A Crypto-history of Blockchain Technology

by piero scaruffi
Cognitive Science and Artificial Intelligence | My book on A.I. | My book on consciousness | Human 2.0 | Bibliography and book reviews | Contact/feedback/email
(Copyright © 2018 Piero Scaruffi | Terms of use )

This primer includes the following articles:
Hippies, Extropians and Libertarians

Blockchain technology was invented when bitcoin was invented. Bitcoin came out of the counterculture, not of the mainstream. The counterculture that wanted "to change the world" (and which was actually opposed to the technology owned by the rich corporations and of the government) often "hijacked" technology in order to create a new, idealistic society. I have argued that Silicon Valley itself is largely the result of such a process: the counterculture exploiting technology for purposes completely different from the original ones, and typically "to change the world". The result has always been a peak of creativity/innovation and in many cases it indeed changed the world (although not often the way it had hoped to). Bitcoin was born out of a similar contradiction. Bitcoin had its roots in three unorthodox alternative movements, that at some point converged on California: P2P networking, the extropian movement and the cyberpunk movement.

In the 1950s the Bay Area was mostly famous for the "beat poets" and in the 1960s for the "hippies". Collectively, the intellectuals of these movements were sometimes called "human-potential movement" because they aimed to rediscover the potential of humanity, not the potential of machines. They did not like the greed of the capitalist system and viewed the computer technology as harmful to the individual. In the 1970s another famous movement came out of California, the descendant of those previous movements: the "new age" movement. It was, again, a movement that valued spirituality over technology and science. The world became more and more technological and scientific, but California instead became more and more spiritual. At the same time this anti-technological, spiritual "revolution" was proceeding in parallel with the boom of the high-tech industry. That's really the origin of Silicon Valley: it was a strange interaction among universities (Stanford, Berkeley and others), the military industrial establishment (particularly Lockheed and projects founded by the government like the Internet), the "human-potential movement" and the computer technology (especially after computers were connected in networks like the Internet). Silicon Valley has always been a strange synthesis of futuristic technology and rebellious ideology.

Towards the end of the 1980s, just before the invention of the World-wide Web, a quasi-religious movement was born in California: the "extropian" movement. They believed in the power of science and technology to give us immortality. Its members practiced cryogenics to preserve their brain after death. Science has a concept of "entropy" that is very popular when studying order, information, organization. Entropy destroys order, information and organization. Ultimately, entropy is the reason that all things must die. Tom Bell coined the term "extropy" as the opposite of "entropy". When Max More, an Oxford philosopher who had co-founded the first cryonic service in Europe (today it is called Alcor) moved to Los Angeles, he founded the magazine "Extropy - the journal of transhumanist thought" and then founded the "Extropy Institute". The extropian movement spread thanks to an online forum, another example of the "counterculture" using technology for its own purposes. The extropian people held strong anti-government views. They were modern anarchics, people who don't believe in a state. They wanted to create a society based on technology in which the power would shift to the people. Their dream was that technology would allow people to run their state without any need for politicians and police. In 1994 the influential high-tech magazine Wired published an article titled "Meet The Extropians". The people who gravitated around the extropian movement included Hans Moravec (who would become famous for the "Singularity" movement), Ralph Merkle (a cryptography expert from UC Berkeley who would become famous in the age of nanotech), Perry Metzger (the founder of the cryptography mailing list on the Internet), and Nick Szabo and Hal Finney. We'll get to Szabo and Finney later, but first let's put things in context, because i think it is really important to understand that technology does not exist in a vacuum, that technology is always part of a much bigger ecosystem.

These are also the years when Burning Man became the craziest festival in the world. There used to be something called the Suicide Club in San Francisco. It was a group of crazy kids doing crazy things, like climbing the Golden Gate Bridge. Several of them went on to create other crazy events around the Bay Area. One of them, Mary Grauberger, was organizing one of those "human-potential" events: once a year, during the summer solstice in June, she was inviting her friends to a beach party in San Francisco. During her beach part of 1986 two of her friends, Larry Harvey and Jerry James, burned the effigy of a man. It became a tradition for that beach party. At the same time the Suicide Club had evolved into the Cacophony Society, another semi-legal organization that was organizing strange events for young people. People like Dan Kottke, who had been Steve Jobs' best friend during his college years and helped him start Apple, remember fondly the Cacophony Society. In 1990 Kevin Evans and John Law of the Cacophony Society invited Harvey to transplant the burning ritual to the Black Rock Desert in northern Nevada. Kevin Evans was an artist, one of the several artists who had joined the Cacophony Society. Burning Man became a festival, a festival of artistic sculptures in the desert that are burned at the end of the festival. It was started by a carpenter and two jobless Cacophony members. It became (in)famous as an event of wild sex and drugs, but now it is famous for the way it self-organizes in the middle of the desert and for the colossal artistic sculptures, some of which move (a legacy of the Survival Research Laboratories, another unique movement of the 1980s in San Francisco that focused on shows of machines destroying each other).

The history of P2P begins in Boston. In June 1999 Shawn Fanning invented a system to distribute mp3 music files over the Web: Napster. His system allowed people all over the world to share music files. But this was illegal and the music industry eventually forced Napster to stop doing it. Nonetheless, Napster had invented a new technology, peer-to-peer (P2P), and had proved its potential. Napster inspired a new generation of P2P services, most of them used to share music, like Kazaa in Estonia and BitTorrent in San Francisco. These hackers, like Bram Cohen of BitTorrent, became heroes of the counterculture for defying the giant corporations of the music industry.

In 2000 a former Yahoo scientist, Jim McCoy, started EGBT (Evil Geniuses for a Better Tomorrow) to work on MojoNation, a P2P platform. He was inspired by videogames to solve the problem of "Agoric computing", which was a serious topic of computer science for the purpose of improving large-scale computation. The "mojo" was a cybercurrency, but it was not used to buy and sell things: it was used to provide balanced and secure computation for a network. MojoNation was a fascinating application of concepts of economics applied to optimization of computers. In 2001 SUN, that at the time was a major power in the Internet world (SUN originated Java, that powered the Web for many years), introduced a similar open-source project, XTA (Juxtapose). Bram Cohen worked with Jim McCoy. That's where he learned the technology that he used to create BitTorrent, that became the most popular P2P platform. Another EGBT alumnus, Zooko Wilcox-O'Hearn, turned MojoNation into Mnet. Here the concepts of cybercurrecy and P2P had been joined.

Both Napster and BitTorrent relied on a central server. That was actually not real P2P. Gnutella, designed by Justin Frankel and Tom Pepper in Arizona, was truly P2P, totally decentralized. Ditto for Freenet, launched in London a few months later. The lawyers who sued these pioneers helped create the phenomenon of the "dark nets". This phenomenon became famous when four employees of Microsoft published "The Darknet and the Future of Content Distribution" (2002), that revealed the existence of invisible password-protected networks within the Internet. These peer-to-peer networks, where you remain anonymous, loved the Onion Router (TOR), another unorthodox marriage of counterculture and military project: a technology that had been invented to protect the military world was now used for "dark nets" within the Internet.


Bitcoin came out of a utopian project to create a society outside the government.

Mathematicians were working on cryptography and on ways to improve security on networks of computers even before the Internet existed, and of course the problem became more impellent after the World-wide Web was launched on the Internet in 1991. Cynthia Dwork at IBM in San Jose wanted to use computational processing to punish spammers, because it was too difficult to punish them with the law; and in 1992 she found a way to do so, a method called "proof of work" that creates a cost for a class of operations, a cost that can become impossible to afford for the wrong people. Her paper "Pricing via Processing or Combatting Junk Mail" conceived computational processing as a "cost" to make "spam" email very expensive, and therefore discourage spammers.

The cryptographer Stuart Haber and the physicist Scott Stornetta at Bellcore devised a way to "time stamp" digital documents. Their paper "How to Time-stamp a Digital Document" (1991) de facto introduced the concept of the "blockchain". They used a cryptographic hash function to generate a hash uniquely identifying the document (so the document would remain confidential), time-stamped the hash, and chained together the hashes in chronological order, each block linking to the previous one. When they moved from theory to practice, once a week they also published in a newspaper (the New York Times) the hash of all the new documents added to the chain in the last week.

The British cryptographer Adam Back wanted to find a way to encrypt messages without having to rely on a central authority; and in 1997 he invented a new proof-of-work system: "HashCash", a method to use cryptographic hash functions on a network to achieve the "cost" envisioned by Dwork for spammers. Again, the intent was to discourage abuse of email, but Back de facto invented a method to control processes a network with no need for a central authority.

The extropian Nick Szabo at George Washington University had an even bigger goal: to create trust in society without any need for that central authority; and in 1997 he published the paper "Formalizing and Securing Relationships on Public Networks" that described a distributed trust model (and one year later he titled his paper "The God Protocol"). He conceived a sophisticated way to prevent people from spending twice a cybercurrency, a way to avoid that people can make copies. Szabo's model is reminiscent of videogames and fantasy movies: there are masters assigning "difficult tasks" to novices; if the novices succeed, they become masters. The "difficult tasks" were a variation on the "proof of work" method employed by Dwork's anti-spam software. Not only did he propose a cybercurrency called "bit gold": Szabo also described how cryptocurrencies could be used to implement "smart contracts" on the Internet.

This is when the counterculture of the San Francisco Bay Area started paying attention. Timothy May was a former Intel employee who held strong anarchic beliefs. In 1992 he had started a group and a mailing list called "cypherpunk" for people interested in using cryptography to avoid the scrutiny of the government. At their first meeting he read the "Crypto Anarchist Manifesto". The key sentence is: "Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner." It was on that mailing list that a lot of discussion took place about creating a "cryptocurrency".

When John Perry Barlow wrote the "Declaration of Independence of Cyberspace" in 1996, he wrote that "Cyberspace consists of transactions, relationships, and thought itself" but not government.

In 1998 the mysterious Chinese mathematician Wei Dai described on the "cypherpunks" forum a powerful mathematical model for a cryptocurrency that would be almost unbreakable. His idea was simple: let everybody have a record of every transaction, so that noone can cheat the others. This idea creates an anonymous and distributed system in which the community (not a central authority) guarantees "trust". Wei Dai said that he was inspired by Tim May's "The Crypto Anarchist Manifesto".

Meanwhile, a new kind of distributed computing was becoming popular. Distributed computing had existed before the Internet, but it became more appealing after the advent of the personal computing (as millions of people now owned a computer) and of the World-wide Web (which made it easier for ordinary people to integrate their work). For example, in 1996 George Woltman in Boston launched the Great Internet Mersenne Prime Search (GIMPS) to search for Mersenne prime numbers (prime numbers that are one less than a power of two), a project that to this day has discovered 17 Mersenne primes. In 1997 a group of amateurs including Jeff Lawson, Adam Beberg (in Chicago) and David McNett (in Alabama) started Distributed.net, a general-purpose distributed computing project, originally to compete in the RSA Secret-Key Challenge, i.e. to break a 56-bit encryption algorithm (they solved the RC5-56 challenge in 250 days revealing an encrypted message that said "It's time to move to a longer key length"). The most famous of these distributed projects was and still is SETI@home to search for signals sent by intergalactic civilizations, i.e. for extraterrestrial intelligence, a project launched in May 1999 from UC Berkeley by David Anderson, who wrote the software and eventually (in 2002) the distributed operating system BOINC (Berkeley Open Infrastructure for Network Computing), the archetypical platform for "volunteer computing", thanks to which ordinary people from all over the world "lend" their computers to astronomers when the machines are idle. BOINC became the largest distributed computing experiment in history, with one million computers joining the search for extraterrestrial life. However, systems of volunteer computing like these pioneering ones didn't need to self-validate their computations, because their computations were not creating money.

Several attempts had already been made at establishing a digital currency. David Chaum, a cryptographer from UC Berkeley, had launched DigiCash in 1990, followed by Douglas Jackson with E-gold in 1996. There were virtual currencies limited to videogame communities such as Second Life's "linden dollar". Even frequent-flyer miles and credit-card points can be considered forms of digital cash, as they are stored in computers. Just the year before bitcoin, Andrew Draper had launched Perfect Money. Many people had realized that the Internet could make money circulate just like it made email circulate. Nobody had solved the "double-spending problem": how to avoid that users of the digital cash make unauthorized copies of the money.

Even before the Great Recession of 2008 started from Wall Street with the collapse of the investment bank Lehman Brothers, the crypto world was discussing the need for a massively decentralized barter network to provide an alternative to the banking system, which was widely perceived as unfair, corrupt and fundamentally a Ponzi scheme. The algorithms of HashCash and DigiCash couldn't work in a decentralized model. Szabo, Dai, Finney and Nakamoto were discussing their currency ideas while another crowd, the "Ripple" crowd, notably Ryan Fugger in Vancouver, was discussing new economic models based on bartering (and no currency). Similar discussions had been going on among economists for decades. For example, Alfred Mitchell-Innes in "The Credit Theory of Money" (1914) argued that "credit and credit alone is money" (credit did not follow money, money followed credit). Narayana Kocherlakota, president of the Minneapolis Federal Reserve, wrote that "money is equivalent to a primitive form of memory" in "Money is Memory" (1996), predating the blockchain by a decade. The philosophical problem of the "currency" thinkers was that a central ledger, which was the simple solution to the double-spending problem, looked a lot like a central bank. The philosophical problem of the "bartering" thinkers was how to secure a decentralized exchange network without using a currency. In 2004 Fugger had a product: Ripplepay, an international payment system (of which Satoshi Nakamoto had to say: "Ripple is interesting in that it's the only other system that does something with trust besides concentrate it into a central server", April 2009). The "currency" thinkers didn't have a product until 2008.

Theoretical work on cryptocurrencies continued until in October 2008 Satoshi Nakamoto published the paper titled "Bitcoin: A Peer-to-Peer Electronic Cash System" on a new cryptography mailing list, metzdowd.com. A few weeks later he sent the very first bitcoins to Silicon Valley-based Hal Finney, an extropian who had become famous on the cypherpunk mailing list. Nakamoto had posted frequently his opinions about cryptomoney on the cypherpunk list (opinions brilliantly summarized as a virtual interview in George Gilder's 2018 book "Life After Google - The Fall of Big Data and the Rise of the Blockchain Economy").

