Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Nitin Yadav: Brain, Mind and Markets Lab The University of Melbourne

Download as pdf or txt
Download as pdf or txt
You are on page 1of 61

Nitin Yadav

Brain, Mind and Markets Lab


The University of Melbourne

Semester 2, 2019
● 5 multiple choice questions
● 10 minutes to complete
● Worth 2% of your final mark
○ All multiple choice questions are weighted equally
● Please enter your name and student number correctly
○ Your marks will be recorded against your student number
● Please use your Unimelb student account to login to Google
● Complete on your own!

2
1. Regulated payment systems
a. Swift
b. Online payment systems
2. How cryptocurrencies work and technology behind them
a. Cryptography and hashing
b. Addresses
c. Transactions
d. Blockchain
e. Mining and consensus
3. Security and some caveats
4. How to evaluate cryptocurrencies?

3
1. Regulated payment systems

4
● Society for Worldwide Interbank Financial Telecommunication
● A messaging platform that links more than 11,000 financial institutions globally
● Does NOT hold funds, or manage accounts, or transfer money
● Provides a secure, reliable, trusted, communication channel
● Revenue of 811m EUR in 2018

5
Expressed in million messages (average daily traffic volumes per month)
● Each financial institution identified by a code
<bank-id><country><branch>
○ E.g., a CBA branch has the code CTBAAU2SOBU
● Messages are sent through the SWIFT network
○ Cost: €2.333 up to €1Mn
● Money transferred via interbank relationships
● What if two banks don’t have a relationship?
○ An intermediary is found who has a relationship with Source: HSBC’s guide to straight-through processing

both banks
● Banks earn money via spread and/or charging fees
to customers
○ Expensive and inefficient process

Q: What about local/domestic transfers?


6
These are regulated online payment systems

● Around 4.3+ billion internet users (2019)


● Around 3.4+ billion social media users (2019)

Source: wikipedia

7
● Technology reaches where banks
don’t!
● Technology has impact where usual
channels have failed (e.g., protection
from loan sharks)
● Solution to “Sorry No-Change”?
Response to an increasingly
cash-free society

https://www.financialexpress.com/industry/beggars-with-qr-code-chinese-poor-collect-alms-in-mobile-wallets-ditch-tin-bo
wls/1641567/
https://www.dailymail.co.uk/news/peoplesdaily/article-3235484/No-small-change-Chinese-shoppers-cash-free-farmer-s-m
arket-thanks-tech-let-pay-smartphones.html

8
2. How cryptocurrencies work and technologies
behind them
• Cryptography and hashing
• Addresses
• Transactions
• Blockchain
• Mining and consensus

Note: Many slides use bitcoin as an example, but the concepts discussed here are generic to cryptosystems.
9
Source: BIS annual economic report 2018.

10
● A central authority (e.g., a bank) ● Authority is distributed and there is consensus on rules
● Ledger is maintained by one authority ● Ledger is distributed
● Identities are verified (TFN, Driver’s License, Passport, etc) ● Identities are anonymous (hard to keep bad actors out)
● Central authority prevents double spending ● System needs to have rules to avoid double spending
● If the system is exposed (e.g., credit card information is ● Hard to bring down the whole network (attacks still
leaked) individual is compromised possible)
11
Images from: https://www.aier.org/article/sound-money-project/centralized-decentralized-and-distributed-payment-mechanisms
● Peer to peer network
● A public ledger
(blockchain)
● A set of rules
○ Validation
○ Currency creation
● Decentralized
consensus

12
Source: http://thumbnails.visually.netdna-cdn.com/bitcoin-infographic_5029189c9cbaf.jpg
And now to the ground level view...

Note: Understand the concepts first and then the details.


