New ideas attract not only visionaries and pioneers but also charlatans and fools. The former group understands the nature and potential of the new idea and attempts to extend it in new ways. The latter observes the success of the former and expects similar results through blind imitation and empty hope, rather like the Melanesian cargo cults which arose after World War II when the American military abandoned its airports there.
This analogy is absolutely appropriate to characterize the many alternative cryptocurrencies modeled on Bitcoin, which are collectively referred to as altcoins. Technologically, they are all very similar to Bitcoin: there is a block chain to store transactions, a consensus mechanism to build the block chain, and a cryptographic protocol to register transactions. Some prominent examples are PPCoin, Primecoin, Litecoin, and Freicoin.
Some altcoins incorporate interesting new ideas, but there is an essential feature of Bitcoin which they all lack. It is not a matter of its technology, but rather of history and community. Quite simply, a medium of exchange that is more widely accepted on the market is more useful than one which is not. This is known as the network effect. An initial imbalance between two nearly equal media of exchange will benefit whichever is more widely accepted until a single one overwhelms the rest. There is no limit to this effect: ultimately one would always expect a single currency to overcome all its competitors.
Because it was started earlier and has had a greater opportunity to grow and attract users, Bitcoin has a market larger by a wide margin than all the markets of all the altcoins put together, and this makes it vastly more useful as a currency. To defeat Bitcoin, an altcoin would require not just superior technology, but such vastly superior technology as to be an advance over Bitcoin comparable to the advance Bitcoin represents over fiat currency. Furthermore, a truly great innovation would much better serve people by being incorporated into future versions of Bitcoin rather than by requiring them to switch to something else. Indeed, the people who have proposed new ideas that are actually good, such as Zerocoin and mini-blockchain, did not develop their own currencies around them, but have simply described their usefulness as features.1
The Bitcoin community is not just overwhelmingly larger but of overwhelmingly better quality as well. Bitcoin is surrounded by real entrepreneurs working hard to create new and useful services for Bitcoin. Altcoins are surrounded by loud-mouthed pretenders with irrational hopes of duplicating Nakamoto's success. This does not mean that there is anything intrinsically wrong with altcoins: the problem is simply that once Bitcoin exists, then there is no additional value, from a monetary standpoint, of creating knock-offs. Can anyone really expect to create something of value by rereleasing Bitcoin under a new name and with a few tiny changes to its source code? What makes Bitcoin great cannot easily be duplicated. Thus, while the Bitcoin community matures and grows as more and more entrepreneurs are attracted to its potential, the altcoin communities can only whine for attention.
What is a cryptocurrency actually for? I say that its purpose is to become money. It is obvious that creating altcoins impedes that purpose. Altcoins can only be explained if we believe the purpose of cryptocurrencies is to make money rather than to become money. If you can trick people into investing in your new altcoin, then you can make a profit trading it or mining and selling it. All the arguments of the altcoin promoters serve as misdirection from that basic purpose. They have developed a series of fallacies capable of fooling newcomers into joining them, but they are all disingenuous.
Thus, the altcoin communities are not just embarrassing, but dangerous. Desperately wishing to be taken seriously despite having nothing worthwhile to offer, they will say absolutely anything to convince other people to join them. They persist in saying things easily refuted by economic logic, common sense, or verifiable facts. They become belligerent when challenged. This is all they can do because they have nothing of value to offer. They are great at conning people because they have succeeded in conning themselves, and it is impossible to tell where self-deception ends and outright lies begin. This is bad for Bitcoin and bad for the people who are fooled.
The claims of the altcoin promoters deserve refutation not because they are intelligent but because they are repeated ad nauseam. Ultimately their content is secondary and the real problem is the foregone conclusion to which they are all directed. If the arguments I discuss here are eventually discredited completely, the altcoin promoters will just grope for new ones rather than admit to being wrong. Thus, it is quite possible that in the future, what I say here will no longer correspond to what they are saying. Because of what I have said above, however, it is safe to assume, whatever they are, they are all wrong.
First of all, Bitcoin already has competition. It competes with the dollar, with PayPal, and with the banking system as a whole. It has plenty of competition.
Second, there is no reason that competition is necessarily good for its own sake. If people compete to be the most productive, then that is good because the result is more production. If people compete to control the government, then this is bad because the result is that the government will be controlled by the most ruthless and unscrupulous people.2 There is a reason that there can be two competing businesses, even if they follow identical production models: there is a limit to the size an organization can achieve without being more efficient than two parallel organizations. However, in an economy capable of supporting only one business for a given product or service then really there should only be one of that kind of business.
