What is blockchain technology, and how does it apply to the problem of individual–public interest alignment? For that we’ll need to start at the beginning.

On January 3, 2009 the first Bitcoin block was mined by Satoshi Nakamoto, the inventor of the blockchain. The initial transaction in this “genesis block” included the following message: "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." Thus, the inception of Bitcoin positioned blockchain technology as an alternative to fiat currency controlled by centralized governments and central banks.

The concept was simple yet ingenious; instead of trusting intermediaries in transactions, have a decentralized and transparent ledger where individuals can have direct peer-to-peer transactions. And rather than entrusting a central authority to control the money supply, preprogram the total supply of the currency and its issuance schedule into the protocol.

But why have we come to rely on centralized authorities for control of the currency in the first place? Why not just stick to using precious metals like gold or silver as the medium of exchange (MoE)? If we wanted a MoE that was easy and convenient to transact with, durable, interchangeable, and reliable we didn’t have many options. While gold and silver were certainly used as mediums of exchange historically, they also had their fair share flaws and limitations.

Compared to paper money — and later credit cards and digital payment — gold or silver were certainly a lot less portable or convenient. More importantly however, bad actors could produce counterfeit gold coins through alloy manipulation or other techniques. Which meant that without any top-down enforcement, merchants would have had to personally verify the integrity of the coins they got — making such a MoE unreliable and slowing down commerce.

Relying on a central authority to punish counterfeiters was thus a necessity to ensure the integrity of trade. Using the same authority to issue more convenient and portable currency was the logical next step. The problem of course is that when government has the power to issue money, it can also abuse that power. And when government abuses that power the currency loses its value.

Such abuse may be initiated by government, but may also be the result of other actors in the economy; if corporations know that government has both the ability and imperative to bail them out when they screw up on a grand enough scale, then they're more likely to do so by taking on more risk. These dynamics therefore produce moral hazard and tend to result in currency devaluation.

In the wake of the 2008 Financial Crisis these dynamics became much more salient, as government intervention in the economy increased dramatically. The best way to prevent a repeat of the same economic disaster, the argument went, was by decoupling control over the currency from centralized authority. As the mantra goes, “fix the money, fix the world.”

So how do you fix the money? How do you create a medium of exchange that is convenient, interchangeable, reliable and, above all, does not require government involvement? As it turns out, achieving such an ambitious goal first required solving a more basic technical problem — the so-called Double-Spend Problem. Double-spending is an issue with electronic money where a party in a transaction can spend the same digital money multiple times. Previously, preventing double-spending meant that users had to allow a trusted third-party, such as a bank or a payment processor, to verify that the user has the money they claim to have. Once verified, the transaction could go through.

At a more basic level, the Double-Spend Problem has to do with the fact that all information online is just bits of data. If your digital money is only stored on your local device, you can potentially fraudulently alter that data. If it's also stored with a trusted third-party, that intermediary can verify that no data was manipulated.

This gives the intermediary a lot of power. What if they decide to charge high fees for their verification service? What if they decide to prevent you from transacting, or freeze your account? In an extreme case, they may even trade with your funds.

The alternative offered by blockchain technology eliminates the need for a third-party altogether. It does so by decentralizing the transaction ledger; instead of having one trusted central database, anyone can host their own copy of the database as a node in a network. It is crucial however that all nodes in this network agree on the state of the database. If different nodes have different versions of the database, how do we know which is the correct one? In such a case it would be impossible to know how much money a user has and whether they double-spent it.

Yet, with every transaction the amount of money in users' accounts is updated, and the state of the database changes. How then can all nodes in the network agree on the state? Wouldn't that mean that all nodes will have to agree on which transactions are added to the network and in what order, and do so continuously? Yes. That is exactly what it means.

To facilitate this process, transactions are added to the network in blocks by block proposers. The network must agree on which proposer can add a block at any given time, and it does so using a consensus mechanism. For every new block, each node in the network independently validates the transactions in the block with the use of client software. The software also makes sure that the block proposer followed the network's consensus rules when proposing the block. If all checks out, the block is added to the chain of blocks and propagated throughout the network.

But what happens if, for whatever reason, some nodes end up with a different block at the head of the chain? The network's consensus mechanism must have a built-in set of rules to resolve such issues. Otherwise the chain would split.