The method used by Nakamoto is now called "blockchain" and derives from the sum of all those methods developed in the 1990s to create trust without having to rely on a central authority. It combined hash functions, Proof-of-Work, digital time-stamping (all ideas that already existed) with a reward for doing "proof of work". In his grand scheme "miners" are motivated by the reward to add blocks to the blockchain, each block representing bitcoin transactions, and the blockchain is distributed to the network. It may happen that two blocks containing different transactions are attached to the same block. That's when the "longest chain" rule applies: new blocks are mined and attached to each version of the blockchain, forming two forking, and eventually the longer chain, the one with more cumulative hash computation, is accepted by all nodes as the main chain. (In reality, the "longest" chain is not necessarily the safest chain because there is a difference between "longest" and "greatest" that Nakamoto missed when he wrote "The majority decision is represented by the longest chain, which has the greatest proof-of-work" - in reality, longer Proof-of-Work chains may exist that contain less work, longer but "lighter"). The underlying philosophy is that the system is safe as long as less than 50% of the online hashrate belongs to adversary miners. The rewards for Bitcoin mining are reduced by half roughly every four years: originally in 2009, mining one block earned the miner 50 bitcoins; in 2012, the reward was halved to 25 BTC; in 2016, it was halved again to 12.5 BTC; in 2020 it was halved again to 6.25 BTC. Consensus is a distributed process that takes place on the network and consists in every single node replicating the same state of the blockchain, a fact that makes the blockchain practically immutable and irreversible. Furthermore, Bitcoin's mechanism to reach consensus, Proof-of-Work, is by definition "Byzantine Fault Tolerant", i.e. it allows a group of people to reach agreement about what to do next despite the fact that some of these people may have malicious intents. Furthermore, Bitcoin was the first system ever to provide "dynamic availability": its consensus systems works with an unknown number of nodes each of which can switch off and on dynamically. Note that Nakamoto never proved mathematically that his blockchain was safe: he only had the "intuition" that it was.

Bitcoin was a currency, but it was also a lot more: its underlying blockchain technology was a new way to run a society without a central authority. Satoshi Nakamoto left the Bitcoin project almost immediately after release 0.2 (December 2009), co-written with Martti Malmi, a student at the Helsinki University of Technology who was interestested in decentralized cybercurrencies. Nakamoto's last posted something in December 2010 (except for posting in 2014 a short sentence "I am not Dorian Nakamoto" to dispel a magazine story). Hal Finney added some code to the original code soon after the publication of the white paper when the code was posted on the website Sourceforge. Malmi, who was the first person to sell bitcoins for dollars (5,000 bitcoins for 5 dollars), left too in 2011 and the project moved to the open-source repository Github (coincidentally created the same year that Nakamoto developed Bitcoin) and since then it has been developed by a community of volunteers. Gavin Andresen, formerly a virtual-reality expert at Silicon Graphics in Silicon Valley, joined in 2010 and in 2012 started the Bitcoin Foundation in Boston (established with a large donation by Silicon Valley-based anarchist and bitcoin evangelist Roger Ver, who in 2011 had created the first major online store accepting bitcoin payments and previously had been jailed for selling explosives on eBay).

Basically the recipe for creating Bitcoin includes the following ingredients: some crazy religious cult, some quasi-gangsters on the Internet, mathematicians who borrow ideas from economics and from videogames, some military software, and a group of hippies who shun academic journals and communicate over a mailing list.

Bitcoin became the first successful currency not to be printed by a government. Bitcoin shifted the power from the central government to a P2P network.

Even before Bitcoin became famous, the success of peer-to-peer models had generated a lot of enthusiasm in the counterculture. Michel Bauwens, a Belgian philosopher living in Thailand, published pamphlets such as "P2P and Human Evolution" (2005) and "The Peer To Peer Manifesto - The Emergence of P2P Civilization and Political Economy" (2007) about the transformative power of peer-to-peer economics. Three years before the birth of Bitcoin, Ori Brafman published "Starfish And The Spider" (2006) and Yochai Benkler published "The Wealth of Networks" (2006), books which popularized the notion of "distributed autonomous organizations". Brafman, an Israeli-born Stanford-educated economist, compared the distributed organization to a starfish and the centralized organization to a spider, which dies if its head is cut off. Benkler, an Israeli-born Harvard professor of law, hailed "commons-based peer production", the production and maintenance of open-source software (such as Linux, launched in 1991, and Apache, launched in 1995) and of Wikipedia (launched in 2001), a third mode of production, neither capitalist nor communist. Bitcoin realized their dreams. Bitcoin is not just a cybercurrency: it is a method to reinvent government bureaucracy without the bureaucrats.

Bitcoin proved again the importance that the independents have on new revolutionary ideas in technology. No major corporation and no major venture capitalist thought of it. The universities developed the math but did not see the potential. This kind of ideas can only come from individuals who work outside the "system".

Bitcoin remained mostly a theoretical exercise until Ross Ulbricht opened an online marketplace called "Silk Road" for people to buy and sell anything anonymously. One of the tricks that he employed was to have payments made in bitcoins. "Silk Road" became popular with all sorts of criminals, and with ordinary drug addicts. Ross Ulbricht was arrested by the the US government in October 2013 and eventually sentenced to life in prison. Just like Napster, an illegal operation, had proven the power of P2P communications, Silk Road proved the power of bitcoin commerce.

Much has been written and speculated about the real identity of Satoshi Nakamoto. Satoshi stopped communicating in 2013. Hal Finney (who died in 2014), Szabo and Dai have been obvious suspects. In 2016 Craig Wright, a computer-security expert based in Australia with a PhD in theology, and a long-time subscriber to the cypherpunks mailing list, claimed to be the real Satoshi Nakamoto, and that was the beginning of a long personal saga. He convinced very few people, but attracted attention to his business partner, Dave Kleiman, based in Florida, a paraplegic and a computer-security expert who died a horrible death, alone and poor, in 2013 (the year when Satoshi disappeared). In 2018 Kleiman's brother sued Wright claiming that Wright has "stolen" to the early bitcoins mined by Kleiman, which are now worth a fortune.

Bitcoin's "blockchain" mechanism is the real revolution. Blockchain technology allows a network of computers to make changes to a global record without the need for a central authority. The blockchain is a ledger shared by all the computers of the network, and its technology makes it impossible to spend the same money twice (no counterfeits). You can use it for the "smart contracts" that Szabo envisioned. In theory, you can create a society in which there is no need for central authorities of trust. Today, trust is guaranteed by something like the national bank (run by the government) or the title company (the agency that certifies who owns a house). Blockchain creates trust through an algorithm. Any form of peer-to-peer contract (whether selling a house or renting a car) can be made safer through blockchain. The blockchain technology is much more than a method to manage a virtual currency: it is a digital record keeper that does not require intermediaries/middlemen and cannot be distorted/hijacked.

Decentralization had historically meant chaos, but blockchain is a system based on decentralization that actually guarantees order. It sounds like a contradiction, but its technology is basically order enforced through chaos. It is also much more secure than government databased and corporate databases, because the security of a transaction is guaranteed by all the computers in the network.

Blockchain is often hailed as the missing disruption. The world runs on three processes: storage, which is the most ancient; computation, which allows each organization to do something with the data that it has stored; and communication, which allows an organization to carry out transactions with other organizations. The personal computer disrupted computation. The Internet disrupted communications. But nobody had disrupted storage before the blockchain was invented.

The architecture of the blockchain can be divided into three layers: a network layer, in which the participating nodes are synchronized in peer-to-peer fashion, a consensus layer, in which the nodes perform computing and communication tasks to collectively achieve consensus, and an application layer, which originally was limited to basic financial activities but would later expand to include smart contracts and decentralized applications (dApps).

The ideal blockchain system would be a system that offers: decentralized control (no single party has a privileged role), consensus on each and every event (a single source of truth), immutable recording of the history (validated transactions can never be deleted or changed), privacy (cryptographically privatized data that are publically shared) and all of this in an untrusted environment.


Bitcoin has been criticized as not being "real" money, but money is not as "real" as one things. We accept it just like we accept many habits that have always worked. Originally, money had value because it was backed by silver or gold, but in 1971 the USA left the gold exchange standard and the dollar became a "fiat" currency. The difference is clear only to economists because, for all practical purposes, it makes no difference whether money corresponds to gold or to, say, stone: what matters is that the government uses it and people accept it. We accept it because others accept it, because we trust that others will accept the money that we receive from others, because we trust that we can use it to buy things from others, i.e. that others will accept in exchange for real goods. Credit cards altered the sense of money because they play the exact same role although they are not "real" money. For all practical purposes, a credit card gives me the same purchasing power as cash, except that it eventually is tied to the cash that we deposit in a bank. That's the big difference between cash and credit card: cash is issued by a government, a credit card is issued by a bank. Cryptocurrencies are the next step in this move away from institutions: they are issued neither by governments nor by banks. But fundamentally they are "real" or "unreal" just like all the previous forms of money: Bitcoin's value is based on the fact that people accept it and trust that others will accept it.


Initially bitcoins were mined with traditional microprocessors, and at best GPUs (graphical microprocessors). In 2010 a group of miners joined together to form a "mining pool" (originally named Bitcoin Pooled Mining Server, or Bitcoin.cz Mining, later renamed Slush Pool) combining their computational resources to increase the probability of finding a solution to the Proof of Work puzzle. Soon bitcoin mining became so lucrative that it spawned a whole industry of ASIC (Application-Specific Integrated Circuit) machines, mostly based in China like Avalon, the original ASIC miner, introduced in 2013 by Nangeng Zhang, followed by Antminer, introduced in 2014 by Bitmain, founded by Jihan Wu and Micree Zhan. Bitmain's founder Jihan Wu also started in 2013 the mining pool AntPool, which by mid-2019 was mining 16.4% of all bitcoin blocks. The very nature of Proof-of-Work caused centralization, something that Satoshi didn't foresee probably because he didn't expect Bitcoin to become a multi-billion dollar economy. Proof of Work mining was also wasteful, consuming gargantuan amounts of electricity, which ended up favoring some geographic areas, notably China where electricity was very cheap. In 2017 about 70% of all bitcoin mining power was coming from miners or pools located in China.

Each ASIC specialized in an algorithm: ASICs for Bitoin (an SHA-256 based coin) were Bitmain's Antminer S9 or Antminer S7, whereas an ASIC for Litecoin (based on Scrypt) was the Antminer L3+ and the ASIC for Ethereum (Ethash mining) was the Antminer E3. Other ASICs specialized in other hashing algorithms. For example, the Antminer D3, Baikal Giant X10, Innosilicon A5 and FusionSilicon X7 mined coins based on X11 hashing such as Dash.

From the beginning it was obvious that any blockchain-based system would consume an enormous amount of electricity because of the electricity needed by miners to prove their work. In fact, the amount of computing power used for mining in the entire Bitcoin network has multiplied by 100 million between 2011 and 2018 and then ten times more between 2018 and 2020. A different kind of consensus algorithm (still Byzantine Fault Tolerant) named Proof of Stake was introduced by Peercoin (in 2012) precisely to save on electricity. In 2013 NXT used it too, and BitShares used delegated PoS. In 2013 Gridcoin used Proof of Stake and volunteer computing on the BOINC network. In 2014 an anonymous developer introduced Burstcoin (built from a fork of the NXT cryptocurrency) that used Proof-of-Capacity (which in 2021 evolved into Proof-of-Commitment), a kind of Proof of Space, the first "green" alternative to Bitcoin because it replaced compute-intensive "mining" with storage-intensive "farming". Dan Larimer invented delegated Proof of Stake (end of 2013) to avoid the inevitable consequence of Proof-of-Work: mining would inevitably move to countries with cheap electricity, and mining would become increasingly difficult for ordinary people with no access to lots of cheap electricity. His new consensus algorithm rescued miners with home computers.

The Mirage of "One CPU One Vote"

Satoshi Nakamoto defended the semi-political concept of "One CPU One Vote". Proof-of-work is essentially a one-CPU-one-vote scheme.

However, from the beginning, when it was still possible to mine Bitcoin blocks using regular desktop computers, each miner was using a different CPU and often a GPU and they were receiving different payouts based on the power of their computer. The mining ASICs quickly replaced the GPUs because they were more powerful (and more energy-efficient). The ASIC miners were viewed as the main cause of centralization of hashing power. So, from the beginning, it was not really true that of "One CPU One Vote".

Within a few years, mining required not only ASIC mining hardware but even joining a "mining pool" to achieve the necessary "hash power": each member of the pool (each independent miner) contributes some computing power to the pool, which does the actual mining and rewards the members with a fraction of the reward. The first mining pool, SlushPool, was started in 2010, Antpool and GHash.io were founded in 2013, BTC.com in 2015, etc. In July 2014 the GHash.io mining pool reached more than 51% of Bitcoin's hash rate, creating the obvious paradox that Bitcoin was becoming centralized (it voluntarily committed to reduce its share of the network).

The problem was further compounded by the self-regulating nature of Bitcoin's mining algorithm: the difficulty of solving the puzzle (i.e. the hash power required) is constantly adjusting to keep the average time between two blocks more or less constant at 5 minutes, implying that the computing power needed to mine a block depends on the computing power spent by all miners on mining the previous block. Hence the insane arms race among the miners. Mining bitcoin quickly became a lucrative business reserved to professional miners willing to invest significantly in mining hardware. It made no sense for ordinary PCs to mine blocks: one can estimate that leaving a PC up and running continuously for one month would yield about 0.0002 bitcoin/BTC, and depending on the value of BTC, this can be as little as $10 (with BTC at $50,000), barely enough to pay for the electricity consumed by the PC. It made no sense for ordinary PCs (i.e. for CPUs) to mine blocks. So much for "One CPU One Vote".

Nakamoto himself saw this coming: "At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware" (November 2008, Cryptography mailing list); but somehow he didn't notice that this would derail the principle of decentralization.


A mathematical theory of consensus was needed in the field of distributed computer systems to deal in a deterministic way with the case of malfunctioning network nodes. In 1980 Leslie Lamport, Robert Shostak and Marshall Pease at SRI International published a seminal paper, "Reaching Agreement in the Presence of Faults", that explained under which conditions a network could be made "Byzantine fault tolerant" (BFT). The problem to solve was: how many properly functioning computers are needed to guarantee that a "conspiracy" of n faulty computers cannot keep the correctly-operating ones from reaching consensus. They came up with the metaphor of the Byzantine generals: a group of generals of the Byzantine army, communicating only by messengers, must agree upon a battle plan even though several of them may be traitors with the mission to sabotage their effort. Any network has the problem of how to prove that it is "Byzantine fault tolerant".

Because blockchains aren't controlled by a central authority, nobody in particular is in charge of recording a transaction in a blockchain system. Nobody is in charge of recording the truth. It is the whole network that must reach consensus via mathematical algorithms on the history and state of the world, embodied in the blockchain. The consensus protocol determines a single source of truth. Blockchains are "trustless" because participants don't need to trust one another, they just need to trust that the trust protocol works properly. The consensus algorithm must lead to agreement among miners or validators about which blocks have been committed. (unlike the bickering in a parliament that can lead to permanent gridlock).

