Chris Berg – Chris Berg

Voting with time commitment for decentralized governance: Bond voting as a Sybil-resistant mechanism

With Vijay Mohan and Peyman Khezr. Available at SSRN

Abstract: Blockchain applications are increasingly experimenting with novel governance mechanisms that address issues that are important for their community: resistance to voter fraud in the form a Sybil attack; resistance to the formation of a plutocracy within the community; and, the ability to express preference intensity. In this paper, we take a closer look at these issues confronting decentralized governance. Our contribution is three-fold: first, we lay some analytical foundations for the formal modelling of the necessary and sufficient conditions for a voting system to be resistant to a Sybil attack; second, we show that a voting mechanism with a single instrument for expressing preference intensity, such as the quantity of tokens, cannot simultaneously achieve resistance to both Sybil attacks and plutocracy formation; and third, we design a voting mechanism, bond voting, that is Sybil resistant and offers a second instrument of voting influence (time commitment) for plutocracy resistance.

Why airdrop cryptocurrency tokens?

With Darcy WE Allen and Aaron M Lane. Available at SSRN

Abstract: A cryptocurrency token airdrop is a novel means of distributing rights over a blockchain project to a community of users and owners for free. The market value of these airdrop giveaways is often upwards of hundreds of millions of dollars. This paper considers why projects might choose this unusual and costly means of token distribution. It considers a selection of high-profile airdrops as case studies between 2014 and 2022. This is the first comprehensive analysis of the rationales and mechanisms of Web3 token airdrops. We find that two primary rationales for airdrops are marketing (to attract new users and to maintain a community) and decentralisation of ownership and control of a project (building community, providing regulatory protection, and enhancing security). The paper contributes to an understanding of business practice and strategy in the emerging cryptocurrency and blockchain industry.

Repugnant innovation

With Darcy WE Allen and Sinclair Davidson. Journal of Institutional Economics, published online 11 October 2022. Working paper at SSRN

Abstract: Repugnant innovation is a form of evasive entrepreneurship that occurs in repugnant markets. Repugnance is an informal institution – controlled by long-lived norms, attitudes, customs and traditions – and repugnant innovation acts to shift institutions at the lowest level of the institutional stack. The paper considers three examples of repugnant innovation: e-cigarettes, online gambling, and webcam modelling. Each repugnant innovation challenges the complex mixture of material and moral concerns that contributes to repugnance in their respective markets. The paper adds to and expands on a body of evidence about innovation in apparently unsupportive institutional environments.

Buyback and Burn Mechanisms: Price Manipulation or Value Signalling?

With Darcy WE Allen and Sinclair Davidson. Available at SSRN

Abstract: A core finding in traditional corporate finance is that manipulating funding instruments does not increase the value of a firm. Several Web3 projects have mechanisms to buy their tokens on the market and burn those tokens. If the finding from corporate finance holds in the Web3 environment then this manipulation of the value of tokens should not increase the value of those projects. This paper asks if these mechanisms serve more of a purpose than price manipulation. We provide an efficiency explanation for buyback and burn mechanisms: value signalling. A buyback and burn enables projects to signal that their business model has genuine network effects, and that it is not a Ponzi scheme. This finding has implications for the motivation, justification and design of buyback and burn mechanisms across Web3.

The exchange theory of web3 governance (or ‘blockchains without romance’)

Working paper with Jason Potts, Darcy W E Allen, Aaron M. Lane and Trent MacDonald. Available on SSRN

Abstract: Blockchains have enabled innovation in distributed economic institutions, such as money (e.g. cryptocurrencies) and markets (e.g. DEXs), but also innovations in distributed governance, such as DAOs, and new forms of collective choice. Yet we still lack a general theory of blockchain governance. James Buchanan once described public choice theory as ‘politics without romance’ and argued instead for an exchange theory of politics. Following Buchanan, we argue here for an exchange view of blockchain governance. The ‘romantic’ view of blockchain governance is collective choice and consensus through community voting. The exchange view, instead, is focused on entrepreneurial discovery of opportunities for value creation in governance space through innovation in protocols (e.g. Curve, Convex, Lido, Metagov, etc) that facilitate exchange of coordination and voting rights, that are newly made possible through tools that enable pseudonymous, composable and permissionless governance actions. The exchange lens on web3 governance also helps illuminate how this emergent polycentric process can generate robustness in decentralised systems.

