Difference between revisions of "Altcoin"

From Bitcoin Wiki
Jump to: navigation, search
m (Useful Cryptocurrencies)
m (fix typo/grammar)
(36 intermediate revisions by 6 users not shown)
Line 1: Line 1:
Altcoins are cryptocurrencies other than Bitcoin that use Bitcoin technology including the blockchain. The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page is organized by how the altcoin modified Bitcoin and explains the advantages and disadvantages of these altcoins.
+
{{seealso|List of alternative cryptocurrencies}}
 +
Altcoins are cryptocurrencies other than Bitcoin.
  
==Different Hashing Algorithm==
+
The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page categorises different ways altcoins have modified Bitcoin.
  
The hashing algorithm used for mining Bitcoin is SHA2. It was chosen because it is fast to verify and has been critically analyzed. SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization. Changing the hashing algorithm is one of the most common and easiest changes you can make. This is why a majority of altcoins have a different hashing algorithm. The following mining algorithms are being used in different altcoins:
+
Many people prefer the term "shitcoin" to clearly distinguish all these altcoins from Bitcoin. This term has even been used in US Congress.
  
*Scrypt Mining Algorithm
+
==Different proof-of-work algorithm==
**Litecoin
 
**Dogecoin (Litecoin Fork)
 
**Vertcoin (Scrypt-n)
 
*Many algorithms at once (each block is hashed with a combination of algorithms)
 
**Quark
 
**Darkcoin
 
*Many algorithms in parallel (each block can be hashed by an algorithm of your choosing)
 
**Myriadcoin
 
  
The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, you risk a group creating ASICs and monopolizing the market. Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.<ref>[https://download.wpsoftware.net/bitcoin/asic-faq.pdf ASIC FAQ]</ref>
+
The PoW algorithm used for mining Bitcoin is SHA2.
 +
It was chosen because it is fast to verify and has been critically analyzed.
 +
SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization.
 +
The following mining algorithms are being used in different altcoins:
  
If these cryptocurrencies do have a healthy number of companies producing ASICs and have avoided centralization, they still have algorithms that take longer to verify than SHA2 in use. Therefore, at best these cryptocurrencies are as good as an exact clone of Bitcoin and not better. Because Bitcoin already exists, these cryptocurrencies have no use.
+
*[[Scrypt proof of work]]
 +
*Combination of hashing algorithms in series (e.g. X11)
 +
*Combination of hashing algorithms in parallel (e.g. Myriad algorithm)
 +
 
 +
The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.<ref>[https://download.wpsoftware.net/bitcoin/asic-faq.pdf ASIC FAQ]</ref>
 +
 
 +
If these cryptocurrencies do have a healthy number of companies producing ASICs and have avoided centralization, they still are using algorithms that take longer to verify than SHA2. Therefore, at best a cryptocurrencies with merely a hashing algorithm change are as good as an exact clone of Bitcoin and not better (however since Bitcoin already exists, an exact clone of Bitcoin has no innovation or value). If the hashing algorithm is slower, as most altcoin algorithms are, it is a disadvantage because it takes more processing time to validate a block and increases the number of organic re-orgs (makes it easier to double spend).
  
 
==Proof Of Stake==
 
==Proof Of Stake==
  
In [[Proof of Stake]], instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy. The following cryptocurrencies use Proof of Stake:
+
In [[Proof of Stake]], instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy.
  
*Proof of Stake combined with Proof of Work
+
Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.
**Peercoin
 
*"Pure" Proof of Stake
 
**Blackcoin
 
**NXT
 
  
Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.
+
An example of a nothing at stake attack is an attacker buying lots of "old stake" from users inexpensively (inexpensive to users who no longer have stake in the currency). This can be made convenient by offering small payments to users for uploading their wallet.dat. Eventually after accumulating enough "old stake", the user can begin creating blocks and destroying as many or more coin days than the network was at that time. This block generation can be repeated until it catches up to and beats the current main-chain very cheaply.
  