13
Hex Decimal
● Decimal number system
○ Base 10 (0 to 9)
a 10
103 102 101 100
= 3*103 + 2*102 + 3*101 + 4*100 = 3234
3 2 3 4 b 11

c 12
● Hexadecimal number system
○ Base 16 (0 to 9 and then a till f)
d 13

163 162 161 160


= 12*162 + 10*161 + 2*160 = 3234 e 14
0 c a 2

f 15

You will see Hexadecimal numbers in cryptocurrency systems. 14


● Cryptography:
○ Kryptós in greek means "hidden, secret"
○ Originated as use of techniques to keep secrets, and share them with only select parties
■ Played key role in WWII (Alan Turing and the “enigma” machine)
● Public-key (asymmetric) cryptography:
○ Uses a pair of keys: A public key and a private key
■ Private key should be kept secret, public key can be common knowledge
■ It is very hard to construct the private key from its corresponding public key
■ Conceptually we can think of these two keys as procedures or functions
● We will take a message and use the public key to manipulate that message
○ Two most common uses are encryption and digital signatures

15
Building blocks
Let us denote the private procedure by D and the public procedure by E.
These have the following 4 properties:

1. D(E(M)) = M. Using E followed by D yields the original message


2. E(D(M)) = M. Using D followed by E yields the original message
3. Functions D and E are easy to compute
4. Knowledge about E does not yield any information on how to construct D

A function E satisfying 1, 3, 4 is called a “trap-door one-way function” :

● One-way: Easy to compute only in one direction


● Trap-door: Inverse of the function is easy to compute if some secret information is known

16
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Encryption
Alice wants to tell Bob a secret, i.e., that she likes FNCE30012.
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.

Alice Bob

FNCE30012 is Fun

1. M’=EB(M)
2. M’
O4RoY0cTXD8hqcqoBC8v21jAdHyo9LeL7jiAsPfIyJ
bwTZjDfg24nwz2Qc7CLxkdCWn/YGHArfqZ96ISg5
J6Xg==
3. M=DB(M’)
FNCE30012 is Fun

17
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Digital signature
Where is the proof that it is indeed Alice who likes FNCE30012.
(Bob could have sent that message to himself...)
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.

Alice Bob Bob now has signature S and


message M. S can only be
1. S = DA(M) generated by Alice for message M
2. M’ = EB(S)
3. M’
A signature has to be message
MEUCICLfM35Wrj78UxD1qGkThHszLpagD9lxOh3
9aVYXyQARAiEArB00L/Gin0QtlnMcSrZ+GPVGoBe
U8YM1VA1p5sR27J0= 4. S = DB(M’) dependent and sender dependent
5. M = EA(S)

18
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Digital signature without encryption
Alice can also broadcast her message to everyone.
(Anyone can verify that the message indeed came from Alice)
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.

Alice Internet A signature has to be message


dependent and sender dependent
1. S = DA(M)
2. M
3. M+S
XA9CICLfM35Wrj78UxD1qGkThHszLpagD9lxOh39
aaYXyQARAiEArB00L/Gin0QtlnMcSrZ+G=
4. M = EA(S)

Note: This is a conceptual example.


19
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Hashing
● A process to convert an input of arbitrary size to a fixed size
● One-way function (no trap-doors!)
● Plays a critical role in many systems (e.g., storing passwords)
● Ideal properties for cryptography:
○ Deterministic: same input should always produce the same output
○ Easy to compute
○ A small change of the input should yield a new output that is uncorrelated with old output
○ Extremely low probability for two inputs to have same output
○ Essential for tamper-proof property (i.e., to prevent unauthorised modification of a message)
○ Outputs are generally in hex format (see the slide on decimal and hexadecimal formats)
● Example:
○ sha256(“FNCE30012 is fun”) = 30fd1bf869fd72a8b7fd6c1ba0100e4b3ce661cb2af58716b3e99027b4ea0ed9
○ sha256(“FNCE30010 is fun”) = 137582ae3ea395957f28315a28e6b4261e29b5f232b837a7eb105d272687dacb
20
● Every account in a cryptocurrency systems consists of a pair:
○ A private key
■ Is like your ATM pin
■ Keep it secret, only you should know it!
■ Usually picked at random using cryptographically secure (pseudo)random number generator
■ It is a big number e.g., e150290c1e40964981b6826b03cdb5f98eca398dc359a1dd1e181580df3b8fa7 (in hex)
○ A public address
■ Is like your account number
■ Will be shared to receive funds
■ Generated from public key (public key is generated from private key)
■ (e.g., 0x9f8217d5bebae2f052f0d866fe448a6f6f88eab9)
● Account ownership established via private key, public address, and signatures
○ A signature is like a “witness”, used to authenticate a transaction without sharing private key