In the case of a currency, it is inherently most useful when it dominates its competition. The less competition a currency has, the more useful it is. If you try to compete with the best currency with another one that's exactly the same, that makes yours the worse currency, so you really should not have bothered.
Third, a currency is simply a standard that people agree to use as a medium of exchange. For the most part, it is awkward to have competing standards. Do we really need competition between the mile and the kilometer, for example? Suppose automobiles had just been invented and two groups, because of vested financial interests, got into arguments about whether it was better to drive on the left or the right side of the road. The greatest benefit to ordinary people would come not from prolonging such competition, but from its resolution.
Finally, there is competition within the Bitcoin community, and this is the sort of competition that actually benefits people. There are exchanges, payment processors, online stores, and so on. Every time someone starts a new Bitcoin business, he benefits the Bitcoin economy. Every time someone starts an altcoin, he makes it worse.
A related point is the argument that altcoins can be used as experiments to learn about how different ideas might work in practice. This use is completely legitimate and necessary. However, an altcoin that was understood to be an experiment would not be treated as an investment or an independent products. If this is how altcoins are treated, this would be fine. My objection is to the lies and scams. An experiment is worthless if the people running it are constantly lying about it.
In the Bitcoin network as it works today, all nodes receive all transactions. If Bitcoin grew to be a very large network, that could be a lot of transactions that all need to be communicated to everyone.
Altcoin promoters seem to imagine a world in which their own favorite altcoin has a status very roughly equal to that of Bitcoin, where each currency will be used for different kinds of things. This is impossible because the network effect always favors imbalance.
However, even in the very unstable situation of two roughly equal block chains, it is not necessarily true that there will be reduced network traffic as a result. If people had to work with both networks, they would still have to receive every transaction from both networks. And if people had to exchange their funds often enough from one currency to another to fulfill different purposes, this could easily result in a greater number of total transactions.
In any case, while Bitcoin may experience growing pains over the next few years, there is no reason to expect it to outpace Moore's law in the long run. Network load is a problem that technology can overcome without requiring us to rely on an inferior system of money.
This is possibly true today, but there is no guarantee that it will be true in the future. The idea is, you sell bitcoins for some altcoins and then buy bitcoins again. There will then be no connection between the bitcoins you had before and those you have now.
However, because altcoins are inherently unstable, there is no reason to expect them to remain useful for that purpose. In order for a currency to retain value, there must be enough people who want to hold it, not just people who want to quickly trade in and out of it. An altcoin would have to be good for something other than money laundering—something good enough that at least some people would want to hold on to it more than they wanted to hold on to bitcoins—if it is to be good for money laundering.
Thus, if you really want to launder money, support ZeroCoin as an upgrade to Bitcoin. Barring that, you would probably be better off trading through a commodity more likely to retain value, such as gold or silver.
This is by far the most ridiculous argument I hear on this topic. The wisdom of the crowd is superior to any person so people should not presume to tell the market what to think, right? I find this view utterly idiotic. It is wrong to dictate the market's choices to it by coercion, but to simply express an opinion is to engage in the market process itself. To be consistent the people who make this argument would have to say that Consumer Reports is as tyrannical as Joseph Stalin.
To take this to its logical conclusion, suppose everyone just sat back to let the market decide. Then the market would never decide anything because the market's decision is just the sum of the decisions of all the individuals that make it up. None of them could make an argument that one product was better than another. There could not even be any consumer reporting to protect people from scams and shoddy products. The free market just wouldn't work. When a libertarian steps back to let the market decide something on which he has some legitimate insight, then he is preventing the market from working as well as he otherwise might.
It is a fact that the market makes stupid choices all the time, and there is nothing wrong with me saying so. This is because the "market" is just a collection of people all making decisions that are as foolish as the kinds of decisions that we know people actually make all the time. This in no way means that I do not understand the systematic superiority of market processes over state centralization. If I want the market to win out over the state, it is ridiculous not to engage in a debate over the correct decisions to make such a victory likely.
There is a class of very similar cryptocurrencies that rely on an algorithm called Scrypt as the hash function. I shall refer to them as Scrypt-coins. They also have faster block generation times and a different coin mining schedule. In fact, none of them even have white papers, perhaps they are so unoriginal that there is nothing to write about. Despite this, or perhaps because of it, the Scrypt-coins are surrounded by the loudest, least intelligent, and most obnoxious communities, and the arguments supporting them are either fallacious or detached from reality.