An example of a nothing at stake attack is an attacker buying 51% of the cryptocurrency, then selling it all back, and finally once they have been paid for the currency they sold, they begin forging blocks starting at a block where they owned the 51% stake. The attacker still has been paid for their sold coins, but they can earn them back easily.
+
There are also "stake grinding" attacks which require a trivial amount of currency. In a stake<ref>[https://bitcointalk.org/index.php?topic=131901.0 Peercoin Security Analysis]</ref> grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definitely isn't impractical.
  
This attack isn't computationally expensive, but it does require a large amount of money to buy 51% of the currency. There are also "stake grinding" attacks which require a trivial amount of currency. In a stake grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definately isn't impractical. Because this attack exists, proof of stake cryptocurrencies including Peercoin<ref>[https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp#L370 Peercoin Source | Centralized Checkpointing Public Key]</ref> and Blackcoin<ref>[https://github.com/rat4/blackcoin/blob/master/src/checkpoints.cpp#L361 Blackcoin Source | Centralized Checkpointing Public Key]</ref> have "master" public keys that control the blockchain. NXT was closed source until recently, so the difficulty of reverse engineering their cryptocurrency protected them from nothing at stake attacks.
+
Because these attacks exists, including Peercoin<ref>[https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp#L370 Peercoin Source | Centralized Checkpointing Public Key]</ref> and Blackcoin<ref>[https://github.com/rat4/blackcoin/blob/master/src/checkpoints.cpp#L361 Blackcoin Source | Centralized Checkpointing Public Key]</ref> proof of stake cryptocurrencies have "master" public keys that control the blockchain.
  
 
This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.
 
This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.
  
==Application Built on top Of Cryptocurrency==
+
==Application Built on Top of a Cryptocurrency==
  
 
Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.
 
Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.
  
When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "[https://bitcointalk.org/index.php?topic=467857.0 DarkSend]", one doesn't need to make a new protocol such as "Darkcoin".
+
When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "[https://bitcointalk.org/index.php?topic=467857.0 DarkSend]", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new encrypted chat website and not adding any new security or functionality to HTTPSX.
 
 
Because Darkcoin is by far the most popular cryptocurrency of this class I will only cover it in this section.
 
  
The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin<ref>[https://bitcointalk.org/index.php?topic=279249.0 Coinjoin Outline | BitcoinTalk]</ref>) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. Currently DarkSend masternodes are paid 10% of the block reward after they pay 1000DRK to become a masternode.<ref>[https://darkcointalk.org/threads/darkcoin-update-masternode-requirements-masternode-payments.225/ DarkSend Payment Scheme]</ref> This is flawed because while paying 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to pay 1000DRK to get a fraction of the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to the attack I have described is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.
+
Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.
  
There are proposed protocols such as the [[Zerocoin]] protocol that wouldn't be compatible with the Bitcoin protocol and do have a purpose.
+
The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin<ref>[https://bitcointalk.org/index.php?topic=279249.0 Coinjoin Outline | BitcoinTalk]</ref>) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. These changes won't be a hardfork, they will likely involve the masternodes being paid by those they are coinjoining for rather than the block reward, which is already possible and implemented for Bitcoin. <ref>[https://www.wpsoftware.net/coinjoin/ Rotating Coinjoiner]</ref>Currently one must hold 1000DRK to become a DarkSend masternodes. Masternodes are paid 10% of the block reward.<ref>[https://darkcointalk.org/threads/darkcoin-update-masternode-requirements-masternode-payments.225/ DarkSend Payment Scheme]</ref> This is a flawed reward scheme because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to tragedy of the commons is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.
  
 
==Demographic Based Premined Cryptocurrencies==
 
==Demographic Based Premined Cryptocurrencies==
  
This is a new class of altcoin that is targeted at a certain demographic including:
+
This is a new class of altcoin that is targeted at a certain demographic.
  