The original consensus algorithm, the one used by Nakamoto in Bitcoin, is "Proof of Work". A new transaction is added to the blockchain when a miner finds the solution to a difficult mathematical puzzle, and then this miner is awarded some bitcoins. The puzzle is so difficult that miners have to consume a lot of electricity to solve it. Alternatives to Proof of Work, also Byzantine Fault Tolerant, began to emerge almost immediately. Proof of Stake, introduced in 2011 by user "QuantumMechanic" on bitcointalk.org and first implemented in 2012 by an anonymous "Sunny King", replaces miners with validators. These have a power that is proportional to the amount of coins they own. The advantage is that it takes a lot less power. The disadvantage is that it may recreate the aberration of the physical world in which a small number of people exerts great influence, the exact opposite of the egalitarian ideals that fueled the P2P and cypherpunk movements. Proof-of-Authority consensus, proposed in 2015 by Ethereum's co-founder Gavin Wood, is a variant of Proof-of-Stake consensus. Proof of Importance, introduced by NEM in 2015, takes into consideration not only your stakes but also how often you transact with others, and with whom, how active you are. The delegated Byzantine Fault Tolerant algorithm, invented at the end of 2013 by Daniel Larimer, is a modified Proof-of-Stake. Delegated Proof-of-Stake and traditional Proof-of-Stake stand to each other like representative democracy stands to direct democracy. In delegated PoS, every participant that owns coins is allowed to vote for delegates. The delegates who get the most votes are the ones who earn the right to validate transactions and create new blocks, and make money out of it. Silvio Micali's "pure" Proof-of-Stake is more democratic than the "delegated" version because it picks delegates randomly. In 2022 Ethereum migrated from a Proof-of-Work consensus algorithm (which is blame for consuming a lot of energy) to a Proof-of-Stake consensus algorithm. In Stefan Dziembowski's Proof-of-Space algorithm (2013) the "miner" must dedicate a significant amount of disk space as opposed to computation to be rewarded with cryptocurrency. In 2013 Jed McCaleb's Ripple blockchain adopted David Schwartz's Proof-of-Correctness, while Jed McCaleb's Stellar pioneered in 2015 the Federated Byzantine Agreement (FBA) consensus mechanism, invented in 2015 by David Mazieres at Stanford University, a decentralized version of the original Byzantine Agreement.

Voting in "Proof of Membership" (the traditional "permissioned" model) was based on the rule "One Member One Vote", just like in the political elections of any democracy. Proof of Work (the "permissionless" model) was, in theory, based on Nakamoto's "One CPU One Vote" rule. Proof of Stake is based on "One Coin One Vote" and Proof of Space grants one vote for one gigabyte of storage.

In 2016 Intel introduced Proof of Elapsed Time (PoET) which reduces the cost of the mining process. In 2017 Anatoly Yakovenko published the Proof of History consensus mechanism to increase speed and capacity of the blockchain. In 2019 Bram Cohen, the inventor of BitTorrent, published a consensus mechanism that mixed his own Proof-of-Space (a variation on Dziembowski's Proof-of-Space algorithm) to encourage users, or "farmers", to contribute hard-disk space, and a new Proof-of-Time algorithm (based on Krzysztof Pietrzak's version of Dan Boneh's 2017 "verifiable delay functions") to force sequential computation and therefore prevent wasteful parallel computations. Cohen's coin Chia, based on this Proof-of-Space-and-Time mechanism launched in 2021.

A consensus algorithm is the mathematical method by which a network of nodes (or "validators") comes to an agreement on a certain fact. Consensus in the parliament of a democratic country is achieved by voting: whenever a member of parliament proposes a new law, all the members vote and the proposal is approved if a "quorum" is achieved (e.g. more than 50%). Classical consensus algorithms behave in a similar way (they achieve consensus through quorums, i.e. require voting) and are therefore called "quorum consensus". The most famous in the age of cryptocurrencies is probably Practical Byzantine Fault Tolerance, invented by Miguel Castro and Barbara Liskov in 1999, ten years before Bitcoin, employed by Jae Kwon for his Tendermint (2014), which has the advantage of making transactions deterministic instead of probabilistic like in Bitcoin: it relies on deterministic majority to reach consensus rather than a non-deterministic computational puzzle, and it guarantees no forks, i.e. instant block finality. The problem that needed to be solved is that validators in the network could be faulty or malicious, but the network still has to reach consensus, i.e. all nodes must share the same state (the same conclusions). This algorithm showed how a network can come to consensus even in the presence of adversary participants. Quorum-based consensus was not good enough to protect from the so-called "Sybil attack" (in which an attacker creates many fake identities and subverts the voting system). Therefore in 2008 Bitcoin introduced a new type of consensus, based on the blockchain, and all the variations that came later are grouped in the family of "Nakomoto consensus" (or, better, blockchain consensus) which are inherently immune to Sybil attacks. There are pros and cons: Nakamoto consensus is only probabilistically accurate (while extremely unlikely, it could produce double-spending), whereas Byzantine consensus is mathematically precise, i.e. deterministic (but requires additional Nakamoto consensus to prevent Sybil attacks). The biggest obstacle to the adoption of Byzantine consensus was its low scalability because all nodes need to talk to each other in order to achieve trust (the cost of communication among the nodes is "quadratic", and 100 nodes in the network are enough to cause a significant degradation in speed).

In 2016 Christian Decker at ETH in Switzerland introduced a hybrid consensus, PeerCensus, that combines Proof-of-Work and a variation of Practical Byzantine Fault Tolerance. Another hybrid was ByzCoin, developed also in 2016 at EPFL by Bryan Ford's team: an elaborate blend of a more scalable version of Practical Byzantine Fault Tolerance, of a witness cosigning protocol called CoSi (an extension of the Schnorr signature, a form of digital signature introduced in 1989 by Claus Schnorr) and of a mining strategy borrowed from Bitcoin-NG. Another hybrid of PoW and PBFT was Solida, unveiled in 2017 by Ittai Abraham at VMWare, based on the work of Rafael Pass and Elaine Shi at Cornell University, perhaps the first to show how to use PoW not to agree on transactions but to agree on rotating committees which in turn agree on transactions. Other hybrid consensus protocols were sharding-based projects like Loi Luu's Elastico (2016) and Bryan Ford's ByzCoin (2016).

In May 2018 the anonymous "Snowflake to Avalanche" paper (somehow related to Cornell University mathematician Emin Sirer) introduced Avalanche, a whole new family of consensus protocols that employed a new concept of "metastability" to achieve consensus more quickly and more energy-efficiently than blockchain algorithms. A later example of Byzantine fault-tolerant consensus is HotStuff, introduced in 2019 by Maofan "Ted" Yin at VMware (Facebook's Libra project is supposed to use a variant of HotStuff), yet another variation on the Tendermint model.

Proof-of-Capacity consensus made blockchains more energy-efficient, egalitarian, and decentralized but, by replacing compute-intensive mining with storage-intensive farming, it introduced the "farmer’s dilemma": rational farmers tended to maximize the amount of space they pledge towards consensus at the expense of allocating storage for chain state and history, and tended to join in pooled farming under a few mega-farmers. Jeremiah Wagstaff's and Nazar Mokrynskyi's Subspace (2018) solved the problem by decoupling consensus and computation: its Proof-of-Archival-Storage consensus, an evolution of Juan Benet's Proof-of-Replication (2017), was based on proofs of replicated storage of the chain history, so that farmers stored the chain history collectively, each farmer storing as many replicas as their disk space allows. , each farmer stores as many unique and provable segments of the chain history as their disk space permits.

The End of Civilizations and the Clash of History

The historical moment in which Bitcoin arrived can be better appreciated by referencing two popular books of the 1990s. Francis Fukuyama in his essay "The End of History" (1989), later expanded and published as a book, wrote that history has a universal direction, tends inevitably towards an "end", and that "end" is the political model represented by Western liberal democracy, the final and ideal form of human government. Samuel Huntington in his lecture "The Clash of Civilizations" (1992), later expanded and published as a book, argued that humankind was entering an era of conflicts driven not by resources or ideology like in the past, but by cultural traditions, in particular pitting the worldview of the West against those of Islam and of China. The World-wide Web was launched on the Internet in at about this time. Fukuyama and Huntington were motivated by the fall of the Soviet Union and the end of the Cold War to analyze how the international order would change. Neither Fukuyama nor Huntington knew what was happening on the Internet. They certainly didn't know that in 1992 Timothy May published the "Crypto Anarchist Manifesto" to inaugurate the "cypherpunk" mailing list and that also in 1992 Neal Stephenson published a science-fiction novel, "Snow Crash" (1992), set in the metaverse. And later in the decade they were probably more interested in the Middle East and in China than in John Perry Barlow's "Declaration of Independence of Cyberspace" (1996) or Shawn Fanning's P2P platform Napster (1999) or SETI@home's volunteer computing (1999). But these events heralded a different kind of "end" and of "clash". The clash was the clash between government and cyberspace with its nascent digital anarchy. And for those in cyberspace the "end" of human history was a whole new form of self-government. Western liberal democracy had made the Internet possible but also marked the beginning of a new era in which Western liberal democracy looked hopelessly obsolete with its grotesque apparatus of governments, banks, stock exchanges, corporations, etc. It wasn't necessarily wrong, just technologically retarded.

Social Scalability

Indirectly, Bitcoin opened up a philosophical discussion about what a society is. As Nick Szabo noticed in his essay "Money, Blockchains, and Social Scalability" (2017), Bitcoin introduced more than a decentralized form of money: it introduced social scalability. Society is typically an association among people who trust each other. The blockchain extends that "trust" to virtually everybody towards everybody else. The most important function of a blockchain is not crypto-money but social scalability. The traditionaly society built around an institution (a bureaucracy) is in fact limited to how much trust among how many people the institution can create. For example, the institution of the title company creates trust between a home buyer and a home seller. A system of law, in general, expands social scalability because it makes it easier to trust strangers: if they break the contract, we can hope that a judge will force them to fulfill it. Internet rating systems are another way to expand social scalability. But all of these systems are vulnerable to human error and to malicious behavior. That's why we have an army of regulators, lawyers and accountants: to provide social scalability. Satoshi Nakamoto showed us a world that doesn't need any of these actors, a world in which they are replaced by a system of algorithms, a system in which social scalability is virtually unlimited.

Alt-coins, Wallets, Exchanges

The proliferation of bitcoin-like cryptocurrencies, or "alt-coins", began in 2011 with Bitcoin "forks" like Litecoin (created by Google employee Charles Lee), faster to mint than Bitcoin because it replaced Bitcoin's SHA256-based Proof-of-Work algorithm with one based on Scrypt (invented by 2009 Colin Percival), and Vincent Durham's Namecoin, the very first Bitcoin fork that also acts as a domain name registry (which pioneered the idea that blockchain technologies could be used to transfer ownership of other things than just money).

In 2012 PPCoin (created by "Sunny King"), later renamed Peercoin and Primecoin, introduced Proof-of-Stake instead of Proof-of-Work as the consensus algorithm, a less energy-demanding algorithm and therefore theoretically a low-cost way to develop blockchains. It shared much of the source code with Bitcoin, but it differed fundamentally in the way new coins were generated. However, it was soon discovered that it suffered from the "nothing at stake" problem, a security hole.

The first major bitcoin wallet was born in 2012, Brian Armstrong's and Fred Ehrsam' Coinbase, followed in 2013 by Jeremy Allaire's and Sean Neville's Circle.

In March 2012 the Israeli investment broker Yoni Assia posted on his blog about "colored coins", coins that could represent the ownership of things in the real world. Assia transferred the fundamental idea behind the blockchain, of providing a secure distributed database, outside the world of money into the world of physical and financial things. Anything that is representable as a digital asset and that can be owned by only one person at a time can be encoded in a blockchain. Bitcoins (and any other coins on a blockchain) are fungible, but Assia noted that it is possible to track the origin of a coin and therefore make it "unique", i.e. non-fungible. This is what he called "coloring" the coin (to distinguish it from all the other coins of the same kind, e.g. from all the other bitcoins). Such colored coins made it possible to conceive of decentralized exchanges of assets (like buying and selling collectibles) without intermediaries and central authorities. In a sense that was the beginning of DeFi (decentralized finance) and in particular of non-fungible tokens (NFTs).

Then in 2013 came the deluge of cryptocurrencies: JR Willett's Mastercoin (later renamed Omni), which was the coin that carried out the first "initial coin offering" or ICO (although it wasn't called that way yet), Rob Halford's Gridcoin, based on Proof of Stake and distributed on the BOINC network to alleviate the mining problem, NXT (created by user "BCNext"), that also used Proof-of-Stake (PoS) like Peercoin and had no mining (all coins were "pre-mined") and so claimed to be the most energy-efficient cryptocurrency yet, and best of all was Dogecoin, created by Billy Markus and Jackson Palmer to poke fun on cryptocurrency mania but soon swallowed into it to become one of the most valued. Cryptocurrencies, born as a countercultural alternative to the financial world, had become a form of (wild) speculative trading.

The boom of cryptocurrency was another spectacular display of "network effect", the same effect that generated so many "memes" on the Internet. Propelled by social media chatter, a cryptocurrency could become very valuable even if it was completely useless. Dogecoin, created as a joke, was the ultimate example. Seven years later Shiba Inu, created in 2020 by "Ryoshi" as a joke on Dogecoin (i.e. a joke of a joke) would be another grotesque manifestation of the same phenomenon: by late 2021 the Shiba Inu coin would become the 9th-largest cryptocurrency by total value ($37 billion) passing Dogecoin itself ($36 billion). But Dogecoin also showed to the whole crypto world the power of community, how important it was to first build a community.

Also in 2013 the newly re-branded Ripple, now equipped with its own blockchain, the XRP ledger, and its own cryptocurrency, XRP, and based on the hash function called Elliptic Curve Digital Signature Algorithm invented in 1992 by Scott Vanstone, was launched as an alternative to the traditional SWIFT payment system used by banks worldwide (and by 2015 it was adopted by many banks). It was written in the C language by Jed McCaleb and David Schwarz based on their own Proof-of-Correctness consensus mechanism. Ripple had no mining or miners whatsoever because XRP was pre-mined. For a few years, XRP remained the second-largest cryptocurrency by market capitalization after Bitcoin.

In 2013 Matthew Green and his students Ian Miers and Christina Garman at Johns Hopkins University also proposed "Zerocoin", an extension to the blockchain protocol that adds true anonymity to the transactions.

A little noted event of 2013 was the development of the first off-chain protocols: Bitcoin payment channels, due to Jeremy Spilman. A payment channel is basically a smart-contract mechanism that enables two mutually distrustful parties to transact safely outside the blockchain. These were the ancestors of the future off-chain protocols.

Also in 2013 the first major cryptocurrency exchange opened in China, Leon Li's Huobi.

The big event that opened 2014 was Counterparty (created by Robert Dermody, Adam Krellenstein and Evan Wagner), a Turing-complete platform for smart contracts built on the Bitcoin blockchain. Counterparty (XCP) offered "tokenization" prior to Ethereum or any other cryptocurrency: it allowed XCP holders to create crypto-tokens to set up smart contracts to be performed on the Bitcoin blockchain. and to trade tokens in a marketplace.

Each Bitcoin transaction is associated with the digital addresses of the sender and of the receiver, therefore it is not true that everybody is anonymous in Bitcoin. In 2012 "Nicolas van Saberhagen" had proposed an extension to the Bitcoin blockchain for privacy and anonymity known as the "CryptoNote protocol". It was rumored that Nicolas van Saberhagen and Satoshi Nakamoto were the same person, Cryptonote being simply an elaboration of themes originally discussed by Nakamoto on the Bitcointalk forum in August 2010: stealth addresses, which hide receivers in a cryptocurrency transaction, and ring signatures, which hide senders, : so that neither the beneficiary not the value of the transaction can be traced by a network observer. Saberhagen's new Proof-of-Work also addressed the obsolescence of the "One CPU One vote" principle.