Proposers help secure the network by proposing blocks that follow all the rules of the network. To incentivize network security, they are rewarded with newly issued currency from the network. Proposers include this reward in the initial transaction in the block they create. Thus, the initial ("coinbase") transaction in Bitcoin's genesis block included 50 BTC issued to Satoshi Nakamoto.

The reward incentive for securing the network is in fact the linchpin that holds the entire system together. Without an adequate reward there won’t be enough miners (or validators) willing to invest resources or capital in securing the network. And without the public good of network security bad actors can attack the network, and undermine its integrity.

The economics of the reward incentive — or the blockchain’s “monetary policy” — ultimately determines the success of the blockchain. Since rewards to miners or validators cause inflation they reduce the value of the currency. But without incentivizing network security the cryptocurrency would have no value to begin with. The challenge then is to balance incentivizing network security and currency inflation. Which blockchains have the best monetary policies? Perhaps that is up to the market to decide.

* * * * *

Blockchain technology allows people to transact cryptocurrency directly in the network without the need for a third-party, and without the need for centralized authority to control the money. But does this make cryptocurrency a medium of exchange?

Absolutely anything can be considered a medium of exchange if it is used as such. A more interesting question however is whether cryptocurrency is an effective medium of exchange. To be effective the medium of exchange needs to be easy and convenient to transact with, portable, divisible, durable, interchangeable, and reliable. Does cryptocurrency meet all these criteria? The short answer is: it’s a work in progress.

Having a multitude of nodes agree on the state of a network consistently over time is not an easy task. Blockchains have trade-offs in terms of scalability, security and decentralization. Optimizing for any two of these is doable, but requires a compromise on the third property — this is known as the so-called trilemma in blockchains. Of course there are ongoing efforts to improve the tech and increase its capacity.

As blockchains grow and evolve we discover new possibilities with the tech. Over time it became evident that what was possible for monetary transactions can also be done for digital data and for computation.

In 2015 the Ethereum blockchain was launched. It allowed users to not only make peer-to-peer transactions, but also create and interact with application code on the blockchain.

This application code, called Smart Contracts, can be deployed to the blockchain and act as an exposed backend. How is an exposed backend different from a regular backend? When you’re on a typical website you cannot see what algorithms are running in the background to display content on your screen, or what happens on the server-side when you interact with a web page. Even if the website publicly shares the source code for the backend, you still have to trust that it matches what's actually on the server. You cannot see the interaction on the server in realtime, unless you work at the company and have direct access to the server.

But anyone can view the code of any Smart Contract that is deployed to the blockchain. And when a user interacts with a Smart Contract and writes data to it, the transaction is broadcast to the entire network and all can verify its updated state as it happens.

Programmable blockchains allowed developers to create their own “mini-economies,” where digital currency (“tokens”) could be issued, distributed and used based on pre-programmed rules. Since anyone could view the source code of these “mini-economies,” they could trust the system to work per the code. This dynamic has the potential to create new coordination mechanisms and incentive structures that were not possible before.

Of course bad actors could make the Contract’s code convoluted and use it maliciously to defraud users out of their funds. But that is not an issue with the transparency of the system — rather, it’s an issue of users trusting code they don’t fully understand.

In addition to the exposed backend and new tokenomics, the blockchain also allows us to verify that any digital content was not altered over time. How can this be done? Storing large amounts of data on the blockchain is not possible at the moment. That would require every node on the network to have a private data center at home. It is possible however to store a cryptographic hash (about 32 bytes in size) for data of virtually any size.

Since the hash of an input will always be the same, storing the hash on a blockchain makes it possible to determine whether the data was altered. Even if one comma was altered in a digital book, the hash of the altered book will be completely different, and therefore will not match a hash that is stored on the blockchain. The only way to produce the same hash for any digital content is to have an identical version of the content.

And this is finally where individual–public interest alignment comes in. Everything that happens on the blockchain is transparent. It cannot be manipulated by any individual or group, unless the entire blockchain is compromised. Eliminating the need to trust any centralized service provider with digital content storage or online applications allows users to trust the systems and tools built on the blockchain — this is referred to as a "trustless" environment. Adding an economic dimension in this environment allows the creation of new incentives structures, which can lead to novel forms of coordination.

