Bitcoin on motherboard

More proof that UTXO is superior to account-based systems

This post originally appeared on ZeMing M. Gao’s website, and we republished with permission from the author. Read the full piece here.

The biggest structural and elemental difference between Bitcoin and Ethereum is that the former uses Unspent Transaction Output (UTXO) while the latter uses an account-based model.

UTXO is like cash, in that every bill or coin is independent from each other. As long as a dollar bill itself is authentic, the validity of a transfer is absolute and not contingent upon a separate accounting1.

(Note [1]: Bitcoin is better than cash. Unlike physical cash, bitcoin has traceability while still protects privacy. See Anonymity and Privacy. If bitcoin is treated as fungible, tracing according to the law is possible even when multiple inputs are mixed and multiple outputs are generated in each transaction. This is an advantage when it comes to asset management and legal compliance. See Taproot: Building a mixer.)

In contrast, account-based system is like bank credit money. Parties recognize the nominal validity of the credit, but a transaction is not settled until all accounts in the system have been reconciled.

UTXO has been proven superior to account based system in almost all aspects. It is a mystery why the inventor of Ethereum chose an account-based system when the UTXO in Bitcoin had already been proved for a while. Vitalik Buterin wanted a world computer that has virtual machines running smart contracts. But he was told, wrongfully, that Bitcoin could not do smart contracts nor virtual machines partly due to its UTXO mechanism. That was his starting presumption. Further given his lack of understanding of economics and monetary system at the time, and coders tend to think in terms of accounts, account-based probably seemed natural, if not inevitable.

In fact till today most people even developers still don’t realize how unfortunate that choice was. It has made Ethereum fundamentally unscalable (if you are hoping layer 2 will solve scalability, see more discussions below, and also please read: Layer 2 solutions, and More on L2 solutions.)

But up until now, many had believed that Ethereum’s account-based system did have one advantage over Bitcoin’s UTXO in token implementations, thanks to its built-in token tracing and authentication capability. Bitcoin’s token origin verification solution is less straightforward. Although the native tokens, i.e., satoshis, are inherently traced back to its original coin base award transaction, other tokens on the Bitcoin blockchain require some extra effort to be traced.

Solving the Back-to-Genesis (B2G) problem

On Bitcoin blockchain that uses UTXO, if the recipient of a token requires not only the validity of the current transfer but also the validity of the entire history traced back to the very first transaction in which the token was issued, the recipient may need to rely on some third-party service to prove it.

This is called Back-to-Genesis (B2G). The native token bitcoin itself does not have this issue, because the on-chain validation by the mining nodes inherently provides B2G verification. Also, if the token is an L2 type like Tokenized which by design already uses an off-chain service for token issuance and administration, B2G verification can also be provided by such service as an oracle that is already in the system. But if a token is L1 or L0 type, B2G is a nontrivial issue because it may require an oracle, and many consider introducing an oracle not ideal (but this does not mean L1 and L0 tokens are inferior to L2 tokens; it just makes their “no oracle” claim somewhat less solid).

Regardless, B2G is where Ethereum has so far had a cleaner solution than Bitcoin.

Recently, nChain and sCrypt solved the Back-to-Genesis (B2G) problem beautifully and efficiently. See Solving Back-to-Genesis Using a Transaction Chain Proof and Scalable Peer to Peer Tokens on Bitcoin.

The solution is beautiful as well as important. This is more proof that Bitcoin’s UTXO is superior to Ethereum, or any account-based system for that matter, due to its fundamentally more efficacious design.

B2G proof is the only thing in which account-based seemed to have an advantage over UTXO. Now even that is gone.

Because the information needed to derive the knowledge required by B2G is there with UTXO, it’s only a matter of figuring out an efficient way to compute for the needed knowledge. A method previously proposed by sCrypt already worked, but it carried a cumulative data size baggage. Now, using recursive zk-SNARKs, nChain and sCrypt gave the world a perfect solution.

The essence of the new method is, instead of carrying the entire cumulative data needed for computing B2G in every transaction in a chain, it only computes and passes down a very small “proof data” from transaction to transaction in the chain. The “proof data” is not only small in size, but more importantly does not increase as the number of transactions increases.

Besides, both the computation and transmission of the “proof” are strictly within the nature of UTXO (meaning parallelizable), can be truly Peer-to-Peer, even offline, and are compatible with Simplified Payment Verification (SPV).

The only economic burden added by the method is computing the proofs which are algorithm-based and mathematical in nature. The computation of proofs can be done off-chain by users, wallets, or a third party service provider, all off-chain, while the mining nodes carry on the regular on-chain verifications which are cheaper by orders of magnitude.

Importantly, because the proof is purely mathematical and verifiable without trust, using a third party to compute the proofs does not introduce an intermediary that requires trust. For example, when the method is applied to a L1 token, it does not change the on-chain nature of the token because the computation of proofs does not introduce an intermediary that requires trust, nor does it form a new network that has its own network security vulnerabilities like many L2 solutions do.

From an abstract viewpoint, it is not surprising that the B2G problem has a beautiful solution like this, because the information needed for B2G is certainly there in the chain of a UTXO. An account-based system does not have more information than UTXO. It just has B2G built-in, whether users need it or not. But this is a disadvantage not an advantage.

Ethereum supporters will ask, “why is Ethereum’s doing built-in B2G a disadvantage when the newest B2G solution for Bitcoin requires extra computation?” It may sound like a logical question, but it is based on a wrong premise. Specifically, this question assumes that Ethereum does not do computation for its built-in B2G. The truth is the opposite. Not only must Ethereum do computation for its built-in B2G, in fact it does it in the least inefficient way, requiring all accounts reconciliation at the same time by the entire system, regardless of whether users need it or not, or who may need it and who may not. Altogether, it’s done in the system as a base operation, and the system users pay a price. Ever wonder why Ethereum gas is so expensive?

