets taken away.

Combining the two

On a basic level, you can get properties like:

  • convergence (of blocks, towards a shared truth)
  • validity (ensure you have the funds and you signed transaction)
  • data availability (you can inspect full historical data)
  • non-censorship (if you pay a fee your transaction gets included)*

There are also more advanced concepts such as:

  • P+epsilon attacks (taking over a network by bribing participants and paying $1)
  • Vickrey auctions (efficient price allocation with private information)
  • Fault attribution (punishing bad behavior when you don’t know exactly what happened)
  • Dominant assurance contracts (making public goods financing a self-interest)
  • Cryptoeconomic security margin (how much do you have to pay to take over a network)*

And a lot more. But this is outside of the scope of this post. See links below if you want to dive deeper.

Why cryptoeconomics?

Now we have at least some idea of what cryptoeconomics is about. You might think: this seems complicated, why bother? It comes down to these desired properties we want a system to have. It isn’t always obvious why we want certain properties. Let’s look at a basic and canonical example.

Bitcoin

Bitcoin is the canonical example of a cryptoeconomic system. Bitcoin builds on peer to peer, byzantine fault tolerance, monetary policy and incentives. What makes it special is that it was the first that succeeded in bringing all these things together. Before Bitcoin you also had Hashcash, which incorporated a lot of these concepts as well.

Bitcoin solves the problem of electronic cash transfers without trusted third parties. It does this while solving the double-spend problem. What do we mean by trusted third parties and the double spend problem? And why is it important to avoid trusted third parties?

Imagine you are back in a cave somewhere, thousands of years ago. It isn’t unlikely you used something like precious metal, such as gold, to pay for things. If you pay for a cow with a magic rock, you get the cow and they get the magic rock. The exchange is immediate and you stop being in possession of said magic rock. This is true even for fiat cash. If you have $100, you can’t give $100 to Alice and then give the same $100 to Bob.

Why is this a problem for electronic cash? Information has the magical property: you can copy it. So you need to come to some agreement about the state of things: who owns what when? As an aside, the history of how money has evolved as society has scaled is a fascinating one. This too is outside the scope of our current concerns.

The easiest way to solve this is through the use of a trusted third party. In modern society, they are everywhere, to the extent that most people don’t even think about them. If you are transacting with Alice online, you usually do this via a bank. They keep track of how much money you have, so it’s not possible to double spend. Additionally, they have control over your money. They give you permission to transact.

Bitcoin found a way to solve the double spend problem, without trusted third parties. It did this by coming up with a cryptoeconomic system. The system ensures participants come to consensus about how much money everyone has. The work miners are doing protects this consensus. For their efforts, miners get rewarded, and users pay for the privilege of transacting in the form of fees. The key assumption here is what’s called the honest majority assumption. We assume honest nodes control the majority of the CPU power. This means people can transact with each other and trust that their money is safe. Things are bit more subtle than this, but that’s the gist of it.

Trusted third parties

What’s the problem with trusted third parties? There are several problems. One we hinted at it earlier: banks and payment processors give you permission to transact. That means they can take away that permission. And sometime they do: for example the VISA blockade of Wikileaks a few years ago.

Cryptocurrency are generally more resistant to such censorship by design. It’s true that individual miners can choose not to include certain transactions. But, it is harder to do on a network level and it requires more collusion. That is: agents acting together to reach some specific goal that we generally don’t like. These are things we can reason about in cryptoeconomic design.

Some might get uneasy about examples like this, for various reasons. But it’s only in these edge cases that the design of the system matters. If everyone can trust each other all the time you wouldn’t need any laws. You have to look at special cases to understand what the system actually does. Good cryptoeconomic design is about hostile environments.

From a historic perspective, personal property has never relied on trusted third parties. This is an observation Nick Szabo made several years before Bitcoin was a thing. If you have a piece of metal, or a neckless or a shell, you don’t rely on anyone else to use it or trade it with other parties. In that sense, there are a lot of aberrations in modern society. Equifax hack and people getting locked out of their Gmail accounts, to name a few. Regardless of if it happens by accident or malice, it’s a matter of control. Relying on trusted third parties may be convenient, but it’s fragile.

Monetary policy

The same principle applies to modern monetary policy. Satoshi didn’t ingrain a message in the blockchain about 2008 bail-out by accident. Incentives are out of whack when firms can do bad business and get rewarded for it. Additionally, if you had the ability to print money to pay for things, wouldn’t you use it? The value of, say, the USD has dropped around 95% since a 100 years ago. Compare this with an asset that we can’t print out of thin air. For example, gold has remained roughly constant in purchasing power for 500 years. These are predictable results from an incentive point of view. This isn’t even considering failure modes like hyperinflation. As a recent example, in Venezuela the consequences impact everyone on a daily basis.

Different mindset

Once you start seeing the world this way, it’s a different mindset. Cryptoeconomics embraces the fact that agents generally act in their own best interest. It then uses this to its advantage to design systems with more desirable properties.

Status?

Bitcoin is a way for people to regain control of their money and transactions. Ethereum is a generalization of Bitcoin, going far beyond transactions. They both rely on cryptoeconomics to ensure certain properties. Status, as an encapsulation of Ethereum, is an extension of this. It’s about creating a structure with no central control, thus controlled by everyone.

Our initial target audience are people who get this. The people who get this the most are generally people with a lived experience. They have the scars to understand what the alternatives look like. It might be a journalist living under heavy censorship. It might be someone living in a country with a lot of monetary issues and they aren’t free to transact. Or it could be a whistleblower, or even your original cypherpunk. These are the people with a visceral understanding of the alternatives.

This is not a frivolous endeavour, cryptokitties stuck in our tubes aside. The way we design these systems matter, it isn’t an implementation detail. It assumes a hostile environment because that’s where things are actually put to test.

Now what?

This section only contains questions for now. The more people think about this the better.

Which of these questions can we solve with cryptoeconomic thinking and tools?

Building from first principles and some litmus tests

What other problems can we solve with it? What problems can we not solve with it?

How can we make this part of our core culture and thinking?

We are already working on some of these things in isolated areas, but we can do so much more. If this is interesting to you, join the discussion!

Misc resources

Introduction to Cryptoeconomics
Problems in Cryptoeconomic Research
Cryptoeconomic course
Trusted third parties are security holes
Meta-list
Cryptoanarchy Wiki
The emergence of cryptoeconomic primitives