Research organisation working with protocol networks & decentralised resources
Forkonomy is a project studying the entropy-driven fragmentations of cryptocurrency codebases and ledgers, with the aim of gaining insight into the possible futures of major networks by analogy with astronomy.
How does anything get done if there are no leaders? Why hasn’t ETC died by being abandoned by the Ethereum Foundation after TheDAO hard fork? The ecosystem of participants and stakeholders working in and around the ETC network is examined in outline below.
So, where and how does ETC “governance” happen?
Making changes to Ethereum Classic consensus rules is “ungoverned” in a similar way to Bitcoin and Ethereum with little appetite for large numbers of consensus-breaking upgrades. Currently it is an ad hoc process where ECIP proposals are raised on Github, discussed in public/semi-public fora and should they be widely supported without contention locked-in to the nominally canonical “Classic-Geth” client with the other clients (Parity Labs’ eponymous software and IOHK’s Mantis) merging in response. In the case of a contentious proposed upgrade some arbitrary signalling criteria could potentially be set (i.e. % of miners upgrade/signal, on-chain carbon vote as used by ETH to justify DAO hard fork) though this has not occurred in ETC since the events which led to the creation of the network.
As with other networks based on the original Ethereum design, some parameters such as adjustments to the gas limit per block — restricting the amount of EVM computation in a similar way to block size / weight in Bitcoin-derived networks — can be enacted in small increments on a per block basis via miner signalling. There is currently some discussion to motivate a decrease in the gas limit per block in order to avoid the chain growth rate issues which make running ETH full nodes a challenge in terms of burdensome resouce requirements. The likely aggregation of ETC hashrate among a small number of big mining farms, cooperatives and pools presents issues with reliance on miner signalling, as recently evidenced in Bitcoin when the merge-mined EVM Rootstock sidechains went live with 80% of network hashrate signalling. The naive downstream adoption of “default” Ethereum settings such as ETH’s 8 million gas limit per block is also a potential issue for ETC’s ungovernance to navigate.
Two hard fork network upgrades have taken place in the ETC network — ECIP-1010 to remove the “difficulty bomb” and ECIP-1017 to institute a supply cap with asymptotic supply curve.
The decision-making process could be better organised, more transparent and clearly defined and refinements to the ECIP process are currently being discussed. At present most informal community discussion takes place on ETC’s Discord server, with ECIPs themselves posted on the nominated Github account (ethereumclassic) following a power struggle and takeover of the previous canonical Github account (ethereumproject), ostensibly related to the situation with ETCLabs discussed below. ETCLabs appear to be preparing to implement their own proposed parallel “ECLIP” improvement proposal scheme though this may be a mis-communication rather than a “consensus hostage situation” — situation is unclear at time of writing. Below are a few links to recent discussions and proposals relating to how Ethereum Classic reaches decisions relating to network upgrades and changes.
Some stakeholders in ETC want to see closer collaboration with ETH, some are ambivalent and others are opposed. The recent announcement of Bob Summerwill as ETC Cooperative Executive Director is noteworthy as he was instrumental in founding the Enterprise ETH Alliance, was involved in the Ethereum Foundation, was a senior figure at Consensys. There are some existing collaborative projects between ETH and ETC, including Akomba Labs’ “Peace Bridge” to allow cross-chain transactions, Kotti unified PoA testnet and some recent discussions regarding ETC considering the adoption of aspects of the Ethereum 2.0 roadmap.
The last few months have seen a change in the composition of the ecosystem around Ethereum Classic, as a the previously pre-eminent privately funded core development team “ETCdev” collapsed due to lack of funds with another entity “ETCLabs” forming a new developer team “ETCLabs Core” with significant overlap of personnel. Some community members have described the sequence of events as a corporate takeover attempt, others do not seem so worried.
“The ETC community is still small and, in this bear market, lacks funding from volunteer investors or other sources to initiate new core maintenance and development projects or pay new core developers quickly. This is because there are no leaders, foundations, pre-mines, treasuries, protocol taxation or any other financing gimmicks that so much contaminate other centralized projects.”
Ethereum Classic (ETC) is pure Proof of Work utilising the Ethash (Dagger Hashimoto) algorithm. It is the second largest network using this algorithm, marshalling approximately 15–25x times less hashrate than Ethereum (ETH). Due to its situation as a minority PoW network without 51% attack mitigations at the protocol or node levels it has been deemed to be vulnerable to thermodynamic attacks and this has been observed recently. Mining is permissionless so the identities and extent of participation of block producers are not necessarily known. Some network and blockchain analysis of the ETC mining ecosystem is being undertaken currently. There is a high degree of suspicion that covert FPGA and/or ASIC mining was employed leading to the recent majority attacks. Most of the hashrate employed in the recent attacks is suspected to be of exogenous origin to the existing Ethash ecosystem and marketplaces such as Nicehash.
Ethereum’s whitepaper was first circulated in late 2013 and there was a “token crowdfunding” (= ICO) in 2014. Approx 72 million of the 105 million supply issued were distributed in the ICO. Mining providing block and uncle rewards has distributed the remainder. Work is ongoing currently to compare the movement of balances either side of the ETC/ETH fork. Inflation was set to “5M20”, reducing mining rewards by 20% every 5 million blocks which corresponds to approximately 5% annual supply increase. The same hard fork in 2017 (ECIP-1017) also installed a fixed supply cap.
Ethereum “became” Ethereum Classic because the Ethereum Foundation asserted intellectual property rights over the “Ethereum” name despite branching away from the canonical chain. This is still a point of contention and some prefer the name “ETC” as a subset of stakeholders look for alternative nomenclature to “Classic”.
How are Development and Ecosystem Activities Funded in ETC?
What is the reference node implementation? This is also a bone of contention in ETC. When ETCdev ceased operation, the hitherto canonical client Classic-Geth written in Golang stopped being reliably maintained. ETCLabs Core maintains Multi-Geth but not all stakeholders in the ETC ecosystem are currently comfortable using their software given their ostensible desire to have an independent ECLIP improvement proposal pathway which appears more hard-fork than soft-fork oriented.
Are there any other full node implementations? Parity Labs maintains their Parity client written in Rust.
How is client development funded? Development is funded by private organisations — ETCLabs, Parity and IOHK fund client development following the demise of ETCdev. ETC Cooperative (partly funded by DCG/Grayscale and DFG) also support protocol development.
There has been resistance to adopt an on-chain treasury as proposed by IOHK, some stakeholders see this as inherently centralising but given the collapse of ETCdev due to funding shortfalls and absence of alternative funding models / “build it and they will come” the status quo is at risk of prolonging a continuing tragic commons scenario. There are some grants and funding opportunities via ETCLabs but at present are focused on business/startup incubation.
Most funds are controlled by companies but ETC Cooperative is now a 501(c)(3) non profit based in the USA. There is also a small community fund controlled by a multi-signature wallet but there are no current plans to disburse this.
What other software does the entity(ies) which funds the reference node produce? Hard to answer conclusively since there is a lack of agreement over what the reference implementation currently is.
Parity — Rust ETH client, Polkadot/Substrate, Bitcoin client, Zcash client.
ETCdev — defunct, Emerald application development framework and tools, Orbita sidechains.
ETC Cooperative — developer tooling and infrastructure e.g. recent Google BigQuery integration.
IOHK — a lot of software for Cardano, ZenCash, ETC.
ETCLabs — ?
What else do the entities which develop or fund the reference node do? (not software)
Parity — Web3 Foundation
ETCLabs — VC/Startup incubator
ETC Coop — General PR, community and ecosystem development, conference organisation, enterprise & developer relations
IOHK — PR, summits, art projects (Symphony of Blockchains), academic collaborations, VC partnership and research fellowships with dLab / SoSV / Emurgo….
DCG/Grayscale/CoinDesk — PR, financial instruments e.g. ETC Trust, OTC trading…
How is work other than development (e.g. marketing) funded? It in unclear how funding and support for non-development activities is apportioned.
DCG/Grayscale and DFG fund ETC Cooperative
DFG funds ETC Labs
Related projects — Are there any significant projects which are related? For example, is this a fork of another project? Have other projects forked this one? Ethereum (ETH) was a ledger fork of this project, Callisto (CLO) was a ledger fork of this project. There may have been more minor codebase or ledger forks.
Significant Entities and Ecosystem Stakeholders
ETCLabs is a for-profit company with VC/Startup and core development activities funded by DFG, DCG, IOHK and Foxconn.
ETC Cooperative is a 501(c)(3) non profit based in the USA funded by DCG and DFG.
IOHK (Input Output Hong Kong) is the company led by Charles Hoskinson who previously worked on BitShares, Ethereum and now Cardano.
DCG (Digital Currency Group) is Barry Silbert’s concern which contains in its orbit Grayscale Investments, CoinDesk, Genesis OTC Trading amongst other organisations.
DFG (Digital Finance Group) is Chinese diversified group concerned with investments in the blockchain and cryptocurrency industry, OTC Trading, Venture Funds.
Wassim Alsindi directs research at independent laboratory Parallel Industries, analysing cryptocurrency networks from data-driven and human perspectives. Find him at www.pllel.com and @parallelind on Twitter.
Recently re-uploaded to our YouTube Channel is a conversation Wassim had with Prof. Christian Seberino of Let’s Talk ETC podcast, following his appearance at the 2018 Ethereum Classic Summit. Among the topics covered were Wassim’s background, Forkonomy as an analytical lens to understand possible futures of blockchain-archtected networks and the Reaching Everyone initative to widen access to cryptocurrencies with particular emphasis on the economically and politically disadvantaged.