21
● The generation of a public address from a private key is done using a “Trap-door”
function:
○ Easy to compute the public address from a private key, but very difficult (computationally) to do the
reverse
○ In RSA (Rivest, Shamir, Adleman) this is achieved by multiplying two large prime numbers
■ Multiplication of two primes is easy, but finding correct factors of a semiprime is (currently)
computationally hard
■ Advances in quantum computing may make factoring easier
● For the curious: look at Shor’s algorithm
■ RSA is still used for securing the channel used to transmit data securely
● E.g., when you do online banking
○ In ECC (Elliptic curve cryptography) one uses properties of elliptic curve equations to generate keys
■ Key generation process is faster and yields smaller, yet more secure, keys
■ Used for most cryptocurrencies
22
Generating an account: private key → public key → address

e150290c1e40964981b6826b03cdb5f98eca398dc359a1d
d1e181580df3b8fa7
In tutorial 2 you will
create your accounts. Private key
This is already Using Elliptic Curve Digital Signature Algorithm
implemented.

f10953362e9597b1739a21049bc3f0b082cc250280c0885f
74d5934ddd53c8acabb73f195bc4bb55511e78c2d621aab4f
70713cacd4e54b4e2a1c8d8565f2daa

Public key
Hashing for Bitcoin Hashing for Ethereum

1Jr9g7VbaVPNxZYuYke651SmnXSSZ7p3pu 0x9f8217d5bebae2f052f0d866fe448a6f6f88eab9

Bitcoin address Ethereum address 23


Do you need to remember the public
addresses?

1. You can generate from private key


a. (Recall) Don’t forget the private key!
2. You can generate device friendly QR codes 1Jr9g7VbaVPNxZYuYke651SmnXSSZ7p3pu 0x9f8217d5bebae2f052f0d866fe448a6f6f88eab9

for an address
a. Print and keep in wallet or distribute
3. You can also generate payment QR codes Pay 1BTC
a. With some interesting messages!
FNCE30012
This is really fun

Note: Please don’t send any cryptocurrencies to these addresses.


24
An instruction (or
message) to transfer
a given value to a
given person

25
Source: https://www.commbank.com.au/personal/apply-online/download-printed-forms/betterbankingbook-adb1758.pdf
Required properties of such messages:

1. Completeness of instruction
Digital signatures
○ Time, account information, amount of transfer, etc.
and hashing provide
2. Authorisation
2, 3, and 4
○ The person who sent the transaction is the owner of the account
3. Non-repudiation
○ The owner cannot deny sending the transaction (later on)
4. Tamper-proof
○ No one else has modified the transaction after the owner has signed

26
Bitcoin Ethereum

● Created by Satoshi Nakamoto (pseudonym) in ● Proposed by Vitalik Buterin in 2013


2008 ● Smallest unit is called Wei
● BTC ("bitcoins"), mBTC ("millibitcoins") and ● 1 ETH = 1018 WEI
μBTC ("bits")
● Smallest unit is called Satoshi (Sat)
● 1 BTC = 108 BTC Sat

