1 Cryptocurrencies

Societies dating back to the ancient Greeks archaic period (750 – 500 BC) have used metals such as silver and gold (Migeotte and Lloyd 2009) to build coins, which are then used either to store or to exchange value. 1 Gold and silver are not money by nature, but money’s nature requires something like gold and silver (Marx 1890) because of their intrinsic value as rare metals (their Substatzwert) as well as for their ability to be mint and other potential industrial uses (their Gebrauchswert). 2 Gold is considered a safe-haven asset in modern financial markets (Baur and McDermott 2010) since it is expected to keep or increase its value in volatile markets. Figure 1.1 shows the normalized prices 3 of the following assets since 2020-01-02:

  • Gold GC=F (USD).
  • Silver SI=F (USD).
  • CBOE Volatility Index ^VIX (USD).
  • USD CAD=X (CAD).
  • JPY JPYCAD=X (CAD).
  • Bitcoin BTC-CAD (CAD).

In this chapter we introduce the main building piece behind Bitcoin’s success: the blockchain and its proof-of-work consensus mechanism which represents the computer labour required to produce a Bitcoin, its digital Substanzwert. The usefulness of a Bitcoin from a trading perspective, its Gebrauchswert, depends exclusively on its acceptance as a payment method in exchange for digital and physical goods and services. This acceptance has been growing since Bitcoin’s inception as evidenced by:

  • its growing popularity in countries facing rapid inflation and currency restrictions (Bloomberg (2017) and Bloomberg (2021c)).
  • its growing acceptance as a means of payment in electronic transactions (Bloomberg (2021a), PayPal (2021) and Bloomberg (2020)).

Cryptocurrencies constitute a largely unregulated asset class aiming to compete with traditional currencies and metals such as gold and silver as both a digital reserve currency and a safe-haven asset. Because of this, the most challenging risk faced by cryptocurrencies such as Bitcoin come from regulation, which could potentially render illegal holding or trading such crypto-assets. There exists evidence of such behaviour from world powers dating back to the Greek archaic period (Migeotte and Lloyd 2009) whose political and economic power is linked to the use of their currency to settle transactions and to collect taxes. On the other hand, growing investors’ concerns about the environmental impact of cryptocurrency mining hardware are opening the door for new and more sustainable blockchain-based cryptocurrencies.

Figure 1.1: Gold, Silver (futures) and Bitcoin (spot) prices vs. VIX.

1.1 Bitcoin

The Bitcoin cryptocurrency was introduced by Nakamoto (2008) as a mechanism to make electronic payments between two parties without the need of a trusted third party. A transaction between two parties using Bitcoin takes place in the same way as a typical physical transaction involving cash, i.e., a good or service is exchanged for a predetermined amount of coins and the transaction is non-reversible since the parties identities are never required: the value is stored in the coins. Since no intermediary is involved in a cryptocurrency transaction, there is no central authority capable of modifying past records.

The need to reverse transactions arise from the inherent uncertainty of doing business over an electronic communications channel since one of the parties can easily default on its obligations, e.g., the delivery of a good or service. However, transaction costs increase with the need of a dispute mediation mechanism and non-reversible electronic transactions are not possible since a third party can potentially mediate disputes. Physical transactions using cash require the buyer and seller to be present for the transaction to take place and no third party is involved: cash transactions are also non-reversible. 4

The goal of the Bitcoin technology is to serve as cash for digital transactions, hence avoiding the need of a third party while accepting the same condition one accepts when using cash, i.e., that the exchange is non-reversible. When using a traditional coin or a Bitcoin, the coin itself serves two purposes: storing and exchanging value. To attain this goal, a new privacy model is proposed by Nakamoto (2008) as shown in Figure 1.2. This new model requires all Bitcoin transactions to be public, which means that anybody can known its time and amount. However, the transactions are not linked to any identities. This level of privacy is comparable to a level II quote from a stock exchange, where volume and prices in the book are made public, but not the identities of the investors.

Figure 1.2: Traditional vs. new privacy model.

1.2 Blockchain

A crucial piece of technology behind Bitcoin is its public distributed ledger: the Blockchain. Bitcoin transactions data is first timestamped and digitally signed, then written into a block. This blocks of transaction records are linked to each other through a unique Hash obtained using SHA-256 and creating a chronologically ordered chain of transaction records or blockchain. This public ledger includes the history of all transactions since the beginning of (Bitcoin) time and is equivalent to a bank’s private ledger, where a bank would keep track of currency ownership. Now, imagine that the banks ledger itself, let’s say an Excel spreadsheet, is the currency itself. In that hypothetical case, the Excel file would be equivalent to the blockchain: a database keeping track of money ownership and movements. Also, if one were to create such an Excel-based blockchain, the file sheets or tabs representing the individual blocks should be chronologically ordered, with several transactions per sheet as well as the corresponding cryptographic nonce (number once), previous hash and current hash as shown in Figure 1.3 as per the current Bitcoin specification. The source code is available at https://github.com/bitcoin/bitcoin/blob/master/src/primitives/block.h.

