Photo by Babak Fakhamzadeh (CC BY-NC-ND 2.0)

Why Ethereum is great for payments

Tech people love cool new things, and when we talk about Ethereum we hardly ever talk about it as a way of doing things Bitcoin could already do. But the experience of using Bitcoin to pay for things is getting increasingly painful, and it’s time has come to look at how Ethereum could help.

Ethereum people have often tended to tip-toe around its usefulness for payments; many cut their crypto teeth on Bitcoin, and they are generally uninterested in picking a fight.

But I’m going to argue that Ethereum is not just capable of doing online payments, but actually seriously great.

Ethereum payments are simpler

People often think of Ethereum as a complicated technology. It’s true that to make full use of all its smart contract capabilities, you need to wrap your head around a bewildering array of technologies and sub-projects.

But you don’t have to use all that stuff, and where it counts, payments on Ethereum are simple.

Here’s why.

UTXO Oh No

There is no such thing as a Bitcoin. A Bitcoin transaction consists of actions performed against a payment you received earlier: combining previous payments and splitting previous payments.

If I send you 10 Bitcoins, I may simply be forwarding the result of a previous payment I received from someone else of exactly 10 Bitcoins. But more likely I’m combining a number of previous payments together. And that hardly ever comes out at exactly the amount I want to send, so I’m also sending another payment back to myself.

This gives users a lot of control over the way they handle payments that depend on each other. But when you look at a typical bitcoin wallet, you see very little about UTXO: unspent transaction output.

Wallet authors know they’re doing: Elegant and powerful as it may be, the UTXO scheme doesn’t match the normal user’s mental model of what a wallet looks like.

Wallet authors try hard to abstract this complexity away and hide it in the software internals, but the abstraction leaks. On a congested network, it leaks a lot.

For example, every now and again someone will complain about the crazy fees they’re being charged to send a bitcoin transaction. Bitcoin veterans will then usually look at that transaction, nod sagely and explain that their transaction had a large number of inputs, so what do they expect?

They’re right — but this is complexity that the wallet was explicitly trying not to bother the user with.

In Ethereum, this doesn’t have to happen. A user’s account can be modeled as… an account. You can have a single balance, and it doesn’t matter how many payments it took to get you that balance. Wallets are simpler, less surprising stuff happens, and fees are easier to predict and explain. All payments cost the same, regardless of where the funds came from.

Security is easier with Ethereum

Smart contracts with yourself

There’s no point in receiving money unless you can secure it, and securing private keys is hard.

You can make a multi-sig address and put the keys in cold-storage, in bank vaults on multiple continents, but that makes it hard for you to spend. You can have an accessible key that you keep with you on your phone, but it’s hard for you to secure.

Sometimes these cases fall naturally into the way we like to use different devices. You might have a wallet on your phone for small amounts of change and another on a hardware device for your life savings. But in practice people often need the ability to shift fairly large sums of money reasonably fast. Every now and again, the hot wallet of a bitcoin exchange gets hacked, and even after they have detected the theft, people keep sending money to it. Because bitcoin’s scripting system is so limited, they have no way of taking back control.

There’s a lot we can do to make this process work better.

  • You want to be able to rate-limit routine payments secured by a particular process, so your money doesn’t all vanish at once.
  • When you’re using multiple keys and some of them are in cold storage, you should be able to replace one of them without taking all the others out of cold storage.
  • The way you secure the ability to *stop* money leaving your wallet needs to be different from the way you secure the ability to initiate one. The key that triggers, “Stop people spending this money” needs to be readily accessible, whereas the key that says “go ahead and hand over my life savings” needs to be highly secure.

Smart contracts are usually mainly discussed as ways for different people to interact with each other, but they work just as well when we’re talking about keys held in different places, or funds that should only move according to user-defined rules.

This is a contract that secures funds in this way in Ethereum. It didn’t take an academic paper to describe it, and it doesn’t take a lot of study to be able to read it and understand what it does.

