Special thanks to Vlad Zamfir for his work in developing many of the ideas behind prediction markets for content curation.

For the past six years, people have been searching to try to find those elusive applications of blockchain technology that could finally break out into the mainstream. For cryptocurrency, the applications are largely already known - though it of course remains to be seen just how well it will be able to retain its advantages as traditional payment systems continue to become more efficient. But what about smart contracts and crypto 2.0? One route that we can take is to simply look where legal contracts are being used today, and see where we can increase efficiencies by “smart-ifying” as many of them as possible. Another route, however, is the Peter Thiel-ian zero-to-one approach: see if it’s possible to use these tools to create industries that currently do not exist. Hence, let us take a detour along that path, and see some of the more underappreciated and interesting applications that smart contracts can provide.

Hashcash meets Proof of Stake

Although proof of work is today known primarily for its function in blockchain consensus algorithms, its original function was in fact something quite different. The first major use of proof of work was Adam Back’s Hashcash, a protocol that tries to fight email spam by making spam emails more expensive to generate. Proof of stake is today similarly best known for its applications in blockchain consensus, and the theory is that because of the way modern proof of stake works - allowing users to put at stake large amounts of economic resources for security without, in the normal case, actually spending them - it could potentially be vastly more efficient. So this leads to an interesting question: can we apply these advantages to make a more efficient version of Hashcash using proof of stake as well?

Let us start by describing the problem. The basic principle behind Hashcash rests on the idea that email today tends to be split into two categories: desirable email (“ham”), which people spend a reasonably large amount of effort writing and which people derive high value from reading, and undesirable email (“spam”), which people normally spend a much smaller amount of effort per email writing and which people derive a negative amount of value from reading. Hence, the theory goes, by attaching a small mandatory cost to each email sent, the “ham” can get through with only slight additional burden, whereas “spam” would be made entirely unprofitable. This “cost” is paid in the form of electricity and computational effort which is used to solve a mathematical puzzle that can be quickly verified by the recipient’s client before showing the email to the recipient.

The problem with this approach is threefold. First, spammers may simply switch to a strategy of spending slightly more effort on each email (eg. spending five seconds of human labor per message to make it more likely to catch the reader’s attention or bypass spam filters), and the threshold of computational work that would be needed to actually stop the majority of spam would be quite large. Second, spammers are more professional and have better access to specialized computer hardware that can quickly and cheaply solve these computational puzzles, so a cost that might be five cents to the ordinary user might only be a tenth of a cent to a spammer. Third, as this now-famous checklist listing flaws in popular proposed solutions to email spam points out, it is considered highly desirable to have a system where “sending email should be free”.

So here is a proof-of-stake alternative. When you send an email, you do not need to compute an expensive computational puzzle; instead, send a transaction to the blockchain which creates a contract containing some amount of money as a security deposit. As part of the email, send a private key to the recipient, which the recipient can submit into the contract to destroy the deposit (or donate it to a standardized charity) if they want to. If the deposit is not destroyed for some number of days, it is refunded to the sender. Note that there would be no gain to the recipient in destroying the deposit - the only motivation to do so would be pure spite. As a result, we get an asymmetry: the average cost for normal people to send an email would be small, because the recipient would only click “Report Spam” in the rare case that they are malicious, but the average cost for spammers would be quite high indeed - and specialized hardware asymmetries would not help spammers one bit.

One could see deposits going as high as a dollar in size, and one can even adopt a graduated scheme: senders can send whatever deposits they want above some minimum, but the level of notification that the recipient sees would depend on the exact amount. If it’s $0.1, then it’s just an email in their mailbox. If it’s $1, then a few phone notifications. If it’s $500, then their phone would ring at maximum volume overriding all other settings - but the sender best be prepared to pay the price if the recipient deems the sender’s intrusion unjustified.

One can create more advanced versions of this scheme that do not require sending a transaction to create a new deposit for each email; one can imagine a scheme where the sender sends out many keys to destroy portions of the same security deposit, alongside signatures saying that those keys are valid, and recipients publish the signatures (but not the keys!) to a Whisper-like channel allowing them to quickly sample and make sure that a particular deposit is not “over-subscribed” with destruction keys (one precise mechanism for doing this is to only treat signatures containing an index from 1 to N as valid, and add a rule that states that two signatures with the same index can be submitted to destroy the entire deposit with 10% transferred to the submitter; hence, one can be fairly sure that at most N signatures for that deposit exist). This would reduce the transaction load to roughly something like one transaction per email sender per year. In any case, smart contracts offer near-infinite room for creativity in optimizing the details.