“Forkonomy” was a shower thought and though the idea initially seems awkward and quirky, in retrospect it was simply the concrescence of my previous and current proclivities in the domains of time (small), time (large), light, space (small), space (large) and cryptocurrency. Thinking about a proof-of-work cryptocurrency network as a thermodynamic system with its own internal synchronicity (target interblock time, deterministic coin supply schedule) in energetic balance ’twixt enthalpy (mining) and entropy (forks, time) is pretty straightforward.
perhaps one day a discipline of forkonomy will provide a rationalised framework for the uncertain fates of blockchain networks, as the Hertzsprung-Russell Diagram does for the stellar lifecycle. pic.twitter.com/viTe5biMpC
The approach of studying codebases and ledgers fragmenting into incompatible but similar network factions doubtless diffused across from Parallel Industries’ TokenSpacecryptographic asset taxonomy research. Combining these with the astronomical observation of stale light from faraway objects and stellar taxonomic tools such as the Hertzsprung-Russell diagram which use a star’s physical properties to understand probable fates, and there’s the makings of misspent summer weekends seeking further conceptual parallels and predictive tools through the joining of celestial and cryptographic dots in the hope of catching glimpses of possible futures through family resemblance.
19/ The real #forkonomy is the Linux Torvalds' Linux kernel, splintering and seeding itself as widely as it is embedded deeply. Open source code is viral and resilient when the will exists to replicate it. pic.twitter.com/Ap3xjie70E
Writing the paper and crudely crunching chain data looking for patterns and potential heuristics was a great deal of fun, and in the course of doing so inadvertently put my neck on the line a few times. One might call them forkcasts (groan), making some forkward-looking projections (groan again) as to the likely fates of PoW cryptocurrencies unable to attract the majority of hashrate for their particular hashing algorithm, activist fork campaigns fomenting inside discontented growing networks and potential mitigations thereof. In September 2018 I spoke at the second Ethereum Classic Summit in Seoul about forkonomy with speculation on positive and negative possible futures for ETC in addition to discussion of the BTC/BCH situation and the ongoing BTCP clusterfork (okay enough, sorry) with particular emphasis on susceptibility of minority chains to thermodynamic attacks as the bear market extended. Let’s take a look at our three pairs of sibling stars — BTC/BCH, ETC/ETH, ZCL/BTCP — and see how they’ve been getting on in their thermodynamic tugs of love.
Where Are They Now?
6/ A brief detour into Bitcoin-land to look at forks as a psuedo-governance mechanism for better or worse. In general, the less "governed" a network is, the greater the perceived resistance to "mandatory upgrades" via hard fork, though some perceive soft forks as coercive also. pic.twitter.com/QPC6dOocTm
Since we last met, two have become three! Who would have thought that a raggedy ensemble of protesters bandying together for various reasons might not see eye-to-eye? After another network fragmentation, further division of already slim hashrates and assorted hostilities on either side of the chain split have left prospects for both BSV and BAB (aka the “new BCH”) looking rather dour. There was an expected amount of drama around the fork event as it was planned and contentious, with threats of inter-chain attacks and aggressive market actions. At time of writing, each of BCH’s spawn command ~1 EH/s in comparison to BTC’s 30–50 EH/s long-term range with market pricing BTC $3500, BSV $75 and BAB $125. Data from www.blockchair.com and www.coincap.io.
Whereas the difference in price and hashrate between BTC and BCH in August 2018 was approximately 10–15:1, the BSV/BAB split and resultant negative sum implications have lengthened this out to 30–40:1 at time of writing in late January 2019. What was then a marginally vulnerable network to 51% attacks is now at serious risk. Regardless of the amount of SHA-256 hash available on distributed marketplaces such as Nicehash and Amazon EC3, it is feasible that a single entity could amass 3% of BTC’s hashrate and perform a solo attack, especially given the amount of shelved / unsold ASIC inventory available at this time.
Went around some electronics markets in Shenzhen. Short story about Bitmain.
On the main street, closed down "Antminer" store with GPUs and various parts strewn around. Hard to say if it was official, probably not. pic.twitter.com/IadsGCMpl2
Fun story: I wrote an even bleaker forecast for BCH’s future in an earlier draft but pared it back after receiving comments that it may be going too far. Ha! Still, some summer ’18 predictions regarding the increasingly uncomfortable situation that the BCH family find themselves in — between chain security and miner bribes — have not yet come to pass (see below tweet) other than checkpointing on BAB. Both networks are exhibiting ever increasing centralisation of network infrastructure, hashrate and human leadership so expect further mandatory “upgrades”. A lot of them, sometimes at very short notice.
As for Bitcoin, the bear market has had an impact on BTC hashrate, ending a parabolic trend that extended much further than the price. Though the price of BTC today is around half of that in the summer (~$7000 versus ~$3500), network hashrates then and now are both in the 30–40 EH/s range. The security model of Bitcoin’s PoW remains largely untested in the ASIC era, with the only obvious network weaknesses being external entities’ political, technical and regulatory actions, miner / foundry oligopolies, cryptographic vulnerabilities and consensus-breaking code errors in implementations such as CVE-2018–17144. Still some time to go before miner subsidy attenuation becomes a pressing concern with respect to fee market development, with everything depending on BTC price to provide the necessary incentives.
It's not a "cop-out", some people have more stringent expectations of a money than others.
Until Bitcoin is a few subsidy halvings further down the road and the interplay of L2/sidechains versus on-chain tx fee market is clear, then those who prefer data to faith won't be 100%.
The question remains open as to how L2 appendages such as sidechains and off-chain payment channels will affect this by offering alternative transaction pathways which minimise writing to the blockchain and consequentially demand for block space. Side note on the recent launch of Grin — a network based on the novel MimbleWhimble blockchain construction —with a constant, indefinite coin issuance rate (60/min) which may better mitigate against a lack of a transaction fee market in Bitcoin’s subsidy halving regime, by exhibiting a smoothed and steeper initial decline in effective inflation rate.
It’s been an eventful few months in the land of Ethereum-based networks. The expected Ethash FPGAs and ASICs have not been spotted in the wild by any great number but their effects may be being felt already. It will be interesting to see if nonce fingerprints will eventually be evident as has been the case for BTC and XMR.
There have been 51% attacks and deep chain reorgs on minority Ethash chains MUSIC, ELLA and PIRL, with exchange double-spending the typical approach for attackers to ROI. PIRL has taken an approach to mitigate these hazards with client-based solutions which would penalise offline nodes for attempting to rejoin the network and broadcast a rapid series of blocks (PIRLguard). UBQ instead changed its hashing algorithm to avoid Nicehash / ASIC susceptibility.
Talks from #ETCSummit2018 are surfacing, this one by Chen Min from Linzhi ASIC developers was intriguing. Lavasnow shaping up to be a beastly Ethash cruncher. Had a good chat with her afterwards & hope to visit their Shenzen facility soon ^_^https://t.co/nm3rkOsRc5
Although a big theme of this work has been looking at the vulnerabilities of minority PoW chains to attack and defensive strategies — and also that this work was presented at the ETC Summit in autumn 2018 — it was a surprise to see Ethereum Classic itself fall prey to these attacks as well. Read the below articles by Phyrooo and Pyskell to put the temporarily disruptive nature of a majority attack into context. However, in these early innings of cryptocurrency, exploits against exchanges provide a strong disincentive for listing minority PoW networks unless precautions are taken with confirmations required for transactions to be considered final. Seeing altcoin exchanges like Cryptopia listing small PoW networks getting constantly exploited (and suspending operations recently) is a universal warning sign, especially for projects with little value proposition other than speculation and trading.
What these "ZOMG 51% attacks world is ending" stories miss is that mitigating techniques exist – suitable for ASIC or GPU-mined networks – to avoid PoW algo switch. For example, HoriZen and PIRL have adopted alternative chain-selection rules: https://t.co/BqWk6v3L91#forkonomyhttps://t.co/oFL2MyMLyi
It remains to be seen what path ETC will take in order to mitigate attacks, the usual gamut of options are being discussed by stakeholders in a rational way — I was present for the post-mortem call and reiterated my opinion that changing mining algorithm in a knee-jerk response is probably sub-optimal to penalising attackers withholding blocks. It appears that the continued delays of ETH’s attempted transition to a sharded, proof-of-stake network — thereby bequeathing the Ethash majority to ETC or another as-yet-unborn timeline — has exacerbated the issue alongside the protracted bear market and abundance of marshallable hashrate.
Would like to explore chain selection rule tweaks before PoW changes, if ETH is switching to ProgPoW then ETC would be the dominant Ethash chain which would be a strong position. https://t.co/pSagneLAHO
There is also discussion of ETH adopting an “ASIC-resistant” algorithm (ProgPoW) while waiting upon Casper and prior to the recent failed Constantinople network upgrade a pro-ProgPoW activist fork faction appeared with the ostensible goal of rejecting the EIP-1234 reduction in mining reward from 3 to 2 ETH per block in addition. It seems inevitable that either (or both) ETH-ASIC and ETH-ProgPoW factions would attempt a fork should the network not move in their favour. Additionally, due to the 11th hour cancellation of the Constantinople upgrade, the so-called “difficulty bomb” has now activated on ETH, having been repeatedly delayed by previous hard forks.