27
● Generally in a crypto system a cryptocurrency is transferred
○ Bitcoin in the bitcoin system and Ether in the ethereum system (we will revisit this later)
● Signed messages over the cryptocurrency network
○ In the case of Bitcoin, these messages encode transfer of value from one account to another
○ In the case of Ethereum, these messages contain a value transfer and (optionally) data
■ Data is relevant for smart contracts that we will cover next week
● Each transaction is recorded in a public blockchain
○ A distributed database (ledger)
● A simple process
1. Get the public address of the receiver
2. Create a transaction message
3. Sign the transaction with sender’s private key
4. Send the transaction to the network
28
Bitcoin transaction

● Similar to double-entry book keeping ledger


● A transaction has one or more inputs (like debits against an account), one or more
outputs (like credits to an account), and a signature
● Transaction fee = sum of inputs - sum of outputs
○ Like a money transfer fee

Bob Bob Transaction outputs:


1.97 btc to B 1 btc to B
● Indivisible unit of currency
● Unused outputs are called
“Unspent Transaction Outputs”
Alice Carol Carol or UTXO
10 btc from A 2. 2 btc to c 3 btc to B
● UTXO are tracked separately
● Useful to avoid double spending
1. Alice Alice
7.95 btc to A 3. 3.9 btc to B 29
Ethereum transaction (account based system) consists of:

● A recipient address, value of currency to be sent and any optional data


● Nonce: Number (count) of transactions sent from given address
○ Important to ensure order of transactions (a lower nonce transaction will be processed first)
○ Also important to avoid a “replay” attack
● Gas price and gas limit: Amount of transaction fee one is willing to pay
○ Priced in different unit called “gas”, one has to specify the price (in Wei) and amount of gas
● What happens if:
○ A transaction with a nonce of 9 is sent before a transaction with a nonce of 8?
■ The network will wait for the transaction with nonce 8, and then both transactions will be
processed
○ Two transactions with same nonce are sent?
■ Only one of them will be processed at random
30
Homework: Compare the nonce concept of Ether with UTXO concept of Bitcoin.
Think of this as a chain of blocks where each block contains one or more verified
transactions.

Common components of a public blockchain:

1. A peer-to-peer network that transmits and stores transactions


2. A set of rules defining what is a valid transaction
3. Secured blocks that provide a ledger of all past transactions
4. A consensus algorithm for decentralised control
5. A sound incentives scheme for maintenance and security

31
A common structure of a block:

● A header
○ A reference (hash) to the previous block
○ Details of the mining
■ Time stamp
■ Difficulty (related to consensus, proof of work)
■ Nonce (related to proof of work)
○ A merkle tree root
■ An efficient way to index transactions Genesis
Block
● List of verified transactions
● Number of included transactions
Source: https://bitcoin.org/bitcoin.pdf

32
● The first block is called the genesis block
● In the case of Bitcoin, a new block is
created on average every 10 mins
with limit size of 1Mb
● In Ethereum the limitation is on gas
○ 6.7 million gas (not fixed)
● A block can be identified by
○ Hash of the header; or
○ Height of the block (genesis block has height of 0) Genesis
● Everyone can view blocks and transactions in Block
a public blockchain, e.g.:
○ BlockChain Explorer (https://www.blockchain.com/explorer)
Source: https://bitcoin.org/bitcoin.pdf
○ BlockCypher (https://live.blockcypher.com)
33
○ Blockscout for Ethereum (https://blockscout.com/eth/mainnet/)
Crucial: Who verifies the transactions and how are they rewarded for their work?

● Decentralised “trust” mechanism


● Conceptually “mining” is a misnomer here:
○ The main purpose of mining is NOT to create new coins
○ Mining is an incentive mechanism to decentralise security
● Incentives for miners include:
○ New coins created with each newly mined block
○ Transaction fees from the transactions included in the new block
● How many Bitcoins are created in each new block?
○ The number of new bitcoins created is halved every 210,000 blocks (approx. 4 years)
○ Started with 50 Bitcoins in 2009, halved to 25 Bitcoins in 2012, and then to 12.5 in 2016
○ The decrease is exponential, no new Bitcoins will be issued after ~ 2140 (maximum of 21M BTC)
○ It is a deflationary currency 34
But how does decentralised consensus come about?