Crypto-macroeconomics

With Jason Potts and Sinclair Davidson. Book chapter, available at SSRN.

Abstract: This chapter presents a Wagnerian vision of macroeconomics as a hybrid of several schools of thought and analytic frameworks, including public choice theory, constitutional economics, complexity economics, and evolutionary economics. We then review recent economic analysis of emerging crypto-economic systems. Toward synthesis, we propose that Wagnerian macroeconomics is a useful framework to understand how blockchains and crypto assets provide economic infrastructure and institutions for new private order economies, a new research field we call crypto-macroeconomics. We explore four proposed subfields of crypto-macroeconomics: technology, constitutions, money, and policy.

Interoperability as a critical design choice for central bank digital currencies

Working paper available at SSRN

Abstract: Interoperability is a key economic and technical consideration for payment systems. This paper explores the implications of interoperability for central bank digital currencies (CBDCs). CBDCs are digital representations of central bank money. A critical question is how those digital representations can interoperate with other CBDCs, private blockchains, and permissioned blockchains. By comparing prevailing CBDC interoperability models with interoperability in blockchain ecosystems, the paper finds that CBDC architectural choices are deeply intertwined with policy choices in a way not yet understood by the scholarly and policy literature. Widely discussed CBDC policy questions (such as whether a CBDC should be retail or wholesale, whether interest should be paid on CBDC holdings, and how privacy should be protected) are better understood as choices around interoperability. The paper concludes by connecting the CBDC policy debate to a parallel debate about fiat-backed stablecoin architecture and governance.

Why a US crypto crackdown threatens all digital commerce

Australian Financial Review, 10 August 2022

The US government’s action against the blockchain privacy protocol Tornado Cash is an epoch-defining moment, not only for cryptocurrency but for the digital economy.

On Tuesday, the US Treasury Department placed sanctions on Tornado Cash, accusing it of facilitating the laundering of cryptocurrency worth $US7 billion ($10.06 billion) since 2019. Some $455 million of that is connected to a North Korean state-sponsored hacking group.

Even before I explain what Tornado Cash does, let’s make it clear: this is an extraordinary move by the US government. Sanctions of this kind are usually put on people – dictators, drug lords, terrorists and the like – or specific things owned by those people. (The US Treasury also sanctioned a number of individual cryptocurrency accounts, in just the same way as they do with bank accounts.)

But Tornado Cash isn’t a person. It is a piece of open-source software. The US government is sanctioning a tool, an algorithm, and penalising anyone who uses it, regardless of what they are using it for.

Tornado Cash is a privacy application built on top of the ethereum blockchain. It is useful because ethereum transactions are public and transparent; any observer can trace funds through the network. Blockchain explorer websites such as Etherscan make this possible for amateur sleuths, but there are big “chain analysis” firms that work with law enforcement that can link users and transactions incredibly easily.

Tornado Cash severs these links. Users can send their cryptocurrency tokens to Tornado Cash, where they are mixed with the tokens of other Tornado Cash users and hidden behind a state-of-the-art encryption technique called “zero knowledge proofs”. The user can then withdraw their funds to a clean ethereum account that cannot be traced to their original account.

Obviously, as the US government argues, there are bad reasons that people might want to use such a service. But there are also very good reasons why cryptocurrency users might want to protect their financial privacy – commercial reasons, political reasons, personal security, or even medical reasons. One mundane reason that investment firms used Tornado Cash was to prevent observers from copying their trades. A more serious reason is personal security. Wealthy cryptocurrency users need to be able to obscure their token holdings from hackers and extortionists.