Thread. Also highly relevant for Ethash ecosystem as high performance ASICs come online and Ethereum attempts the pivot to PoS. Notice that minority networks such as Ubiq have already changed algos, others such as Pirl amended chain selection rule after attacks.#forkonomyhttps://t.co/iu1dy9Q4wC
In terms of social layer network politics, both ETH and ETC have had issues of differing types. ETH’s diverse stakeholders are pulling in different directions regarding key technological design choices such as state rent and allegations of insider asymmetry / opacity at crucial meetings. ETC may be suffering from a “tragedy of the commons” scenario as hitherto leading core development company ETCDEV shut its doors due to a funding crunch, with accompanied suspicions of power struggles for prized network resources such as the Github repositories and experienced core developers.
Interesting is that both ETH and ETC's struggles appear to be growing pains, arising from fracturing stakeholder classes as ecosystems build out. They appear to represent quite extreme polarities – top-down "core dev / foundation" central planning vs P2P power vacuum. #forkonomy
Ratios of hashrate and price between ETH and ETC are approximately 20–30:1, similar to BTC/BAB-BSV ratios discussed above but ETC has an additional light at the end of the tunnel — or is it a “friendly ghost” who will remove incentives for miners to stay on ETH? Data from www.blockchair.com and www.coincap.io.
Just going to leave the below few tweets documenting my ETC Summit talk here. We’ll have to wait and see what happens with ETH regarding PoW to observe the effects downstream in the Ethash ecosystem.
4/ What ingredients are needed to sustain a "minority" network fragment such as $ETC? For a PoW network, it's going to need significant hashrate to avoid replay attacks, re-orgs & wipeout risks – especially if #codeislaw & immutability is respected. Devs, users & businesses too. pic.twitter.com/G63TJHT4VP
13/ Potential obstacles: Mining pool centralisation Gas arbitrage DAO attacker / RHG remnants Legacy issues e.g. with EVM / Solidity Questions over ecosystem decision-making transparency DAOs please! @licuende said at #HCPP18 that @AragonProject could work on $ETC. Fork time? 🙂 pic.twitter.com/voTPnFraZA
The disconnect between market cap and miner incentives for ledger forks such as BCH/BSV/BAB, BTG and BTCP has been discussed widely in recent months (here for example) but it wasn’t as blindingly obvious last summer. Indeed I received some stern criticism from a reviewer on my claim that market caps for minority ledger forks were heavily inflated in comparison to codebase forks. The below tweet sparked the realisation that all was not well in the land of BTCP.
Holy shit. ZCL still has 4x hashrate of BTCP but market cap is 7x less.
If that's really the case, coin supply tricks are a helluva drug.
By combining the UTXO sets of ZCL and BTC, BTCP aimed to leverage the Bitcoin name whilst heavily incentivising ZCL holders and buyers. It worked too, in the final “junk rally” of 2018 ZCL pumped 100x in USD terms before beginning a protracted and decline in price of >99%. ZCL is still bumbling along as a semi-zombified chain, with other spin-off ledger forks and fork-merges attempted. The client software got rather out of date and broken, making it hard to run a node over winter, and indeed to find peers and sync the chain.
7/ "Bitcoin Private" $BTCP was created by merging UTXO sets of $BTC and $ZCL. A network synthetically "older" than Bitcoin was created – but without high token price or on-chain tx fee market, miners are absent & 51% attacks trivial. A pessimistic possible #rekt future of Bitcoin pic.twitter.com/CdBuHu5U4T
With only half a million coins remaining unsupplied from the 21M cap, BTCP finds itself effectively a halving ahead of Bitcoin. With a low token fiat price, miners are not sufficiently incentivised to defend the chain and since there is an abundance of Equihash resource available launching thermodynamic attacks would be trivial. Indeed the hourly cost estimates in the paper had to be continually revised downwards, from >$600/hr initially, to <$50/hr now. As the supply schedule of ZCL, BTCP and BTC are directly comparable (4x factor in block time and subsidy to convert) we can think of BTCP as a time machine taking us forwards to the most pessimistic possible future of any Bitcoin-like network with a halving subsidy and fixed supply limit. This is the timeline in BTTF2 where Biff makes it bigtime.
As expected, attacks were inevitable. ZCL has <5% of the ZEC hashrate and BTCP a further order of magnitude less. With Equihash ASICs on the scene they are sitting ducks. Both tokens are in the $1–1.50 price range, with a ZCL pre-fork ATH around $200. Data from coincap.io and www.coinmetrics.io.
BTCP forkcast: REKT with a high likelihood of upgrades .What’s next for this white dwarf chain? Pretty much every mitigation you can think of has been discussed — Horizen’s chain selection rule update seems to be working for them.
Interesting tweak to Nakamoto Consensus proposed for $ZEN.
By penalising selfish/malicious miners for withholding blocks & private mining they hope to prevent repeats of the recent majority attack.#forkonomyhttps://t.co/AWZgnBRCJf
Something else interesting and related! The wizards at CoinMetrics who I had badgered to run BTCP and ZCL nodes last summer, recently uncovered a grand heist with ~2 million coins secretly added to BTCP’s shielded pool at the time of inserting the BTC UTXOs into the ledger. Indeed I had a great deal of problems getting the BTCP client to play nicely, as the few thousand blocks around the time of the operation were enormous and often crashed my workstation when parsing data for analysis. BTCP is the worst of all possible worlds.
Had also noticed irregularities around the time of the BTCP merge when parsing the chain data recently but was analysing blocktimes rather than UTXOs. More fodder for #forkonomy v3. Bravo! https://t.co/zOWm8V7Qch
There was a brief note in the paper on security risks of “top heavy” networks, where for example Ethereum can allow for a greater “value” of issued non-native tokens than the base protocol token. Read the great article below by Joe Looney to get a fuller understanding of the various hazards subsumed within this. Let’s think about how non-native assets could be used as bargaining chips by forkers. Offering to honour assets on a ledger fork network may skew hodler’s incentives in ways that are hard to predict.
In the original paper Tezos and Decred were discussed as networks addressing network governance by inhibiting forks in different ways. Taking a high-level perspective, let’s address the most general question: are these two notions meaningfully compatible? If we think of any natural process in the Universe — from the celestial to the tribal — as accretions and communities grow in size and complexity, scalability challenges increase markedly. Minimising accidental chain splits during protocol upgrades is a worthy goal. However, denying a mechanism to allow factions a graceful and orderly exit has upsides in preserving the moat of network effect but at the cost of internal dissonance, which may grow over time. Sound familiar?
BrexitCoin combines Proof-of-Flag governance and historical obfuscation so that mistakes are guaranteed to be repeated. Unelected leaders of BrexitCoin committee must wait for a scandal to occur before the next "democracyblock" may be proposed.https://t.co/cNpICRxHCIpic.twitter.com/dsgYr09UG5
[Neutral] An inevitability of entropy and/or finite social scalability as these networks grow and mature it is not realistic to keep all stakeholders sufficiently aligned for optimal network health.
As such, protocol-layer fork resistance and effective public fora with voting mechanisms can certainly be helpful tools, but there is a question as to whether democracy (the tyranny of the majority) should be exercised in all cases. If there was a “block size” style civil war in Tezos or Decred with no acceptable compromise in sight, would the status quo still be the best situation in all cases?
Worth noting that I predicted the first Tezos hard fork over a year ago (@tzlibre)👇.
There is *nothing* that supercedes fork-based governance for cryptocurrencies, and that is a good thing. https://t.co/E0jRomnvqi
My perspective is that fork-resistance will largely redistribute the manifestations of discontent rather than provide a lasting cure to ills, and the native network governance mechanisms may be gamed by either incumbents or ousters. More time is needed to see how decision-making regarding technical evolution unfolds in both networks. Decred seems to be sitting pretty with a fairly attack-resilient hybrid PoW/PoS system, but there are some “exclusionary forces” in the network leading to the escalating DCR-denominated costs of staking tickets necessary to receive PoS rewards and participate in proposal voting, denying access to the mechanism to smaller holders.
Demand for tickets and staking rewards naturally increases with ongoing issuance, as the widening pool of coin holders wanting to mitigate dilution also does. As the ticket price is dynamic and demand-responsive, it creates upwards pressure which would make tickets inaccessible for a growing proportion of coin holders. At time of writing, “ticket splitting” allowing smaller holders to engage in PoS is available from some stake pools and self-organised collectives but the process is not yet automated in reference clients. On the other hand, the ongoing bear market has seen the USD ticket price fall from ~$8–10k USD at January and May 2018 peaks to ~$2k USD today in late January 2019 so those entering Decred with capital from outside the cryptocurrency domain would likely be undeterred. Data from dcrdata.org and coincap.io.
Further, as per Parallel Industries’ TokenSpace taxonomy research, staking rewards resemble dividends and token-based governance privileges resemble shareholder rights which make Decred appear a little closer to the traditional definition of a capital asset than pure PoW systems. This may or may not be an issue depending how regulation unfolds. Tezos has those potential issues plus the regulatory risk from the token sale. Decred’s airdrop may not have distributed the coin as fairly as possible but will undoubtedly attract a lower compliance burden than a token sale or premine.
“Activist Forks” & “Unfounder Forks”
Taking this a step further, these dissonant groups may conduct a guerilla campaign inside a network to focus attention on their cause. Last summer, a few anti-KYC factions of Tezos had appeared on social media outlets prior to network launch, however since the launch things have quietened down somewhat. One faction which still apparently intends to create a fork of Tezos changed tact and became a delegated staker within the network whilst continuing to voice dissent —perhaps this “fork activism” can be interpreted as a response to the “fork-resistance” of Tezos.