What new forms of coordination does the blockchain allow? Some of the most prominent examples are in the area of public goods funding. The need to fund public goods in the blockchain space stems from much of the blockchain software and on-chain infrastructure being open source. As such, without mechanisms to capture the value of these public goods there will be little progress in advancing the tech and growing the ecosystem. Some of these mechanisms include: Quadratic Funding, Retroactive Funding and Hypercerts.

Quadratic Funding (QF) is an application of quadratic voting. It is designed to optimize the distribution of matching funds in a pool according to the preferences of a community. This is achieved by giving more weight to the number of people who support a cause over the total monetary amount going toward the cause. As an example, a hundred people donating $1 to a public goods project will have significantly more matched funds than if only two people each donated $50 to a project.

By democratizing the fund matching process QF incentivizes small donors to participate and get an outsized influence over which projects get more funding. Meanwhile, large donors get social capital for funding the projects that the community wants to support.

The blockchain adds a layer of transparency to the process. When small donors support projects on-chain, anyone can see the amount that each user is donating to any project. As a result anyone can calculate how the matching funds from larger donors should be distributed among the projects.

Of course much of the same process could be done with a traditional crowdfunding website — just not in a way that is transparent. Small donors would need to trust that the people running the crowdfunding website are honest and will not try to manipulate the voting process. As the amount of funding becomes more significant, the people running the website have a greater incentive to rig the vote. What if one of the projects bribes an employee of the website to change a few numbers in the database? How likely are people to know that anything was changed? With a larger funding pool the community would also have less trust in the process.

Also, since the on-chain process runs automatically, and requires no maintenance (other than running the blockchain itself), no organization needs to take a cut of the funds going toward projects. Crowdfunding websites, on the other hand, tend to take a percentage of the proceeds that go to projects — that is their business model. So unlike traditional crowdfunding, on-chain QF can be trusted by the community and can work efficiently even as it scales.

Yet QF still has its own challenges. The process is transparent in terms of which user address contributes funding to which project. But because of the permissionless nature of blockchains (meaning, the lack of gatekeepers), anyone can create any number of addresses, and there is no obvious way to tell whether one person has multiple on-chain user addresses. A bad actor may therefore use multiple addresses to contribute to the same project, thus manipulating the QF process — this is known as a Sybil Attack. As a result the bad actor’s project would get a large portion of the matched funds, against the preference of the wider community.

There are certain techniques to remedy this situation. These include using some form of identity or personhood verification, matching addresses with social media accounts, relying on multiple types of online presence to authenticate an identity, and so on. At the moment however these techniques seem to make it more difficult or time consuming to create and operate multiple accounts, but they don’t resolve the problem. With advances in AI these techniques will become largely ineffective, as AI bots would easily be able to mimic human behavior online. What’s more, these techniques largely rely on off-chain data and systems, undermining the trustless nature of the system.

There is a bigger issue with Quadratic Funding however. The issue is that it relies on external funding, and not on any feedback loop created by the impact of public goods projects. Having more projects (or more impactful projects) participating in the QF process is unlikely to result in much more funding in the matching pool. Which means that the funding doesn’t scale with increased impact, and the mechanism cannot be self-sustaining. Similarly, there is nothing in the QF mechanism to incentivize community members to seek out the projects that are likely to have the most impact.

Meanwhile, project contributors have similar incentives in QF as content creators on social media; if they want more funding going toward their project, one of the most effective strategies may be focusing on community engagement on social media. Yet, maximizing impact often means putting all the effort on project work, and spending minimal time on social media. After all, isn’t maximizing impact what’s in the public interest?

So while on-chain QF creates a trustless environment for advancing community preferences, it doesn’t quite align individual–public interest; it doesn’t create feedback loops for public goods projects, and therefore doesn’t scale funding in proportion to impact. It also doesn’t incentivize the community or project contributors to focus on impact maximization.

A blockchain coordination mechanism that focuses on the impact of public goods more directly is Retroactive Funding (RF). The concept behind RF is quite simple; since it’s much easier to determine the impact of a public good after the fact instead of predicting expected impact, RF is used to guarantee funding for the most successful public goods projects retroactively — once the impact is already assessed. Guaranteeing funding creates a market for investing in public goods based on their expected impact.

