Altcoin: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Lapp0 (talk | contribs)
Furunodo (talk | contribs)
No edit summary
 
(23 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Altcoins are cryptocurrencies other than Bitcoin that use Bitcoin technology including the blockchain. The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page is organized by how the altcoin modified Bitcoin and explains the advantages and disadvantages of these altcoins.
{{seealso|List of alternative cryptocurrencies}}
'''Altcoins''' are cryptocurrencies other than [[Bitcoin]].


==Different Hashing Algorithm==
The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page categorises different ways altcoins have modified Bitcoin.


The hashing algorithm used for mining Bitcoin is SHA2. It was chosen because it is fast to verify and has been critically analyzed. SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization. Changing the hashing algorithm is one of the easiest changes you can make. This is why a majority of altcoins have a different hashing algorithm. The following mining algorithms are being used in different altcoins:
Many people prefer the term "shitcoin" to clearly distinguish all these altcoins from Bitcoin. This term has even been used in US Congress in 2019.


*Scrypt Mining Algorithm
The two main innovations in Bitcoin are its digital scarcity and its censorship resistance. For every altcoin you can point out that 1. it's trying to copy Bitcoin and that 2. there's a clear person or group of people in charge. Thus it's very easy for someone else to copy an altcoin and try to push it with even more marketing efforts than the "original" altcoin. Additionally it's relatively easy for government actors to interfere with the workings of an altcoin (such as Ethereum) by simply knocking on the doors of whoever is behind the altcoin.
**Litecoin
 
**Dogecoin (Litecoin Fork)
Some people are able to make money when trading altcoins, but for most people it's much preferred to simply buy and hold bitcoin for the long run. A lot of people would have been much better off with this simple strategy.  Many people think that they make money, but if you look at their total net worth in Bitcoin terms they lost both money and time by trading on so called shitcoin casinos.
**Vertcoin (Scrypt-n)
 
*Many algorithms at once (each block is hashed with a combination of algorithms)
 
**Quark
 
**Darkcoin
==Different proof-of-work algorithm==
*Many algorithms in parallel (each block can be hashed by an algorithm of your choosing)
 
**Myriadcoin
The PoW algorithm used for mining Bitcoin is SHA2.
It was chosen because it is fast to verify and has been critically analyzed.
SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization.
The following mining algorithms are being used in different altcoins:
 
*[[Scrypt proof of work]]
*Combination of hashing algorithms in series (e.g. X11)
*Combination of hashing algorithms in parallel (e.g. Myriad algorithm)


The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.<ref>[https://download.wpsoftware.net/bitcoin/asic-faq.pdf ASIC FAQ]</ref>
The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.<ref>[https://download.wpsoftware.net/bitcoin/asic-faq.pdf ASIC FAQ]</ref>
Line 21: Line 29:
==Proof Of Stake==
==Proof Of Stake==


In [[Proof of Stake]], instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy. The following cryptocurrencies use Proof of Stake:
In [[Proof of Stake]], instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy.


*Proof of Stake combined with Proof of Work
Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.
**Peercoin
*"Pure" Proof of Stake
**Blackcoin
**NXT (not a bitcoin fork)


Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.
An example of a nothing at stake attack is an attacker buying lots of "old stake" from users inexpensively (inexpensive to users who no longer have stake in the currency). This can be made convenient by offering small payments to users for uploading their wallet.dat. Eventually after accumulating enough "old stake", the user can begin creating blocks and destroying as many or more coin days than the network was at that time. This block generation can be repeated until it catches up to and beats the current main-chain very cheaply.


An example of a nothing at stake attack is an attacker buying 51% of the cryptocurrency, then selling it all back, and finally once they have been paid for the currency they sold, they begin forging blocks starting at a block where they owned the 51% stake. The attacker still has been paid for their sold coins, but they can earn them back easily.
There are also "stake grinding" attacks which require a trivial amount of currency. In a stake<ref>[https://bitcointalk.org/index.php?topic=131901.0 Peercoin Security Analysis]</ref> grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definitely isn't impractical.


This attack isn't computationally expensive, but it does require a large amount of money to buy 51% of the currency. There are also "stake grinding" attacks which require a trivial amount of currency. In a stake grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definately isn't impractical. Because this attack exists, proof of stake cryptocurrencies including Peercoin<ref>[https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp#L370 Peercoin Source | Centralized Checkpointing Public Key]</ref> and Blackcoin<ref>[https://github.com/rat4/blackcoin/blob/master/src/checkpoints.cpp#L361 Blackcoin Source | Centralized Checkpointing Public Key]</ref> have "master" public keys that control the blockchain. NXT was closed source until recently, so the difficulty of reverse engineering their cryptocurrency protected them from nothing at stake attacks.
Because these attacks exists, including Peercoin<ref>[https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp#L370 Peercoin Source | Centralized Checkpointing Public Key]</ref> and Blackcoin<ref>[https://github.com/rat4/blackcoin/blob/master/src/checkpoints.cpp#L361 Blackcoin Source | Centralized Checkpointing Public Key]</ref> proof of stake cryptocurrencies have "master" public keys that control the blockchain.


This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.
This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.
Line 41: Line 45:
Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.
Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.


When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "[https://bitcointalk.org/index.php?topic=467857.0 DarkSend]", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new website for encrypted chat and not adding any new security or functionality to HTTPSX.
When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "[https://bitcointalk.org/index.php?topic=467857.0 DarkSend]", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new encrypted chat website and not adding any new security or functionality to HTTPSX.


Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.
Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.