So, what else could a fork activist do? Take a look around at the ongoing ICO bonfire of the vanities which is largely due to poorly thought out sales of high-friction futility tokens infringing on / attempting to circumvent various regulations around the world. The prospect of removing the token issuers and the tokens themselves once treasuries are liquidated (by themselves, or by lawmakers) and development ceases is quite attractive indeed — will we see a wave of “unfounder forks?”
Been thinking about this, started already and will only happen more from here – "activist" or "unfounder" forks if you will.
As with astronomy, there are no conclusions in forkonomy. Only endless observations as entropy drives time along. More work needs to be done analysing blockchain data harvested from nodes, especially on ZCL and BTCP. The quest for candidate network heuristics and tools continues. Studies of Decred’s Politeia proposal & voting system now that it’s operational would be interesting too.
Thanks to Richard Red for details and resources regarding Decred’s PoS and ticketing mechanism.
[Note: This work was written and self-published in manuscript form on pllel.com in summer 2018 with last revision 10th August. Figures come from tweets, original manuscript and presentation slides from ETC Summit Forkonomy talk in September 2018. A follow-up commentary is being prepared presently. TLDRs in video and tweet form, scroll down for the full text.]
This work introduces a novel field of cryptocurrency research that the author terms forkonomy, and provides a general overview of recent phenomena in this area. Attention is directed towards the first UTXO consolidation fork-merge combining Zclassic and Bitcoin ledger histories into the so-called Bitcoin Private network. Potential implications for ageing blockchain ecosystems, prominent minority cryptocurrency network fragments and divergent factions are discussed.
1. Introduction and Literature Review: The Hitherto Canon of Forkonomy
1.1 Forkonomy, Forks and Forkability
With respect to cryptocurrencies, forkonomy can be considered to constitute the study of the fragmentation of software codebases and protocol networks comprising distributed communities and/or stakeholders operating in a permissionless or trust-minimised manner. Much as astronomy utilises observation and theory to understand and predict cosmological characteristics and phenomena, here follows an analogous attempt to apply blockchain analytics and historical precedent to with a view to understanding fundamental and emergent characteristics of the forking tendencies of divergent monetary network factions.
1/ So, WTF is #forkonomy? By analogy with astronomy, the idea is to use observation, data analysis, simulation & inference to gain insight into the possible fates of P2P networks. Inspired by the Hertzsprung Russell diagram which maps stellar fates from brightness & temperature. pic.twitter.com/pWeTuLsv9K
In the open source computer science domain, the notion of project codebase forks is well established and occurs when an existing piece of software develops in diverging paths by independent developer constituencies, creating separate and distinct pieces of software. Torvalds’ original Linux kernel from 1991 has been forked into countless descendant projects . With the launch of the Bitcoin network in 2009, the prospect of provable digital scarcity and secure decentralised open source value transfer protocols was realised. This was implemented through the novel combination of systems networking, UTXO (Unspent Transaction Output) based accounting, resilient data architecture, cryptography and thermodynamic elements . With a permissionless ledger system employing a blockchain and triple-entry accounting to reach a high degree of probabilistic transaction finality over time, there exists the prospect of both codebase and ledger forks . For the purposes of this work, a blockchain is defined as a temporally sequenced, linear and append-only data structure employing cryptography to facilitate the implementation of a high assurance, tamper-evident transaction ledger.
3/ Fork terminology is tricky and sometimes muddled. As the concept came to cryptocurrency from OSS development many of the terms have been co-opted but there are further nuances here: particularly to distinguish between codebase / ledger forks, and hard / soft / velvet forks. pic.twitter.com/fh8RLjkAIk
A codebase fork of a cryptocurrency corresponds closely to the relationship between Linux kernel forks, creating an independent project typically launched with a new genesis block which may share consensus rules but with an entirely different transaction history than its progenitor. An example of this relationship type is that between Bitcoin (BTC) and Litecoin (LTC) and this method may be thought of as a static fork insofar as there is little time-sensitivity to the process. By contrast, a ledger fork creates a separate incompatible network, sharing its history with the progenitor network until the divergent event, commonly referred to as a chain split.
Consensus rule changes or alteration of the network transaction history may be the cause of such a fracture, deliberate or unplanned. This occurrence may be regarded as a dynamic fork since the process takes place in real time. Often when networks upgrade software, consensus rules or implement new features a portion of the network participants may be left behind on a vestigial timeline that lacks developer, community, wallet or exchange support. Recently a fifth of nodes running Bitcoin Cash (BCH) — a SHA-256 minority ledger fork of BTC with significantly relaxed block size limitations — were separated from the BCH network and a non-trivial number of would-be nodes remain disconnected from the canonical BCH blockchain at time of writing weeks later .
1.2 What Maketh a Fork?
The distinction between what constitutes a vestigial network and a viable breakaway faction is unclear and difficult to objectively parameterise. There is a significant element of adversarial strategy, political gamesmanship and public signalling of (real or synthetic) intent and support via social media platforms. The notions of critical mass and stakeholder buy-in are ostensibly at play since ecosystem fragmentations would be characterised as strongly negative sum through the invocation of Metcalfe’s Law as regards network effects and hence value proposition . Any blockchain secured thermodynamically by Proof-of-Work (PoW) is susceptible to attack vectors such as so-called 51 % or majority attacks, leading to re-orgs (chain re-organisations) as multiple candidates satisfying chain selection rules emerge. These can result in the potential for double-spending the same funds more than once against entities such as exchanges who do not require sufficient confirmations for transaction finality to be reliable in an adversarial context. Should a network fragment into multiple disconnected populations, adversaries with control of much less significant computational resource would be in reach of majority hashrate either using permanent or rented computation from sources such as Nicehash or Amazon EC3 .
4/ What ingredients are needed to sustain a “minority” network fragment such as $ETC? For a PoW network, it’s going to need significant hashrate to avoid replay attacks, re-orgs & wipeout risks – especially if #codeislaw & immutability is respected. Devs, users & businesses too. pic.twitter.com/G63TJHT4VP
A striking example of this was the divergence of the Ethereum developer and leadership cadre (ETH) from the canonical account-oriented Ethereum blockchain (ETC) due to the exploitation of a flawed smart contract project resembling a quasi-securitised decentralised investment fund known as The DAO (Decentralised Autonomous Organisation) . In this case the Ethereum insiders decided to sacrifice immutability and by extension censorship-resistance in order to conduct an effective bailout of DAO participants which came to exercise Too-Big-To-Fail influence over the overall Ethereum network, insider asset holdings, token supply and mindshare . A social media consultation process in conjunction with on-chain voting was employed to arrive at this conclusion though both methods are known to be flawed and gameable . During the irregular state transition process akin to a rollback, a co-ordinated effort between miners, exchanges and developers took place on private channels, exposing the degree of centralisation inherent in the power structures of constituent network participants.
The key event which transformed the canonical Ethereum blockchain (where the DAO attacker kept their spoils) from a vestigial wiped out chain to a viable if contentious minority fork was the decision by Bitsquare and Poloniex exchanges to list the attacker’s timeline as Ethereum Classic (ETC) alongside high-profile mining participants such as Chandler Guo, well resourced financial organisations such as Grayscale Invest (a subsidiary of Digital Currency Group) and former development team members such as Charles Hoskinson to publically declare and deploy support, developers and significant hashrate to defend the original Ethereum network . ETC now exists as an independent and sovereign network with diverging priorities, characteristics and goals to ETH as discussed in Section 4.
1.3 Transient Fork Dynamics in PoW Networks
At a granular level, blockchains grow in height incrementally as new valid blocks are found by miners or validators and added to the canonical chain as determined by the network’s chain selection rules. In PoW consensus mechanisms this leaderless race is conducted through the combination of nonces (an arbitrary variable cycled through sequentially) with the proposed block header to generate hashes which are then compared against the network difficulty which is closely related to the quantity of computational resource directed at the network. Should a hash be found that is below the network’s difficulty requirements, given that no other consensus rules have been violated in the process of constructing the candidate block then it is typically considered valid by the network. As the miner announces the proposed block it propagates across the network typically via a gossip protocol, whereby nodes broadcast all messages to connected peers.
Since cryptographic hash functions are deterministic (albeit with with unpredictable outputs) and a broad subset of possible hash values satisfying the difficulty requirements exist, it is entirely plausible that more than one valid candidate block may be found by competing miners at very similar times. In such an eventuality there begins a block propagation competition of sorts which serves to allow the network to reach consensus on the latest state of the transaction ledger. Since there can only be one block with a particular height, should multiple candidates emerge the prospect of network partition arises if subsets of the population of validating nodes do not overwhelmingly agree on the latest block.
Such partitions may be short-lived in the case of orphans and uncles which represent discarded timelines as the canonical chain built upon another candidate block. The term uncle is used primarily in Ethereum-based networks, as a partial subsidy is allocated to orphaned blocks and therefore acts as a consolation prize for producing a valid block which does not become part of the canonical chain. Ethereum currently subsidises uncles with approximately 3000 ETH per day which equates to over 1 million USD at time of writing . Increasing orphan rates may also be indicative of malicious behaviour on a network such as 51 % attacks, selfish mining or distributed denial of service vectors on reachable nodes which accept incoming peer connections.
