Robert Sams writes:
This is also why it doesn’t make sense to speak of new cryptocurrencies expanding the aggregate crypto money supply without limit (or limited only by the fixed costs of creating one). What matters is how the aggregate hashing power, which is scarce, gets distributed over the set of extant cryptocurrencies. The above reasoning predicts that hashing power will not spread itself arbitrarily thinly, keeping MC well-above 0. (The distribution currently looks more like a power law.)
Much (something?) hinges on this point. If I understand the argument correctly, the claim is that the market will not consist of a large number of thinly hashed cryptocoins, because those coins will not be secure. There is an aggregate amount of hashing power, and it gets distributed in a quite concentrated fashion and that helps prop up the value of Bitcoin and limit the number of truly viable alternatives. Sams emailed me:
Ignoring any desired technical differences among the various coins, it’s optimal for users to coordinate on one, not b/c of some network effect but b/c spreading hashing costs over lots of coins eventually results in no coin having much security. At the margin, a user will choose the higher hashing coin between two otherwise identical ones.
In the (implicit) model of my earlier post, there is always a bribe to be paid to new cryptocurrency adopters — out of the seigniorage created by the founders of new cryptocoins — that will encourage a larger number of active cryptocoins. (And total hashing power is somewhat elastic in supply, contrary to how I am interpreting Sams.) How actively will those coins be hashed? I am not sure it matters. There will be two margins: the cost of doing more hashing of existing coins, and the cost of creating additional cryptocurrency through “bribing out of seigniorage.” In equilibrium those two marginal costs should be equal, adjusting of course for the possible heterogeneity of outputs, as you are not getting exactly the same services. To the extent “security” is an issue, the initial bribe for using a new cryptocurrency needs to be that much larger. If no bribe is big enough to induce some defection, I wonder how Bitcoin got started in the first place (which didn’t even have the benefit of the same kind of explicit upfront bribery).
My view is that if bootstrapping can happen once — as it did with Bitcoin — it can and will happen again. In which case we are back to contestability limiting the value of Bitcoin. I am not sure how much Sams and I are disagreeing. At the end he coins (sorry) a new theorem:
So maybe here is a new theorem: the value of a cryptocurrency will converge to its optimal level of hashing costs?
In any case, do read Sams’s entire post, it covers many cryptocurrency issues of interest.