Batching Mental Transaction Costs

There’s a popular American pastime that involves flinging dollar bills at scantily clad dancers. Canada, Europe, and the UK lack small-denomination banknotes, so strip club patrons have limited ability to express appreciation for their performers. Customers can either pelt the dancers with coins, which is rude; or shower them with large bills, which is extravagant. The transaction costs are unnecessarily high, and onstage tipping is rare.

In Australia, the smallest banknote is a five. While living in Sydney, I discovered (not from personal experience!) that gentlemen’s clubs sell fake banknotes for guests to use as tips. The dancers exchange the fake dollars for real money at the end of the night.

Fake dollars for sale at a gentlemen’s club in Sydney. Why did they model their money after USD instead of Aussie banknotes? Also, I bet the US $2 bill would have much wider adoption if the note featured a pole dancer instead of Thomas Jefferson. He already has the nickel! How bout some diversity, come on.

How terribly exploitative! Instead of peer-to-peer payments, the house intermediates every transaction with self-issued fiat. It probably even takes a cut.

But… maybe it’s not so bad. I endured many a childhood birthday party at Chuck E. Cheese, where parents would hand each kid a stack of tokens and set them loose. Tokens could be used to pay for rides and games and candy, and were functionally equivalent to a quarter.

We already have quarters. Why did Chuck E. Cheese go through the hassle of minting its own coinage when it could have simply installed a laundromat change machine?

Chuck E. Cheese tokens come in a jumbo plastic cup, just like a real casino.

Chuck E. Cheese and Aussie strip clubs employ the same brilliant strategy of batching mental transactions. Every monetary exchange incurs a cognitive cost, if from nothing more than the conscious decision to spend money. The overhead is nominal for most standard transactions, but relatively massive compared to a micropayment.

By forcing customers to make a large upfront commitment, these establishments avoid imposing a cognitive load on every subsequent exchange.

Casinos employ the same strategy with poker chips and slot tokens: Gamblers wager more freely with play money they’ve already bought. Sure they can cash out, but that’s an additional transaction cost.

People have been failing to effectuate micropayments since the early days of the internet. A machine-payable web, where you pay for the content you consume, or pay-per-byte internet protocols – these sound like great ways to finely optimize the allocation of resources. But no matter what fancy new technology is employed – Digicash! Millicent! FirstVirtual! CyberCash! Blockchain! – micropayments never cease to be a bad idea.

And now the Bitcoin Lightning Network. With instant transactions and exceptionally low fees, This Time is Different.

Maybe. A user funds a Lightning channel with the intention of fully spending its contents (it is a hot wallet after all, and costs money to cash out). In these early days, each channel has limited utility. If a channel commitment represents a one-way payment for a certain set of services, then it functions more like a subscription fee than a series of microtransactions. Like buying a stack of tokens at Chuck E. Cheese.

This model isnt great for Lightning-as-a-liquidity-provider, but it does bode well for Lightning-as-enabler-of-micropayments. Who knows.

Virtual tipping. A great application for Lightning.

See Also:
The Transaction Costs of Tokenizing Everything

Redactable Bitcoin

Update: I made some redactions corrections.

Bitcoin people frequently criticize banks for claiming to build blockchains while discarding proof-of-work, so here comes Accenture with their own version of a blockchain. It keeps Bitcoin’s proof-of-work, and adds a master key.

(More specifically, it takes Bitcoin’s exact protocol but replaces the double-SHA256 hash with a chameleon hash inside a SHA256 hash. A chameleon hash is a hash function that contains a trapdoor.)


I suspect that Accenture’s Financial Services group does not know what it is actually getting here. Their whitepaper begins by asserting that Bitcoin’s blockchain contains illegal porn that needs to be redacted. Good grief.

Then they spend two pages talking about the DAO.

The problem isn’t the redactability – sure, maybe Accenture’s Group Exec wants to scrub those bookings at the no-tell hotel from his credit card statement. I can sympathize with that. The problem is that Accenture misrepresents what a blockchain even is.

Accenture employees might be clueless, but their academic co-authors cannot possibly be ignorant of the fact that an application that runs on a blockchain (the DAO) is separate from the blockchain itself (Ethereum). And, having modified Bitcoin Core, they know full well that porn cannot be stored on Bitcoin’s blockchain.

Look, it’s fine if people want to make grandiose claims about how blockchains will revolutionize the universe. It’s good for business around here. But now you guys are just making shit up to exploit the technological ignorance of banks. This is exactly how industries start getting regulated. Cut it out.

Bitcoin and child porn:
Yes, Bitcoin’s blockchain contains transactions that have encoded URLs of child porn sites. So does this web page. In fact, this is an encoded URL, right here: “1HJCcziSCEkUcDq5aRC68vxVdx6enWUrvf” (the link goes to a transaction in the Bitcoin blockchain explorer, not a porn site). If you know where to find this data on the blockchain, AND you know the algorithm for decoding the data, AND you actively take the time to decrypt it, AND you paste the decrypted URL into your web browser, then yes, I suppose you can get child porn from Bitcoin’s blockchain. You’ll have a hard time blaming Bitcoin for this one though.