When Bitcoin first came out, it was possible for anyone to mine coins with his CPU. Once software was developed that mined using GPUs, then CPU mining quickly became obsolete. GPU mining remained profitable for some time thereafter because the price of Bitcoin continued to increase as more people became miners. This could not persist indefinitely, and eventually there began work into the development of FPGA and ASIC mining. Once these technologies were developed, GPU mining would become obsolete as well.
However, some miners who had heavily invested in GPUs did not wish to see this happen and didn't want their investments in GPUs to go sour. Obviously, this was a vain hope. It cannot be expected that it should be possible to run an ordinary computer at a profit for very long. Profits draw more investors, which leads to lower profits as the available opportunities are used up.
Scrypt was designed to be a memory hog and is consequently unsuited to mining with a machine consisting almost entirely of ASIC chips, like those used for Bitcoin, and it was assumed that Scrypt-coin mining would therefore always remain in the hands of the GPU owners. This, by the way, is false. If it ever became profitable enough, an ASIC machine could be produced with a shared memory, and it would make GPUs obsolete for Scrypt-mining too.
The Scrypt-coin phenomenon can thus be likened to the Candlemaker's Petition3, a brilliant satire by Frédéric Bastiat. It presents a fictional argument purporting to be from candlemakers that all windows should be kept closed by law during the day to prevent unfair competition from the sun. All arguments for Scrypt-coins should be seen in this light. They are masks for the hope that someone's GPU mining rig should not turn out to be a foolish investment.
The first Scrypt-coin was Litecoin, but soon, other nearly identical Scrypt-coins were developed by people who not only wanted to use GPUs, but who also wanted the additional benefit of being the first movers in a new currency. Feathercoin, Terracoin, CHNCoin, and Yacoin are the others which I can name off the top of my head, but there are new ones every day, which is a reducto ad absurdum of the whole concept of altcoins.
No it won't, at least not any moreso than would any other mining technology. In the long run, regardless of what sort of technology was required, one would expect the mining difficulty to go up to the point where investment in mining technology produces similar returns to investment in the rest of the economy. And, of course, as I mentioned above, it is false that Scrypt-coins are immune to ASIC mining.
This argument highlights the emphasis from altcoin adherents on mining rather than on monetization. There is no logical reason why any ordinary user of Bitcoin should want to become a miner in the first place. Early on, it was profitable for casual Bitcoin users to be miners because very few knew about Bitcoin. Mining now requires a capital investment, just like everything else in the economy. A transition to lower profitability and greater capital intensiveness is inevitable for any maturing industry. This does not make it elitist; it simply means that the industry is growing increasingly specialized. This is better for everybody and it is just what Bitcoin needs, too. As Bitcoin grows, large investment will be required to ensure that its network can handle the increased traffic. This would not be possible as long as mining remained in the hands of hobbyists.
This is not to say that there are not potential problem from a mining industry dominated by a few large companies. Such a system would be easier to regulate and corrupt. However, this is in no way an argument for altcoins as their mining industry is dominated by two graphics cards manufacturers and fewer individual miners than Bitcoin.
This is true in an extremely misleading way.
The issue here is the risk of a double-spend attack. If you receive notice of a payment from someone, there is the possibility that he has made a second, conflicting payment using the same bitcoins. In this case, there is the chance that the other payment will be accepted into the block chain rather than yours, and yours will be considered invalid. This is a theoretical means of scamming Bitcoin merchants.4
Since Scrypt-coins have shorter block generation times, one will see more quickly in a Scrypt-coin network which of two conflicting transactions will end up in the block chain (unless there is a malicious attempt to manipulate the block chain—see below). Furthermore, a double-spend attack is only possible if the two conflicting transactions occur within a few seconds of one another, so the best defense against double spending is simply to watch the network for a few seconds after receiving a payment. If no conflicting payments appear then there is nothing to fear from double spending. This feature is a planned upgrade for Bitcoin 0.9, so it will not be long before any slight benefit to shorter confirmation times will be eliminated.
Moreover, no recorded case of any successful double spend attack in the history of Bitcoin, although it has been rarely achieved under special or controlled conditions as an experiment. Therefore, it is not a real risk under present circumstances and not a valid argument to use Scrypt-coins.
No, they aren't.