This stuff isn’t quite impossible in Bitcoin, but nobody does it because it’s insanely complicated.

Busting out of the nerd ghetto

A clear lesson from the early days of bitcoin is that regular users suck at managing private keys. This isn’t yet a solved problem on any platform, but for crypto-currency to break out of a nerd ghetto, we’re going to need some new kinds of tools. With state and a reasonably functional scripting environment, we’re starting to see fresh and imaginative solutions like uPort, which allows you to distribute trust among your friends.

A better scaling game

Ethereum fees are currently orders of magnitude lower than Bitcoin fees. But people moving from the one to the other will want to know why it won’t end up meeting the same fate if it becomes more popular. The good news is that Ethereum is in a much better position to scale to handle substantial numbers of payments than Bitcoin.

An established governance procedure for capacity increases, not an endless political food-fight.

Bitcoin’s block size has been stuck at 1 MB for years. Most bitcoin people say they support an increase in capacity, but Ethereum’s grows naturally through an automatic adjustment.

More mature scaling tech

Setting up a fully validating bitcoin node is notoriously slow. To validate new blocks, your node needs to know about all the transactions that it is currently possible to spend.

To create this database, it has to look through every single block since Satoshi generated the genesis block from a headline from The Times. Only once it has downloaded these blocks can it “prune” them, throwing away most of the data that it just downloaded and leaving only the data that it needs to validate new transactions.

There are proposals to make this list, called the UTXO set, more easily available to clients with less historical information. With UTXO Commitments, you organize the database in a tree and store its hash in the header of each block. Everyone agrees that this would be useful. But the actual implementations are still at the stage of bad-tempered nerd fights on mailing lists.

In Ethereum this was a fundamental part of the design. Every block contains a hash of the tree of the current state database. If you can work out what block belongs to the longest valid chain, you can confirm the state of anything in the database. Among other benefits, this makes it safer to sync up a node without downloading everything that ever happened on the network. The result is that despite the Ethereum block chain already holding much more data than Bitcoin’s, you can get a fully validating node running in about 15 GB.

Better prospects for off-chain systems

Off-chain payment systems are smart contract systems

The great hope for scaling bitcoin has long been that rather than needing to send every transaction to the blockchain, transactions can be exchanged out-of-band and only sent to the blockchain if there is a problem that needs to be resolved.

This can be done on Bitcoin, with Bitcoin’s very limited scripting language. But it’s extremely hard to do, and even harder to do securely. People trying to build practical systems usually end up realizing that they need changes to Bitcoin’s scripting language, at which point they have to wait while the Bitcoin developers stroke their beards and try to think of all the possible ways the new feature could be used and whether they consider them helpful or harmful.

These systems are smart contract systems, and Ethereum is designed for smart contracts. Because it already has an unrestricted scripting language and the ability to store and read information in the state database, off-chain systems can be simple, elegant and include functionality that is simply not possible in Bitcoin, at least without many more iterations of “please add this soft fork”.

Raiden, Ethereum’s equivalent to Bitcoin’s much-awaited Lightening Network, now looks set to ship in useful form while Lightening is still waiting for bitcoin transaction system upgrades.

The best approach for privacy, but not yet

The weakness in all this is privacy. The UTXO model provides somewhat better privacy than the account model, so the simplest imaginable use of Ethereum will tend to provide less privacy than Bitcoin would have provided to date. And if you’re moving from Bitcoin to something else, you have options like Monero and Z-Cash, which provide a huge step up.

Ethereum does not, on its own, provide good solutions for sending funds privately. But because it lets developers write their own contract logic, insights from these systems can be ported to Ethereum systems without changing Ethereum. Rather than needing to define your currency based on its privacy technology, you’ll be able to wrap existing coins and tokens in contracts that provide privacy. If a better technology comes along, you can move to it right away. This doesn’t help you today, but it’s a promising way to handle privacy tech, which is evolving fast and experiencing some teething troubles.

Better money

Ethereum is a great technology for sending people money on the internet. Maybe it wasn’t supposed to be, but it is.