Tornado Cash is a tool that can make these otherwise transparent blockchains more secure and more usable. No permission has to be sought from anyone to use Tornado Cash. The Treasury department has accused Tornado Cash of “laundering” more than $US7 billion, but that seems to be the total amount of funds that have used the service at all, not the funds that are connected to unlawful activity. There is no reason to believe that the Tornado Cash developers or community solicited the business of money launderers or North Korean hackers.

Now American citizens are banned from interacting with this open-source software at all. It is a clear statement from the world’s biggest economy that online privacy tools – not just specific users of those tools, but the tools themselves – are the targets of the state.

We’ve been here before. Cryptography was once a state monopoly, the exclusive domain of spies, diplomats and code breakers. Governments were alarmed when academics and computer scientists started building cryptography for public use. Martin Hellman, one of those who invented public key cryptography in the 1970s (along with Whitfield Diffie and Ralph Merkle), was warned by friends in the intelligence community his life was in danger as a result of his invention. In the so-called “crypto wars” of the 1990s, the US government tried to enforce export controls on cryptographic algorithms.

One of the arguments made during those political contests was that code was speech; as software is just text and lines of code, it should be protected by the same constitutional protections as other speech.

GitHub is a global depository for open-source software owned by Microsoft. Almost immediately after the Treasury sanctions were introduced this week, GitHub closed the accounts of Tornado Cash developers. Not only did this remove the project’s source code from the internet, GitHub and Microsoft were implicitly abandoning the long-fought principle that code needs to be protected as a form of free expression.

An underappreciated fact about the crypto wars is that if the US government had been able to successfully restrict or suppress the use of high-quality encryption, then the subsequent two decades of global digital commerce could not have occurred. Internet services simply would not have been secure enough. People such as Hellman, Diffie and Merkle are now celebrated for making online shopping possible.

We cannot have secure commerce without the ability to hide information with cryptography. By treating privacy tools as if they are prohibited weapons, the US Treasury is threatening the next generation of commercial and financial digital innovation.

Reliable systems out of unreliable parts

Amsterdam Law & Technology Institute Forum, 27 July 2022. Originally published here.

How we understand where something comes from shapes where we take it, and I’m now convinced we’re thinking about the origins of blockchain wrong.

The typical introduction to blockchain and crypto for beginners – particularly non-technical beginners – gives Bitcoin a sort of immaculate conception. Satoshi Nakamoto suddenly appears with a fully formed protocol and disappears almost as suddenly. More sophisticated introductions will observe that Bitcoin is an assemblage of already-existing technologies and mechanics – peer to peer networking, public-key cryptography, the principle of database immutability, the hashcash proof of work mechanism, some hand-wavey notion of game theory – put together in a novel way. More sophisticated introductions again will walk through the excellent ‘Bitcoin’s academic pedigree’ paper by Arvind Narayanan and Jeremy Clark that guides readers through the scholarship that underpins those technologies.

This approach has many weaknesses. It makes it hard to explain proof-of-stake systems, for one. But what it really misses – what we fail to pass on to students and users of blockchain technology – is the sense of blockchain as a technology for social systems and economic coordination. Instead, it comes across much more like an example of clever engineering that gave us magic internet money. We cannot expect every new entrant or observer of the industry to be fully signed up to the vision of those that came before them. But it is our responsibility to explain that vision better.

Blockchains and crypto are the heirs of a long intellectual tradition building fault tolerant distributed systems using economic incentives. The problem this tradition seeks to solve is: how can we create reliable systems out of unreliable parts? In that simply stated form, this question serves not just as a mission statement for distributed systems engineering but for all of social science. In economics, for example, Peter Boettke and Peter Leeson have called for a ‘robust political economy’, or the creation of a political-economic system robust to the problems of information and incentives. In blockchain we see computer engineering converge with the frontiers of political economy. Each field is built on radically different assumptions but have come to the same answers.