Due to the message propagation characteristics of partially synchronous distributed systems such as peer-to-peer (P2P) cryptocurrency networks, there exists an inverse relationship between the median inter-block time (more commonly referred to as the block time) as set by the protocol — 600 seconds in BTC/BCH and 15 seconds in ETH/ETC — and the incidence of orphans and uncles. With shorter block times the likelihood of orphan blocks increases, with some mitigating effect possible through miners aggregating together co-operatively into so-called mining pools. A similar effect of increasing orphan rate would also be expected should the utilisation of block capacity also increase, as larger amounts of information must propagate around the network nodes. ETH uncle rates have been increasing since October 2017 due to mining subsidy reduction, network congestion and increasing block size, whilst ETC’s has remained more consistent, due at least in part to the lower transactional volume on the canonical Ethereum chain .
There may be a fundamental basis rooted in natural science that provides insight into the increasing forking tendencies of blockchains. These phenomena may be a result of entropic bias, that is to say divergent paths are those of least resistance in accordance with Newtonian physics. The second law of thermodynamics states that the total entropy (energy unavailable to do useful work) of a closed system undergoing an irreversible process can never decrease. In other words, all that can be done is to arrest the descent of order into chaos is to continue applying effort so as not to allow the amount of available energy to decrease. In the context of network forks, a simple model may be constructed of a PoW cryptocurrency network as a closed thermodynamic system with a growing blockchain (an irreversible process) with mining participants’ cryptographic hashing as the work going into the system. Taking this a step further, despite the ongoing work in the system a chain split would satisfy the second law of thermodynamics as it pertains to increasing disorder in a system. Therefore it may be the case that the energetic dynamics of cryptocurrency networks provides a rational basis for the eventuality of ledger forks in networks which do not strongly penalise or prevent them.
Another issue widely encountered with ledger forks are replay attacks. In the case where two recently partitioned network fragments share identical or very similar codebases and transaction histories, unless specific measures are taken there exists the very real prospect that a network user wanting to send cryptocurrency may inadvertently send the transaction on both network fragments and therefore have the transaction accidentally replayed. Replay protection may be achieved through a small codebase change which allows networks to distinguish transactions as arising from one particular fragment. A related issue which may see an increase in incidence as a result of the development of protocols facilitating the issuance of non-native assets, tokens and off-chain payment channels atop blockchains is the lack of precedence in the event of a fork and chain split in the base layer. As off-chain protocols proliferate and grow in intricacy, functionality and interoperability this issue is likely to increase in complexity.
Selfish mining — also known as block withholding – is a postulated attack vector most effectively employed by mining oligopolists on a PoW network with relatively long block times. It may be conducted by a miner who finds a valid block but instead of immediately broadcasting to peers, the block is withheld and kept secret. The miner then begins to search for a valid block atop the previous clandestine block, with the aim of finding a valid second block before another participant finds an alternative valid first block. It has been claimed that this strategy is more beneficial than honest mining for a sufficiently well-resourced adversary, with 2013 research finding that Bitcoin is vulnerable to block withholding attacks when an adversarial entity controls as little as a quarter of the total computational resource possessed by the network.  Naturally this is a far lower bound than the majority hashrate required for 51 % attacks. However the efficacy of this attack vector has been disputed more recently with findings that the strategy only performs well in the period immediately after a difficulty adjustment. With that in mind, a fairly minor change to the Bitcoin protocol (albeit requiring upgrade consensus) could be effected to mitigate the possibility of this attack .
Selfish mining is potentially relevant to forks as chain splits may be more likely in the presence of selfish mining participants. A possible heuristic for selfish mining is the issuance of empty blocks (to capture efficiency in propagation time) that Bitmain-controlled mining pool Antpool regularly mined for long periods of time despite network congestion and foregoing transaction fees, indicating a potential benefit greater than an honest miner’s payoff of block reward and transaction fees . There is evidence that a selfish mining attack possibly took place in May 2018 on Monacoin, a Japanese cryptocurrency network, with a succession of blocks only containing the coinbase (mining subsidy) transaction between block heights 1329837 and 1329846. However it is not straightforward to differentiate between 51 % and selfish mining attack vectors as the culprit definitively. As Monacoin’s difficulty adjustment occurring every block the window of opportunity for selfish mining is somewhat limited and the attacker’s spoils corresponded to less than 100000 USD at time of the attack . Stubborn mining builds on this methodology to facilitate a wider range of hybrid strategies between honest and selfish mining extremes . Zhang et al. proposed a selfish mining disincentivisation and fork-resolving policy improvement for BTC chain selection ruleset having explored censorship-attack vectors such as blacklisting via feather-forking  as originally characterised hypothetically by Miller in 2013 .
Feather-forking can be understood as a strategy available to mining participants (more likely pools than individual entities) to refuse to construct blocks atop a timeline which contains unfavourable transactions within the recent history. By doing so the feather-forking participant may also incentivise other mining participants to also join the feather-fork for a short time. However this vector is rendered ineffective provided that a majority of the computational resource remains honest. Zhang and coauthors propose a mitigating upgrade to Bitcoin named Publish or Perish which would slightly modify the chain selection rule to include all hashes of orphaned blocks in the block currently being worked upon. However the stringent synchronicity assumptions in the proposed initial framework do no match the characteristics of typical cryptocurrency networks and no provision is made against chain splits or intentional forks .
1.4 Forks and Network Governance
For a range of reasons, there is often strident resistance to hard forks — irreversible protocol upgrades or relaxing of the existing consensus ruleset — in trust-minimised cryptocurrency networks such as BTC. The lack of controlling entities may lead to a chain split and network partition if the delicate balance of orthogonal stakeholder incentives fails in the presence of a potential divergent event. The implementation of Segregated Witness (SegWit) by the BTC network was eventually achieved in 2017 as a backward-compatible soft fork following several years of intense political and strategic maneuvering by the constituent stakeholders in the BTC network. This off-chain governance process of emergent consensus requiring de facto supermajority or unanimity measured by miner signalling has proven to be an inefficient and gameable mechanism for administering the BTC network . Certain stakeholder constituencies such as the developers maintaining the reference Bitcoin Core software client implementation of BTC could not easily reach agreement with mining oligopolists and so-called big block advocates over the optimum technological trajectory for the BTC network.
The solution combined a fix for transaction malleability and network capacity increase through the restructuring of block contents, principally through the addition of a second Merkle tree which includes witness (signature) data but excludes coinbase transactions. This was initially conceived as a hard fork, and was only found to be implementable as an opt-in soft fork due to inventive engineering. Despite this, major stakeholders of the mining constituency strongly opposed SegWit as it would render a previously clandestine proprietary efficiency advantage known as covert ASICBoost ineffective on the canonical BTC chain . A grassroots BTC community movement campaigning for a so-called User Activated Soft Fork (UASF) for SegWit implementation and a face-saving Bitcoin Improvement Proposal (BIP91) from mining farm operator James Hilliard in tandem facilitated the eventual lock-in of the SegWit upgrade in the summer of 2017 .
A new and contentious network partition took place in August 2017 as SegWit locked in for later activation, giving rise to the Bitcoin Cash (BCH) network which rejected SegWit and instead opted for linear on-chain scaling. This was implemented in the form of block size increases which have the effect of externalising network resource burden onto node operators, chiefly in the form of increased bandwidth and storage performance requirements. BCH continues to be regarded as a hostile ledger fork of BTC owing to its constituency of high-profile personalities claiming that their network more closely resembles the initial whitepaper specification of the Bitcoin protocol  and therefore qualifies as the “real Bitcoin”. By contrast, PoW — also known as Nakamoto consensus – selects the canonical BTC blockchain as the chain with the most accumulated difficulty that satisfies the consensus rules as laid out in the original Satoshi client codebase and Bitcoin whitepaper. By changing the block size and loosening the consensus ruleset without overwhelming agreement from all constituencies of the BTC network, it is difficult to find a basis for BCH proponents’ claims to be the canonical Bitcoin blockchain without invoking appeals to emotion, authority or other logical fallacies. The continuing presence of Craig S. Wright and his claims to be a progenitor of Bitcoin are an example of these attempts at legitimacy , though these claims do appear to be substantially weakening.
1.5 Forks and Networks Employing Proof-of-Stake
Alternatives to Nakamoto consensus such as Proof-of-Stake (PoS) and various approaches to Byzantine Fault Tolerance (BFT) are the subject of active exploration in distributed systems research and development. In foregoing the utilisation of brute thermodynamic force to secure the network, PoS consensus protocols must satisfy through alternative means the properties of persistence and liveness. Persistence pertains to the immutability of the transaction history and liveness relates to network synchrony, in that valid transactions will be included in the ledger reliably.
Algorand promises fork-resistance through a novel block minting process employing an accelerated BFT mechanism with constantly changing committees being tasked with block proposal privileges. This protocol has yet to be implemented in a permissionless setting and concerns persist over intellectual property protection and the architecture of stakeholder incentives within the network  as there is currently no provision for validator subsidy upon block creation. In pure Proof-of-Stake systems such as Ouroboros there is no thermodynamic element to assign block creation privileges and instead rights are conferred based on control of coin balances.