See Also:
G. Ateniese, et al. Redactable Blockchain — or — Rewriting History in Bitcoin and Friends. Cryptology ePrint Archive: Report 2016/757
When a Blockchain isn’t a Blockchain –Bloomberg

OpenBazaar: How Does a Decentralized Marketplace Work?

I love Etsy. Etsy’s great! Except… I just wish it wasn’t so… centralized.

I assume that’s what Andreessen Horowitz and Union Square Ventures were thinking when they invested $1 million into decentralized marketplace OpenBazaar.

Whatever, this is how it works.

BitTorrent, not Blockchain
People call OpenBazaar a Bitcoin company, but it’s not. Not any more than Microsoft is a Bitcoin company for accepting bitcoin payments, anyway. OpenBazaar uses the network structure of BitTorrent.

Bitcoin Network vs BitTorrent Network
A brand-new Bitcoin node discovers other nodes by hitting up a few known seed nodes. The seed nodes return a list of IP addresses for other known nodes. When someone sends a transaction through a node, the node broadcasts it to all of their peers. If the peers consider the transaction valid, they rebroadcast it to all of their peers.

Whereas Bitcoin operates on consensus, BitTorrent operates on discovery. I don’t need to broadcast to the entire network that I’m looking for a pirated copy of Game of Thrones. I just want to find some peers who have the episode.

BitTorrent nodes maintain a distributed hash table (DHT), which is like a location map for all the clients in the network. An infohash of each available torrent is also stored in the table.

If I want to download Game of Thrones, I send a request for the torrent infohash to any known node. That node will reply with the contact information of nodes from its routing table that are closer* to the infohash than itself. I keep querying subsequent nodes, getting closer and closer, until I hit a node that has the infohash. The node with the infohash replies with the contact information of peers who are downloading the Game of Thrones torrent. And I connect to them for my download.

*The distance metric is an XOR function. Not physical distance.

OpenBazaar, the Decentralized Marketplace
The OpenBazaar network operates using the same distributed hash table approach as BitTorrent. Stores are nodes, each running OpenBazaar on a client machine. Each store has a unique GUID.

Assume for a moment that I have the GUID of my friend George’s store. Through the distributed hash table, I locate the store’s IP address and connect to the store. Maybe I see that his store is selling a ziplock bag containing some carpet freshener:


The store listing is actually an unsigned Ricardian contract containing a description of the item. No, it’s not a smart contract.

If I want to purchase this bag of carpet freshener, I sign the contract. George signs the contract also, to confirm that we agree on the trade. The contract is sent to a third party. An arbiter, notary, oracle, whatever, someone who agrees to settle any disputes. The arbiter puts a third signature on the contract and sends everyone a copy. A multi-signature bitcoin address is appended to the contract.

This is the escrow address. Outbound transactions require two out of three keys. Me, George, and the arbiter each have a private key. As the buyer, I send a bitcoin deposit to this address and wait for my carpet freshener to arrive in the mail.

My input initiates an unsigned transaction. I set the output to George’s bitcoin address, but without any signatures, the transaction doesn’t do anything. I send the unsigned transaction to George.

If the carpet freshener arrives and I am happy, then I send George my signature, which is generated from my private key and the transaction.

George generates his signature too, because he wants to receive the money. With two signatures, George can send the complete transaction to a Bitcoin node, which will broadcast it to the network for confirmation and settlement.

If the carpet freshener arrives and I discover that the bag actually contains some morally reprehensible substance, I might refuse to sign the transaction. Then the arbiter comes in, and if she agrees that I have been wronged, she doesn’t sign either. The transaction expires without completion and the input deposit is released back to its origination, which is my bitcoin address.

Or maybe I lied, and the arbiter determines that I did in fact receive Grade A pure Colombian carpet freshener. Then she would sign the transaction instead of me, and George uses her signature to get his payment.

Bazaar Bay
How can I discover all the fantastic resources on offer in my BitTorrent network? The Pirate Bay provides a searchable database of torrent infohashes. And of course, someone already set up a Bazaar Bay to search for stores and their associated listings.

Check out Elaine’s store!
I set up a node to run a store on my server. I created a tunnel so that anyone can use my store as a portal to try out OpenBazaar without actually running a node. Try it! You can even sell stuff! Just don’t list anything that would get me thrown in prison, please.


1. DHT Protocol –
2. OpenBazaar wiki
3. OpenBazaar Git Repository

The Winklevoss Twins are Launching a Bitcoin ETF

winklevoss twins bitcoin

Can’t be a worse investment than the Facebook IPO, right? Takedown from the Macro Man:

It’s an IQ test. Bitcoin is anonymous, untaxed (for now) and quite liquid in and of its own right despite all the complexities of a cryptocurrency. A bitcoin ETF is taxed, has fees, may or may not be liquid at all.

To be fair, physical gold is anonymous and quite liquid. Does that mean GLD is an IQ test?

See Also:
The Winklevoss Twins Would Like To Help You Trade Bitcoins With Their Bitcoin ETF –business insider