So how can we tell an alternative origin story that takes beginners where they need to go? I see at least two historical strands, each of which take us down key moments in the history of computing.

The first starts with the design of fault tolerant systems shortly after the Second World War. Once electronic components and computers began to be deployed in environments with high needs for reliability (say, for fly-by-wire aircraft or the Apollo program) researchers turned their mind to how to ensure the failure of parts of a machine did not lead to critical failure of the whole machine. The answer was instinctively obvious: add backups (that is, multiple redundant components) and have what John von Neumann in 1956 called a ‘restoring organ’ combine their multiple outputs into a single output that can be used for decision-making.

But this creates a whole new problem: how should the restoring organ reconcile those components’ data if they start to diverge from each other? How will the restoring organ know which component failed? One solution was to have the restoring organ treat each component’s output as a ‘vote’ about the true state of the world. Here, already, we can see the social science and computer science working in parallel: Duncan Black’s classic study of voting in democracies, The Theory of Committees and Elections was published just two years after von Neumann’s presentation of the restoring organ tallying up the votes of its constituents.

The restoring organ was a single, central entity that collated the votes and produced an answer. But in the distributed systems that started to dominate the research on fault tolerance through the 1970s and 1980s there could not be a single restoring organ – the system would have come to consensus as a whole. The famous 1982 paper ‘The Byzantine Generals’ Problem’ paper by Leslie Lamport, Robert Shostak and Marshall Peace (another of the half-taught and quarter-understood parts of the origins of blockchain canon) addresses this research agenda by asking how many voting components are needed for consensus in the presence of faulty – malicious – components. One of their insights was cryptographically unforgeable signatures makes the communication of information (‘orders’) much simplifies the problem.

The generation of byzantine fault tolerant distributed consensus algorithms that were built during the 1990s – most prominently Lamport’s Paxos and the later Raft – now underpin much of global internet and commerce infrastructure.

Satoshi’s innovation was to make the distributed agreement system permissionless – more precisely, to join the network as a message-passer or validator (miner) does not require the agreement of all other validators. To use the Byzantine generals’ metaphor, now anyone can become a general.

That permissionlessness gives it a resilience against attack that the byzantine fault tolerant systems of the 1990s and 2000s were never built for. Google’s distributed system is resilient against a natural disaster, but not a state attack that targets the permissioning system that Google as a corporate entity oversees. Modern proof-of-stake systems such as Tendermint and Ethereum’s Casper are an evolutionary step that connects Bitcoin’s permissionlessness with decades of knowledge of fault tolerant distributed systems.

This is only a partial story. We still need the second strand: the introduction of economics and markets into computer science and engineering.

Returning to the history of computing’s earliest days, the institutions that hosted the large expensive machines of the 1950s and 1960s needed to manage the demand for those machines. Many institutions used sign-up sheets, some even had dedicated human dispatchers to coordinate and manage a queue. Timesharing systems tried to spread the load on the machine so multiple users could work at the same time.

It was not long before some researchers realised that sharing time on a machine was fundamentally a resource allocation problem that could be tackled by with relative prices. By the late 1960s Harvard University was using a daily auction to reserve space on their PDP-1 machine using a local funny money that was issued and reissued each day.

As the industry shifted from a many-users, one-computer structure to a many-users, many-distributed-computers structure, the computer science literature started to investigate the allocation of resources between machines. Researchers stretched for the appropriate metaphor: were distributed systems like organisations? Or were they like separate entities tied together by contracts? Or were they like markets?

In the 1988 Agoric Open Systems papers, Mark S. Miller and K. Eric Drexler argued not simply for the use of prices in computational resource allocation but to reimagine distributed systems as a full-blown Hayekian catallaxy, where computational objects have ‘property rights’ and compensate each other for access to resources. (Full disclosure: I am an advisor to Agoric, Miller’s current project.) As they noted, one missing but necessary piece for the realisation of this vision was the exchange infrastructure that would provide an accounting and currency layer without the need for a third party such as a bank. This, obviously, is what Bitcoin (and indeed its immediate predecessors) sought to provide.