*Auroracoin - Targeted at Iceland which suffers from inflation
+
All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "[[airdrop]]" (term for distribution of coins to the target demographic) begins.
*Isracoin - Targeted at Israel
 
*Karplescoin - Targeted at MtGox victims
 
  
All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "airdrop" (term for distribution of coins to the target demographic) begins.
+
Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.
  
 
==Useful Cryptocurrencies==
 
==Useful Cryptocurrencies==
  
A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot. Useful cryptocurrencies include:
+
A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot.
  
*Namecoin - Able to act as a keystore for things like decentralized domain registration
+
*Acting as a keystore for things like decentralized domain registration.
*Freicoin - Can be used to create digital assets and transact smart property, stocks and other goods
+
*Having demmurage or some other economic system that is one of the [[prohibited changes]].
 +
*Allowing creation of and transmission of digital assets.
  
 
==References==
 
==References==
 
<references/>
 
<references/>

Revision as of 15:42, 15 June 2020

See also: List of alternative cryptocurrencies

Altcoins are cryptocurrencies other than Bitcoin.

The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page categorises different ways altcoins have modified Bitcoin.

Many people prefer the term "shitcoin" to clearly distinguish all these altcoins from Bitcoin. This term has even been used in US Congress.

Different proof-of-work algorithm

The PoW algorithm used for mining Bitcoin is SHA2. It was chosen because it is fast to verify and has been critically analyzed. SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization. The following mining algorithms are being used in different altcoins:

  • Scrypt proof of work
  • Combination of hashing algorithms in series (e.g. X11)
  • Combination of hashing algorithms in parallel (e.g. Myriad algorithm)

The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.[1]

If these cryptocurrencies do have a healthy number of companies producing ASICs and have avoided centralization, they still are using algorithms that take longer to verify than SHA2. Therefore, at best a cryptocurrencies with merely a hashing algorithm change are as good as an exact clone of Bitcoin and not better (however since Bitcoin already exists, an exact clone of Bitcoin has no innovation or value). If the hashing algorithm is slower, as most altcoin algorithms are, it is a disadvantage because it takes more processing time to validate a block and increases the number of organic re-orgs (makes it easier to double spend).

Proof Of Stake

In Proof of Stake, instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy.

Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.

An example of a nothing at stake attack is an attacker buying lots of "old stake" from users inexpensively (inexpensive to users who no longer have stake in the currency). This can be made convenient by offering small payments to users for uploading their wallet.dat. Eventually after accumulating enough "old stake", the user can begin creating blocks and destroying as many or more coin days than the network was at that time. This block generation can be repeated until it catches up to and beats the current main-chain very cheaply.

There are also "stake grinding" attacks which require a trivial amount of currency. In a stake[2] grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definitely isn't impractical.

Because these attacks exists, including Peercoin[3] and Blackcoin[4] proof of stake cryptocurrencies have "master" public keys that control the blockchain.

This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.

Application Built on Top of a Cryptocurrency

Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.

When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "DarkSend", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new encrypted chat website and not adding any new security or functionality to HTTPSX.

Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.

The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin[5]) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. These changes won't be a hardfork, they will likely involve the masternodes being paid by those they are coinjoining for rather than the block reward, which is already possible and implemented for Bitcoin. [6]Currently one must hold 1000DRK to become a DarkSend masternodes. Masternodes are paid 10% of the block reward.[7] This is a flawed reward scheme because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to tragedy of the commons is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.

Demographic Based Premined Cryptocurrencies

This is a new class of altcoin that is targeted at a certain demographic.

All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "airdrop" (term for distribution of coins to the target demographic) begins.

Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.

Useful Cryptocurrencies

A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot.

  • Acting as a keystore for things like decentralized domain registration.
  • Having demmurage or some other economic system that is one of the prohibited changes.
  • Allowing creation of and transmission of digital assets.

References