Each transaction is timestamped and digitally signed by the two parties and once a block has been created a process called Mining begins during which the hash must be computed taking as input the data from the block. The input data is hashed using a Merkle Tree (Merkle 1980) and only the root of the tree is used when computing the block hash to save disk space.

The blockchain serves hence two purposes: it is the technology where transactions take place and it is its own database. Creating a new block, a process called Mining, requires finding a hash of all the data contained in the block while satisfying additional constraints. This mining step can take minutes to hours depending on the size of the block and the central processing unit (CPU) power available to find the hash. This computing work requires electricity and CPU to find a hash, which is then fed into the next block. Modifying the original data in any previous block requires redoing the work to find a new hash for that block and for any future blocks. Network nodes will by design always consider the longest chain to be the true chain and will keep working to find future hashes, which means that the Bitcoin system is designed to always follow the chain requiring the greatest computing power to be produced.

Figure 1.3: A block and a chain of blocks using Bitcoin’s data types.

1.3 Proof of work

From a security perspective, the system is vulnerable by design to an attacker capable of controlling more than half of the available CPU in the network since the attacker could build a parallel longer chain that would eventually be followed by the honest nodes as shown in Figure 1.5. The underlying logic to tolerate this risk is explained by Nakamoto (2008) as follows: someone capable of controlling more than half of the network’s computing resources must decide whether to use their resources to maintain or to destroy their own wealth. It is important to mention that other cryptocurrencies and blockchain technologies use alternatives to the proof-of-work consensus algorithm such as Ethereum’s proof-of-stake system (Buterin 2013), where the weight of a node is proportional to its currency holdings instead of its computing power.

The proof-of-work system works by restricting the hash of the block to a fixed number of leading zeros which requires some time to be found since it must be randomly guessed. The time that it takes to find a valid block hash depends on the block’s difficulty, which is controlled through the nBits target number. The SHA-256 hash of an empty string "" obtained with the openssl package (Ooms 2021) is:

openssl::sha256(paste0(data="", block="", nonce=""))
## [1] "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

which would not be a valid Bitcoin block hash since its leading characters are not zeros. However, the hash corresponding to "1134816" is

openssl::sha256(paste0(data="", block="1", nonce="134816"))
## [1] "000001f8479faf79c1a58152ffc6b027a93f6ae6b27dc19ef986b2c9e7cad3b3"

Which has 5 leading zeros. A current Bitcoin’s hash needs 19 leading zeros to be considered valid and accepted by the network. The average median confirmation time from 2020-04-06 to 2021-04-04 was 12.01 minutes.

Since it takes time or computer work to find a valid block hash, the longer chain is the one which needed the most CPU power to be produced, i.e., to find valid block hashes. The R loop below shows a simple example of the type of work necessary to find a block hash:

difficulty <- 5
max_nonce <- 1e6
for(i in 1:max_nonce) {
  hash_i <- openssl::sha256(paste0(block_data="", block_number=1, nonce=i))
  if(substr(hash_i, 1, difficulty) == strrep(0, difficulty)) {
    break
  }
}
hash_i

Since every block includes the hash of the previous block as shown in Figure 1.3, modifying any data in a past block of the chain will render the remaining blocks invalid and a new mining process will be required to fix all the hashes that have been invalidated by the data tampering. This means that unless an attacker is capable of producing a longer chain faster than all honest nodes in the system by controlling more than half of the system’s computing power, the network is capable of ensuring its own data integrity.

To link two blocks, we need to add an additional prev_block_hash data field to our previous example:

a_block <- paste0(
  prev_block_hash = character(),
  block_data = character(),  # Merkle root hash
  block_number = integer(),
  nonce = integer()
)

And then mine the block to find its hash. Once a block hash has been found, it becomes the input to the next block. The example below creates a blockchain with three blocks containing nothing but an empty string as block_data field. The first block’s hash is deliberately left empty in this example.

n_blocks <- 3
max_nonce <- 1e6
difficulty <- 2
block_chain <- list("")
for(block_i in 2:(n_blocks)) {
  this_block <- paste0(
    prev_block_hash = block_chain[[block_i - 1]],
    block_data = "",
    block_number = block_i,
    nonce = 0
  )
  for(i in 1:max_nonce) {
    hash_i <- openssl::sha256(
      paste0(
        prev_block_hash = block_chain[[block_i - 1]],
        block_data = "",
        block_number = block_i,
        nonce = i
      )
    )
    if(substr(hash_i, 1, difficulty) == strrep(0, difficulty)) {
      break
    }
  }
  block_chain[[block_i]] <- hash_i
}
names(block_chain) <- paste0("block_", 1:n_blocks)
Table 1.1: A sample blockchain with 3 blocks
Hash
Block 1
Block 2 00328ce57bbc14b33bd6695bc8eb32cdf2fb5f3a7d89ec14a42825e15d39df60
Block 3 00d7b5192f725a525822b57f5563514d0c4d4ff9bc4fb0ce84347b31f6fa577a
Table 1.2: Time (in milliseconds) required to mine increasingly difficult chains
expr min median max
One Block, Level 1 496 535 2222
One Block, Level 2 3864 4001 5465
One Block, Level 3 51475 54744 77432
Two Blocks, Level 1 714 823 1018
Two Blocks, Level 2 5702 6978 9866
Two Blocks, Level 3 548195 584731 633797
Four Blocks, Level 1 2284 2410 2952
Four Blocks, Level 2 12716 15566 19171
Four Blocks, Level 3 1176702 1382572 1524348
Time vs. difficulty, 4 blocks.