This results in a different set of fork-based challenges to PoW-oriented networks discussed above. The nothing-at-stake problem arises from the lack of significant resource cost in maintaining multiple timelines in a pure PoS network. In PoW networks resource must be committed to find valid blocks and therefore a significant penalty exists for malicious actors to maintain multiple blockchain timelines. In PoS this penalty is small or absent and therefore it is feasible to proliferate multiple timelines branching from various points in the chain with little drawback if one such fork fails and is not built upon substantially. Nothing-at-stake also raises the possibility of re-orgs should an adversary acquire enough “old stake” from wallets that no longer control balances in the current ledger but previously did. Once sufficient old stake is amassed, the user can then begin to build upon alternative timelines in order to outrun the honest timeline and therefore become the canonical chain should the selection rules not provide protection against this approach. The long-range attack employs nothing-at-stake to seed Byzantine network nodes with dishonest timelines such that a node joining the network can face significant challenges in determining which is the canonical blockchain.
Stake grinding is an attack vector class observed in early PoS implementations employed by Blackcoin, Peercoin and NXT, where block validators take measures to game the “randomness” of validator selection and/or block creation privileges in their favour by grinding – or sequentially searching through parameter space — for a dishonest edge over the intended working of the block creation mechanism . The Cardano network’s proposed PoS-based consensus mechanism family Ouroboros claims to have addressed these attack vectors by employing sophisticated cryptographic elements such as Verifiable Random Functions and Genesis Proofs to facilitate stake-based finality, provable security and dynamic availability such that nodes may join the network at any time and bootstrap from genesis. However implementation into the public Cardano network has yet to take place, so the security model of Ouroboros is yet to be tested in the wild .
Given the significant downside potential of real and perceived threats to the resilience and legitimacy of a fragmenting network and loss of associated network effects, the ability of a blockchain-based protocol network to demonstrate fork resistance provides significant strength to its value proposition. Decred is an example of a hybrid PoW/PoS monetary network which is implementing an off-chain proposal and governance mechanism termed Politeia . Since coin-holders have voting rights based on stake weight, they have the ability to keep miners and developer constituencies honest through the mechanism to reach decisions by majority stakeholder consensus on matters including hard forks. These lessons were ostensibly learned through the developer team’s experiences in writing a BTC client which they felt was not appraised objectively by the Bitcoin Core developer ecosystem. Decred’s fork resistance is effectively achieved by the fact that most stakeholders would be non-voting on a minority chain, it would remain stalled as blocks would not be created or propagated across the upstart network.
Recently another class of fork has emerged, caused by factionalisation before networks launch and/or code is open sourced. These appear similar to contentious political factions in existing blockchain networks though there is little concrete information in the public sphere. Recently several distinct entities have arisen within the pre-functional Tezos ecosystem who do not support the decisions of Dynamic Leger Solutions (DLS) as they move towards launching their mainnet, particularly regarding the recent decision to require de-anonymising Know-Your-Customer (KYC) information from their 2017 token offering donations taken last year which raised the equivalent of several hundred million USD. Aside from the ostensible paradox of rather security-like donations requiring Anti-Money Laundering (AML) procedures for future claims on the DLS-Tezos network, at the time of writing three alternative proposed non-KYC implementations exist: TzLibre, nTezos and OpenTezos. Little is publically known about these groups, but the effective bifurcation of the pre-functional network into white KYC and black non-KYC populations is a phenomenon likely to repeat as blockchain forensic tools become more widely adopted by law enforcement agencies . At time of writing, Tezos has an operational betanet and TZLibre appears to have adjusted strategy, becoming a leading delegated staker – or baker in the Tezos parlance – within the DLS-Tezos network and campaigning for a reversal of the KYC implementation decision.
1.6 Forks in Favour of ASIC-Resistance
Since SHA-256 Application Specific Integrated Circuits (ASICs) were first developed in 2012 for the Bitcoin network, there has been a trend among upstart networks to choose alternative hashing algorithms so as to avoid the problems associated with being a minority network in relation to a particular type of computational resource. A series of existing and new algorithms such as Scrypt, CryptoNight, Blake 2b, Ethash and Equihash with greatly increased memory requirements relative to SHA-256 were implemented into networks such as Litecoin, Monero, Siacoin, Ethereum and Zcash respectively, under the supposition that memory-hardness would prevent the development of ASICs for these algorithms as the ability to parallelise processes would be greatly reduced via the system memory bottleneck. Such algorithms were commonly referred to as ASIC-resistant, however this does not appear to have remained the case as there now exist ASICs for all of the above hash functions.
The failure to prevent specialised hardware development was unavoidable in retrospect. As cryptocurrency network valuations increased the incentives for equipment manufacturers to allocate the substantial capital to develop specialised integrated circuits outweighed the downside risks. Other contributing factors were optimisations in mining hardware engineering, steps forward in semiconductor manufacture and margin compression in the more mature SHA-256 ASIC marketplace encouraging hardware manufacturers to diversify. As the mining hardware business is extremely competitive, development of ASICs for new algorithms was conducted with utmost secrecy so participants would not lose their early-mover advantage. Indeed it is commonly accepted (if not conclusively proven) that many mining manufacturers will mine in secret prior to announcing their equipment and offering units for sale. Light testing of electronic equipment prior to despatch is uncontroversial as part of a quality assurance process, however there have been widespread accusations that ASIC manufacturers — or partners for the purposes of plausible deniability — deploy ASICs to networks clandestinely and gradually with hashrate spread over several pools to avoid detection . Further, there have been a number of instances whereby a new ASIC type would be announced (by a manufacturer such as Baikal, Innosilicon or Bitmain) and an impression of limited run scarcity would be implied, to maintain a value proposition for the profitability of the device. There would then follow what may be regarded as supply dumping where the manufacturer sells so many ASICs that the possibility of a purchaser achieving a return on investment would be nil. There is also a question mark over the network security of cryptocurrencies with clandestine ASICs online, as an equipment manufacturer “testing” large batches of their equipment would have an asymmetric edge over existing participants employing Central Processing Unit (CPU), Graphics Processing Unit, (GPU) or Field-Programmable Gate Array (FPGA) and may easily garner a majority of network hashrate making 51 % attacks trivial, with grave impact on network value proposition. Some networks that have adopted the philosophy of ASIC-resistance — with the goal of maximising decentralisation at the mining level — reacted to the suspicion or discovery of ASICs on their network by proposing a fork (hard or soft depending on the circumstances) to change the hashing algorithm to an alternative candidate sufficiently distinct from the original so as to render the ASICs ineffective. As in all cases with forks to irreversibly change mining parameters on PoW networks, should sufficient computational resource remain on the original chain then it has a prospect of avoiding wipeout and surviving as a sovereign network. In this case where large quantities of ASICs were produced and then threatened with being rendered incompatible through hashing algorithm adjustment, these machines would most likely be obliged to remain on the original chain, or to switch to mining on a smaller network which did not undergo such a fork. It has been postulated that new CPU architectures such as Vector Processors may be present in current or forthcoming generations of ASICs which would allow for a greater ability to remain on their intended network after hard forks to change hashing algorithms. By analysing the limited efficiency gains in ASICs developed for memory-hard algorithms such as Ethash compared to those observed previously realised for SHA-256, an alternative technical configuration with greater computational flexibility than traditional ASICs is a plausible though unconfirmed hypothesis .
Providing a counterpoint to the above motivations, Daian asserts that ASICs are inevitable for algorithms which are employed on sufficiently valuable networks. Therefore they should be accepted as emergent phenomena arising from the success of networks adopting those particular hashing algorithms. As ASICs realise large efficiency gains over general-purpose hardware in terms of operational costs (energy efficiency as measured in hashes per Watt) and capital outlay (hashes per dollar cost of ASIC) therefore lending themselves to industrial mining facilities and the economies of scale they can access. Therefore the reaction of forking to change hashing algorithm only provides a temporary respite from the development of specialised hardware, and indeed regularly scheduled tweaks may become less effective as more versatile hardware is designed. Indeed such protocol changes may favour well-resourced hardware manufacturers as they will be more able to deploy capital and resources to produce new hardware. The decision making process involved in enacting such protocol changes may also be subject to corruption or sub-optimal outcome, as with Ethereum’s chain split following the failure of The DAO as discussed in Section 1.3 .
Two recent networks which took different approaches to the manifestation of ASICs were Monero and Siacoin. Monero (XMR) is a privacy-focused cryptocurrency with a healthy community, active developer ecosystem and strong philosophy of maintaining decentralisation at the mining level through the promotion of ASIC-resistance in favour of GPU mining. As XMR nethash began to climb steeply in January and February 2018, ASIC mining was suspected to be taking place surreptitiously, followed by announcements by manufacturers Bitmain and Baikal that ASICs for XMR were available for imminent shipping . In April 2018, Monero underwent its twice-annual scheduled hard fork which facilitates regular protocol upgrade and included an adjustment to the CryptoNight hashing algorithm to render the ASICs ineffective. Around the time of the hard fork, XMR experienced a sudden 80 % decline in nethash with stabilisation at around 40–50 % decline. Prior to the fork, over 90 % of hashrate was of unknown/anonymous origin, whereas post-fork the proportion of hashrate with unknown provenance had stabilised around 30–40 %. Therefore the level of transparency as to distribution and provenance of computational resource increased as much as coarse heuristics as pool activity allow inference. Some questions remain over the methods employed to achieve consensus on the algorithm change, with some appeals for patience or to maintain the status quo. There was also a rather surreal incidence of extreme price volatility of the mining equipment with fire sales as Monero’s hard fork was implemented. Baikal was advertising a “buy one, get four free” offer on the ASICs which would have exacerbated dumping of commodity nethash on ASIC-friendly CryptoNight networks. A number of putative breakaway Monero factions announcing support for the original chain also announced themselves but do appear to have largely waned into irrelevance .