By creating economic incentives to invest in public goods, RF allows projects that otherwise would not have gotten funding to get off the ground. RF doesn’t guarantee that every public goods project that applies to the program will get funded, nor that investors will get a return. It does however create a business model for public goods projects, and these are risks that are inherent in any business venture.

While Retroactive Funding creates a business model that is based on impact, it has similar challenges to QF. One challenge has to do with the distribution of funding. While blockchains make the on-chain process transparent and trustless, it cannot do the same for human decisions. The question then is who decides which projects had the most impact? One approach may be to program the performance indicators into a Smart Contract, and automatically release funding to the project or projects with the highest score on those metrics. The problem with such an approach is that pre-programmed indicators can be gamed. What if a project manages to technically get the highest score yet has no meaningful impact on the community?

A different approach may be to have experts review the impact of the various projects and vote on which projects had the most impact. The trouble here is who selects the experts and how neutral is the process? If a lot of money is involved, how can we guarantee the integrity of the process? The intuition is that the RF mechanism should make the review process decentralized, and therefore trustless. But how can this be achieved? Without a clear approach to decentralized reviews, investors are unlikely to risk their money on RF, making it difficult for the mechanism to scale.

Another reason Retroactive Funding may have difficulty scaling is the issue of feedback loops (or lack thereof). Similar to Quadratic Funding, RF relies on external funding instead of capturing the value of public goods. As we’ve already seen, because the funding doesn’t grow in proportion to the impact created by projects, scaling RF may be a challenge.

Finally, RF leaves a lot of public goods projects behind. The mechanism is designed to reward only the most impactful projects, which means that there may be lots of small projects that collectively have a significant contribution to the community but will get no compensation at all.

How can we then create a market for any public goods project? The mechanism that attempts to achieve this is called hypercerts. Any contributor can create an on-chain certificate representing their work in the form of a non-fungible token (NFT). The certificate has multiple parameters, including the set of contributors doing the work, timeframe, scope of the work and its impact, and rights granted to the owner.

Unlike Quadratic Funding or Retroactive Funding, hypercerts are funding-source agnostic; they don’t specify how the certificates should be funded, but rather create a standard that can be plugged into by various other funding mechanisms. This approach allows incremental development of the protocol. Even if the funding mechanism is not entirely figured out, other aspects of the system can develop and grow in parallel.

One such aspect is in enabling multiple different impact evaluators to rate the work. Allowing independent evaluators helps investors or donors consider which evaluation they can trust the most, or at least have more data points about the impact of a hypercert.

With more impact data hypercerts can gain credibility, and attract donors or institutions who are interested in supporting public goods. With enough critical mass, an impact market can potentially form for hypercerts. There, publicly-minded speculators could buy the certificates with the expectation that their value would increase once the work has tangible impact.

Yet, even here the expectation of a return seems to rely on donors — on an external funding source — rather than on capturing the value of the public good itself. As long as this is the case the protocol will have difficulty scaling. Similarly, while independent evaluators can help solve the credibility aspect of reviewing the impact of work, the incentives for evaluators remain unclear.

Suppose a trusted independent evaluator is used to review hypercerts. Such an evaluator may have high credibility and the process would work well at a certain scale. But what would happen if the system scaled and the number of hypercerts minted by contributors grew exponentially? Who would review all these additional certificates? How will they be compensated (if at all)?

Could evaluators mint hypercerts for the public good they provide for evaluating other hypercerts? Perhaps that is one possible solution, but how well will such a process work? Can evaluators be expected to fairly evaluate a hypercert of one of their own? There is a risk that any evaluator will overvalue such hypercerts with the expectation that others would reciprocate in kind, thus creating perverse incentives among evaluators.

* * * * *

The mechanisms we described so far are by no means an exhaustive list of the coordination tools offered by blockchain technology. In fact, there is active and ongoing research and development of public goods funding mechanisms for programmable blockchains.

And yet, existing on-chain mechanisms for public goods funding tend to have the common challenges we already discussed; lack of feedback loops for public goods, a need for external funding, scaling limitations, and so on.

