Research-incentivizing cryptocurrencies


Note: I’m probably going to remove this article if I ever get around to actually writing a blog. I’ve only put it on so that my blog has some other tangible piece of content. If you read it and you actually end up liking it, feel free to shoot me an email. If you don’t like it, well…


The concept of using blockchain technology to reward useful computations, i.e. research-incentivizing cryptocurrencies, is not a new idea. There seem to have been four attempts, all of which either integrate the useful work as a proof of work scheme, or read data from an oracle which tracks the useful work done, then use the data to generate cryptocurrency and distribute it accordingly.

Pre-requisite knowledge


Oracles are sources of data that provide data to a blockchain but are not part of the blockchain themselves. The oracles used by the cryptocurrencies in this document are the Folding@home and BOINC distributed computing networks. In both, users can join teams and have their work counted as part of that team. To determine rewards, research-incentivizing cryptocurrencies have users join their team, then compare individual user work to the work of the team as a whole.


Folding@home is a distributed computing project which simulates protein folding, among other things, to aid in disease research. It is known for being one of the world’s fastest computing systems, as well as for pioneering the use of GPUs for scientific computing. It is the oracle used by Foldingcoin and Curecoin.


The Berkeley Open Infrastructure for Network Computing, or BOINC, is a platform for running distributed computing projects such as Rosetta@home, SETI@home, etc. It is the oracle used by Gridcoin.

BOINC users have a unique identifier called a Cross Platform ID (CPID), which identifies them across BOINC projects. BOINC compute work is tracked by two metrics, total credit and Recent Average Credit (RAC). Total credit is the total amount work done for the network, while RAC is the average amount of work done per day.

Coins vs. tokens

In this document, a coin is a cryptocurrency that is directly given out as a reward from a blockchain protocol, while a token is a cryptocurrency that is created by software operating on top of a blockchain. In other words, coins are money, while tokens are something handed out for a specific use, like a stock or an arcade ticket.

Proof of Work

At the heart of every blockchain is its consensus algorithm: the scheme it uses to ensure that every participant agrees that the same blocks are made up of the same data and chained together in the same way. Proof of work is the original cryptocurrency consensus scheme, and is used directly by Primecoin and indirectly by Foldingcoin. In essence, it works as follows:

  • Transactions on the blockchain are grouped together into blocks
  • Blocks are used to generate problems to be solved that, according to this StackExchange post, have the following properties:
    • Solutions are difficult to compute but easy to verify
    • Difficulty of finding solutions is precisely quantifiable
    • Solutions are provably inseparable from the block they secure
  • To verify blocks, blockchain users solve these problems, which is known as mining
  • The first user to successfully mine a block announces the solution to the entire network and is rewarded with cryptocurrency

Each successive block refers to the previous block and creates a chain of blocks, hence the term “blockchain”. Although there can be multiple blockchains, the correct one is the one that has had the most work put into it, which is why solution difficulty has to be quantifiable.

It is possible for there to be splits in the chain, but one split should eventually win out over the other in terms of work done and become the correct chain.

The rewards granted for mining create an incentive to secure the blockchain, while the difficulty of finding solutions makes it infeasible to attack the blockchain, as one would require the computing power necessary to remake the entire blockchain and overpower every other miner to do so.

Although it is a tried and true, perfectly good algorithm, it is weak early on to 51% attacks. A 51% attack is a scenario where an attacker controls the majority of mining power and as a result is able to make fraudulent transactions and invalidate legitimate ones. In addition, performing difficult compute work consumes a lot of electricity, which is typically not used for any purpose but securing the blockchain. An alternative method, known as proof of stake, aims to solve these problems.

2.4 Proof of Stake

It is no accident that two of the three coins in this document both make use of a proof of stake scheme for their blockchains. The advantages are very compelling: from an investment perspective, establishment as a full-fledged coin rather than a token defined in some smart contract running somewhere lends a degree of legitimacy to it. In the event that the oracle is ever taken offline or otherwise rendered unusable, the coin is still a perfectly usable proof of stake cryptocurrency.

From a technical perspective, proof of stake systems do not rely on difficult computations, allowing users to use resources that would otherwise be for maintaining the blockchain to, for example, do useful computations. In addition, taking an existing proof of stake implementation (e.g. Peercoin, Blackcoin) and building on top of it saves a considerable amount of effort, as the work has already been done for the most important part of the blockchain, the consensus algorithm.

2.4.1 Explanation

What is proof of stake? Proof of stake is an alternative blockchain consensus algorithm which differs significantly from proof of work. In proof of stake, blocks in the blockchain are not mined, but created or minted by parties who hold the coin.

Coin holders who stake their coins (put some amount into escrow) to be able to participate in the block minting process are called validators. Typically, a validator’s staked coins are destroyed if the validator acts maliciously. The percentage of blocks they are able to mint is based on how many coins they hold (e.g. someone holding 1% of all the coins is able to mine 1% of the blockchain’s blocks). To not put a hard limit on network growth, this is implemented by making it so that the chance a validator will be selected to mint a block is proportional to how many coins they hold.

By limiting mining based on stake in the network rather than by solving hard math problems, less electricity is required to maintain the network, and it is more resistant to 51% attacks. Because a 51% attack on a proof of stake blockchain would require owning 51% of the coins, there is a strong economic deterrent against behaving maliciously, as this would hurt the attacker more than anyone else.

There are two well-known types of proof of stake system: chain-based and Byzantine Fault Tolerant (BFT). In chain-based proof of stake, a validator is selected every set time interval to create a new block. The new block must point to some previous block, which is typically the block at the end of the longest chain. Eventually, most blocks will converge into a single main chain.