Siacoin (SC) is a network providing secure and censorship-resistant data storage via a decentralised P2P architecture. A hardware manufacturer named Obelisk with strong ties to the Siacoin founders had a Blake 2b ASIC under development and had taken a significant amount of pre-orders for the SC1. Bitmain appears to have intercepted information relating to this device and leveraged their economies of scale and expedience to front-run the Obelisk miners by delivering the Antminer A3 before them and furthermore offering aggressive discounts to Obelisk pre-order customers. This may have been through the utilisation of faster but sub-optimal integrated circuit development processes such as place-and-route rather than fully-custom routing as Obelisk employed. Unbeknownst to outsiders, Obelisk had engineering a second fallback algorithm into their equipment so that a soft fork adjustment to the Siacoin protocol would be sufficient to render the Bitmain ASICs ineffective. However this was not exercised and instead an uncontentious hard fork was conducted to recalibrate the difficult adjustment algorithm and block time in anticipation of large increase in network hashrate .
2. Research Aims and Methodology
2.1 What does Forkonomy Aim To Achieve?
As a putative analytical discipline in the early stages of development, forkonomy is as much a perspective as a coherent set of tools and methods at present. The notion of performing comparative analysis on ledger forks is not new, however this somewhat high-level combination of quantitative observation and qualitative inference is not commonly applied to characterise the emergent phenomena exhibited in cryptocurrencies. By taking a wider view than the present and recent past, forkonomy aims to provide insight into the possible fates of blockchain-oriented P2P monetary networks. A future aim is to build sufficiently sophisticated models such that even-handed forecasts of the probabilities of future scenarios may be elucidated from network observation and simulation. Many of the concepts employed are borrowed from the disciplines of astronomy, cosmology and physics, which the author previously researched.
2.2 Research Methods and Resources
This work has relied on numerous primary and secondary data sources as cited in the text. Blockchain analytics of BTC, BCH, ETH, ETC, XMR, MONA, ZCL and BTCP was achieved through the use of block explorers Blockchair.com, Blockchain.info, Etherscan.io, Etherhub.io, Bchain.info, Monerohash.com and Bitinfocharts.com with data exported in CSV or JSON formats. This was imported into the statistical computing suite RStudio (built upon R) for cleaning, treatment, analysis and visualisations. Network-wide observation and inference was conducted using publically available sources Coin.dance for node count and implementation versions for BTC and BCH, Crypto51.app for ZCL and BTCP network hashrates, Doublespend.cash for malleated transactions on BCH, Coinmetrics.io for high-level network heuristics and Onchainfx.com for networks’ token price, supply issuance and monetary policy.
3. Case Study: Advent of the Fork-Merge
In a 2017 presentation at Breaking Bitcoin conference, Eric Lombrozo postulated the theoretical possibility of a managed process of convergence of chains sharing the same provenance and similar codebase which may be thought of as a chainmerger. The idea was developed further by Eric Wall ostensibly as potential a mechanism for BTC and BCH to reunite post-chain split, but no prominent examples exist in the wild. This may be subject to entropic bias, that is to say divergent paths are those of least resistance in accordance with thermodynamics as discussed in Section 1.3 .
3.2 Fork-Merge through UTXO Cross-Chain Consolidation
Building on the chainmerger concept outlined above, the notion of a fork-merge was introduced earlier this year as the mechanism by which a ledger fork of BTC entitled Bitcoin Private (BTCP) could be artificially synthesised from an Equihash PoW network named Zclassic (ZCL), itself a codebase fork of Zcash (ZEC) which in turn was originally derived from the BTC codebase . It is somewhat similar to the “Fork + Merge” operation in Git-based repository protocols. Since the BTC and ZCL networks possess different histories as evinced by their unique UTXO sets and the codebase had additionally diverged further, this was not a trivial process  and may be further hindered by entropic bias. The UTXO model of ledger accounting introduced by Bitcoin is managed by tracking the outputs of transactions as either spent or unspent. Unspent transaction outputs contribute to coin-holders’ balances whereas spent outputs do not. In order to maintain such a ledger, each transaction may be comprised of one or more inputs (UTXOs with non-zero balances) and two or more outputs. This is because UTXOs may not be partially spent, and thus any value remaining in an UTXO after transaction is completed must be returned as a new “change” UTXO in an analogous manner to spending a paper fiat currency banknote and being returned different notes and coins.
The quantitative parameters underlying this cross-chain UTXO consolidation warrant further examination. Both BTC and ZCL networks possess equivalent relationships controlling mining subsidy emission over time.
ZCL has a target block time of 150 seconds, block reward of 12.5 ZCL, 840000 block reward halving period (not yet reached) and 21 million ZCL maximum supply.
BTC has a 600 second target block time with initial reward of 50 BTC per block, though this has experienced two subsidy halvings to the present value of 12.5 BTC per block — with a current approximate BTC block height of 540000 and halving period of 210000 blocks. Figure 1 displays the characteristics of BTC mining subsidy and monetary issuance over time.
As the time-per-halving is broadly equal on both networks the number of halvings may be used as an approximate heuristic for the maturity of the network. ZCL having experienced no halving to date can be considered a young network, characterised by a high mining subsidy which incentivises miners to secure the chain at the expense of a high effective annual supply inflation rate of approximately 100 %, with approximately 4.5 of 21 million total ZCL coins issued. BTC is halfway between its second and third halvings and as such can be thought of as a mature network. The subsidy has already declined 75 % since network launch with approximately 17 of 21 million total BTC mined and an effective annual supply inflation of around 4 %. During periods of elevated demand for block space, a transaction fee market has emerged which at peak times has provided miners with greater income than the block reward . This occurrence is crucial to the long-term viability of all blockchain-based monetary networks that employ PoW for security and have a fixed asymptotic supply curve, as the network must continue to incentivise miners to deliver hashpower . Most UTXO-based cryptocurrencies have also adopted BTC’s monetary issuance policy to claim analogous value propositions centred around supply limitations.
By merging these UTXO sets, BTCP has synthetically created an Equihash blockchain network with approximately 500000 of 21 million coins yet to be issued, negligible annualised supply inflation and therefore a meagre mining subsidy of 1.5625 BTCP, corresponding to approximately 0.0035 BTC at time of writing. Unlike BTC however, BTCP has not been able to bootstrap a transaction fee market, and in order to properly incentivise miners to protect the network the transaction fees would have to be greater than the transaction value itself.
Additional idiosyncratic risks to BTCP mining profitability arise from possible supply shocks from involuntary coin holders who would be more likely to commence liquidation in the event of sudden BTCP coin price rises, and the ongoing emergence of specialised Equihash ASIC mining hardware from multiple hardware suppliers deploying more plentiful commodity hashrate .
3.3 Forkonomics: The Impact of Fork-Merging on Monetary Networks
The fork-merge process has effectively created an elderly BTCP blockchain between third and fourth halvings (as seen in Figure 2), with little incentive for miners to protect and therefore minimal value proposition as a PoW monetary network. Much of the BTCP UTXOs involuntarily assigned to BTC UTXO owners have gone uncollected, undoubtedly due to the low value of the 1:1 airdrop for the BTC side or prevention of private key compromise risk. In many respects BTCP is now experiencing an eternal post-fork hangover caused by the lopsided incentive structures engineered into the fork-merge. The event asymmetrically benefited ZCL holders which had a much lower per coin price than BTC but also entitled holders to a 1:1 airdrop. This was particularly the case for those who held ZCL balances prior to the announcement of the fork-merge, as the market price of ZCL experienced an approximate hundredfold increase in USD terms within a 30 day period prior to the fork-merge .
Due to the disparity in mining subsidy value and network age (not “effective maturity” as discussed above) between ZCL and BTCP, ZCL appears to retain a reasonably cohesive constituency of stakeholders — miners, exchanges, users and so on — despite many developers abandoning the project at time of fork. In contrast, BTCP seems to have lost most of its pre-fork proponents and has failed to acquire listing on major exchanges to access liquidity in order to improve its value proposition as a speculative asset. BTCP vs ZCL may be considered an extreme case of fork-induced emission curve fatigue. That is to say that the fork-merge process has resulted in a cryptocurrency network simultaneously vulnerable to majority attacks and unable to bootstrap itself into a secure and reliable state as the block subsidy available in an elderly network does not sufficiently incentivise computational resource in the absence of an on-chain transaction fee market. The lack of evidence of such attacks on BTCP may be due to the lack of on-chain transaction volume and associated fiat equivalent value making even a low-cost attack a waste of resource. Furthermore trading platforms do appear to anticipate the likelihood of such an attack as typically 25–50 confirmations are required to consider a BTCP deposit confirmed and spendable at an exchange.
In 2018 there has been an emerging trend of ledger forks of BTC possessing greatly inflated market capitalisations in comparison to codebase forks with virgin genesis blocks and ledgers. This is at least in part due to the effective sequestration of large proportions of the supply, essentially attention-locked since BTC UTXO owners have neither financial nor ideological motivation to participate at the potential expense and inconvenience of accessing private keys. Observable on-chain transaction volume (not including shielded transactions which typically constitute a tiny minority of usage) is minimal on both BTCP and ZCL networks with significantly under one million USD average daily volume, whilst BTC moves approximately several billion USD equivalent per day. In terms of hashrate ZCL has approximately 25 times more network hashrate than BTCP with a nominal market capitalisation of 3 times less . The consequence of this is that the BTCP chain is rendered extremely vulnerable to 51 % attacks with a trivial vector employing rented hashrate — using figures at time of writing the 1 hour cost of a majority attack was approximately 200 USD. For a network with a nominal value (using market capitalisation as a coarse heuristic) of approximately one hundred million USD, the prospect for transaction disruption seems sufficiently high to preclude any realistic proposition of BTCP as a monetary network. If majority takeovers become trivial in a cryptocurrency network, exchanges will be reticent to list it as they would be the primary victims of double-spending attacks when not requiring sufficient confirmations for transaction finality to be beyond doubt .
