How to scale Bitcoin (without changing a thing)

Why Bitcoin banks need to prove their solvency

  • Thesis: peer-to-peer cryptocurrencies are useful for online commerce
  • Antithesis: online commerce requires millions of transactions a day
  • Synthesis: to succeed, cryptocurrencies must scale

Prescience on the mailing list

The very first public comment on Satoshi’s white paper, coming as a response on the cryptography mailing list five hours after publication, was this astute observation from James A. Donald:

Stairway atop Diana’s Peak, St Helena

Hal’s vision

In 2010, digital cash pioneer Hal Finney famously made the case for what could be called the institutional approach to scaling Bitcoin.

Winding road through Glencoe, Scotland.

Scaling assurances

Let’s briefly revisit what we mean by scaling, anyway. It’s clear by now that simply opening up the block space throttle doesn’t work. This is because Bitcoin is designed to be auditable, and auditing the blockchain requires the full, unabridged ledger.

  1. Deferred settlement/reconciliation (chiefly lightning). What lightning and other defer-reconcile models of transacting do is grant users the ability to create relationships which are then settled at a later date. The chain’s assurances are still present and available, they just aren’t employed for each transfer. These models do however trade off by (temporarily) weakening assurances — final settlement is no longer instant and you have to be online to receive a payment, for instance.
  2. Database model (massive base layer scaling). As mentioned, simply increasing the ledger size compromises the assurances of the blockchain — not everyone is able to maintain the ledger. There may be a way to do this in a trust-minimized way with SPV and fraud proofs, but we haven’t found it yet.
  3. Extending assurances to other chains (sidechain, security inheritance, merged mining). This model blesses other block space with Bitcoin’s security or extends Bitcoin’s own block space. Merged mined coins like Namecoin, proof-of-proof approaches like Veriblock, and sidechains like Rootstock are all roughly in the same family of approaches to the problem. These represent a compelling potential avenue to scaling, as they extend Bitcoin’s settlement guarantees to a potentially unbounded block space, but it is still under explored. However, assurance impairment is possible — risks remain that miners might censor sidechain closures or otherwise interfere with the sidechain. The productized implementations that we’ve seen like Liquid have used consortia rather than relying on PoW.
  4. Trust-minimized institutions. This approach takes the assurances of Bitcoin — natively auditable, scarce digital cash — and applies them in the context of a depository institution. In short, rather than individual users being the clients of Bitcoin, institutions like exchanges, banks, and custodians adopt the end user role, with their own users indirectly benefiting from Bitcoin’s assurances. Trade offs remain, and some features of Bitcoin don’t apply in a custodial context, but if protocols like Proof of Solvency are implemented, some of Bitcoin’s guarantees can shine through, even if filtered through an intermediary.

What should Bitcoin banks look like?

Is Hal’s vision of a world of banks backed by Bitcoin plausible? In one sense, it’s the world we have today, as many users only touch Bitcoin indirectly, through custodians and intermediaries. While most exchanges are presumed to be full-reserve, and indeed generally claim to be, in practice this isn’t universally the case. It’s becoming clear, for instance, that QuadrigaCX was running a fractional reserve for most of its existence. I don’t need to recap the sordid history of malfeasance and negligence at cryptocurrency exchanges.

Scaling the base layer. Rockport MA.

Credit creation on Bitcoin

Many Bitcoiners will recoil in horror at the words “fractional reserve,” even though they were uttered by Satoshi’s first disciple himself, Hal Finney. However, I believe that the risk of fractional reserves can be managed, if they are accountable to the free market and if the banks are transparent about their actual reserves.

Robust to external shocks: Bova’s bakery. Boston, MA.

What do proofs of solvency actually prove?

So far I’ve been treating proofs of solvency/reserve as largely homogenous, which does them a disservice. In fact, I should be more precise about the nomenclature. A proof of reserve involves proving what you actually own, and it is generally meaningless without a corresponding proof of liability, which is a proof of what you claim you owe. Together, if executed correctly, they can serve as a conditional proof of solvency.

<@gmaxwell> First you show how much funds you have via signmessage for actual coins on the chain. Thats easy enough.

Then you need to prove how much you should have. This is a little tricker. You could just publish EVERYONE's balances e.g. by account ID but thats undesirable for privacy and commercial reasons.
  • Proof of assets (/reserves): the exchange uses some ZKP trickery to prove that it owns a certain number of BTC, without revealing that number (read the paper for more detail)
  • Proof of liability: the exchange commits to the total sum of user balances, also allowing depositors to privately verify that the exchange is committing to the right balance
  • Proof of solvency: the exchange proves in zero knowledge that the proof of assets and liability sum to 0

Where are the Bitcoin banks?