Performing a 51% attack means to control enough computational power to generate blocks faster than the rest of the network put together. The attacker can then generate a block chain fork from some earlier period and eventually grow it until it is longer than the main one and other nodes in the network will begin to recognize the new branch as the legitimate one.
Deriving the likelihood of a successful 51% attack is a difficult problem that requires the theory of random walks.5 However, ultimately the derivation is not necessary because the attack only succeeds if the other miners go along with it. There is nothing preventing the rest of the network from ignoring the attacker and declaring his branch invalid. If the attacker's branch is clearly malicious, then this should not be a difficult decision. The other miners would also stand to lose a significant amount of cash if they should submit. In fact, the Bitcoin community has already successfully responded to an incident like this in March of 2013, in which a software bug caused a fork in the block chain and it was necessary to come to a consensus over which branch should be considered the correct one.
Moreover, the Bitcoin network is enormous and growing exponentially. Performing a 51% attack against it would require a vastly greater cost than for any other altcoin network, so the question is academic because Bitcoin in reality offers much greater security. The cost of a 51% attack against Bitcoin is unknown because to perform it would require a continual and exponential investment in order to keep up with the rest of the network.
There is one way that a Scrypt-coin does come out ahead, however. Consider an attacker who owned 49% of the network rather than 51%. This attacker's branch would be expected to grow more slowly than the main branch, but there is still a real probability of producing a longer branch in a given amount of time just by chance. If two attackers each have 49% control over the Bitcoin network and a Scrypt-coin network, and can both afford to continue their attack for the same amount of time, then the attacker against the network with the shorter block generation time has a much lower probability of success. This, however, is not a reason that any sane person would consider Scrypt-coins to be superior.
I have already discussed PPCoin6 and the proof-of-stake from a theoretical standpoint. Proof-of-stake encourages people to hold coins, which is necessary for a currency to gain an initial value. However, that most important for a currency's early stages. Because people lose their proof-of-stake as they create blocks, proof-of-stake discourages a specialized class of miners with the incentive to keep the network running at as high a capacity as possible.
One thing to be said for PPCoin, however, is that altcoins are a product of the proof-of-work system. Proof-of-stake would not have led to them. If Bitcoin had transitioned to a proof-of-stake system before it was valuable enough for ASIC mining to develop, perhaps there would be no altcoins.
Primecoin7 is a cryptocurrency whose proof-of-work is based on finding various sequences of prime numbers rather than on a hash algorithm. Its existence is based on the fallacy that Bitcoin mining is not useful. However, as I have shown in The Proof-of-Work Concept, this is not true. Bitcoin's proof-of-work system is consensus mechanism. It is essentially a means of overcoming a Prisoner's Dilemma scenario among Bitcoin users. This cannot be done without some demonstration of spent resources that produced no individual benefit.
Primecoin disrupts this process by attempting to make its proof-of-work accomplish something of value. This inherently disrupts its value as a consensus mechanism. Thus, it is false to claim that Primecoin's proof-of-work is "useful" whereas Bitcoin's is not. Primecoin's method is, in fact, less useful because it introduces an inherent conflict of interest not present in Bitcoin. Although, to be fair, generating prime sequences is almost useless, so I do not believe that it is likely to cause any real-life problems.
Primecoin is a wuzzle. It tries to do two unrelated things at once, which, generally speaking, is the opposite of a good design. Its prime-based proof-of-work is nothing but another gimmick to make people forget that altcoins are a waste of time. This is not to say that distributed computations are not a great thing; but there are probably better ways of implementing one with cypherpunk technology without the pretense of also being a currency.
Unlike other altcoins, Freicoin8 appears to have been created in good faith and is not supported with disingenuous arguments. The arguments are still wrong, but nonetheless Freicoin deserves more respect than the rest.
This is not the place to refute the economic theory behind Freicoin, but essentially it is based on the idea that the interest rate is a purely monetary phenomenon rather than a result of time preference. Instead of charging a transaction free, Freicoin imposes a fee for holding coins. Freicoins decay at a rate of 5% and transactions are free. Miners are paid out of the decayed Freicoins from out of all the nonempty wallets.
Thus, by design, Freicoin discourages hoarding and encourages spending. It is touted as a currency for the working class rather than the wealthy because it supposedly can't be used for making loans. Actually, however, Freicoin loans would be given out at the same interest rate as the rest of the economy because they would be in competition with loans given out in terms of more durable goods, such as Bitcoin. There would be no reason for a lender to accept a different interest rate with freicoins because there is nothing requiring him to hold freicoins. He could just convert from bitcoins just before the loan is given out and back to bitcoins as soon as it is returned.