Figure 1.4: Time vs. difficulty, 4 blocks.

Table 1.2 shows benchmark times obtained using the microbenchmkark package (Mersmann 2019) while mining blockchains of increasing difficulty (Level) and length (Blocks). We can see in Figure 1.4 that the time needed to mine 4 blocks increases exponentially with the difficulty, which is controlled with the number of leading zeros required by the hash to be considered valid.

We can also calculate the probability of successfully compromising the network as a function of an attacker’s probability of finding the next block in the chain vs. an honest node finding it. We can compute the probability \(q_z\) that an attacker will catch up from \(z\) blocks behind following Nakamoto (2008) as follows:

\[\begin{align} q_z = 1 - \sum_{k=0}^{z} \frac{\lambda^k e^{-\lambda}}{k!} \left\{ 1 - \left(\frac{q}{p}\right)^{(z-k)}\right\} \tag{1.1} \end{align}\]

Where,

\[ \begin{aligned} &p = \text{probability an honest node finds the next block.}\\ &q = \text{probability the attacker finds the next block.}\\ &q_z = \text{probability the attacker will ever catch up from $z$ blocks behind.} \end{aligned} \]

Which can be translated into the following R code: 5

attacker_success_probability <- function(q_prob, z_blocks) {
  p_prob <- 1 - q_prob
  lambda <- z_blocks * (q_prob / p_prob)
  sum_prob <- 1
  for(k in 0:z_blocks) {
    poisson_prob <- exp(-lambda)
    i <- 1
    while(i <= k) {
      poisson_prob <- poisson_prob * lambda / i
      i <- i + 1
    }
    sum_prob <- sum_prob - poisson_prob * (1 - (q_prob / p_prob)^(z_blocks - k))
  }
  return(sum_prob)
}

The setup used in Figure 1.4 corresponds to z_blocks = 4, and the attacker’s success probability can be found through Equation (1.1) as summarized in Table 1.3 .

Table 1.3: The probability of success drops exponentially with z.
q = 0.05 q = 0.1 q = 0.2 q = 0.35
0 1.00e+00 1.00e+00 1.00e+00 1.000000
5 2.87e-05 9.14e-04 2.74e-02 0.336365
10 1.25e-09 1.24e-06 1.07e-03 0.142805
15 5.60e-14 1.74e-09 4.29e-05 0.062454
20 -5.16e-17 2.46e-12 1.74e-06 0.027659
25 9.26e-17 3.30e-15 7.13e-08 0.012334
30 9.12e-17 -8.69e-17 2.93e-09 0.005524
35 -1.02e-17 2.24e-17 1.21e-10 0.002481
40 3.85e-17 -4.84e-17 4.97e-12 0.001117
45 -7.36e-17 -6.46e-17 2.05e-13 0.000504
50 2.66e-17 -4.30e-17 8.60e-15 0.000227

Figure 1.5: Attacker’s success drops exponentially with the number of blocks

1.4 Market value

In this section we have introduced the mechanics behind the Blockchain technology without mentioning prices nor quantiles so far. Several applications based on the Blockchain technology are currently in development/production (Bloomberg 2021b) as evidence of Blockchain’s technological or intrinsic value. However they do not necessarily have a relationship with Bitcoin nor with its price. Therefore, we might wonder whether there is any value in a cryptocurrency at all.

Linking computer resources to a token (the cryptocurrency) through a proof-of-work algorithm consumes electricity, which is mainly produced from coal and gas with only 28% of global consumption coming from renewable sources (Agency 2020). Growing investors’ concerns about the environmental impact of Bitcoin mining is one of the reasons behind alternative mining algorithms since a financial transaction’s environmental impact is directly linked to the computing power required to process such transactions through the network. As a consequence of such innovations and with over 6000 cryptocurrencies available worldwide (Statista 2021), investors’ capital allocation to this new asset class is increasingly diversifying out of the original Blockchain implementation, i.e., Bitcoin.

We commonly use an asset’s closing price as a proxy of the asset’s (market) value, and Bitcoin’s market price remains far from zero since its inception despite the legal and technological challenges (Bloomberg 2021d). The goal of the following section is to test different MCMC methods and \(\text{VaR}\) models to forecast quantiles of the distribution of returns of a cryptocurrency such as Bitcoin. For this, we will apply standard econometric methods to a vector of cryptocurrency returns as we aim to get a forecast of \(\text{VaR}\), which represents a quantile of the distribution of financial returns.

  1. There are also several industrial applications for these metals.↩︎

  2. Storing value in bullions vs. coins mint for day-to-day transactions.↩︎

  3. Each price series starts from 1.↩︎

  4. A cash transaction does not require the identities to be disclosed.↩︎

  5. This is nothing but an R version of the original C code in the paper by Nakamoto (2008).↩︎