The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin<ref>[https://bitcointalk.org/index.php?topic=279249.0 Coinjoin Outline | BitcoinTalk]</ref>) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. Currently DarkSend masternodes are paid 10% of the block reward after they hold 1000DRK in order to become a masternode.<ref>[https://darkcointalk.org/threads/darkcoin-update-masternode-requirements-masternode-payments.225/ DarkSend Payment Scheme]</ref> This is flawed because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to the attack described is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.
The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin<ref>[https://bitcointalk.org/index.php?topic=279249.0 Coinjoin Outline | BitcoinTalk]</ref>) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. These changes won't be a hardfork, they will likely involve the masternodes being paid by those they are coinjoining for rather than the block reward, which is already possible and implemented for Bitcoin. <ref>[https://www.wpsoftware.net/coinjoin/ Rotating Coinjoiner]</ref>Currently one must hold 1000DRK to become a DarkSend masternodes. Masternodes are paid 10% of the block reward.<ref>[https://darkcointalk.org/threads/darkcoin-update-masternode-requirements-masternode-payments.225/ DarkSend Payment Scheme]</ref> This is a flawed reward scheme because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to tragedy of the commons is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.


==Demographic Based Premined Cryptocurrencies==
==Demographic Based Premined Cryptocurrencies==


This is a new class of altcoin that is targeted at a certain demographic including:
This is a new class of altcoin that is targeted at a certain demographic.
 
*Auroracoin - Targeted at Iceland which suffers from inflation
*Isracoin - Targeted at Israel
*Karplescoin - Targeted at MtGox victims


All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "airdrop" (term for distribution of coins to the target demographic) begins.
All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "[[airdrop]]" (term for distribution of coins to the target demographic) begins.


Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.
Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.
Line 61: Line 61:
==Useful Cryptocurrencies==
==Useful Cryptocurrencies==


A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot. Useful cryptocurrencies include:
A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot.


*Namecoin - Able to act as a keystore for things like decentralized domain registration
*Acting as a keystore for things like decentralized domain registration.
*Freicoin - Can be used to create digital assets and transact stocks, bonds, etc
*Having demmurage or some other economic system that is one of the [[prohibited changes]].
*Allowing creation of and transmission of digital assets.


==References==
==References==
<references/>
<references/>

Latest revision as of 14:35, 28 July 2020

See also: List of alternative cryptocurrencies

Altcoins are cryptocurrencies other than Bitcoin.

The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page categorises different ways altcoins have modified Bitcoin.

Many people prefer the term "shitcoin" to clearly distinguish all these altcoins from Bitcoin. This term has even been used in US Congress in 2019.

The two main innovations in Bitcoin are its digital scarcity and its censorship resistance. For every altcoin you can point out that 1. it's trying to copy Bitcoin and that 2. there's a clear person or group of people in charge. Thus it's very easy for someone else to copy an altcoin and try to push it with even more marketing efforts than the "original" altcoin. Additionally it's relatively easy for government actors to interfere with the workings of an altcoin (such as Ethereum) by simply knocking on the doors of whoever is behind the altcoin.

Some people are able to make money when trading altcoins, but for most people it's much preferred to simply buy and hold bitcoin for the long run. A lot of people would have been much better off with this simple strategy. Many people think that they make money, but if you look at their total net worth in Bitcoin terms they lost both money and time by trading on so called shitcoin casinos.


Different proof-of-work algorithm

The PoW algorithm used for mining Bitcoin is SHA2. It was chosen because it is fast to verify and has been critically analyzed. SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization. The following mining algorithms are being used in different altcoins:

  • Scrypt proof of work
  • Combination of hashing algorithms in series (e.g. X11)
  • Combination of hashing algorithms in parallel (e.g. Myriad algorithm)

The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.[1]

If these cryptocurrencies do have a healthy number of companies producing ASICs and have avoided centralization, they still are using algorithms that take longer to verify than SHA2. Therefore, at best a cryptocurrencies with merely a hashing algorithm change are as good as an exact clone of Bitcoin and not better (however since Bitcoin already exists, an exact clone of Bitcoin has no innovation or value). If the hashing algorithm is slower, as most altcoin algorithms are, it is a disadvantage because it takes more processing time to validate a block and increases the number of organic re-orgs (makes it easier to double spend).

Proof Of Stake

In Proof of Stake, instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy.

Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.

An example of a nothing at stake attack is an attacker buying lots of "old stake" from users inexpensively (inexpensive to users who no longer have stake in the currency). This can be made convenient by offering small payments to users for uploading their wallet.dat. Eventually after accumulating enough "old stake", the user can begin creating blocks and destroying as many or more coin days than the network was at that time. This block generation can be repeated until it catches up to and beats the current main-chain very cheaply.

There are also "stake grinding" attacks which require a trivial amount of currency. In a stake[2] grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definitely isn't impractical.

Because these attacks exists, including Peercoin[3] and Blackcoin[4] proof of stake cryptocurrencies have "master" public keys that control the blockchain.

This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.

Application Built on Top of a Cryptocurrency

Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.

When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "DarkSend", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new encrypted chat website and not adding any new security or functionality to HTTPSX.

Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.

The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin[5]) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. These changes won't be a hardfork, they will likely involve the masternodes being paid by those they are coinjoining for rather than the block reward, which is already possible and implemented for Bitcoin. [6]Currently one must hold 1000DRK to become a DarkSend masternodes. Masternodes are paid 10% of the block reward.[7] This is a flawed reward scheme because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to tragedy of the commons is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.

Demographic Based Premined Cryptocurrencies

This is a new class of altcoin that is targeted at a certain demographic.

All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "airdrop" (term for distribution of coins to the target demographic) begins.

Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.

Useful Cryptocurrencies

A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot.

  • Acting as a keystore for things like decentralized domain registration.
  • Having demmurage or some other economic system that is one of the prohibited changes.
  • Allowing creation of and transmission of digital assets.

References