● Verification of transactions by multiple nodes on network


○ Mostly consistency checks e.g. amounts are correct, controlling for no double spending, etc
● Independent bundling of these transactions into blocks
○ Miners compete to mine the next block using Proof-of-Work algorithm
● Verification of new blocks by multiple nodes
○ The network can verify that the mined block is valid
● Agreed rules to resolve conflicts

35
● Given an input i and a difficulty target t, find a value n
such that: hash of i + n meets the target t

Conceptual example (using single sha256 hash):


i = “This is lecture 2 of Foundations of Fintech”
t = the last digit should be 0
n=7
→ sha256(“This is lecture 2 of Foundations of Fintech7) = …...160

● The input in the block is its header (except nonce), and nonce is the n
● The higher the number of prespecified ending digits, the higher the difficulty
○ For Bitcoin, difficulty is varied dynamically to ensure new blocks are created every 10 minutes on
average
36
● Finding a nonce is computationally hard, however, verifying it is easy
● A mined block is verified by all (full) nodes in the network
● Only validated blocks are sent to other nodes
● But what happens if more than one miner find a nonce for same block?
● The longest chain (i.e., the one with the most proof-of-work) is accepted
● A block has a unique parent (i.e., previous block hash) but may have more than one child

4 4 5
0 1 2 3 0 1 2 3 0 1 2 3
4’ 4’

Two different blocks mined The longer chain is accepted


after block 3
37
● Idea: Who can mine the next block is selected via their stake in the system
○ Stake could be a combination of factors, e.g., number of owned coins times the age of the coins
● In proof-of-work, cost for malicious attempt is extrinsic (e.g., computing power)
● In proof-of-stake, it is intrinsic (loss of currency)
○ Advantage is that it uses less overall computation power
○ Available in Ethereum, Peercoin, and more
● Mechanism:
○ Blockchain keeps track of “validators”: accounts that can sign a block
○ Validators take turn in signing the blocks
○ If an invalid block is signed, the validator loses its stake

38
3. Security and some caveats

39
● Centralised system (e.g., a bank)
○ Identities are verified (TFN, driver’s license, passport, etc)
○ Access is controlled
○ All transactions are sequential, hence double spending is easily avoided
○ If the system is exposed (e.g., credit card information is leaked), individuals are compromised
○ Trust in the central authority is a necessary condition
● Decentralised system (e.g., Bitcoin or Ethereum)
○ Bad actors cannot be kept out as there is no access control
○ Double spending is avoided due to the rules of decentralisation
○ Identifiable information is not stored
○ Trust emerges from the technology of public, open, decentralised ledger

40
● Transactions are broadcasted to the network and verified by multiple parties
● Full transaction history is maintained by the network with multiple copies
● A new block must be valid and verified by the network (e.g., PoW or PoS)
● If a block at height h has to be modified then all blocks at heights greater than h
must be recomputed
● Clear consensus rules to accept the true blockchain
● What if majority of the miners are malicious (majority attack)?
○ They might extend the block chain by adding blocks verified amongst themselves
○ As the chain grows it will become longer and be accepted as the main chain
● Generally transactions before the last 6 blocks are considered immutable