Given the rapid and disruptive emergence of ASIC miners, in 2014 there was motivation to develop ASIC-resistant cryptocurrencies, i.e. immune to the domination of ASIC miners. The first that was designed specifically to prevent ASIC dominance was Vertcoin, based on a memory-intensive Proof-of-Work mechanism that made it impractical for ASIC chips. It was developed by Poramin Insom, a cyber-expert of Thailand's armed forces studying at Johns Hopkins University. Vertcoin became the world's fourth-most valuable cryptocurrency one month after its introduction.

Following the lead of Zerocoin, in 2014 several projects leveraged that protocol to launch "privacy coins", notably Bytecoin, the first one, Riccardo Spagni's Monero, and Aeon, a lighter version of Monero. Monero obscured sender, recipient and amount of every transaction. Initially, Monero was the one more directly based on Cryptonote, but over the years it changed mining consensus a few times, as it looked for ways to protect from the hyper-miners, until in 2019 it switched to RandomX, a Proof-of-Work mining algorithm that performs best with CPUs, the first cryptocurrency to seriously re-embrace Nakamoto's dictum "One CPU One Vote". Because it was so good at privacy, it was dubbed "the drug dealer's cryptocurrency of choice" by a journalist. Monero was also designed to be ASIC-resistant but soon ASIC chips appeared specifically for the purpose of mining Monero.

Also in 2014 NXT launched its Asset Exchange, the first platform to create and exchange "colored" coins, and, in general, the first implementation of the "colored coin" concept. This was therefore a decentralized exchange/marketplace to sell physical and digital goods by recording the transaction on a blockchain. Since the colored coins could represent just about anything, the NXT exchange could be used to trade just about anything.

Daniel Larimer realized that a blockchain could be used to create not only a smart contract but a whole unmanned firm, a "decentralized autonomous corporation" (later better known as "decentralized autonomous organization" or DAO as Vitalik Buterin called it). Then he shook the Bitcoin world with his scathing critiques. At a time when most Bitcoin mining power was concentrated in the hands of a handful of miners (with just two of them controlling over 51%), Larimer argued that Proof-of-Work was unfair because it rewarded individuals and organizations with enough money to rent the computation required to perform such demanding algorithms: the ordinary person had no chance to compete with those miners. In other words, seen as a company, the shareholders owned non-voting shares while all the voting power was in the hands of the miners. Furthermore, Larimer visualized Bitcoin as a firm that was spending all the revenues (the transaction fees) to pay its employees (the miners) and still had to print money (newly minted bitcoins) to such employees: clearly, this business model made no sense. And so Larimer got rid of miners with a variation on Proof-of-Stake called "delegated" Proof-of-Stake, (in which "delegates" take the place of Bitcoin miners in certifying the validity of changes to the blockchain). In 2014 Larimer then conceived BitShares X, which implemented on its own blockchain (Graphene) a coin backed by a built-in unmanned business that was a decentralized bank and exchange, so that the coins would contain a bank instead of the other way around. And BitShares was also the first DAO.

Several important cryptocurrencies were born in 2014. Evan Duffield's Xcoin, later renamed Darkcoin and then Dash, based on a new hash function called X11 (more complex than Bitcoin's SHA-256), was meant to be ASIC resistant, i.e. to prevent that ASIC miners monopolized mining power (obviously it failed because there were soon ASIC mining machines for Dash). Jae Kwon's Tendermint, an influential BFT-based Proof-of-Stake protocol (based on Practical Byzantine Fault Tolerance) designed for partially synchronous networks (Bitcoin was designed for a synchronous network because it has a target block time of ten minutes). From that point on, Proof-of-Stake systems would divide in "chain-based" (Peercoin and later Casper) and BFT-based. The latter improved the time it takes to finalize a block (i.e. speed up the "finality" of the blockchain). Francois Sonnet's and Nick Gogerty's SolarCoin was a Litecoin fork that rewarded solar-energy production (it created one coin for every megawatt/hour generated from solar technology), and a dual algorithm coin that used both Proof-of-Stake and Proof-of-Work. Burstcoin (later renamed Signum), an NXT-based cryptocurrency that used Proof-of-Capacity (a kind of Proof of Space), was one of the first blockchains to introduce Turing-complete smart contracts and the creation of non-fungible tokens (NFTs) for use in on-chain games.

Particularly interesting were the "stablecoins", coins meant to maintain a stable value as an alternative to the extreme volatility of bitcoin and the altcoins: Daniel Larimer's BitUSD, running on BitShares' blockchain Graphene, the first "stablecoin" managed by an algorithm; Realcoin/Tether (USDT), the first "stablecoin" pegged to the US dollar (created by Brock Pierce, Craig Sellars and Reeve Collins), i.e. maintaining one dollar in reserves for each tether issued; and Jordan Lee's NuBits, another algorithmic stablecoin. Note that both BitUSD and NuBits were governed by DAOs. All of them failed to deliver what they promised: price stability.

In 2014 Martin Koeppelmann and Joseph Lubin (an early contributor to Ethereum) founded ConsenSys, the first major software company specialized in developing decentralized software, which would introduce one of the most popular cryptowallets (MetaMask) and one of the most popular blockchain query utilities (Infura).

Due to differences of opinion with the businessman who was running Ripple (Chris Larsen), in 2014 Jed McCaleb resigned and launched a new cross-border payment platform, Stellar, with its own cryptocurrency, Lumens. The main difference between Ripple and Stellar (also written in the C programming language, and sharing much of the code) is that Ripple was meant for financial institutions whereas Stellar was open to the public, accessible by people (for example in developing countries) who didn't have access to banking. Technically, the biggest difference between the two was that Stellar adopted a new consensus mechanism, David Mazieres' Federated Byzantine Agreement.

In 2015 someone in Singapore introduced New Economy Movement (NEM), a blockchain and coin that, like Dash, is not as secure as Bitcoin but much more scalable. Among the many proposals to improve the speed of Bitcoin there was also Ittay Eyal's Bitcoin-NG, which decouples the Proof-of-Work part and the transaction verification part of Bitcoins' mining.

To some the blockchain was inherently non-scalable and one alternative was "directed acyclic graphs" or DAGs. Colin LeMahieu's RaiBlocks/Nano (2015) was a pioneering cryptocurrency that used "block lattice" technology, derived from DAGs, an energy-efficient architecture in which every node of the network ran as an independent blockchain and each user had total control over their own blockchain that operated asynchronously from the other blockchains. Instead of Bitcoin's shared global ledger RaiBlocks was structured as a set of non-shared asynchronous ledgers.

2015 was the year when Ethereum finally launched, a Turing-complete smart-contracts platform like Counterparty but its standard for tokens (the ERC20) was far more influential. It was also the year when Coinbase became the first-ever cryptocurrency "unicorn" (a startup with a valuation of over one billion dollars).

Ethereum: Smart contracts, ICOs, dApps

Smart contracts, ultimately, are mathematical formulas. Philosophically speaking, this is a major revolution: every contract in human societies can be reduced to a math problem. Computers had reduced contracts to data stored in a database, but "smart contracts" are more than just the record of an agreement: they include an algorithm that needs to be calculated in order to verify the validity of the contract and that then automatically executes the contract. Legal contracts are written in legal language. Smart contracts are written in software. Smart contracts are a series of instructions (typically written in "solidity", the programming language of Ethereum). Smart contracts can also be used to build DAOs, "decentralized autonomous organizations".

Vitalik Buterin's Ethereum (2015) marked a notable step forward from the original (bitcoin) blockchain because it introduced its own programming language (solidity, originally proposed by Gavin Wood in August 2014) and aimed to become the "world computer" (it is "Turing-complete", i.e. it can implement any program), or, more realistically, a general platform to develop decentralized applications ("dApps"). Bitcoin's blockchain was designed to avoid cheating: it was not designed to be the backend of a distributed system. Ethereum changed that, and since then many other blockchain engineers have proposed platforms to develop dApps. Ethereum and all subsequent systems built on blockchain technology operated in the same way to reward participants in, and contributors to, the network: by issuing "tokens" that are de facto cryptocurrencies. Any dApp typically has its own token and rewards members of the network that contribute whatever the dApp needs, for example content or computing power. The reward is always automatic, built into the code of the blockchain, i.e. all tokens are programmable entities that automatically perform the same function all the time for all users (a sort of universal law that is truly fair and impartial).

Ethereum was crucial to legitimize smart contracts. Ethereum expanded the kind of transactions that can be handled by blockchains, as long as all transactions of any kind are implemented in the form of contracts.

Ethereum and any other smart-contract blockchain conferred a new kind of power to block producers. Whether it was the miners of Proof-of-Work or the validators of Proof-of-Stake, the block producers enjoyed the obvious privilege of selecting which transactions should be added to a block and where in the block they should be added. A block is added to a blockchain only when the nodes reach a consensus, but the block is created by a single node. That miner can decide where to place the transaction in the block. Needless to say, miners placed made the decision based on maximizing their own fees. And so that power translated into a monetary value: "miner (or maximal) extractable value" (MEV). A number of techniques emerged to maximize MEV: front-running, back-running, sandwiching, etc.

Incidentally, in order to increase the level of security on the network, Ethereum replaced Bitcoin's SHA256-based mining algorithm (as well as Litecoin's Scrypt and Dash's X11) with a proprietary hash function called Dagger-Hashimoto which evolved over the years into Ethash, an efficient Proof-of-Work algorithm in terms of block production and in theory ASIC-resistant because based on the Hashimoto mining algorithm invented by Thaddeus Dryja at the University of Virginia in 2014 which is "memory-bound" instead of "compute-bound" like in Bitcoin (the time it takes to complete a task is decided primarily by the amount of memory rather than speed of computation). Alas, in 2018 Bitmain introduced the Antminer E3 specifically for Ethash mining. The other component of Ethash is Buterin's own Dagger algorithm (2013) that that creates (every 30,000 blocks) a large, randomly generated dataset known as a directed acyclic graph or DAG. Hence the large memory requirements of mining on Ethereum: "memory-hard" computation but "memory-easy" validation.

To avoid the "nothing at stake" problem of Proof-of-Stake algorithms, Ethreum adopted a new protocol called Casper the Friendly Ghost (developed in 2015 by Vlad Zamfir), which adapted Ittay Eyal's GHOST protocol for Proof-of-Work consensus to Proof-of-Stake.

Ethereum implemented a Turing-complete, virtual machine known as the Ethereum Virtual Machine (EVM). This was a 256-bit computer (at the time most computers were 64-bit or even just 32-bit), the reason being that Ethereum's hash algorithm was generated a 256-bit output. But any 256-bit operation of the EVM had to be broken down into multiple 64 or 32-bit operations by the hosting CPU. This was hardly efficient. Furthermore, to avoid spam attacks, the EVM charged developers in a currency called "gas", the price to perform instructions, a price that depended on supply and demand (of CPU power). Therefore, computation-intensite applications like training A.I. algorithms became prohibitively expensive on EVM.

Ethereum didn't solve the fundamental problem of re-centralization: by 2018 there were fewer than 15 large mining pools and a handful of very large ASIC providers.

Meanwhile, in July 2013 JR Willett had funded his MasterCoin project (later renamed "OmniLayer") by offering his own tokens to investors, the first ICO ("initial coin offering") In 2014 Karmacoin and Ethereum held their ICOs. The ICO is an alternative to traditional methods of raising money for a project: the project founders offer their own tokens in exchange for Ethereum's currency eth. In 2016 DigixDAO (developed by Kai Chng and Anthony Eufemio) carried out an ICO on the Ethereum blockchain. In 2017 the number of ICOs exploded: more than $4 billion were raised through ICOs and thousands of entrepreneurs and speculators got rich by selling cryptocurrency tokens online. The "ICO bubble of 2017" came with its generous dose of scams.

Thanks to its Turing-complete programming language Solidity and the ERC20 standard for creating new tokens, Ethereum quickly became the default blockchain for smart contracts, ICOs, DeFi (decentralized finance), NFTs (non-fungible tokens) and DAOs.

A decentralized application (a dApp) is made of smart contracts. Each dApp has its own native currency, which is called a token. Once you are inside the dApp, you use its token. The first dApp of some relevance was CryptoKitties, launched in November 2017. Roneil Rumburg and Forrest Browning in San Francisco launched a decentralized Spotify competitor, the Ethereum-powered streamine platform Audius (September 2019). Hotel-booking platform Travala launched DTravel, a decentralized competitor of Airbnb (June 2021).

Ethereum-based dApps often need to access data from the outside world, "off-chain" data sources. The software that mediates between the smart contracts running on blockchain and such data sources is called an "oracle". For example, in 2019 Sergey Nazarov's Chainlink provided such middleware on Ethereum, a decentralized oracle network.

Ethereum was not the only platform to develop dApps. Within one year of Ethereum's launch there were already several alternatives/ competitors: Max Kordek's and Oliver Beddows' Lisk, based on delegated Proof of Stake: HongFei Da's and Erik Zhang's AntShares, later renamed NEO, based on delegated Byzantine Fault Tolerance: and David Rutter's Corda, based on a distributed ledger that was not a blockchain and customized for financial applications.

Ethereum had the additional problem that transaction fees (paid to miners as an incentive to process transactions) were volatile because they depended on use and sometimes skyrocketed. In August 2021 Ethereum would remedy that adopting a proposal (EIP-1559) to make de facto its ether a deflationary asset.

In 2017 new dApp platforms included: Travis Walker's Ark SmartBridge, based on delegated Byzantine Fault Tolerance; Daniel Larimer's EOS, based on delegated Proof-of-Stake; the Linux Foundation's Hyperledger Fabric; Arthur Breitman's Tezos, based on delegated Proof-of-Stake; Patrick Dai's Qtum, also based on PoS; and Cardano (Charles Hoskinson), also based on PoS; each with its pros and cons. For example, EOS was several times more energy-efficient than Ethereum.

Cardano was based on a simplified permissioned variant of Ouroboros (2017), a Proof-of-Stake protocol with Bitcoin-grade security developed by Aggelos Kiayias at the University of Edinburgh, and possibly the first consensus protocol to be submitted to the academic peer-review process. The issue with Proof-of-Stake chains (certainly more energy-efficient than Proof-of-Work ones) was that they were susceptible to non-slashable long-range safety attacks, non-slashable transaction censorship and stalling attacks, among others. Ouroboros aimed at filling that gap. Kiayias proved mathematically that his blockchain has the same properties in Proof-of-Stake that Bitcoin has. In 2020 Cardano introduced its off-chain scalability protocol, Ouroboros Hydra to solve the three classic scalability limitations of blockchains: high transaction latency (the time required to settle a transaction), low throughput (the number of transactions that can be settled per second) and excessive storage requirements to maintain the state and history of the system. Hydra was based on isomorphic multi-party state channels. State channels are ways for users to transact outside of the blockchain ("off-chain"), thus minimizing "on-chain" processing and scaling blockchains. They were introduced in 2017 by Andrew Miller at the University of Illinois Urbana-Champaign by extending the notion of Jeremy Spilman's Bitcoin payment channels, and refined in 2019 by Stefan Dziembowski of University of Warsaw and Lisa Eckey and others from TU Darmstadt Germany.