We sometimes call Bitcoin the first successful fully-native, fully-digital money, but skip over why that is important. Cryptocurrencies don’t just allow for censorship-free exchange. They radically expand the number of exchange that can occur – not just between people but between machines. Every object in a distributed system, all the way up and down the technology stack, has an economic role and can form distinctly economic relationships. We see this vision in its maturity in the complex economics of resource allocation within blockchain networks.

Any origin story is necessary simplified, and the origin story I have proposed here skips over many key sources of the technology that is now blockchain: cryptography, the history and pre-history of smart contracts, and of course the cypherpunk community from which Bitcoin itself emerged. But I believe this narrative places us on a much sounder footing to talk about the long term social and economic relevance of blockchain.

As Sinclair Davidson, Jason Potts and I have argued elsewhere, blockchains are an institutional technology. They allow us to coordinate economic activity in radically different ways, taking advantage of the global-first, trust-minimised nature of this distributed system to create new types of contracts, exchanges, organisations, and communities. The scale of this vision is clearest when we compare it with what came before.

Consider, for instance, the use of prices for allocating computer time. The early uses of prices were either to recoup the cost of operation for machines, or as an alternative to queuing, allowing users to signal the highest value use of scarce resources. But prices in real-world markets do a lot more than that. By concentrating dispersed information about preferences they inspire creation – they incentivise people to bring more resources to market, and to invent new services and methods of production that might earn super-normal returns. Prices helped ration access to Harvard’s PDP-1, but could not inspire the PDP-1 to grow itself more capacity.

The Austrian economist Ludwig von Mises wrote that “the capitalist system is not a managerial system; it is an entrepreneurial system”. The market that is blockchain does not efficiently allocate resources across a distributed system but instead has propelled an explosion of entrepreneurial energy that is speculative and chaotic but above all innovative. The blockchain economy grows and contracts, shaping and reshaping just like a real economy. It is not simply a fixed network with nodes and connections. It is a market: it evolves.

We’ve of course seen evolving networks in computation before. The internet itself is a network – a web that is constantly changing. And you could argue that the ecosystem of open-source software that allows developers to layer and combine small, shared software components into complex systems looks a lot like an evolutionary system. Neither of these directly use the price system for coordination. They are poorer for it. The economic needs of internet growth has encouraged the development of a few small and concentrated firms while the economic needs of open-source are chronically under-supplied. To realise the potential of distributed computational networks we need the tools of an economy: property rights and a native means of exchange.

Networks can fail for many reasons: nodes might crash, might fail to send or receive messages correctly, their responses might be delayed longer than the network can tolerate, they might report incorrect information to the rest of the network. Human social systems can fail when information is not available where and when it is needed, or if incentive structures favour anti-social rather than pro-social behaviours.

As a 1971 survey of the domain of fault tolerant computing noted “The discipline of fault-tolerant computing would be unnecessary if computer hardware and programs would always behave in perfect agreement with the designer’s or programmer’s intentions”. Blockchains make the joint missions of economics and computer science stark: how to build reliable systems out of unreliable parts.

On Coase and COVID-19

With Darcy WE Allen, Sinclair Davidson and Jason Potts. European Journal of Law and Economics volume 54, page 107–125 (2022)

Abstract: From the epidemiological perspective, the COVID-19 pandemic is a public health crisis. From the economic perspective, it is an externality and a social cost. Strikingly, almost all economic policy to address the infection externality has been formulated within a Pigovian analysis of implicit taxes and subsidies directed by a social planner drawing on social cost-benefit analysis. In this paper, we draw on Coase (1960) to examine an alternative economic methodology of the externality, seeking to understand how an exchange-focused analysis might give us a better understanding of how to minimise social cost. Our Coasean framework allows us to then further develop a comparative institutional analysis as well as a public choice theory analysis of the pandemic response.

Published here. Working version available at SSRN or in PDF here.