While efforts continue to find solutions to these challenges, little to no work is being done in the blockchain space for dealing with the other side of the equation: negative externalities.

Programmable blockchains created a new paradigm by combining a trustless environment with code-based economic incentive structures. This paradigm can potentially be used to solve the individual–public interest alignment problem. While the mechanisms proposed so far present promising and innovative approaches to funding public goods, they still fail to offer the solution we need. We still don’t see the breakthrough that would allow us to create effective feedback loops for public goods, and nowhere near a solution for externalities.

But there is an even more troubling aspect to blockchains. The key benefit of blockchain technology is that it allows us to transact and interact trustlessly, and without the need for centralized authority. But what does the blockchain put in place of centralized authority? Who decides the rules and consensus mechanism by which the blockchain operates?

A prevalent argument in the blockchain space is that even though proposers (miners or validators) get rewarded for securing the network and creating blocks, they cannot decide the rules of the blockchain. Instead nodes are the ones who decide the rules of the network. But while blockchain proponents would like to claim that this process is community-driven, the reality is that money interests dominate the system.

Blockchains are by no means democracies. Yet, there is usually a formal process by which changes to the protocol — called “Improvement Proposals” — are proposed, reviewed and implemented. Anyone can propose a change, and as the proposal goes through the process, the community can suggest modifications to it. During the review period various stakeholders in the blockchain (developers, miners, node operators, and so on) can signal their support or opposition to the proposal. At the end of the day the goal is to build a wide consensus in the blockchain to have the change implemented.

But what drives support or opposition to changes in the blockchain protocol? To get an intuition of the dynamics at work we need to consider what happens during a split (“hardfork”) of a blockchain. Let's say that the majority of the coins in a blockchain is held by a handful of individuals, while a smaller portion of the coins is owned by a much larger group. And let’s say that all the wealthy coin holders support a particular improvement proposal, and the wider community opposes it. A hardfork would result in two identical (historic) versions of the blockchain, where one version operates according to the original “old” rules, while the other version follows the new proposed rules.

Right after the split both wealthy holders and the rest of the community would own their coins on both forks of the chain. The value of the coins on the original blockchain remains the same, while coins on the new blockchain still have no value due to lack of trading (no price discovery).So what happens next?

Since wealthy holders value “their” blockchain a lot more than the original chain they would want to sell their coins on the old chain and buy as many coins as they can on the new chain. How many of their coins would they sell? Essentially, wealthy owners would keep selling until they no longer think the chain is overpriced. If they don’t value the old chain at all they would keep selling all their coins regardless of how low the price gets.

A mirror image of this dynamic would occur on the new blockchain; wealthy holders would want to buy every available coin as long as they believe they’re undervalued. Community members who prefer the old chain, on the other hand, would want to sell their new-chain coins. This buying and selling would continue until new equilibrium prices are reached on both chains.

And what will these new equilibria look like? Since most of the wealth has now been transferred from the old chain to the new one, we’d end up with the old chain having a fraction of its previous market cap, and the new chain gaining most of that value.

Miners (or validators) will also take that into account when they decide which chain they would like to secure. Since their decision is primarily driven by financial considerations they would opt for the chain that offers the greater reward value. While both chains may be offering the same amount of coins, coins in the new chain will have greater value, so that is the chain they're likely to secure.

Now presumably community members understand this dynamic well, and don’t want to see the value of their assets plummet and the security of their chain degraded. The same is true for miners (or validators), developers, node operators, and all other stakeholders in the blockchain. They would therefore take this into account when they’re proposing new changes to the blockchain, or when considering proposals by others that potentially disadvantage wealthy holders.

The result is that, arguably, the blockchain replaced a centralized system that is at least partially responsive to public interests with a system that is decentralized but essentially dominated by wealthy and powerful interests — a plutocratic system where those who own most of the wealth can implicitly dictate the rules.

But if that is the case, how likely is such a system to push back against externalities when those benefit powerful interests? And how likely is it to create individual–public interest alignment?

At this point we’ve exhausted all our options. We’ve looked at a market-based approach, at activism, government, philanthropy, and now blockchain technology. While some of these seemed promising, none could effectively solve the problem of individual–public interest alignment. What hope is there then to prevent dystopia? What hope is there to put us on a path toward greater abundance?