4. Discussion: Implications for Ageing Blockchains and Prominent Minority Forks
The emission curve fatigue that BTCP is experiencing, combined with lack of transaction fee market results in an insecure network with absent value proposition. Indeed this is one of the possible futures for any elderly PoW blockchain. By analogy with stellar lifecycles, the moniker white dwarf chain may be applied to BTCP. In common with the celestial remnant, high maturity and low economic gravity prevent the network from attracting substantive accretion, eventually no longer possessing the critical mass to function. There is a prospect that BTCP will attempt a transition to PoS or dPoW in order to seek refuge from thermodynamic attacks. Recently the prospect of confiscation of “inactive” UTXOs in order to liberate coin supply from attention-locked holders of BTCP in order to provide further miner subsidy in order to attract greater hashrate has emerged . The disingenuous trope of “Satoshi’s Vision” was invoked by BTCP proponents in the pre-fork marketing, though it is difficult to see how Satoshi Nakamoto’s cypherpunk principles were respected and honoured through the mechanism of confiscating UTXOs under his control.
An alternative outcome termed a chain death spiral is also a possibility for BTCP. Should Equihash resource be sufficiently incentivised to be directed elsewhere, the network may stop issuing blocks altogether. This was a particular concern for BTC at the time of the BCH chain split, though ironically it was BCH that produced severely tardy blocks with block intervals reaching many hours for some time. This was due to the BCH network inheriting the BTC network’s difficulty whilst only possessing a fraction of the former BTC hashrate. A customised difficulty adjustment algorithm was invoked to rapidly adjust the BCH network difficulty downwards to reflect the much lower nethash of the minority SHA-256 BCH network fragment. The lack of such a difficulty adjustment mechanism in BTC beyond the original specification’s 2016 block window came to be perceived as a potential attack vector from a hostile ledger fork .
The significance of implications arising from the BTCP case study are due to the lack of organically elderly blockchain networks in existence today. Emergent behaviours that are observed in these distributed environments may vary from hypothetical studies utilising cryptoeconomic, distributed systems or game theoretical perspectives. Due in part to the BCH difficulty adjustment process — and successor algorithms performing analogous functions — BTC and BCH have already diverged by approximately seven thousand blocks chain length (Figure 3) which corresponds to around 50 days greater effective age of BCH in the year since chain split. The consequence is that, ceteris paribus, the BCH blockchain will reach its next block subsidy halving sooner than BTC. Coupled with the fact that BCH shares the SHA-256 mining algorithm with BTC but now has approximately ten times less hashrate (Figure 4), there is declining economic incentive for miners to secure the minority BCH network . With no fix currently implemented for transaction malleability due to BCH’s rejection of SegWit and no alternative ready to deploy, 51 % attacks have become trivial to conduct by several BTC mining pools and double spent transactions are growing in frequency, calling any notion of monetary soundness or payment utility proposition into serious question .
Through the observation of networks which in the past competed for ASIC hashrate such as Litecoin and Dogecoin, it has been observed that once the security of a PoW network sharing a mining algorithm with a dominant competitor is believed to be compromised, two main categories of remedial action may be utilised. To preserve decentralisation and network sovereignty, the adoption of an alternative and unique PoW algorithm is an option but would be unpalatable for an ASIC-oriented network such as BCH. An alternative is to implement merge-mining whereby PoW on the dominant network for a particular algorithm counts towards PoW on the merge-mined network , or periodic checkpoint notarisation – also known as delayed PoW – of latest block hash into the most secure blockchain as utilised by minority Equihash network Komodo . Confiscation of “inactive” UTXOs or account balances has also been proposed by minority forks such as United Bitcoin and Bitcoin Private as discussed above.
The canonical Ethereum network ETC may have a different future to the typical minority branch, as development paths between forks have diverged and ETH intends to attempt transition to PoS with the Casper family of consensus protocols , accompanied by a significant reduction in block issuance subsidy to 0.6 ETH per block . Should this occur as multiple competing Ethash ASICs and high performance FPGA bitstreams are distributed more widely, ETC may retain a strong value proposition as the canonical, decentralised and immutable Ethereum network with a sound monetary policy and thermodynamically assured network security. As Figure 5 shows, ETH has an annual equivalent supply inflation of approximately 7.5 % and no maximum limit on token supply, whereas ETC’s inflation is around 5.75% and projected to decrease much more rapidly due to a fixed supply limit. ETC has also removed the so-called difficulty bomb which is intended to disincentivise mining by making it increasingly unprofitable.
5. Future Perspectives on Forks
As with any novel field of study many open questions remain as to how new technologies, emergent phenomena and threats caused by internal factions within open source protocol networks or external entities such as rival blockchains, lawmakers and silicon foundries may influence the forking tendencies of cryptocurrency networks. Sztorc’s notion of fork futures has merit insofar as competing visions may be assessed and priced in real time by the marketplace prior to implementation. This facilitates the assessment of support for the various options proposed by competing factions, potentially preventing quite a substantial proportion of chain splits by using the market to assess the value of competing ideas. .
Velvet forks as proposed by Kiayias et al. could help mitigate potential network consensus failures by increasing inclusiveness and compatibility of protocol upgrades, by being minimally invasive with respect to network participants not running the velvet fork upgrade . An example of successful implementation of a velvet fork has been found in decentralised mining pool P2Pool’s sharechain, which keeps track of mining shares which correspond to block hashes close to but not below the network difficulty limit. In order to reduce reward variance for individual participants in the mining pool, shares are kept track of by the sharechain .
The ongoing litigation against the cryptocurrency exchange Bitgrail involves an attempt to legally enforce a rollback of the Nano (formerly Raiblocks) block-lattice network to reclaim tokens which were lost due to software vulnerabilities. It is hard to envisage an outcome whereby a legal pronouncement is made which carries sufficiently global or borderless jurisdiction to coerce large constituencies of a network to behave contra to their incentives. Most likely this would trigger a factional network disintegration event .
Hypothesising more broadly, as the canon of forkonomy expands to include new and emergent phenomena there may develop further aesthetic disciplines with which to codify, classify and characterise trust-minimised network partitions in all their forms. As with celestial outcomes, the interplay of enthalpy and entropy could provide a generalised basis for modelling the fate of cryptocurrency networks and further work is underway in this area. Moving from the ontological and observational basis presented here as forkonomy (by analogy with astronomy) and forkonomics (by analogy with economics), epistemological treatises may be considered forkology  and philosophical approaches forkosophy.
Thanks to numerous esteemed colleagues for proof-reading, comments and corrections.
13. Eyal, I., and Sirer, E. G. (2014) Majority is Not Enough: Bitcoin Mining is Vulnerable. In International Conference on Financial Cryptography and Data Security, 436–454. Springer, Berlin, Heidelberg.
14. Grunspan, C., and Perez-Marco, R. (2018) On Profitability of Selfish Mining. IACR Cryptology ePrint Archive, 1805.
17. Nayak K., Kumar, S., Miller, A., and Shi, E. (2016) Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack. IEEE European Symposium on Security and Privacym 305–320. EuroS&P, Saarbrucken. https://doi.org/:10.1109/EuroSP.2016.32
18. Zhang, R., and Preneel, B. (2017) Publish or Perish: A Backward-compatible Defense against Selfish Mining in Bitcoin. In Cryptographers’ Track at the RSA Conference, 277–292. Springer, Cham.
49. Judmayer, A., Zamyatin, A., Stifter, N., Voyiatzis, A. G., and Weippl, E. (2017) Merged Mining: Curse or Cure? In Data Privacy Management, Cryptocurrencies and Blockchain Technology, 316–333. Springer, Cham.
55. Zamyatin, A., Stifter, N., Judmayer, A., Schindler, P., Weippl E., and Knottenbelt W. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In Bitcoin ’18: Proceedings of the 5th Workshop on Bitcoin and Blockchain Research.
Wassim will be delivering a new talk entitled “The Secret Lives of Cryptocurrencies” at Genesis Block Hong Kong on Thursday 20th December. Do register your attendance if you’re coming at the link below.
Since summer 2018, Wassim has been working on an unusual topic and has produced some talks and papers (manuscript as PDF // read on Medium // read on this site) introducing an analogical method that’s been called “forkonomy”. Just like astronomy takes observations from stellar sources at different phases of their lifecycles, forkonomy is envisioned as a suite of tools employing high-level inference and deductive reasoning to peer beyond the veil and see the range of possible futures for ageing blockchain networks.
January 2019 Update: The Forkonomy follow-up “Where Are They Now?” has just been published on Hacker Noon and on this website (soon).
Wassim speaks at the Ethereum Classic Summit in Seoul, Korea on September 12-13.
In addition to a presentation on implications of Forkonomy for ETC, Wassim will also participate in a panel discussion on the topic of censorship resistance and immutability as informed by Reaching Everyone.
More information can be found on the ETC Summit website. Though tickets are no longer available, the event will be livestreamed on YouTube.