To deploy dApps to the Ethereum blockchain or any blockchain compatible with Ethereum's virtual machine (which in 2020 would also include Binance Smart Chain, Matic/Polygon and Huobi Eco Chain), developers wrote dApps in Ethereum's own programming language Solidity, while developers wrote Cardano-based dApps in an old programming language called Haskell and later Zilliqa-based dApps were written in the Scilla programming language.


Logic has been viewed since Aristotle's syllogism as a way to prevent and resolve arguments. Through the medieval scholastics and the scientific revolution of Galileo, Descartes and Newton, logic became the way to "explain", to "prove" and to "predict". The universe, in which every action seemed to be the inevitable result of previous actions, became increasingly deterministic, and this was reflected in society, where increasingly people demanded deterministic (not arbitrary) laws and the government enacted them to be deterministically applied (and, to some extent, the punishment for violations was also deterministic). The history of the universe and even human history came to be viewed as a "chain" of events, each event contributing to other events in a deterministic fashion. The progress of logic led to the mathematical logic of Frege, Peano, Whitehead, Russell, Hilbert, Goedel and eventually Turing. Turing's "machine" (later implemented as the software program) was the ultimate conceptual artefact of determinism.

The blockchain is therefore the descendant of a long genealogy of deterministic systems. Previous deterministic systems were applied to domains like mathematics and physics in which it was only important to reach "a" conclusion, not necessarily the "only" conclusion. But the blockchain was invented to pilot the creation of money, an object that has some peculiar properties: it has to be protected from both theft and duplication. The blockchain therefore exhibits properties that one doesn't find in other deterministic systems: it realizes a form of irreversible, incorruptible determinism.

A combination of mathematical techniques had to be invented for the blockchain method to exist. First of all, the secure hash functions. A hash function transforms a "message" into a code of a fixed length. The one used by the bitcoin blockchain is the SHA-256, ironically invented by the National Security Agency (NSA) in 2002, that turns a string into a 256-bit value (i.e. a 64-character code, since 8 bits make a character like "5" or "D"). The hash function creates a code for a string and the string cannot be recreated from the code: it's a one-way encryption. The blockchain is shared by a network of nodes, by all the nodes in the network, which in theory means that every single node on the network should have a complete copy of every single transaction ever recorded on the blockchain; but a mathematical makes it possible to limit the amount of data that each node has to maintain: the "Merkle Tree" (or "binary hash trees"), invented by Ralph Merkle at Xerox PARC in 1987. The purpose of a Merkle Tree is to separate the proof of data from the data themselves, so each node on the network can verify the data without any need to get a copy of all the data. Each block of the blockchain contains thousands of transactions, and each transaction has its own unique id, a 256-bit value (i.e. a 64-character code). By using the hash function SHA-256, all the transactions of a block are "compacted" in one 256-bit code, which is called a Merkle root. The "root" is the result of a recursive process of hashing together pairs of transaction ids: a pair of ids is "hashed" into a 256-bit id, and then two such ids are hashed into another id, and so on until there is only one remaining 256-bit id for the entire block, and this is its root. A Merkle root is the hash of all the hashes of all the transactions that are part of a block in a blockchain. Because it starts with the "leaf" and ends with the "root", the Merkley Tree looks like an inverted tree. (Ethereum uses the Merkle Patricia Tree which is a more complex version of a Merkle tree, one with three roots instead of just one). By summarizing thousands of transactions in a 64-character key, Merkle trees encode blockchain data efficiently and securely. The Merkle tree allows users to verify transactions without downloading the whole blockchain (gigabytes in October 2021). Each block within the blockchain is identified by such a hash, the result of recursive hashes on all its transaction ids; and each block contains the hash of its parent inside its own header, so that the sequence of hashes linking each block to its parent creates a "chain" that extends all the way back to the first block ever created, known as the "genesis block". The header of each block contains three kinds of information, three sets of metadata: a link to the parent's hash, its own hash (its Merkle root, that summarizes all its transactions) and data related to the mining competition (difficulty target, timestamp, and a counter called "nonce").

The next mathematical component of the blockchain is the digital signature. When users submit transactions to the network, they must sign the transactions with digital signatures before miners can create the blocks recording those transactions. Digital signatures are implemented via a system of so-called "public-key cryptography". The first one to be recognized by the US government was the Digital Signature Algorithm (DSA), invented by David Kravitz again at the NSA in 1991. There are many kinds of digital signature. Bitcoin chose the Elliptic Curve Digital Signature Algorithm (ECDSA), a variant of the DSA invented in 1992 by the Canadian mathematician Scott Vanstone who used a method of public-key cryptography called Elliptic Curve Cryptography that had been discovered independently in 1985 by Victor Miller and Neil Koblitz.

Mining is the trick that gives bitcoin its security and it feels more like a game than high mathematics. Mining is the process by which new blocks of the blockchain are created, i.e. new transactions are recorded. Mining is the trick used to secure the system against fraudulent transactions and against double spending of bitcoins. Mining is a costly process for which miners are rewarded with bitcoins. Mining is not an algorithm per se but consists in solving a difficult mathematical problem (based on a cryptographic hash algorithm). Mining is not assigned to anyone in particular: anybody can compete to solve the problem and become a miner. The solution to the problem is called the "proof of work". The problem is not a logical problem: it doesn't require great thinking, just a lot of trial and error. It consists in finding the "nonce" (a random string) that, coupled with other block information, generates a hash that is lower than the target number (e.g., a hash that begins with a higher number of zeroes). It is a process of brute-force search more akin to trying a lottery than to solving a logical problem. The winner of the lottery gets to record the new block on the blockchain and gets rewarded with bitcoins and a transaction fee. Note that mining is both about recording transactions and creating new bitcoins. The number of new bitcoins per block gets halved every 210,000 blocks. Around 2137 it will become impossible to "mine" more bitcoins (the final number of bitcoins will be 21 million minus one) and the only "mining" will be about transactions.

Hence the mining mechanism relies on a combination of cryptography and game theory. Game theory studies the strategies developed by rational agents when they interact, typically to compete for some resource. The mining mechanism is designed as a game that offers an incentive to the "rational" nodes of the network.

Another mechanism, which is not high math but simply a smart strategy, is the one used for verification of the transactions. Before being recorded in blocks by miners, all the transactions are propagated through the network of nodes. Each node of the bitcoin network receives a transaction, validates the transaction and then forwards the transaction to other nodes. This is a strategy that erects multiple barriers against invalid transactions. Only valid transactions are propagated across the network. The entire network participates in validating a transaction: only global consensus can validate transactions. All nodes in a blockchain network must agree so a particular transaction gets validated. Therefore only valid transactions reach the mining nodes, where miners compete to aggregate many transactions into one new block.

Bitcoin and Ethereum are "permissionless" networks, i.e., public blockchains in which any node can participate in the network. "Permissionless" refers to the fact that there is no central authority in the network and a new piece of information can be accepted only when the nodes come to an agreement on it. "Permissioned" networks like Hyperledger Fabric are instead private and requires permission, which means that consensus needs to be reached only among a small group of authenticated nodes.

The complexity of blockchain determinism is therefore a combination of the complexity of hashes, Merkle trees, digital signatures, consensus algorithm and transaction verification.

After Ethereum

At this point the cryptoworld saw the emergence of "utility tokens", tokens associated with decentralized (i.e. blockchain-based) services: David Vodrick's and Luke Champine's Siacoin (2015), a decentralized cloud storage network; Dominic Williams' Dfinity for decentralized cloud computing (a project started in 2016), in which Proof-of-Stake validators were randomly selected; Julian Zawistowski's Golem Network (2016) for decentralized computing power (harnessing idle computing power of the network to create a virtual supercomputer); Ned Scott's and Daniel Larimer's Steemit (2016), a decentralized social networking platform (built on the same Graphene blockchain of BitShares); Filecoin (2017), a decentralized network of data storage, created by Juan Benet, previously the developer of the ambitious distributed file system and hypermedia system InterPlanetary File System aka IPFS (2015); and Shawn Wilkinson's Storj (2018), a cryptocurrency to purchase disk space.

IPFS was invented as a decentralized, peer-to-peer file-sharing network. It stores a "file" as a bunch of chunks that are distributed across multiple computers, identified by a content id which is a unique hash. When the user wants to retrieve the file, the hash identifies which chunks need to be reassembled. Compared with a traditional file system, IPFS does not work with "locations" (where is the file) but with "content ids" (what does the file contain). This way content is never duplicated: if you try to upload the same content twice, IPFS will generate the same hash and store it only once. IPFS wasn't based on blockchain, but shared similar properties. Filecoin was conceived as a cryptocurrency to reward node operators that host chunks of IPFS files.

Data networks like IPFS, Filecoin, Storj and Joel Dietz's Swarm (invented specifically for Ethereum) represented an important step forward over the old P2P file-sharing systems like Napster. Before Bitcoin, P2P networks had failed to develop methods of long-term storage: Napster allowed people to share files but made no commitment to those files remaining available over time. Blockchain technology introduced both the concept of joint data replication in a network (with both integrity and byzantine fault tolerance) and a monetary incentive mechanism (the reward "token") for nodes to participate.

Both Storj and Swarm transplanted "erasure codes" in a blockchain context. The main idea of erasure coding is to encode the data into coded chunks which are distributed over several nodes of a network. One way to make sure that you don't lose data is to make full duplicates of the data. In erasure coding, instead, the data are broken down into encrypted chunks, which can be used at any time to reconstruct the original data. Storj stored encrypted data in a P2P network connected to a blockchain.

Filecoin's architecture was a new kind of file management system. Miners earned tokens for storing and serving data, while users spent tokens to to store and retrieve data. Its consensus algorithm employed three different proof algorithms: Proof of Spacetime (that posts on the blockchain a miner's commitment to provide storage and rewards that miner), Proof of Replication (to verify the number of copies of a file stored on the network), Proof of Storage (to verify that miners provide the amount of storage they committed to).

Utility coins heralded the dawn of a new era in which labor, traditionally distributed among employees and consultants well known to the firm and equipped by the firm with hardware and software, was to be distributed among strangers, armed with their own hardware and software, who were to be incentivated by an algorithm that rewarded them for their work. That principle could be applied to just about everything.

2016 was the year of Christoph Jentzsch's "The DAO", the first DAO created on Ethereum. Despite its failure, interest in DAOs increased and in 2017 Luis Cuende's and Jorge Izquierdo's Aragon led the legions of platforms for the creation and management of DAOs: Matan Field's DAOstack (2018), Ameen Soleiman's MolochDAO (2019), Dekan Brown's DAOhaus (2019), Colony (2019), etc.

Zcash (2016) was another "privacy" coin but based on Matthew Green's "Zerocoin" blockchain extension. It was conceived by Zooko Wilcox in collaboration with Eli Ben-Sasson at Israel's Technion and Alessandro Chiesa at UC Berkeley. Zcash employed a cryptographic system called zk-SNARKs (which stands for "zero-knowledge succinct non-interactive argument of knowledge") developed in 2011 by Chiesa when he was at MIT, and zk-SNARKS were based on the "zero-knowledge proof" invented by Shafi Goldwasser, Silvio Micali and Charles Rekkofom at MIT in 1985: a zero-knowledge protocol allows two parties to verify that they have knowledge of a secret without revealing the secret itself. Zero-knowledge proofs allow you to prove that you know something without revealing what it is. Instead of "zero knowledge" one should really say "zero disclosure". Jens Groth at University College London (also director of research at Dfinity) developed a faster and optimized zk-SNARK, known as Groth16, used by Zcash. A couple of years later Vitalik himself would propose to scale Ethereum using zk-SNARKS (the zk-Rollup project).

2017 was the year of DeFi (decentralized finance) thanks to Zachary Coburn's EtherDelta, an exchange for ERC20 tokens; Changpeng Zhao's exchange Binance, Stani Kulechov's lending platform ETHLend/Aave Rune Christensen's Maker, Galia Benartzi's Bancor, OmiseGo/OMC Network, etc.

In 2017 stablecoins too looked appealing. Stablecoins divided into two categories: collateralized and non-collateralized. The former were collateralized either against fiat assets (typically the US dollar, like Tether) the way a traditional currency is collateralized against gold or against cryptocurrency, which was the case of Rune Christensen's DAI (2017), backed by a reserve of Ethereum's ether. Non-collateralized stablecoins were not pegged by any fiat or cryptocurrency but relied instead on an algorithm to create and destroy coins the way a central bank regulates the supply of money. The algorithm of Larimer's stable cryptocurrency BitUSD was based on self-enforcing market feedback. The algorithm issues more coins when price increases, and buys them off the market when the price falls. Nader Al-Naji's Basecoin (widely publicized when it launched in 2017 but shut down just one later) and later Daniel Shin's and Do Kwon's Terra (2018), based on Tendermint, and Evan Kuo's Ethereum-based Ampleforth (2019) employed similar stratagems.

2017 witnessed increasingly lucrative ICOs: Jarrad Hope's and Carl Bennetts' instant messenger Status.im, Galia Benartzi's Bancor, Changpeng Zhao's Binance, Arthur Breitman's dApp platform Tezos, Justin Sun's entertainment platform Tron (that didn't launch until 2018), and Filecoin. Qtum and OMG Network were emblematic of a trend. Both initially funded their project with an ERC20 token. A few months later they were both worth $1 billion, before they launched (Qtum's ICO was in March and its launch was in October, OmiseGo's ICO was in June and its OMG Network only launched in 2020, and not on Ethereum anymore)

In 2017 Vitalik Buterin and Virgil Griffith developed Casper the Friendly Finality Gadget, derived from Practical BFT, a layer-two committee-based BFT protocol that provides "deterministic finality", and introduced the notion of "finality gadgets".

2017 was also the year of CryptoKitties, the cryptogame on the Ethereum blockchain that made NFTs popular.

In 2017 blockchain technology became almost mainstream because Mastercard, the Bank of England and the Australian Stock Exchange began experimenting with it, and China declared it a strategic technology. These events were followed in 2018 by Kodak's ICO and Telegram's "private" ICO, while Robinhood, the mobile app for trading stocks, began trading cryptocurrencies and Andreessen Horowitz launched its first crypto-focused fund. In 2018 Circle and Coinbase formed the Centre Consortium which issued a stablecoin called USD Coin (USDC).


As the technology was becoming more ambitious, its limitations was becoming more obvious: Bitcoin, as it was originally conceived, had no chance of ever scaling up to the number of transactions that were normal for credit cards like Visa and Mastercard. Ethereum suffered from the same problem as Bitcoin: lack of scalability. Because in Proof-of-Work every node has to contribute to the validation of a transaction, Bitcoin could only process about 7 transactions per second and Ethereum about 30. Each node has to receive, store and re-broadcast all transactions until the nodes come to an agreement on the order of all valid transactions. The states of the nodes can temporarily diverge, since each node initially manipulates only its local state, and consensus is only reached after some time, when nodes have had time to adjust their local state to a global state.

