Fair and secure models for launching cryptocurrencies have been elusive. Bitcoin set the standard for a “fair” launch, in which all coins are minted in exchange for computational work — but a Bitcoin-like model does not explicitly fund its project. The common “pre-mine” model, in which coins are pre-minted for the founding team and investors, intended to fill this funding gap. However, it is a contentious method in the PoW camp, breaking sound money properties and the “money = computation” cultural norm of Bitcoin.
ZCash’s “founders’ reward” model similarly hardcoded the founding team into the protocol, which seemed fairer than the pre-mine model since the founding team was effectively “vested” and financially aligned with the project long-term, and therefore would faithfully continue to maintain it; alas, this very fact prevented its decentralization and the growth of a community of developers around it, and so the responsibility remained that of ZCash’s centralized entities. The recent developments in the ZCash community around the re-opening of the founder’s rewards further question its suitability to become a widely adopted and trusted money base [1].
Grin was the only major project in recent years to attempt a Bitcoin-like fair launch. It inevitably failed to reward and incentivize its developer team and early participants, to their great disappointment [2]. Grin’s launch led some people to revisit their opinions regarding healthy models for launching a new cryptocurrency (of course, if you are a one-coiner minimalist you wouldn’t be interested in such a discussion to begin with, perhaps not even as a thought experiment). In this post I propose a mechanism that aims to simultaneously achieve fairness, security, and funding for a PoW cryptocurrency.
Before describing the actual mechanism, I will describe a hypothetical one that captures its gist. Consider a PoW system where in order to begin mining you would need to pay no-one-in-particular — that is, to burn money — and the amount you burn would be proportional to your hashrate, so that it is not reusable (you can’t use the same burn to mine under two identities, in the same way that a Bitcoin miner splitting its pseudo-identity does not gain more hashrate). Let’s call this burn of money an “upfront cash investment” (UCI). Note: I assume that the cryptocurrency works under a PoW for which there are not yet available ASICs, and so it is mined by GPUs and perhaps some FPGAs.
I argue that a cryptocurrency with a UCI mechanism will enjoy a significant advantage over an open, “fair” launched one. Indeed, the requirement that miners make an upfront investment ensures that only miners that are dedicated to the new cryptocurrency, that believe in and are committed to its growth, will be mining it rather than uncommitted, opportunistic GPU miners that have no interest in its long term success. UCI also protects the system from attacks on the currency in its early days: A swarm of GPU miners of a different/competing cryptocurrency cannot divert temporary hashpower to attack the system; they need to first commit a large investment into the system.
In other words, UCI provides a similar security benefit to that of ASICs, namely, the commitment of upfront resources — Capital Expenses in the case of ASICs — that align the interests of the miner with the system’s longevity. The difference is UCI achieves this even when the only available miners for the corresponding PoW function are commodity hardware such as GPUs. In that sense, it can be said to achieve the best of both worlds — it synthesizes the security of ASICs and the decentralization of commodity hardware.
Although the mechanism raises the barrier to entry for miners, it is not supposed to deter those miners that are committed to the currency long term, and it would actually work in their favor, by reducing competition from opportunistic hop-and-mine GPU miners.
UCI is hypothetical because we don’t know how to verify that someone “burned cash”. One way is to bootstrap off an existing cryptocurrency such as Bitcoin, though the volatility of Bitcoin makes this approach somewhat problematic. Using a stablecoin like DAI requires an oracle system — the price feed — and if we are comfortable with such trust points we might as well use a burn of Bitcoin and adjust for its price using the same oracles. Instead, we can simply use PoW as the upfront investment: the miner will need to perform a one-time heavy PoW in order to start mining, and the difficulty of this one time PoW will be proportional to its hashrate. Let’s call this an “upfront PoW investment” (UPI). The gist of the proposed mechanism is still the requirement of burning upfront resources; we merely replace the unprovable cash burn with the provable PoW, which is the only known way to unforgeably prove that real-world resources were burned.
The basic dynamic of the mechanism is thus: investing $X into mining the UPI with an average GPU will grant the miner the ability to mine blocks according to a hashrate of X*C hashes/sec, for some predefined constant C. Crucially, the miner will still need to actually hold physical machines in order to mine at said hashrate and to realize the profit of its investment. This may seem too complicated at first sight, and raises some practical questions (e.g., what happens when there’s a difficulty adjustment, or is a miner supposed to guess its hashrate, and others), but the concept is fairly simple, and I address the practical aspects here.
The above mechanism is a standalone contribution and can be criticized or praised on its own merit. In the following paragraphs, I assume a cryptocurrency operating with the UPI mechanism, and I describe a novel funding model that preserves fairness and sound money properties.
Assume that a group of investors put $M into developing and launching a new cryptocurrency. Most projects simply give the investors coins in a presale, thereby breaking the “money = computation” property of the money base. I propose that instead of pre-mining coins, the early investors of a project will pre-mine the UPI; specifically, that they will pre-mine a UPI equal to the funds they put into the development of the project, and use this to mine post-launch. The investment of $M will be hardcoded in the genesis block — in PoW terminology that represents the chosen difficulty level for the UPI — allowing the early investors to mine blocks at a hashrate of M*C hashes per second (at most). Again, we emphasize that they will still need to hold actual GPU (or FPGA) machines in order to mine and realize the investment.
Why is this fair? Notice that post-launch investors/miners (UPI miners) and pre-launch investors (UPI pre-miners) pay the exact same price for mining and acquiring the currency. The only difference between these parties is that regular miners burnt resources in order to mine (the UPI route), while the investors put resources into funding the project in order to mine (the UCI route). From an investor’s point of view, there’s no material difference between putting money into funding the project or burning the same amount — on average (depending, in practice, on cost of renting a GPU service), the investor will be able to mine with his machines at the same hashrate in both scenarios.
Compared to a coin pre-mine, this mechanism preserves more of the integrity and “cleanness” of the protocol, instead of hardcoding the founding team into the protocol. But mainly, it preserves fairness by ensuring that all coins are minted in exchange for PoW. Importantly, the price of hashrate — of the UPI — is identical between pre-launch investors/miners and post-launch investors/miners. To reiterate, the only difference is that pre-launch investors’ upfront resources went towards funding the project, whereas the post-launch investors’/miners’ upfront resources are burned; but both had to pay roughly the same price, and both must mine their coins after they make the initial investment.
In summary, I propose a launch model that preserves fairness, security, decentralization, and sound money properties, while adequately funding and incentivizing the project, and bootstrapping its initial miners. It assumes a GPU-friendly PoW algorithm (contributing to decentralization), and requires new miners to make an upfront PoW investment (UPI) before being able to mine with a hashrate proportional to their respective UPI (mimicking the security of ASICs). Early investors will receive a pre-mined UPI equal to their money investment into the project, and will mine with the corresponding hashrate post-launch. Thus, this model preserves the “money = computation” property while incentivizing the project’s development.
Please comment below if you have any feedback on this proposal. Thank you!