In BFT proof of stake, validators are selected completely at random to propose new blocks to mint. Agreeing to add proposed blocks to the blockchain is done by multiple rounds of voting by every validator, one round per proposed block. At the end of the process, all honest and online validators will have conclusively decided on what blocks should be added to the blockchain.

2.4.2 Problems

There are several problems which are brought up when discussing proof of stake systems. Below are three prevalent ones.

The most commonly mentioned problem is known as the nothing at stake problem. The nothing at stake problem occurs when there are little or no downsides to staking on multiple chains. If this the case, then there is no reason for validators to not validate on every chain to increase the chance of getting a reward. If multiple chains come into conflict by growing to the same length, the blockchain will be unable to reach consensus.

A problem that appears in proof of stake literature but is not especially well-explained is the long range attack. In a long range attack, an attacker collects old wallets, then remakes the blockchain from many blocks back in the chain using the coins that would be in them at that point in the blockchain. Even if the attacker does not collect 100% of the coins in the old chain, they are still able to mine very quickly due to the computational ease of proof of stake mining and their being the only validator on the network.

Although these problems appear to have been mostly solved or mitigated in modern proof of stake systems, there is a fundamental problem known as subjectivity. It essentially boils down to the fact that there is typically no way to figure out which chain is the correct one among conflicting blockchains, so when new network nodes come online, they have to be told what the correct chain is by a trusted source. This undermines the trust-less nature of public blockchains.

3. List of research-incentivizing cryptocurrencies

Research-incentivizing cryptocurrencies have also been referred to as “Proof of Useful Work” cryptocurrencies. However, “Proof of Useful Work” also includes currencies like PermaCoin, Sia and Storj, which fulfill the specific niche of incentivizing file storage rather than scientific computing. Below is a list of all current research-incentivizing cryptocurrencies.

3.1 Primecoin (XPM)

Released in 2013, Primecoin was the first research-incentivizing cryptocurrency. It uses a proof of work algorithm which searches for chains of prime numbers. In this regard, it is unique among the cryptocurrencies of its kind.

3.2 Foldingcoin (FLDC)

Released in 2014, Foldingcoin is a Counterparty-based token. Counterparty is a platform for financial applications which extends Bitcoin with smart contract functionality facilitated by its own token, XCP. Foldingcoin distributes FLDC to users contributing to Folding@home according to a pre-determined schedule. They have an arrangement with Curecoin where Folding@home work can be used to earn both currencies simultaneously. Every 900 days, the amount of FLDC distributed is halved.

Only one billion FLDC tokens will ever be created. Of these tokens, 100 million is reserved for the Foldingcoin developers, while the remaining 900 million will be distributed.

3.3 Curecoin (CURE)

Also released in 2014, Curecoin (CURE) is a hybrid proof of work/proof of stake cryptocurrency that, in addition to distributing CURE through proof of stake validation, distributes CURE for doing two separate kinds of computational work: contributing to Folding@home, and proof of work mining (which appears to be to accommodate ASIC mining devices).

Roughly 76% of CURE is distributed to folders, and 19% to validators/miners. The remaining ~5% is distributed to the developers and people who originally crowdfunded the project.

3.4 Gridcoin (GRC)

Although originally released in 2013, the Gridcoin implementation in use today was actually released in 2014. It is a proof of stake cryptocurrency that has an especially developed and nuanced (or simply especially well-documented) system for distributing GRC which attempts to balance the rewards for maintaining the blockchain and contributing to BOINC.

3.4.1 Proof of Research

Proof of research is what Gridcoin calls its system for rewarding BOINC computation work. The amount of coins distributed under the proof of research system varies based on how many validators are helping to secure the blockchain.

To participate, contributing users send a beacon containing their CPID to the chain to indicate that they are doing BOINC work. This beacon costs a nominal amount of GRC to send, and must be sent every 6 months. Once per day the Gridcoin network collects active beacons and BOINC data and publishes this data, in a process referred to as “creating a superblock”. Users are paid according to a “magnitude” factor, which is determined based on the following:

  • Miner RAC compared to total RAC
  • Total number of BOINC projects supported by Gridcoin
  • Time since last superblock creation
  • “Magnitude unit”, which is the parameter that adjusts coin distribution based on the number of validators on the network


From the perspective of simplicity, Primecoin and Foldingcoin win out. Primecoin’s proof of work and useful computation are one and the same, so there are no additional components. Foldingcoin appears to be little more than a smart contract that monitors a website from time to time and mints tokens accordingly.

From the perspective of quality of execution, Gridcoin and Primecoin win out. Both cryptocurrencies efficiently put electricity that would otherwise be used solely to secure blockchains to good use, Primecoin for the aforementioned reason and Gridcoin because it uses purely proof of stake consensus which requires relatively little electricity to sustain. They also have the most active communities, respectively. Curecoin and Foldingcoin lose out in the electricity regard as Curecoin relies on a hybrid proof of work and proof of stake system, while Foldingcoin relies on Bitcoin. They also have small communities.

From the above, it would seem like Primecoin is the ideal research-incentivizing cryptocurrency to emulate. However, this is not the case. This is because there are very few research problems that meet the criteria to be proof of work problems.

As a result, Gridcoin’s approach is the most generally applicable. Although it is relatively complicated, it efficiently directs computing resources towards useful ends lacking proof of work scheme properties while preventing the loss of its oracle from being an existential hazard. It also combines its consensus and research mechanisms to the fullest degree. As such, it is an excellent cryptocurrency to use as a model.

June 27, 2018