41
● Theft of private key
○ Issue with exchanges not necessarily the (Bitcoin) technology itself
○ https://en.bitcoin.it/wiki/List_of_Major_Bitcoin_Heists,_Thefts,_and_Losses
○ https://en.wikipedia.org/wiki/History_of_bitcoin#Theft_and_exchange_shutdowns
● Sybil attack
○ Shirley (Sybil) Ardell Mason had multiple personality disorders
○ Attacker can create multiple nodes and disrupt the network
● Dusting attack (Bitcoin)
○ “Dust” a small amount of Satoshis to accounts, then analyse if these accounts belong to same wallet
● Denial of service
○ Spam the network to delay transmission of transactions
● Finney attack
○ An attacker generates a block with a transaction A to B where A and B are from his wallet
○ The attacker does not broadcast the block
○ The attacker then creates a new transaction A to C, owner of C waits for a few seconds and honors the receipt
○ The attacker now broadcasts the block with transaction A to B
42
● Energy consumption is similar to Austria
● 6.7M+ US households can be powered with equivalent energy
● Consumes 0.33% of the world’s energy
● Approximately 21 US households can be powered for 1 day by energy consumed for 1 transaction
● Most miners are located in China (coal-based power vs renewable power generation)
43
Source: https://digiconomist.net/bitcoin-energy-consumption. Further reading: https://www.iea.org/newsroom/news/2019/july/bitcoin-energy-use-mined-the-gap.html
Source: Rauchs, Michel, et al. "2nd Global Cryptoasset Benchmarking Study." Available at SSRN 3306125 (2018).

44
● One block is mined on average every 10 mins This is because of the
● The specification puts a limit of 1Mb on the block size specification and not a
restriction of the
● This results in 7 transactions per second on average underlying technologies.
● Achieved by adapting the mining difficulty dynamically

Source: https://en.bitcoin.it/wiki/Scalability 45
Can Bitcoin handle the same volume of transactions as Visa and Mastercard?
This is about 2000 transactions per second, Bitcoin does around 7 transactions per second (see prev. slide)

● CPU
○ Can do about 4000 signature verifications
on a core i7 2.2Ghz (8000 if optimised)
● Block size can be increased
○ Bitcoin Cash and Bitcoin SV
● Network
○ About 1Mbps needed for 2000 transactions
per second
● “Lightning network” (Layer 2 systems)
● Some issues:
○ Hard drive space to store the full blockchain Source: https://www.statista.com/statistics/647523/worldwide-bitcoin-blockchain-size/

○ A possible solution is pruning of blockchain


Source: https://en.bitcoin.it/wiki/Scalability 46
4. Evaluating cryptocurrencies

47
What does it mean to talk about the “value” of a cryptocurrency?

● The “value” should somehow reflect the benefits it provides…


● What could those benefits be?
● Very controversial issue!

48
“[Bitcoin is] probably rat poison squared [...] In terms of cryptocurrencies, generally, I
can say with almost certainty that they will come to a bad ending [...] If I could buy a
five-year put on every one of the cryptocurrencies, I’d be glad to do it but I would
never short a dime’s worth.”

Warren Buffet on May 5, 2018


Rick Wilking

49
● Since 2017, value of 1
Bitcoin (BTC) consistently
above 1,000 USD
● Who is right? Warren Buffet
or Bitcoin traders?
● Can we tackle the question
more systematically?

50
We have to differentiate between:

1. Pure cryptocurrencies (e.g., Bitcoin) Today


○ Coins are unit of exchange (“money”)
○ Native to their own blockchain
○ Not a security (no claims on dividends, interest payments, etc.)
2. Tokens (e.g., FNTOM, “BMM coins”) Next week
○ Built on existing blockchains (economies of scope)
○ Based on smart contracts (running on, e.g., the Ethereum platform)
○ Can represent a physical asset (“BMM coins”)
○ Utility tokens:
■ Provide some form of utility (decentralized application)
○ Security tokens (investment) or equity tokens (ownership)
■ See 2018 FINMA guidelines