So if Finney’s Bitcoin banks can help scale Bitcoin, where are they? The large exchanges and custodians (I’m using exchanges, custodians, and other depository institutions that take Bitcoins interchangeably with ‘banks’ here) are just another set of trusted third parties. As the gatekeepers to Bitcoin, they often do more harm than good, impairing open access and free exit.

  • June 2011: Mark Karpeles constructs a crude proof of solvency with the famous 424,242 BTC transaction
  • February 2014: Coinkite posts a now-deleted proof of reserve audit
  • February 2014: in the wake of the Gox insolvency, executives at Coinbase, Kraken, Bitstamp, BTC China, Blockchain.info, and Circle publish a joint statement promising audits and more transparency. Only Kraken and Bitstamp prove reserves, and none on an ongoing basis
  • February 2014: Coinbase summons Andreas Antonopoulos to review their storage practices, although he does not conduct a formal review. He subsequently deletes his blog about it
  • March 2014: Bitstamp publishes an outside attestation as to their solvency, in the process creating the largest transaction in history (at the time)
  • March 2014: Kraken proves reserves using the merkle approach, claiming that they “intend to perform regular audits on an ongoing basis.” They do not.
  • April 2014: British exchange Coinfloor issues their first provable solvency report. Unlike every other Bitcoin exchange in existence, they follow it up with another report the following next month. And again. And again. Last month, they published their 60th report, far more than every other exchange combined.
  • August 2014: Huobi releases a proof of reserve audit administered by Stefan Thomas
  • August 2014: OkCoin “passes” a proof of reserve audit administered by Stefan Thomas. However, upon leaving OkCoin in acrimonious circumstances, outgoing CTO Changpeng Zhao (CZ) admits to having overseen the falsification of the Proof of Reserve attestation. OkCoin strongly denies this claim, saying that no falsification occured.
  • June 2015: Bitfinex issues a press release stating that, using Bitgo’s multisig software, they will rid themselves of their omnibus model and store user coins in segregated accounts, so that depositors could verify their holdings on-chain in real time. In August 2016, Bitfinex is hacked to the tune of of 119k BTC and they abandon the segregated multisig method. Bitfinex subsequently publishes BTC, EOS, and ETH coldwallet addresses for public scrutiny
  • November 2018: Tether issues a quasi-proof of reserves; their banking partner Deltec Bank and Trust Limited attests to their cash balance. This matches the amount of Tethers in circulation, although skeptics aren’t quite satisfied
Waiting for exchanges to follow up on initial proofs of reserves

Conclusion

Bitcoin is an institutional technology, a nation state without an army. Perhaps instead of trying to force it into a mold that ill-suits it, we should instead try to reckon with its present reality. Yes, a messy patchwork of custodians and banks has emerged, many of them taking a devil-may-care attitude to user deposits. Over a billion dollars have been stolen or misappropriated from these honeypots.

Objections

Bitcoin Banks are inherently incompatible with Bitcoin

There is a somewhat nihilistic view present in Bitcoinland which starkly denies the importance of exchanges and custodians, as if they didn’t exist. This is often born, in my opinion, of a nostalgia for the 2010–12 era when the network was genuinely quite flat and non-hierarchical. Of course, you can’t inhibit free enterprise and commerce, and smart entrepreneurs decided to create useful services of exchange, custody, and banking for bitcoiners.

Why would anyone start proving reserves now, given that it’s so out of favor?

There is a perverse feature of the cryptocurrency industry that could be referred to as the paradox of transparency. Put simply, the more transparent you are, the more attack surface you open up, and the more opportunity your critics have to undermine you. As a consequence, being open and transparent is disincentivized. Since this industry has been lightly regulated so far, most successful projects are highly obscure in their operation. There is no equivalent of a 10-K for established projects or an S1 for new token launches.