The 5% decay rate would have the effect of a tax on capital, like a property tax. This means that the price would be lower than otherwise by a proportion determined by the overall interest rate of the economy. Say, for example, that I wish to hold x freicoins. This would incur a fee of x/20 freicoins a year due to Freicoin decay. The present value of all the fees would be an infinite sum that decays according to the overall interest rate of the economy. If the interest rate is i, then present value of all the fees would be one fee multiplied by (1 - i) /i. If the interest rate were 10%, say, and I wished to hold 20 freicoins, the value of the fees would be 9 freicoins. Thus, in this example, I would have to pay 9 freicoins to hold 20, and thus freicoins would be less valuable by a factor of 20/29 then they would be if they did not decay.
Now, if something is created with the express intention of providing an incentive to get rid of it, then it stands to reason that they will all the more not want to buy it in the first place. Thus, Freicoin is actually made to discourage investment in itself, which is the very thing that gives a currency value in the first place.
Freicoin is an idea whose time will never come. Since it rebukes buyers, it resists ever having value. Freicoin is thus not so much a scam but more an abortion. Its ideals are so refined that they eschew the merest chance of affecting the real world. Perhaps it could be taken as some sort of absurdist parody, which would be brilliant. I hope that is true because otherwise it is just too sad.
The overwhelming reason that Bitcoin is superior to its altcoin competitors is that it is overwhelmingly more popular. Some of its competitors might have worked as well or better had they been invented first, but given the history that led us here, none of them should be considered remotely competitive to Bitcoin. If an altcoin were somehow to beat the odds and end up more popular than Bitcoin, then I would have to change my allegiance. However, if that did happen, I think it would call into question the viability of cryptocurrencies in general. If they can rise and fall like fads, then it is hard to justify investing in any of them or believing that any has staying power. I take Bitcoin's past success as evidence of its future prospects, but if it can be overtaken by an initially tiny competitor for no logical reason, then the previous success of any other does not necessarily mean anything.
In short, the altcoin phenomenon is the product of greed and bounded rationality. They deserve nothing but scorn, and anyone who wishes cryptocurrencies to improve the world should avoid them entirely.
[Update 8/25/2013: the Freicoin was altered from an earlier version to correct an economic error.]
[Update 8/28/2013: two citations added. Last paragraph added to section on competition.]
See Miers, I., Garman, C., Green, M., Rubin, A., "Zerocoin: Anonymous Distributed E-Cash from Bitcoin", 9 Apr 2013 to learn about Zerocoin, a proposal that would greatly improve Bitcoin's anonymity. It would be wonderful if this could be made to work, but it would require a substantial coordinated effort to implement because it would involve an incompatible change to the Bitcoin protocol. This is actually one way an altcoin might be useful—its could implement Zerocoin as practice for doing the same to Bitcoin later. See J.D.Bruce, "Purely P2P Crypto-Currency With Finite Mini-Blockchain", Apr 2013 for a proposal to limit the size of the block chain. Right now, the block chain becomes more costly to store as it grows and there is no built-in means to compensate for that. This paper shows that it is possible to split the functions of the block chain among three different data structures whose total size increases far more slowly. It is already possible for users (but not miners) to store shortened versions of the block chain, a feature which has been implemented in clients like MultiBit. However, the shortened block chain requires the client to make some assumptions about the validity of the full block chain which are not necessary with the Mini-Blockchain. ↩
See Hayek, F., The Road to Serfdom, Routledge Classics, 2006, "Why the Worst Get On Top" and Hoppe, H., Democracy: The God That Failed, Transaction Publishers, 2007, "On Time Preference, Government, and the Process of Decivilization" for discussions of the bad sort of competition. ↩
Bastiat, F., Petition of the Manufacturers of Candles, Waxlights, Lamps, Candlelights, Street Lamps, Snuffers, Extinguishers, and the Producers of Oil, Tallow, Resin, Alcohol, and, Generally, of Everything Connected with Lighting, vol. 1, The Ludwig von Mises Institute, 2007. ↩
O.Karame, G., Androulaki, E., Capkun, S., "Two Bitcoins for the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin", Cryptology ePrint Archive, 2012. ↩
King, S., Nadal, S., "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake", 19 Aug 2012. ↩
King, S., "Primecoin: Cryptocurrency with Prime Number Proof-of-Work", 7 Jul 2013. ↩