Prediction Markets and Reddit

One of the largest debates in online communities like Reddit is the question of exactly how much centralized moderation is justified. One view is that the very power of the internet comes in large part from its egalitarian decentralized nature, and the fact that no single party has a higher class of authority than any other. Some people may be more influential than others, but (i) that is a difference of degree and not a categorical distinction of class, and (ii) it is fundamentally the audience’s choice to be influenced. The other view is that without centralized moderation, communities inevitably collapse into mediocrity and chaos of the undesirable kind; essentially, Eternal September, and so having a small number of users ultimately in charge is, as is in many places the case, a “necessary evil”.

In practice, community voting moderation is quite powerful, but the centralist view also seems to have some merit. Although comments that a community does not want to see do eventually get voted down, at least on Reddit specifically the process takes time, and there is still a period of one or two hours during which such content remains on the front page. Within a voting framework, to some extent this is unavoidable: if it was possible for a barrage of downvotes to very quickly remove content from the front page, that itself would turn into a censorship vector for vocal minorities. However, what if there was a third way to solve this problem, by using our favorite governance mechanism: prediction markets?

Prediction markets have so far, including by myself, often been introduced as a governance mechanism that could one day be employed for very large-scale decisions: whether or not we should bail out the banks, hire or fire a particular CEO, or enter a particular trade agreement. However, perhaps it might be better to introduce prediction markets into the world as a tool for decisions which are far more small-scale and non-threatening - perhaps on the scale of hundreds or tens of dollars, or even ten cents.

One could imagine a design that works as follows. Rather than simply being votes, upvotes and downvotes to a comment on a hypothetical PredictionReddit would be bets on a prediction market specific to that comment. The prediction market would be seeded by a mandatory bet that would need to be made by the person making the comment that their comment will be accepted as good; from there, upvotes and downvotes would shift the “price” of the market depending on how people vote. 99% of the time, the market would have no effect except that comments with high prices would be shown more prominently on the interface; the remaining 1% of the time, however, the comment would be submitted to a meta-moderation panel, which would vote on whether the comment is good or bad (or perhaps some score in between), and the participants in the prediction market would be compensated appropriately based on how well they predicted this score.

The meta-moderation panel could in principle be quite large; potentially every single participant in the community could be included, provided an effective anti-sybil mechanism was in place. Even a SchellingCoin oracle could be used. It also does not have to be the case that 99% of markets are discarded; one could instead have a model where all markets are processed, but only a small portion of the meta-moderation panel sees each individual post; the number of people need only be large enough that they cannot practically collude for the purpose of insider trading the prediction markets. Another alternative is to have the size or probability of meta-moderation be proportional to the volume of the market, so that the posts that receive the most attention are the ones where the stakes are highest. In any case, this particular means of combining Reddit and cryptocurrency seems at least a bit more promising than simply integrating the ability to express condolences for someone’s death by micro-tipping their relatives three cents.

In principle, either of these two models could be extended quite a bit: imagine ads that are more expensive to maintain the more annoying they are to viewers, or a decentralized search engine where anyone can “plug in” their ranking algorithms by participating in the prediction markets, and profiting only if the algorithms are effective. Oleg Andreev’s 2-of-2 escrow could be augmented with a reputation system via a prediction market on the probability that the escrow deposit will be destroyed or payment delayed. Just remember, security deposits and prediction markets are essentially equivalent: a prediction market is a security deposit where anyone can challenge and require a higher deposit in response, and anyone else can back the original depositor up, and a security deposit is a prediction market where one particular party is forced to make a mandatory bet.

Perhaps this is a large part of the potential of what crypto 2.0 technology can offer: bring the internet from simple information technologies to economic information technologies that could potentially radically increase efficiencies, at least in a few sectors of the digital economy, by using incentives to more cleverly elicit the information that we all individually have. In any case, let’s build these tools and find out.