UTXO is superior to account-based

With the only supposed advantage gone, the shortcoming of the count-based model has become even clearer and more exposed. B2G is only one more proof. The difference between the two systems are broad and fundamental.

It’s like two different languages for expressing the same amount of information, except one (account-based) makes a superficially easy-to-understand expression at a price of losing alphabets, the most elemental language building blocks, while the other (UTXO) starts with speaking primitives only with the building blocks, but leaves more advanced and specific expressions open for users to create freely, independently, when they need to and to the extent they need it to be.

Fundamentally, if one considers UTXOs as the primitives, all knowledge that is related to an account can be derived from the primitives, and an unlimited number of constructs can be made using the primitives. The independence of UTXOs from each other makes it possible for the system to have both parallelization of computation and flexibility of work load distribution. This is “genetic” superiority over an account-based system which is always a high-level “expression” without independent primitives. That is Bitcoin (not BTC, but the one that is designed by Satoshi).

One important manifestation of the price Ethereum pays for its account-based design is losing computational parallelization, while Bitcoin has inherent parallelization, which is the key for its unbounded scalability2.

(Note [2], in this respect, BTC, an artificially distorted implementation of Bitcoin, does not scale, but that is for a different reason. See, BTC and BSV, what is the real difference?)

Freedom vs. control, and market economy vs. planned economy

In a broader sense, the difference between UTXO and account based is one that is between free-market economy and socialism planned economy. The former is all about efficiency, freedom, and unfettered individual creativity, but the latter is all about control.

This too, is not surprising, considering the inventor of Bitcoin and the inventor of Ethereum’s different ideological beliefs and different understandings of economics.

This opens up an even broader question of economics:

Should the system be ruled by the market, or the market by the system?

If your system is the economic organization of the whole society, we have had in the past 150 years a history of two ideologies battling each other. The battle continues today, but not because the latter has shown any proof of efficacy3, but because many people are hardbound to that ideology and won’t give up trying. It is human nature.

(Note [3] Given that all socialism systems have failed miserably, and the last big socialism system, China, achieved economic success by keeping socialism in name but in reality promoting a market economy even more unregulated than that of the US, this seems hard to dispute.)

But if your system is a technological structure like blockchain, the battle started 14 years ago, and is only deepening.

Therefore, before one gives a good part of one’s life to a system, it is probably advisable to think about underlying philosophies and ideologies and pick a side based on your belief.

Further considerations

(1) You don’t place all the cargo in one huge container and make the entire system to carry the burden all the time and everywhere. But that’s exactly what the account-based Ethereum does with its mining nodes and validators, resulting in a vastly less efficient system than Bitcoin.

(2) Furthermore, you should place the workload and the need for flexibility on entities that actually benefit from the implementation (such as wallets or service providers, not mining nodes), so that the whole ecosystem does not have to bear the burden when only some users need the result. This is common sense flexibility in distribution, but the cat-based model like Ethereum deprives the system’s ability to do that, by design.

(3) But to make it even worse, ultimately, human experience tells us that the parties that are in power but are unduly burdened in a system always figures out a way out by cheating while maintaining an appearance of fairness. Lo and behold, Ethereum is going PoS, you should know the real reason, and the inevitable result.

See Proof-of-Work (PoW) is the Only Way to Prevent Corruption

(4) You only compute for a knowledge when you need the specific knowledge, rather than always compute it throughout the system whether you need it or not. This is again common sense, but Ethereum makes it impossible due to its account-based design, because being account-based means everything is connected and you can’t compute only a part of it and be able to determine the state of all accounts.

(5) Most importantly, you must have parallelization in order to scale. When it comes to scalability, it is a more than just an advantage. It is fundamental and imperative.

(6) So you’re hoping that sharding would solve the problem. It won’t. It’s easy to create 1 million small ethereums using sharding that each work separately, but it is a whole different matter to create a scalable Ethereum consisted of just 1000 shards that must perfectly synchronize together to make a giant account-based system work. And the level of difficulties, complexity and vulnerability increases exponentially with the number of shards. Ultimately, it won’t work, because the world needs unbounded scalability (see The layer 1 scalability), and Ethereum can’t have unlimited number of shards.

(7) And if you are setting your hope on layer 2 solutions on Ethereum, please read: Layer 2 solutions, and More on L2 solutions.

A call for Ethereum developers:

It is time to go back to UTXO, and go all the way to Bitcoin (BSV, not BTC). The original Bitcoin blockchain (not BTC) designed by its inventor Satoshi Nakamoto has unbounded scalability and extremely low transaction cost (already below $0.0001 and going even lower), has full smart contract and tokenization capabilities, can host any Ethereum application at a transaction cost tens of thousand times lower, and ready to be integrated with IPv6 to become part of the New Internet with IoV.

Migration has been made easy using a Transpiler that converts Solidity to Bitcoin scripts automatically. The innovative Transpiler makes the refactoring many times easier than re-coding.

Scientifically, there is no room for an account-based system like Ethereum to exist when the UTXO-based Bitcoin has proven to be scalable (not BTC). Tthe latest work by nChain and sCrypt is more proof.

The present market share is not scientific proof.

It is time to acknowledge that Ethereum was a foundational mistake.

Watch: The BSV Global Blockchain Convention panel, The Future World with Blockchain

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.