In 2017 the Bitcoin community came up with SegWit, short for "segregated witness", to boost Bitcoin's performance. Joseph Poon and Vitalik Buterin came up with a similar concept, called Plasma, to significantly increase transaction throughput on Ethereum. Alas, neither technicality succeeded in scaling the blockchain to Visa-level transaction volumes. Plasma was a method to have "side blockchains" (or "child" chains) to complement the main Ethereum blockchain, basically an off-chain solution to offload bandwidth from the Ethereum "mainnet". The payment system OMG Network would be the first "child" of Ethereum's Plasma. Plasma didn't work well and in 2019 John Adler introduced Optimistic Rollup, another method to improve the scalability of Ethereum, an extension of "merged consensus".

Academia came up with three main approaches to scale the performance of blockchains: on-chain scaling, i.e. improvements on Nakamoto consensus that offer high throughput and low latency, such as Bitcoin-NG, proposed in 2015 by Ittay Eyal at Cornell University, and the GHOST (Greedy Heaviest Observed Subtree) protocol, proposed at the end of 2013 by Yonatan Sompolinsky and Aviv Zohar at the Hebrew University in Israel; off-chain scaling, in which transactions are distributed to a network of micropayment channels, e.g. the Lightning protocol proposed by Joseph Poon and Thaddeus Dryja in 2016; and "sharding", an old database technique to process transactions in parallel, based on the classic strategy of "divide and conquer" (divide nodes into different consensus groups, or "shards", that process transactions concurrently). The first sharding-based consensus protocol for permissionless blockchains was Elastico, proposed by Prateek Saxena's students (notably Loi Luu) at the National University of Singapore in 2016, followed almost simultaneously by ByzCoin, developed by Bryan Ford's team at at EPFL in Switzerland and implemented in their OmniLedger (2017). Other sharding blockchains followed: RapidChain at Yale University in 2018, PolyShard at the University of Southern California also in 2018, etc. Ethereum itself was discussing sharding in 2016. Sharding was clearly vulnerable to communications, as the shards had to communicate back and forth.

A similar concept evolved from zk-SNARKs: zk-rollups, introduced by "Barry WhiteHat" in 2018. Both Plasma and rollups moved computation off-chain. The main difference with Plasma was that zk-rollups kept data on-chain, whereas Plasma didn't.

Sharding and Plasma were born to remedy the same problem: any Proof-of-Stake blockchain faced a trade-off between a small consensus committee (which would weaken security) and a low block production rate due to a large consensus committee (which would decrease throughput), i.e. it had to compromise either security or decentralization.

In 2018 Eli Ben-Sasson at Technion in Israel introduced a zero-knowledge alternative to zk-SNARKs called zk-STARKs (zero-knowledge scalable transparent arguments of knowledge) which, being based on hash functions, was also quantum-resistant. His zk-STARKs allowed blockchains to move computations to a single off-chain STARK prover and then verify the integrity of those computations using an on-chain STARK Verifier.

The Quest of the Holy Blockchain

With the explosion of DeFi (decentralized finance) and cryptogames the search for a better blockchain increased. Ethereum was not optimized for gaming performance: if a game were based on Ethereum, the cost to transact could quickly rise, pricing many gamers out, and so the game could never have millions of users. At the same time, there was increasing concern about the energy consumption of mining operations.

The source of the issue was the "blockchain trilemma", already known but fully appreciated after Vitalik Buterin named it that way in 2015 and after Trent McConaghy's 2016 article "The DCS Triangle - Decentralized, Consistent, Scalable - Pick any two": a blockchain cannot be made simultaneously decentralized, secure, and scalable. One of the two has to be sacrificed. Satoshi Nakamoto sacrificed scalability when he designed his Bitcoin to be decentralized and secure (and it turned out that Bitcoin is actually neither: not decentralized because Proof-of-Work is so costly that power is "centralized" in miners who have powerful computers, and not secure because the major miners could collude and launch a "51% attack" to create fake blocks). Ethereum too sacrifices scalability. On the other hand, Dash and NEM were decentralized but sacrificed security to achieve scalability. Daniel Larimer's delegated Proof-of-Stake as used by EOS is more scalable than Proof-of-Work but it is not decentralized because the community empowers a fixed small number of delegates to choose which block gets added. And so on: each blockchain sacrificed one of the three goals. The problem was not new in computer science. In 1999 Eric Brewer at UC Berkeley published a theorem known as the "CAP" theorem: it is very difficult for a distributed system to simultaneously deliver consistency, availability and partition tolerance. Traditionally, crypto projects started centralized and slowly decentralized, but increasingly a project would move in the opposite direction as scalability became more important in the real world than decentralization.

From the beginning there was a forth kind of desiderata: make the blockchain "green", not so energy-demanding like the original Bitcoin.

And so between 2019 and 2020 several new platforms for dApps appeared, all of them after a solution to the trilemma.

Amrit Kumar, Xinshu Dong, and Yaoqi Jia created Zilliqa (2019) in Singapore on the foundations of Elastico, Loi Luu's sharding-based protocol. It was the first actual implementation of sharding in a blockchain platform. Zilliqa "sharded" computation but not storage.

Alexander Skidanov's and Illia Polosukhin's Near (2020), based on Proof-of-Stake, launched without sharding but was designed to be progressively more "sharded" via their scaling solution Nightshade (according to which a swarm of validators process transactions in parallel across multiple sharded chains, each shard producing only a chunk of the next block) and a novel consensus mechanism called Doomslug. (previously Polosukhin had worked on the "transformer" model of deep learning at Google).

In 2019 William Quigley and Jonathan Yantis, two Mastercoin veterans, launched the EOS-compatible Worldwide Asset eXchangeT (WAX), based on delegated Proof-of-Stake and meant to be an eco-friendly blockchain for dApps and NFTs, consuming a lot less energy per transaction than Ethereum. By the end of 2021, Wax had become the most used blockchain in the world by daily transactions and daily users.

In 2019 MIT cryptographer Silvio Micali launched Algorand, the first implementation of his version of Proof-of-Stake (which he called "Pure", built on a BFT protocol for synchronous networks, a` la Tendermint), which quickly became the most popular attempt at on-chain scaling. Micali's fundamental assumption was philosophical: in any society the malicious actors must be a minority otherwise the society would collapse. His "pure" PoS selected validators randomly from all token holders (similarly to Dfinity), and then the consensus was based on a game that made "cheating by a minority impossible, and cheating by a majority stupid".

In April 2020 Anatoly Yakovenko launched Solana, a blockchain for dApps based on his own Proof-of-History (for transaction ordering) and Proof-of-Stake (for validating the order produced by the Proof of History generator and for selecting the next Proof of History generator). Solana scaled transaction throughput without the need for sharding of any other "layer-2" mechanism: instead, it separated consensus from block production. Within one year Solana had become the most serious threat to Ethereum's dominance: much faster transactions and easier to write smart contracts. Solana executed transactions in parallel on GPUs, thereby massively parallelizing transaction processing. In 2021 Ethereum supported about 15-30 transactions per second, Solana about 50,000. Ethereum's smart contracts were written in Ethereum's own specialized language Solidity while Solana used the popular programming language Rust (invented by Graydon Hoare at Mozilla in 2010 and also supported by Amazon, Google and Microsoft).

In May 2020 Jaynti Kanani, Sandeep Nailwal and Anurag Arjun launched Matic (later renamed Polygon) to improve Ethereum's scalability via Plasma sidechains, and for building and connecting Ethereum-compatible blockchain networks.

Gavin Wood (the cofounder of Ethereum) was going to make it easier for other blockchains to be born and to communicate via his projects Substrate (2018) and especially Polkadot (2020), a protocol to improve Ethereum's scalability via parallel processing on smaller chains called "parachains" (and in 2021 sharding).

Polkadot used Substrate to connect blockchains to each other (e.g. with Ethereum and Bitcoin) and enabled developers to build other Substrate-based blockchains. Polkadot offered native support of WebAssembly (or Wasm), introduced in 2017 by the World Wide Web Consortium (W3C) that included Mozilla, Microsoft, Google, Apple, Intel and Red Hat as a standard assembly-like language to improve the speed of web browsers. Therefore Polkadot allowed smart-contracts to be developed in any language that compiled to WebAssembly, such as C++ and Rust. Polkadot also introduced the concept of a "canary network": Kusama, conceived by Wood in 2019 and operational in June 2021, was Polkadot's canary network where developers could test their blockchain before releasing it on the real network. At the end of 2021 Polkadot launched the first five parachains: Acala, Moonbeam, Parallel Finance, Astar and Clover. Polkadot developed its own finality gadget, called GRANDPA.

Polygon and Polkadot were "layer-two" solutions to Ethereum's scalability problem: "layer one" were blockchains like Bitcoin, Ethereum, Solana, WAX and Algorand; layer two were protocols to be used in conjunction with (on top of) a layer-one blockchain like Ethereum. Layer-two systems allow users to securely transfer funds from the blockchain onto an off-chain platform, settle transactions within this off-chain platform, and then securely transfer funds back to the blockchain. Layer-two (or off-chain) protocols typically employed state channels (Lightning being the only major use-case), sidechains/ parachains running in parallel to the mainchain and connected to the mainchain via a two-way "peg" (Polkadot and Polygon), or rollups (whether zero-knowledge or optmistic), the most recent generation. The primary function of rollups was as "scalability engines" to remove Ethereum's limitation of four trades per second. Their secondary goal was to reduce Ethereum's transaction fees by offloading computation and data storage out of Ethereum's main blockchain using either zk or optimistic rollups. The general model consisted of an off-chain component taking over the complex computation that was required by running a dApp written in solidity. This off-chain component was then able to communicate the result back to the on-chain smart contracts written in solidity. An example of optimistic rollup-based L2 for Ethereum was Arbitrum (2021), an offshoot of Ed Felten's work at Princeton University. An example of zk-based L2 for Ethereum was StarkEx (2020), based on Eli Ben-Sasson's zk-STARKs, and StarkEx 2.0 was even based on Eli Ben-Sasson's Cairo, a new Turing-complete language for writing provable programs, i.e. for producing proofs off-chain.

In July 2020 Beniamin and Lucian Mincu in Malta launched Elrond, based on their own version of Proof-of-Stake.

In September 2020, Cornell University's professor Emin Sirer launched Avalanche, another platform for dApps based on the Avalanche consensus mechanism, a Proof-of-Stake blockchain compatible with Ethereum and Polkadot. Avalanche became popular because it allowed decentralized applications that were just not economically feasible on Ethereum due to high "gas" fees. Avalanche launched its own "bridge" to Ethereum in 2021 (which a few months later migrated to Intel SGX Enclave technology), but, as its native token rose in value, others, like Umbria, came up with cheaper third-party cross-chain bridges to transfer ERC-20 and ERC-721 tokens across the two blockchains.

The Flow blockchain launched in 2021 by Dapper Labs (of CryptoKitties fame), and mainly designed by Alexander Hentschel, was tailored towards developing NFTs and cryptogames. Flow's philosophy was to separate non-deterministic tasks, such as deciding if a transaction should be added to a block, which require a coordinated consensus process, from deterministic tasks, such as executing the transactions added to a block; to separate consensus and compute and assign them to different nodes (consensus nodes used VMware's HotStuff).

In 2021 the much publicized Dfinity finally launched the "Internet Computer", which was more than just a platform for dApps: it aimed to replace the existing Internet with a distributed network coordinated through Dfinity's own Network Nervous System. At the core, it was an old-fashioned distributed system, spreading computation over a cloud of data centers (which were required to run specialized Dfinity-approved hardware). The advantage of a vintage distributed system is that the addition of a node increases throughput, whereas the addition of a node on a Bitcoin or Ethereum network increases security. Critics accused Dfinity of being neither permissionless nor trustless nor censorship-resistant, basically not decentralized at all, especially after Dfinity revealed partners that included the cloud-computing oligarchy (Amazon, Google and Microsoft) and even Wall Street titan Goldman Sachs. Because of Dfinity's distribution of tokens, governance was concentrated in the company's founders, developers and investors. The code was not open-source but patented. While a typical decentralized platoform identified users by e-mail address and IP address, Dfinity required new users to submit their fingerprints. While the good old Internet allowed anyone who was censored to switch from one platform to another, Dfinity retained absolute control on its network.

Scalability also depended on facilitating access to the blockchain. Infura was the most popular utility for querying the Ethereum blockchain until Yaniv Tal's Graph appeared at the end of 2020. Graph, unlike Infura, was decentralized, and used a well-known querying language, GraphQL (a query language introduced by Facebook in 2015). The Graph operated across a decentralized network of nodes, rewarded nodes for indexing and querying blockchain data.

Faster, higher-capacity networks like Polkadot, Matic/Polygon and Solana were threatening Ethereum's dominance in DeFi and blockchain-based games.

Sota Watanabe's Astar (2022), a multi-chain platform for dApps running on Polkadot, compatible with both solidity, the language of the Ethereum Virtual Machine, and the WebAssembly language favored by Polkadot, introduced the concept that developers should earn tokens for creating smart contracts or contributing infrastructure to the platform. While Bitcoin and Ethereum rewarded transaction fees only to miners, and in fact Ethereum charged developers in gas for building dApps, Astar rewarded developers of dApps and any new feature with its native tokens.

By 2021 there were several energy-efficient blockchains to remedy Bitcoin's tremendous energy needs: Cardano, EOS, Burstcoin/ Signum, SolarCoin, Nano, Serguei Popov's Iota (2016), originally a blockchain for the Internet-of-Things, which used "fast probabilistic consensus" to speed up Proof-of-Work, Jemma Green's Powerledger (2017), originally an Ethereum token for trading renewable energy (at the time the largest crowd funding project in Australia) that migrated to Solana in 2021, Jacopo Visetti's Efforce (2020), a spinoff his Italina-based energy-service firm AitherCO2 later joined by Apple's co-founder Steve Wozniak, a cryptocurrency to reward energy-efficient projects by tokenising energy savings; etc. Still under development was Arthur Brock's and Eric Harris-Brau's Holochain (following a white paper in 2018), an open- source framework for peer-to-peer applications that required no mining and could operate through a regular browser without any need to install special software.

In 2021 El Salvador became the first country to adopt bitcoin as legal tender, but it quickly realized the impediment to use a cryptocurrency: verifying bitcoin transactions (i.e. mining) was so energy-intensive that energy-poor countries could go bankrupt just trying to verify transactions. In 2022 researchers estimated that bitcoin mining was producing about 65 megatons of carbon dioxide per year, comparable to the annual emissions of an economy the size of Greece.


DeFi (decentralized finance) was born in earnest in 2013 with Ripple, an application of blockchain technology to international transfers of money which made them almost free of charge. four years later the Bank of England carried out its first inter-bank transaction using Ripple.

