Proof-of-work cryptocurrency mining is bad, stupid and damaging. Bitcoin uses 0.1% of all worldwide electricity consumption — as much power as Ireland — for just two to four transactions per second. This is a large enough externality that everyone else is noticing, and has a few objections.

Thinking about how to reduce CO2 emissions from a widespread Bitcoin implementation — halfin (@halfin) January 27, 2009

Proof-of-work was a kludgy hack. When Satoshi Nakamoto created Bitcoin, he needed decentralisation — and this hack approximated it.

The approximation worked well enough for a few years. But proof-of-work has economies of scale, so — per chapter 5 of the book — it naturally recentralises. So we now have three or four mining pools controlling most of the Bitcoin transactions. Other cryptocurrencies do even worse.

Cryptocurrency advocates have cast about for other consensus mechanisms that can approximate decentralisation — but aren’t as stupidly damaging as proof-of-work.

Proof-of-stake

Proof-of-stake was first proposed by BitcoinTalk user QuantumMechanic on 11 July 2011. The idea is that you show your commitment by holding coins. You get to mine the next block — and thus, get the coins — in proportion to your current holding:

I’m wondering if as bitcoins become more widely distributed, whether a transition from a proof of work based system to a proof of stake one might happen. What I mean by proof of stake is that instead of your “vote” on the accepted transaction history being weighted by the share of computing resources you bring to the network, it’s weighted by the number of bitcoins you can prove you own, using your private keys.

Proof-of-stake is a bit too obviously “thems what has, gets” — so you have to convince the users to go along with it. It’s also as naturally centralising as proof-of-work, if not more so.

The other problem is that people routinely spend up to $99.99 to get $100 — thus, proof-of-stake will rapidly approximate proof-of-work. Though spending $99.99 out of your bank account is unlikely to be as directly damaging as burning $99.99 of coal. Probably.

The idea is usually presented with variations, such as factoring in how old the holding is and so on. The Wikipedia article details various weaknesses of the schemes, and ways to cheat.

Ethereum and proof-of-stake

Vitalik Buterin has been talking about proof-of-stake since 2013. Ethereum was intended to be proof-of-stake in the white paper, but Buterin noted in 2014 that proof-of-stake would be nontrivial — so Ethereum went for proof-of-work instead, while they worked on the problem.

There are lots of existing proof-of-stake cryptocurrencies — but they’re all tiny altcoins nobody much cares about.

Ethereum is bigger and more important than all the rest, with hundreds of millions of (notional) dollars sloshing around in it — so they really have to get it right.

Ethereum Casper, the project to move Ethereum to proof-of-stake, started in 2014. It’s been six months away for four years now. The Proof of Stake FAQ is a list of approaches that haven’t quite worked well enough. Casper has had numerous technical and security issues. The current version only adds a bit of proof-of-stake to the existing proof-of-work system.

But Casper 0.1 has just been released — and Buterin is talking about taking it live. Can this work?

Worse is Better

“Worse is Better” is a phrase coined by Richard P. Gabriel in his 1991 essay “Lisp: Good News, Bad News, How to Win Big,” in the section “The Rise of Worse is Better.”

The idea is that perfection is good — but a quick hack may be more viral.

I believe that worse-is-better, even in its strawman form, has better survival characteristics than the-right-thing, and that the New Jersey approach when used for software is a better approach than the MIT approach.

This is okay as long as you can approximate your way to full functionality.

Ethereum has always been a bit slipshod — it’s not technically polished, it has a history of frequent hard forks for protocol changes, and so on.

Solidity, the main smart contract language, is a JavaScript descendant, and explicitly targets middling JavaScript developers. There’s lots to hate about Solidity as a language — “Solidity is so riddled with bizarre design errors it makes PHP 4 look like a work of genius.“ As the PonzICO white paper puts it: “the EVM seems most efficient at transpiling developers who make bad Node.js into developers who make bad Solidity.”

But — Solidity is the first successful smart contract language, and Ethereum is the first successful smart contract platform.

I think this is precisely because Ethereum has been happy to approximate stuff until it works well enough. And Solidity lets middling JavaScript developers participate at all — you don’t have to be a computer scientist who’s comfortable with non-Turing-complete and functional smart contract languages.

This results in some hilarious disasters, both on a small scale — the first Ethereum smart contracts exploring the field of incompetent fraud — and a large scale — The DAO disaster. And the disasters continue. But none that are bad enough to kill it.

Ethereum as a centralised system

Ethereum has the faith of its community — much more so than Bitcoin has — because so far the Ethereum developers have kept pulling the rabbits out of the hat. Functionally, they’re the trusted central entity.

Even the bit where they forked Ethereum just to rescue the big boys’ money from The DAO hacker didn’t kill off trust in the developers. (It shook it a bit, producing Ethereum Classic.)

The market doesn’t care about the Bitcoin ideology behind decentralisation. It cares about price — “number go up” — and functionality — is the public Ethereum blockchain clogged with cat pictures today?

The market treats centrally administered ICO tokens, and centrally-controlled cryptocurrencies like Ripple (XRP), as the same class of object as Bitcoins or ether. The market wants what it wants, not what ideologues want it to want.

So Casper just has to be good enough for the system to keep going. The market and the ecosystem won’t care that it’s functionally centralised, so long as it more or less works.

And, in any case — Ethereum proof-of-work mining is even more centralised than Bitcoin, with four pools controlling 75% of it. We left decentralisation behind long ago.

As long as:

the network remains secure enough to function at all

the price of ether doesn’t crash

the ICO tokens keep pumping and dumping

the latest CryptoKitties doesn’t clog it too badly

and it doesn’t have any disasters that are more expensive than the ones the current system has, like The DAO or the Parity wallet disaster

— then Casper will be a good enough proof-of-stake that the community can live with it.

Casper doesn’t have to work well enough for the ideologues — it just has to work well enough for the market.