In both cases, coins are used to pay transaction fees, i.e., costs (“fuel”) for mining, and can act as
stake for the validation process of transactions. 51
● We follow a simplified version of Mitchnick and Athey (2018)
● Simple model:
○ Interested in the long-term fundamental value
○ In equilibrium we must have: demand = supply
○ Demand driven by:
■ Efficiency of economic transactions → medium of exchange
■ Possibility to save wealth over time → store of value
○ Leaves out the “unit of account” functionality (less relevant for valuation)
○ Model quantities still denominated in fiat currency (e.g., USD or AUD)

52
The demand D for the cryptocurrency has two components:

D=X+I

D = Total demand value (in $)

X = Transaction demand value (in $) → medium of exchange


I = Storage demand value (in $) → store of value

53
● We can go back to the “Quantity Theory of Money” (size of monetary base affects price
levels, see lecture 1)

● We then have the following identity:

MV = Y

M = Monetary base (in $) → here crypto monetary base


V = Velocity of money (average number of transaction per $ per day)

Y = Transaction volume (total volume in $ per day)

● As X (transaction demand value in $) needs to equal M, we get:

X = M = Y/V
54
● To be appealing as store of value, a cryptocurrency must fulfill 3 criteria:
1. Widespread expectation that it will be accepted as an instrument of value ?
2. Allows for secure storage without risk of theft, seizure, or destruction (✔
3. Common belief that its supply will not be increased arbitrarily )✔

● A robust underlying transaction economy will be needed to allow


cryptocurrencies to fulfil 1
● Regarding 2, although cryptography is technically very secure, there have been
multiple successful hack attacks on existing exchanges (Mt. Gox, >750,000
BTC)
→ The current price of a cryptocurrency should somehow reflect markets’
likelihood assessment that all 3 criteria will be met in the (not too distant) future!
55
We are interested in the long-term value of the cryptocurrency, hence, we should
consider all coins eventually in circulation when calculating its supply S:

S=N+𝛾

S = Total supply (in coins)

N = Number of existing coins


𝛾 = Number of coins to be issued

56
In equilibrium, supply (in $) should equal demand (in $):

Sv = D

v = Value per coin (in $)

Hence, putting everything together, we get:

v = D/S = (X+I) / (N+𝛾) = (Y/V+I) / (N+𝛾)

To get today’s value per coin P, we have to compute the present value of v:
(Y/V+I) / (N+𝛾)
P = PV(v) =
(1+i)T
i = Discount rate (annualised)
T = Time until long-term equilibrium is reached (in years)
57
● Of course, it is challenging to Parameter Value Remark
pick the right parameter values!
Y USD 17.5 bn Based on average estimate
● Applying the above framework
V 0.025 Based on transaction data
to Bitcoin, we follow Mitchnick
I USD 1.35 tn Based on average estimate
and Athey (2018)
N 14.2 m 2.8 m BTC permanently lost

𝛾 4m Based on maximum of 21 m

→ P = USD 70,353 ≈ AUD 102,012 i 4% p.a. Based on 𝜷 ≈ 0 for BTC


(using 1.45 AUD/USD as of July 30, 2019) T 12 years Estimate

58
● Let’s assume that Bitcoin
either succeeds or completely
vanishes (value of zero)
● Then, according to the above
framework, markets currently
estimate its success
probability to be:

13,700 / 102,012 ≈ 13%

59
● How PoW solves the byzantine generals problem by Satoshi Nakamoto:
https://www.mail-archive.com/cryptography@metzdowd.com/msg09997.html
● Elliptic curve cryptography tutorial:
https://www.johannes-bauer.com/compsci/ecc/

60
● Lecture
○ Quiz 2
○ Smart contracts
● Tutorials
○ Interacting with a private blockchain
● Mandatory readings:
○ “Bitcoin energy use - mined the gap” by George Kamiya, access via:
https://www.iea.org/newsroom/news/2019/july/bitcoin-energy-use-mined-the-gap.html
○ “Banks in no rush to join Facebook’s crypto project” by Laura Noonan, Robert Armstrong,
Nicholas Megaw and Stephen Morris, access via LMS

61

You might also like