Still Waiting For A Defense Of Cryptoassets

In response to the Letter in Support of Responsible Fintech Policy, a factual and reasonable call for Congress to resist intense lobbying from crypto-speculators and venture capitalists1, cryptographer Matthew Green has responded with a blog post In defense of crypto(currency) that doesn’t effectively rebut the letter to Congress. Instead, he confirms most of their points.

(I say cryptoassets, not cryptocurrencies, because they’re not viable as currencies: they’re designed to be deflationary and have proven absurdly volatile. Of course, the greater fool left holding the bag will find they’re not assets in the colloquial sense, either.)

I wouldn’t normally bother writing about cryptoassets, because they’re absurd and immediately discredit themselves better than I could. However, Green’s defense is interesting because he has significant credentials and experience in cryptography. He is also a co-developer of a leading privacy-protective (and deflationary) cryptoasset, Zcash. So we can reasonably hope for better-informed and coherent arguments than we normally see from crypto-boosters.

But the fact that a uniquely-qualified expert in the field is not able to rebut legitimate concerns, including the ones he raises, is interesting enough to comment on. Like Green, I’m sure I’ll regret this.

Objection: “Cryptocurrency is terrible for the environment”

Green cedes this point. His rebuttal is that we can fix that with what he agrees is oligarchy:

Proof-of-stake systems are not perfect: they still lead to some centralization of power, since in this paradigm the rich tend to get richer. However it’s hard to claim that the result will be worse than the semi-centralized mess that proof-of-work mining has turned into.

While boosters estimate that proof-of-stake will reduce energy consumption by 3 orders of magnitude, it’s worth noting that oligarchy is very bad, actually2. It’s something we should be looking to solve, not exacerbate. People who don’t like centralization should, in theory, agree; but, of course, most anarcho-capitalists believe that they will get to be Immortan Joe. When you scratch the surface of anarcho-capitalism you typically find feudalism, as we do here.

So we don’t seem to have any solution to the theoretical3 computing science problem of distributed consensus that isn’t also hugely destructive to the world in some way. Green presents no argument that the best way to solve “the semi-centralized mess that proof-of-work mining has turned into” is anything other than simply not doing PoW or PoS.

To round this section out, Green repeats the punchline that Ethereum 2 is coming Real Soon Now, and mentions in passing that wasting hard drives is also an option.

Objection: “Public blockchains can never support banking features like transaction reversal.”

Green’s rebuttal seems to be twofold: (1) stablecoins are centralized and hence can freeze or burn money; and (2) smart contracts could say anything, including provisions for reversal.

In the cryptoasset ideology, centralization is The Big Problem That Must Be Solved (Unless We Get To Be The Feudal Lords, In Which Case Centralization Is Awesome). So presenting centralization as a solution is not functional as a rebuttal.

There’s also the small matter that stablecoins are basically a rebirth of the ‘wildcat’ banks of the 19th century — hardly a compelling vision for the future.

It might be true that smart contracts could have provisions for reversal, but the reality on the ground today is that ‘code is law’, those ‘laws’ don’t typically have reversal provisions, and they end up being “self-funding bug bounties” that just destroy people’s ‘assets’ in an automated way.

Green does not mention that stablecoins have a history of being fantastically crimey and/or not even a little bit stable.

So perhaps the letter authors are wrong that public blockchains can “never” support transaction reversal. Anyway, the combination of reversible + decentralized doesn’t exist now. Perhaps there will be a flurry of innovation in the area of smart contracts that enable refunds, but we’d still face the question of why that’s better than regular bank databases.

Objection: “Cryptocurrency doesn’t scale [or the fees are too damned high]”

Again, Green starts out by confirming the critics’ point. He reassures us that the problem is A Simple Matter Of Programming, but cautions us that while the ideal speed-up would be 100x — within an order of magnitude of what Visa can handle on a non-holiday now with 1970s technology, so maybe borderline feasible — the reality won’t be that big.

Nicholas Weaver, one of the lead signers of the letter, has a different back-of-the-envelope calculation:

Estimating the cost (measured in ‘gas’) of an arbitrary computation is complex but let’s assume that we are only interested in the most simple operation: 256 bit integer addition. Each addition costs 3 gas each. So on a worldwide basis this system rates at 600,000 adds per second.

Compare this amount of compute to a Raspberry Pi 4, a $45 single-board computer which has four processors running at 1.5 GHz. Each core has 2 ALUs and it will take 4 instructions to perform a 256 bit addition, as the basic unit for the Raspberry Pi (and most other modern computers) is 64 bits. So each core has a peak performance of 750,000,000 adds per second for a total peak of 3,000,000,000 adds per second. Put bluntly, the Ethereum “world computer” has roughly 1/5,000 of the compute power of a Raspberry Pi 4!