  • The growth of SROs. Absent any new legislation or more activist regulators, self-regulatory organizations may come to play a larger role in the US and other developed nations. Japan leads the way already. SROs will need to advocate to their national governments that they are imposing standards on exchanges, and asking member organizations to prove solvency is an easy (and not overly onerous) carrot.
  • The extended fallout from QuadrigaCX. The full details from the scandal have not yet been revealed, but it is increasingly likely that it was not a case of misplaced keys. Forensic evidence is pointing to a deliberate, years-long fractional reserve. This kind of deception is unprecedented in Bitcoin; in Gox, the exchange was hacked rather than deliberately stealing funds from depositors.
  • A bifurcation into grey/black market and compliant exchanges. A split is coming where a set of sophisticated, regulator-friendly exchanges emerge make a clean break from the underclass of unregulated exchanges. This new cohort will seek to differentiate themselves, not on the basis of the number of tokens traded, but in terms of credibility and security. Introducing audits which include proofs of reserve will be a natural source of differentiation.

Fractional reserves at banks permanently destroy the value proposition of Bitcoin

There is a common misconception that a Bitcoin bank running a fractional reserve permanently impairs Bitcoin’s assurances. For sure, a fractional reserve at a bank inflates the supply of credit (loosely, money) for the period that it persists. QuadrigaCX did exactly this: they didn’t have sufficient reserves, and they covertly increased the supply of Bitcoin, if you include Bitcoin IOUs in your assessment of Bitcoin’s supply.

Fractional reserves are inherently bad/evil

This is more of a philosophical position than one that can be settled empirically. I happen to believe that non-full-reserve banking on Bitcoin is inevitable, and since it is inevitable, we might as well advocate for it to be as responsible and transparent as possible. I believe that the reason fractional reserves at Bitcoin banks are bad is not due to any inherent problem with fractional reserves themselves because they misrepresent the solvency of an exchange. Full reserve exchanges can always redeem deposits; fractional reserve exchanges occasionally default on that obligation.

It’s impossible to effectively audit a Bitcoin bank

One of the harshest critics of the reserve currency model of Bitcoin is Eric Voskuil. In a post on his Libbitcoin wiki, Eric pushes back at the Ammousian view of Bitcoin as a sound reserve to be used by commercial or central banks, similar to the way our monetary system used to operate with gold. (Eric also gave an interesting talk on the topic at Baltic Honeybadger 2018).

  • That commercial banks would be coopted by the State — indeed, that banks are mere extensions of the State
  • That proofs of reserves can never provide adequate guarantees to depositors
  • That reserve ratios must be upheld by trust and hence would fail to be enforced
  • That the entire bitcoin market would be consolidated within these depository institutions would would settle IOUs against each other
  • Bitcoin is auditable by design. What an individual does when they run a full node is that not only do they continuously audit the supply and make sure that the rules are being followed, but they audit the entire sequence of historical transactions to make sure every single one was legitimate and within the rules
  • Auditing Bitcoin’s M1 is cheap. It costs a few dollars a month to run a node. Gold nodes, by contrast, are expensive. XRF Spectrometers are pricey and tricky to operate. A fully trusted gold supply chain is so expensive that there only a handful in the world, with London being by far the biggest. In practice, in the private gold market, the cost of verifying any given lump of gold is so high that entire trusted supply chains have been created, so that gold circulates within a walled garden and doesn’t have to be reverified at every step. If you are curious, read the LBMA’s good delivery rules. $300b worth of gold is currently held in London within this framework. Alternatively, central banks just custody large quantities of gold themselves and never move it.
  • Assessing the amount of Bitcoin credit outstanding is at least plausible, whereas for gold it’s impossible. If exchanges issue IOUs redeemable for Bitcoin deposits, as they do today, we have the tools to verify that they aren’t lying to us

Why are you settling for intermediation? Why not push for a world where Bitcoin is used directly by all?

I’m aware that my approach could be perceived as settling. However, I think the opportunity to live in a world where non-intermediated Bitcoin is the sole mode of usage has long passed us by. Normal people have a voracious demand for custodians and banks — and that makes sense. We don’t self-custody our stock certificates either. These things are a challenge to custody ourselves, and the additional benefits of banks — earning interest, providing peace of mind, and so on — have made them extremely popular.

Slide from my presentation at BH2018

What if [bad thing] happens to Bitcoin? Is this generalizable?

The framework I’m proposing applies to any auditable digital bearer asset. That’s the distinction between gold and virtual currencies/commodities: they are natively auditable, whereas gold is extremely cumbersome to audit and verify. Privacycoins are more challenging but there are ways to audit them with viewkeys or selective disclosure.

Lending by Bitcoin banks effectively inflates the supply of BTC

Canny readers will remember their Econ 101 classes where it was demonstrated that the cascade of deposits and lending at banks with low reserve ratios leads to the effective creation of new money — far more money than existed in deposits.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store