The ICO craze of 2017 created the atmosphere for establishing a more robust and professional form of fintech on top of Ethereum. Examples of early DeFi projects were Zachary Coburn's EtherDelta (2016), an exchange for ERC20 tokens, 0x (launched in 2017 by Will Warren and Amir Bandeali), similar to EtherDelta but equipped with an automated market marker, Stani Kulechov's ETHLend (2017), later renamed Aave, an Ethereum-based lending and borrowing platform, Rune Christensen's MakerDAO (2017), also another cryptocurrency-lending platform on Ethereum but with a stablecoin (the first stablecoin governed by a DAO, the first stablecoin on the Ethereum blockchain, pegged to the value of the US dollar), Kyber Network (2018), developed in Singapore by Loi Luu (of Elastico fame), Victor Tran, and Yaron Velner, another liquidity protocol with an automated market marker, etc. MakerDAO was arguably the first DeFi protocol to gain general acceptance. In 2021 Terra developed its DeFi ecosystem based on its own Terra blockchain and stablecoin: a savings dApp (Anchor, which in six months it surpassed $4 billion in total value locked), a financial investment dApp (Mirror), and a real-estate investment dApp (Terrafirma). TerraUSD was an algorithmic stablecoin, relying on its sister token Luna to maintain a $1 value. In 2022 Luna staged the most spectacular collapse of any cryptocurrency yet, losing $40 billion of its total value.

Initiatives multiplied after 2017, often intended to encourage "liquidity providers" to participate in crypto financial marketplaces. Hence "liquidity mining", in which decentralized exchanges incentivized users to supply cryptocurrencies into liquidity pools by offering them rewards based on how much they participated. Decentralized exchanges moved towards liquidity pools (pools of tokens locked in smart contracts), and liquidity pool protocols like Galia Benartzi's Bancor (2017) or Hayden Adams' Uniswap (2018) became extremely popular. The most popular in China was FCoin (2018), launched by Jian Zhang, former Huobi's CTO, that called it "trans-fee mining". Uniswap's monthly volume went from $169 million in April 2020 to over $15 billion in September 2020. Furthermore, both Uniswap and Fernando Martinelli's Balancer (2020) balanced multi-asset pools like an index fund. In 2020 both Compound and Balancer issued government tokens, highlighting a parallel trend towards shifting control of the project towards the users.

A traditional cryptocurrency exchange (or "market maker") like Coinbase or Binance had to match buyers and sellers through an order book: trades happened directly between a party and a counterparty (a trade required a counterparty). They also required "know your customer" checks and not everybody was allowed to trade. Ox, Uniswap, Kyber and Balancer used "automated market makers", algorithms that automatically created token-trading pairs and calculated exchange rates. Such automated market makers only required ownership of ERC20 tokens on Ethereum. They allowed anybody to provide tokens to liquidity pools and held liquidity pools in smart contracts, making trades happen between a user and a smart contract, not between user and user. At the same time anyone could simply provide tokens to a pool (become a "liquidity provider") and earn a percentage of the trading fees as a reward for providing liquidity. Uniswap imposed a fee on trades just like Coinbase and Binance but that fee was now distributed to the traders, not cashed by the exchange. By the end of summer 2020 (the "DeFi summer") decentralized exchanges that used automated market makers constituted more than 90% of the market.

A key moment was when Kain Warwick's Synthetix launched the first liquidity incentive program (July 2019). In May 2020 Compound, created by Robert Leshner and Geoffrey Hayes in 2018, launched its liquidity mining program that rewarded with tokens the users that borrowed or lent on Compound, and basically incentivized the users of Compound to operate like a traditional money market. Compound's token liquidity mining was a major breakthrough in the DeFi space, a watershed moment. Other protocols started distributing their tokens via liquidity mining.

"Yield farming" became popular in 2020. On one hand there was this new way to incentivize lenders and there was a new generation of crypto-lending platforms. On the other hand there was an exploding demand for borrowing cryptocurrencies by crypto firms who couldn't borrow from banks. The yields on crypto lending skyrocketed. Some DeFi projects started offering annualized returns of 30% or 50% when banks were paying interests on deposits of less than 1%. Yield farming was the crypto equivalent of buying high-yield unsecured bonds. The catch was that the "yields" were paid in tokens and so the real return depended on the fluctuations of the token. Michael Egorov's Curve (2020), an exchange for stablecoins like Mader's DAI, was optimized for yield farming.

Another innovation was the "price-elastic token", such as Evan Kuo's Ampleforth (2019) and Brock Elmore's Yam (2020), tokens that adjust their supply in response to demand (when the price climbs above the desired value, the token's supply is increased until the desired price is restored, and viceversa the supply is decreased when the price falls below the desired value until the desired price is restored). Yam became instantly famous after its launch but lost 90% of its market capitalization within a few days when a bug was discovered.

In 2020 Andre Cronje's Yearn Finance distributed a governance token to the community purely via liquidity mining. Its Yearn's token price skyrocketed from $6 to over $30,000 in less than two months.

Until 2019 the DeFi ecosystem (including Maker, Aave and Compound) enabled borrowers to draw loans only against fungible assets (cryptocurrencies). Then Lucas Vogelsang introduced Tinlake, a smart contract on Ethereum to turn non-fungible assets (such as real estate) into fungible ERC20 tokens, i.e. illiquid assets into liquid assets. Tinlake enabled the user to pool non-fungible tokens in a smart contract, generate special ERC20 tokens ("collateral value tokens") and use such tokens as collateral to borrow money from lending platforms like Maker and Compound. Tinlake relied on a a Proof-of-Stake blockchain called Centrifuge built on Substrate. In 2021 MakerDAO in partnership with a traditional lending service began issuing loans backed by real-estate assets, a major step by a DeFi company to take on traditional finance. The channel between the cryptoworld of Maker and the physical world of the partner was Tinlake.

Unstoppable Domains, founded in 2018 in Las Vegas by Matthew Gould and Bogdan Gusiev (two former drug dealers who spent time in prison), came up with the idea of "blockchain domains" similar to the domain names of the world-wide web, so that websites cound interact with dApps via Ethereum smart contracts and non-fungible tokens. Unstoppable Domains was a unicorn (valued $1 billion) by the end of 2022.

Security of Transacting in a Blockchain

Blockchains were advertised as absolutely secure... but often hacked into. One problem was that the proofs of a blockchain's security started with an unrealistic assumption: that the blockchain network is fully synchronized, i.e. there are no delays in the propagation of blocks. Blockchains were proven secure in unrealistic network models, but their protocols could still be broken in real-world networks with limited bandwidth. Rafael Pass of Cornell University introduced the the "bounded delay model" in which there is an upper bound for block propagation delay ("Analysis of the Blockchain Protocol in Asynchronous Networks", 2016). However, in real-world scenarios it is often difficult to calculate such upper bound. For example, spamming attacks can easily break the upper bound in PoS systems.

DeFi was vulnerable to a different kind of issue: adversaries manipulating the ordering of transactions, especially in cases when the order of transaction execution is critically important, like lending contracts. In both permissioned consensus protocols, such as PBFT and Hotstuff, and permissionless ones, such as Bitcoin and Ethereum, the miner controls the ordering of transactions within the block that it creates. Rafael Pass proved that Nakamoto's Proof-of-Work protocol satisfies security properties of consistency and liveness: consistency means that honest nodes agree on the same ledger, and liveness means that new transactions are incorporated eventually; but consistency and liveness do not say anything about the ordering of transactions in a block. Nothing enforces a correspondence between the order in which transactions arrive in the network and their final ordering in the ledger. Order manipulation is not only possible but relatively easy. Themis, developed by Mahimna Kelkar at Cornell University, proposed a model for "fair ordering" of transactions (“Order-Fairness for Byzantine Consensus”, 2020).


Click here for this chapter

Decentralized Autonomous Organizations (DAOs)

Click here for this chapter


The term "GameFi" was coined in September 2020 by Andre Cronje to refer to blockchain/decentralized games that were leveraging features of DeFi. Predecessors of GameFi date from 2013-14: In 2013 the multiplayer game Bitnopoly introduced the BitPoints version that used bitcoins, and in 2014 Andrew Colosimo developed a blockchain-based multiplayer game, HunterCoin, and the Minecraft server BitQuest connected the game's economics to a Bitcoin wallet. Meanwhile, there was clearly a need for a marketplace to trade videogame assets. For example, Blizzard Entertainment's videogame World of Warcraft was launched in 2004. It reached a peak of 12 million subscribers in 2010. By then a vibrant peer-to-peer market had evolved to trade in-game assets, for this game and other games like Counter-Strike. In 2015 Artur Minacov and John Brechisci launched OPSkins, a marketplace for videogame virtual assets, which immediately became popuar with gamers, but it was not on a blockchain and very centralized.

In 2017 Axiom Zen launched the game CryptoKitties on the Ethereum blockchain, and its success inspired score of other blockchain-based games: Sky Mavis' Axie Infinity (2018), Hironobu Ueno's My Crypto Heroes (2018), Chris Laurent's and Rob Salha's Zed Run (2019), James Ferguson's and Robbie Ferguson's Gods Unchained (2019), etc. Meanwhile, a standard for non-fungible tokens (NFTs) had been introduced on Ethereum: ERC-721. NFTs were ideal to represent in-game assets.

The Ethereum-based game Axie Infinity, a Pokemon-inspired universe (launched from Vietnam in 2018), became the quintessential example of "GameFi". Axie Infinity was a "play-to-earn" environment. The player had to buy some tokens in order to "play" and the player received financial rewards for: winning battles, tending plots of land, trading on the marketplace, and breeding digital pets. Axie's main characters were Pokemon-like digital pets whose ownerships were recorded as non-fungible tokens (NFTs), and NFTs could be traded like in any marketplace. NFTs in GameFi weren't just static digital objects like a collector item usually is: they were behaving like characters and interacting with other NFTs. Axie also boasted a decentralized governance mechanism similar to a DAO. In 2021 Axie Infinity's total in-game asset sales passed $1 billion: Axie had become the most valuable collection of NFTs in the world.

Because Axie's NFTs were so expensive and the return on investment was potentially huge, in 2021 NFT venture capitalist Sam Peurifoy started lending his NFTs to players and let them play on Axie and get a cut of their crypto-profits.

Ethereum was initially the standard platform for GameFi, but by 2021 several GameFi projects were moving away from Ethereum toward faster, higher-capacity networks like Polygon, Solana and Polkadot. For example, Michael Wagner's Star Atlas (2021) was powered by Solana's blockchain, and, among those under development in 2021, Bloktopia (Paddy Carroll, Ross Tavakoli ) was on Polygon, Wilder World (Frank Wilder) on Ethereum, and Exeedme (Nuno Fernandes and Francisco Varela) on Polkadot.

NFTs boomed in 2021, but it was only partly because of art collectors: the other big contributor to the boom of NFTs was play-to-earn games.

Several GameFi projects introduced DeFi concepts to reward gamers, like yield farming and liquidity pools. One such project was Mobox (2021), a Binance Smart Chain-based platform that offered free-to-play games where players could create, earn and trade NFTs (all sorts of digital collectibles) and offered rewards to players who lent tokens to a liquidity pool. Several games allowed players to use NFTs as collaterals in order to obtain loans in cryptocurrencies like bitcoin.

In 2021 most blockchain-based games were played in a web browser. The player was identified by a Web 3.0 wallet (typically an Ethereum-compatible wallet) and, unless the game was free to play, was required to purchase some assets in order to play.

GameFi was a powerful form of DeFi because a "play-to-earn" game was de facto an engagement and retention machine.

The next trend was to make blockchain games into DAOs so they would be fully decentralized. Videogames had been highly centralized before GameFi: a game was published and controlled by a gaming studio. Being blockchain-based allowed games to turn into DAOs and so grant decision-making power to the players themselves.

In April 2021 the largest blockchain-based gaming app (and second biggest overall dApp) was the multichain MMORPG game Alien Worlds, developed by EOS veterans Sarojini McKenna and Michael Yeates with Rob Allen, a free game launched on the Wax blockchain at the end of 2020 in which players explored six planets (each one its own DAO) and earned trilium tokens by mining NFTs, battling other players, and renting land.

Blockchains for the Metaverse

(See my introduction to Metaverses if you are not familiar with the metaverse concept)

GameFi and DeFi converged into the metaverse, The metaverse needs: speed and high capacity; governance and gameplay mechanism (a governance token and an in-game currency), digital proof of ownership of virtual property (NFTs); financial services to run a virtual economy (DeFi); a game creation tool so that users can create their own virtual worlds (which can be games but also social activities); rendering and video streaming (because users will access the metaverse via graphic-intense virtual reality and augmented reality); and ideally also Artificial Intelligence to animate autonomous avatars.

All the pieces were falling into place by 2021.

An interesting approach to rendering was introduced by Jules Urbach's Render (2019), a decentralized rendering platform, a spin-off of Urbach's graphics-software startup Otoy which specialized since 2008 in real-time 3D graphics for filmmakers and game developers. The Render token (on the Ethereum blockchain) created a marketplace for idle GPUs. Millions of computers had powerful GPUs which were idle most of the time. Just like BOINC exploited the idle computing time of volunteers to process astronomy data, Render rewarded those offering their idle GPUs for graphics-heavy calculations like 3D animation, holograms and virtual reality.

Mitch Liu's and Jieyi Long's Theta (2019) was a decentralized video-streaming platform that employed a new kind of Byzantine Fault Tolerance with thousands of consensus participants, unlike in delegated Proof-of-Stake. It was funded by consumer-electronics giants like Samsung and Sony and was a unicorn by 2021.

Bit.Country, conceived by Ray Lu in New Zealand and tested in 2021 on Polkadot, was a decentralized platform for non-technical users to develop custom metaverses with their own digital assets: a "bit country" was a sovereign virtual world with its own space, currency, and governance. It also came with a method to incentivize users to perform "good" social actions within the metaverse while decentivizing "bad" behavior.

Metaverses based on popular blockchains included Charles Hoskinson's Cardano-based metaverse Pavia (2021) and Christian Zhang's Solana-based metaverse Solice (2022).

It was no surprise that layer-one blockchains designed specifically from the ground up to serve metaverse developers came from former Meta employees, notably Mysten Labs, founded in 2021 in Palo Alto by four former Facebook engineers including Evan Cheng whose Sui Layer 1 blockchain was in beta by November 2022, and Aptos, also founded in 2021 and also in Palo Alto by Mohammad Shaikh and Avery Ching, whose blockchain launched on the mainnet in October 2022. Both were valued $2 billions by the end of 2022.


Coincidence or not, Bitcoin was invented in the middle of the biggest financial crisis in the world in a century. Satoshi Nakamoto's white paper was published six weeks after the collapse of Lehman Brothers on 15 September 2008 that triggered the global financial crash.

Bitcoin was the outcome of a process driven by digital libertarians (like the cypherpunks) who wanted to take money (and many other aspects of social life) outside of the control of governments. It was then revealed that, by turning every transaction into a form of currency, one could organize the entire society without institutional intermediaries, a notable update to the ideals of the self-organizing communes of the hippies of the 1960s.