By Weaver’s critical estimate, even the big dream of a 100x speed-up is not enough to make the Ethereum network a good use of the planet’s computational resources. Nor would the Ethereum Foundation’s claim of a 2000x speed-up enable the Ethereum network to outpace a Raspberry Pi.

Green also confirms that

Many defenders have tried to paint the electricity consumption of Bitcoin and other PoW currencies as “green” or define it as a form of energy storage. This is dishonest nonsense: estimates hold that at east 60% of mining energy consumption still comes from fossil sources.

Perhaps some other defense of cryptocurrencies will hold. Let’s see:

Objection: “There is no privacy on blockchains (or there is too much privacy)”

There has, in fact, been innovation in cryptoasset privacy, and Green’s own work demonstrates that.

Unfortunately, that’s very bad, even if also potentially good in some way. The anarcho-capitalist dream of cryptoassets — i.e. tax evasion and money-laundering — is one of the only parts of the cryptoasset dream that reliably comes true in practice. The cryptoasset economy has been a huge ‘success’ in enabling ransomware, CSAM, and Kim Jong Un’s nuclear program (on top of the more mundane phenomenon of regular people losing their money).

It’s not clear why people who want functioning government, un-abused children, and fewer nuclear weapons would welcome a more-private cryptoasset. Perhaps there is an argument that the potential benefits would outweigh the actual harms we endure right now, but Green doesn’t make it in this article, and doesn’t contend with the harms.

Green attempts to paint the status quo as equivalently risky as the current systems of exchange:

But at very least they’ll be better than our current collect-it-all-and-then-hand-it-to-hackers approach, which certainly has not done us very many favors.

but it’s hard not to see cryptoassets as even more accurately described as “handing it to hackers”.

So why do I care about any of this?

In this section, Green presents the problems that cryptoassets should supposedly solve, and which should motivate a long blog post to defend cryptoassets. Buried the lede, tbh, but:

After 4,000 words in defense of cryptoassets, this is the ledeconclusion:

I don’t know if blockchains are the solution to this problem. [...]

So while I don’t know if cryptocurrency will be the answer, I’m just hopeful that something will be.

So at the end of what could be a strong defense of cryptoassets, we find that they are not in fact defensible, and that the letter to Congress is basically right on every point.

But, the problems Green identifies are real, and it would be good to solve them. So let’s consider how cryptoassets deal with these problems.

Credit card fees are too high: As Green notes, cryptoasset fees are not exactly low. In some cases, they’re a deal-breaker. They are also far more volatile. And there is no viable solution at hand, in Green’s post or elsewhere.

Credit cards are still prone to fraud: Clearly, this is as true today as it was in 1995. Unfortunately, cryptoassets have not only not reduced fraud but have brought us new and exciting additional forms of fraud. “Back in my day,” I’ll say, “we had fewer forms of financial fraud!” The grandkids roll their eyes in disbelief.

We don’t have privacy in our payments: As above, this is a policy debate that we can and should have. Whatever approach to payment privacy we take, it will have to do something to mitigate the severe harms that sort-of-private and pseudonymous cryptocurrencies have enabled and exacerbated.

And it will require a nuanced construction of privacy, which is often presented as — but which is not — a simple binary condition. (It’s not even as simple as a spectrum along a single axis.) There does not yet appear to be a plausible approach on the table that provides people privacy (however defined) and yet stops at least some large-scale, society-damaging crime. Maybe someday.

You can’t pay with your phone without giving control to corporations: That does seem to be true, whether it’s to Apple, Google, Safaricom (which operates M-Pesa in Kenya), PayPal, Zelle, or various state-capital corporations in China. Since Green dismisses existing state and government solutions, I take it he would only be satisfied by currency purely run on distributed consensus. Thus he appears to embrace the anarcho-capitalist dream, but doesn’t have anything to say (in this article) about what would check and balance capital power once government is “drowned in the bathtub”.

Regulatory capture: Recall that the letter to Congress was from concerned experts warning legislators to be wary of regulatory capture by speculators and VCs — and, again, Green says he broadly agrees with the lead signers’ spirit — so it’s hard to see how cryptoassets are a solution to regulatory capture. In fact that’s the problem at hand!


Green’s defense of cryptoassets is no more coherent than what we’ve seen before. But it does have the virtue of honesty, which inevitably makes it a very weak defense of cryptoassets.

The Letter in Support of Responsible Fintech Policy stands as reasonable advice to legislators, and cryptoassets still look like a change for the worse.

1. I also signed it, but was not a lead signer nor an author of it. I was not involved in any way; I just think the authors are right.

2. If I could just interject for a moment, what people typically refer to as PoS is, in fact, proof-of-oligarchy, or as I’ve recently taken to calling it, PoO.

3. I mean theoretical in the technical sense, not in a colloquial sense of “unimportant”. It would be useful to have a solution to the distributed consensus problem. But we don’t need a solution so badly that burning the Earth is a good idea, and we don’t need one that furthers anarcho-capitalism.