However, taking money out of the control of government does not mean changing the nature of society. The world of Bitcoin is still a world of capital accumulation and speculation. There are still privileged classes. To start with, by design, Bitcoin privileges early users. A wealth gap is almost automatically created between miners and non-miners. And, in practice, the Bitcoin network has come to be controlled by a small number of mining pools (mostly from China) that, for all purposes, represents a form of unbridled capitalism. So much for a program that "markets" a decentralized model. Bitcoin is indirectly leading to the formation of a new class of plutocrats. The elimination of the state does not necessarily benefits the individual, as proven for example by the feudel world that succeeded the fall of the Roman Empire.

Usually, criminals are the first ones to benefit from a collapse of the state, as proven over and over again in places like Iraq and Libya. In fact, the first beneficiaries of the Bitcoin network were criminal organizations. The reason that today the world of cryptocurrencies is less plagued by criminals is that governments cracked down on criminals hiding behind cryptocurrencies. Crime is an essential element in judging the merits of Bitcoin because crime is the contradiction in terms of the Bitcoin world. The whole point of the blockchain is to make sure that noone can break the "laws". But blockchain refers to the digital laws of cyberspace. The people using bitcoins, however, are in the physical world, and sometimes commit physical crimes. The blockchain makes sure that transactions are valid, not that they are used by nice people for good activities. The blockchain judges a transaction valid if it is made according to the rules by gun smugglers, drug cartels, prostitution rings, genocidal dictators, and so on. Blockchain technology was born out of ethical principles and encodes ethical principles, but they are principles about the ethics of government, not about the ethics of ordinary life.

The blockchain community has mostly appropriated terms of the political left such as "open", "transparent" and "democratizing", but in reality the ideology underlying much of their Far West is close to the rhetoric of right-wing movements like the Tea Party and the Make America Great Again in the USA, movements that have fueled the rise of authoritarian regimes in both the USA and Europe. Bitcoin emerged from a view of government as oppressive and inefficient beyond redemption, ironically eachoing right-wing president Ronald Reagan when he stated that "government is not the solution to our problem - government is our problem". Their anti-state rhetoric was de facto simply a stratagem to engineer regime change and install an even more centralized regime.

The fact that the Chinese Communist Party is probably the world's most enthusiastic supporter of blockchain technology (while at the same time banning all cryptocurrencies) is revealing of how the technology born to reduce the power of the state may end up having exactly the opposite effect.

"Decentralized" is a-critically assumed to be better than "centralized" in all respects. Centralization is certainly an impediment to the decentralized flow of capital and ideas, but there are cases in which a centralized flow of capital and ideas has arguably been more effective to boost creativity than decentralization. For example, cinema and other arts rely in many countries on subsidies from the government. It is not clear that without state subsidies those arts would survive, especially the ones that require considerable budgets like cinema.

Even at face value, the libertarian ideology that inspired Bitcoin sounds naive if not misguided. It aspires to liberate us from the supposed tyranny of the state, but that is neither the only tyrany nor the main one. The tyranny of corporations is often a bigger one, and often collides with the tyranny of the state in a struggle that ignores the interests of average citizens. After all that's precisely what happened to the largest network ever invented, the Internet (invented, incidentally, at another time of crisis, after the Cuban Missile Crisis), now controlled by a handful of high-tech corporations.

Physical money has two functions: it carries out transactions and it stores value. A cryptocurrency based on a blockchain inevitably neglects the second function to focus almost exclusively on the first one. The other function of money, however, the function of "saving", is more typical of the middle and lower classes. A volatile speculative financial asset like a cryptocurrency is more typical of wealthy investors who can afford to risk.

The trend towards "algorithmic governance" preexisted the blockchain. Systems of rating and scoring (for the purpose of predicting a person's future behavior) are widespread, from the "points" on a driver license (presumed to predict how likely the driver is to cause an accident) to the credit scores (presumed to reflect the likelihood that the borrower will repay a debt). We are being rated on Airbnb, Uber and Yelp. All these systems of rating and scoring serve an algorithm that then decides how to "govern" us. Trust in first-order entities such as ordinary people and officials are increasingly being replaced by trust in inscrutable algorithms. As society dematerializes, trust increasingly depends on software. China's social credit system is simply an aggregation of all these rating and scoring systems that have existed and proliferated in the West for decades. Peer production communities typically use algorithms to scan the vast amount of user-generated content and enforce their "terms of use". For example, both Craigslist and Wikipedia have algorithms that automatically "flag" content for removal. The blockchain is therefore only another step in that direction, towards a future in which an "infallible" algorithm will enforce the rules and you will not be entitled to any appeal. As dystopian as it sounds, this "algorithmic governance" could indeed herald a more egalitarian society by removing the privileges that come with human governance (humans are more likely to be bribed, threatened, lured, etc).

Like any other techno-utopian ideology, the ideology behind Bitcoin tends to create a technocratic oligarchy rather than true democracy. The reason is that "governance by infrastructure" implies (whether codified or not) that only software engineers, and sometimes only core developers, are able to vote (or at least able to understand what they are voting about). In fact every cryptocurrency is run like a technocratic regime (or as an enlightened quasi-dictatorship in the case of Ethereum and others).

In general, technology de-politicizes a phenomenon because it soon becomes absorbed and immersed in its own rituals of releases, debugging, updates, requests for proposals, standards, etc. There is a whole digital vocabulary and discourse that takes over the original ideology of a project. Violent arguments may erupt between proponents of the same technology who, passionate about how to implement it (features, user interface), forget why they wanted it in the first place.

The ideological core of Bitcoin was to remove the intermediary that guarantees trust, the central authority like a central bank that everybody can trust. That was an ideological move, but it could be that trust is precisely what creates prosperity in the modern world. Francis Fukuyama in his book "Trust - The Social Virtues and the Creation of Prosperity" (1995) identified trust as the main factor that makes some countries prosperous and others less so. In countries like Germany and Japan there is enough trust between business partners that transactions flow smoothly with no need to follow rigid procedures. On the other hand, in countries like Italy and France the state has to step in with rigid regulations because the level of trust among businesses is very low. One could argue that trust was also high in the Italian city states of the Rinascimento and among the Arab traders of the middle ages. Trust, it turns out, is a key ingredient of a healthy economic ecosystem.

The blockchain removes the need for a trusted intermediary, but trust does not dissolve: it simply mutates into trust of algorithms. These can be trusted to be "honest" and "transparent" because of their deterministic nature, but not unbreakable and infallible. So an algorithmic system still demands a degree of trust. The blockchain is built on open software and anonymous decentralized nodes, not exactly the most reassuring of foundations, and anyone can become a node and have a say in verifying transactions. It takes a lot of trust in the complex apparatus of blockchain math and software for someone to actually invest money in it.

The blockchain world also demands a lot of trust when it launches Initial Coin Offerings. All the beautiful mathematics stacked in the blockchain cannot do much to appease the fears of investors who buy into an ICO: that requires old-fashioned trust. Without trust, there wouldn't be any ICO, and without ICOs many blockchain projects would have never existed. So ironically the progress of blockchain technology depends on trust, the one thing that the blockchain was supposed to remove.

Bitcoin wasn't the only exercise in digitizing trust in those years. In 2008 2008 Airbnb was founded and in 2009 Uber was founded, to name the two that became multinational corporations. Both Airbnb and Uber were based on the principle of letting two strangers "trust" each other with services without any visible mediation. Being about money, Bitcoin had to solve a bigger algorithmic problem, but, being about people, Uber and Airbnb had to solve a bigger psychological problem that the Bitcoin has so far ignored: the "peers" who transact on the blockchain are "people". What a blockchain-based cryptocurrency connects is not people but peers, peers on a P2P network. When a person becomes a peer on a P2P network, that person loses her personhood. But Bitcoin in reality is a platform that mediates social relations among people just like Airbnb and Uber do, because financial transactions and contracts are no less "social" that staying at somebody's home or riding in somebody's car. However, a blockchain-based system, due to its hyper-deterministic nature, does not invite people to think in terms of network, of community, but rather in terms of separate, isolated, independent individuals. The blockchain does not encourages a network spirit at all, it fosters no spirit of collaboration. Even the fact that the algorithm prescribes incentives for all the crucial functions clearly sabotages any altruistic instinct: there are no "good samaritans" in a blockchain. A cryptocurrency is first and foremost a tool for the community to exchange goods and services but in reality it cannot belong to the realm of social media: the blockchain is not "social" at all. The blockchain leans in the opposite direction: by replacing human interactions with automated code, it further depletes social cohesion. It also increases the "rigidity" of the procedures by which we have to live, as if they hadn't been rigidly codified enough. A future of smart contracts means a future of human interactions that are mere computations, either encouraged by material incentives or enforced by code on a blockchain. In fact, a future of smart contracts means a future in which every human interaction has been reduced to the equivalent of a financial transaction, because on the blockchain it's all about currency and tokens, even if what you are doing is organizing a hike on the mountain. Every interaction becomes a form of money, and your social life becomes an economy. The centrality of money in the cryptocultural future could become the ultimate post-capitalist dystopia.

How the blockchain relates to the idea/ideal of freedom is also debatable. Freedom should be the core idea of US political and philosophical life, but in practice there is strong disagreement on what it is and entails. The right worships freedom like a religion but then it constrains it in every possible way to maximize economic and security benefits to society (they even justified torture during the Islamic wars of George W Bush). The left supports freedom fights by minorities at home and by oppressed people around the world but then submits to the fascination of socialist policies that limit individual freedom. Meanwhile, nobody agrees on what the boundaries should be on freedom of speech, as freedom of speech can easily turn into discrimination, disinformation, and worse (incitement to violence or to commit a crime, treason, public health crises,...) Increasingly "freedom" on social media means the freedom to insult, slander, bully and harass others. Economists tend to think of the "free market" as a liberating force although the result of free markets is often the suffocation of individual freedom in the name of freedom for corporations (even declared to be "persons" by the Supreme Court of the USA). Technologists tend to think of technologies as liberating forces although this means that technology "mandates" a new form of freedom on people which sounds like the exact opposite of freedom. The latter is precisely the definition of freedom that emerges from political debates about the blockchain. A person brainwashed to repeat an "opinion" is not free to think and a person who is only given one option is not free to choose. So freedom begins with the person being able to choose independently among different alternatives. In order to be able to choose, the person must also be knowledgeable enough, which requires a minimum degree of education. And so on. The requirements for real freedom can be many. The liberation brought by the blockchain is basically a liberation from having to use the financial and legal institutions of the state. That liberation is delivered by a totalitarian algorithm that sees everything and controls everything, a digital panopticon combined with a HAL 9000. Instead of being surrounded by the plethora of procedures (algorithms) of the state, we are being swallowed into one giant blockchain. Existentially speaking, it is not clear that the blockchain will increase our "freedom".

There is freedom embedded in the democratic voting process of a blockchain project, according to which the community (not a superior authority) should decide any changes to the protocol. Unfortunately, it is not clear that the voting freedom makes the concept stronger because often people vote with their wallet. One of the fundamental attributes of a blockchain is that it cannot be tampered with, that it is an immutable and irreversible recording of history. That was proven false in 2016 when history of "The DAO" was erased from the Ethereum blockchain. A couple of months after it was launched, raising $150 million worth of the Ethereum's cryptocurrency ether in a spectacular crowdfunding operation, an anonymous attacker found a vulnerability in its code and took about $60 million worth of ether (3,641,694 ether). One month later, in July, the Ethereum community overwhelmingly voted for a "hard fork" to restore the world as it was before the hack. After the hard fork, the blockchain was exactly like before the fork except that in the forked version the "heist" never happened. That event was erased from history (as coded in the blockchain). The "hard fork" is a legitimate way for a minority to protect its interests when it disagrees with actions decided by the majority: the minority is allowed to split from the majority and start its own "fork" of the cryptocurrency. In this case, however, the fork consisted in erasing something that had happened. Some members of the Ethereum community disagreed with this hard fork and continued to use the old Ethereum blockchain (now known as Ethereum Classic) Therefore two dogmas of blockchain technology were proven to be false: 1. the blockchain is not immutable because it can be rewinded and restarted arbitrarily by the majority; 2. it is not true that "code is law" in smart contracts, for the same reason. The purpose of this hard fork was only to return the loot to the victims of the heist. One even has to wonder if such an "attack" constitutes a "theft" since the reality can be changed at will by the members of the community. In fact, the anonymus attacker responded with an open letter to the Ethereum community in which he argued that he had "rightfully claimed 3,641,694 ether" using an intentional coded feature of the DAO and objected to his action being called a "theft". >From the point of view of the attacker, it was the "hard fork" that constituted a theft: the community used the hard fork to steal his "legitimate and rightful ether".

Further Readings (in chronological order):
Vasilis Kostakis and Michel Bauwens: "Network Society and Future Scenarios for a Collaborative Economy" (2014)
David Golumbia: "The Politics of Bitcoin - Software as Right-Wing Extremism" (2016)
Primavera DeFilippi: "The Invisible Politics of Bitcoin" (2016)
J.Z. Garrod: "The Real World of the Decentralized Autonomous Society" (2016)
Ian Bogost: "Cryptocurrency Might be a Path to Authoritarianism" (2017)
John Flood & Lachlan Robb: "Trust, Anarcho-Capitalism, Blockchain and Initial Coin Offerings" (2017)
Nigel Dodd: "The Social Life of Bitcoin" (2018)
Christian Katzenbach & Lena Ulbricht: "Algorithmic Governance" (2019)
Amy Whitaker: "Art and Blockchain " (2019)
Felix Fritsch: "Challenges and Approaches to Scaling the Global Commons" (2021)

  • The Peer-to-Peer world
    • 1999: Shawn Fanning's Napster (P2P)
    • 2000: Jim McCoy's MojoNation (a cybercurrency that is not for money)
    • 2000: Justin Frankel's Gnutella (truly P2P, totally decentralized)
    • 2002: Bram Cohen's BitTorrent
    • 2002: "The Darknet and the Future of Content Distribution"
  • Cypherpunk Movement
    • Timothy May's Crypto Anarchist Manifestoand cypherpunk mailing list (1992)
    • Cynthia Dwork (1992): punish spammers with computational processing, i.e. comp. processing is a cost (proof of work)
    • Adam Back (1997): hashcash (cryptographic hash functions on a network, no need for central authority)
    • Nick Szabo (1997): a distributed trust model ("The God Protocol", 1998)
    • Wei Dai's mathematical method for an unbreakable cybercurrency (1998)
    • Miguel Castro and Barbara Liskov (1999): Practical Byzantine Fault Tolerance
    • Satoshi Nakamoto (Oct 2008): paper titled "Bitcoin: A Peer-to-Peer Electronic Cash System" on the Metzdowd Cryptography mailing list
    • Satoshi Nakamoto (Jan 2009): the cryptocurrency Bitcoin
    • Martti Malmi (2009): second release of Bitcoin
    • Gavin Andresen (2012): Bitcoin Foundation
  • Cybercurrencies
    • DigiCash (David Chaum, 1990)
    • E-gold (Douglas Jackson, 1996) - shut down by the USA
    • Tencent's qq coins (China, 2005) - shut down by China
    • Liberty Reserve (Costa Rica, 2006) - shut down by the USA
    • Perfect Money (Andrew Draper, Switzerland, 2007)
    • Bitcoin (2009)
  • Blockchain timeline
  • Cryptoart timeline

Back to the index