Merged mining is likely to have significant implications for the competitive situation between rival cryptocurrencies (“coins”) like Bitcoin. It can boost the security level of a new entrant coin by parasitically using the hashing power of incumbent coins to secure its own blockchain.
Unless incumbent coins can prevent their blockchains from being used as parent chains, we may through a race to the bottom of mining rewards see the security of all blockchain based coins be vastly reduced, unless there are persistent distinguishing features between them such as caused by strong network effects.
How Merged Mining Works
Merged mining works by devising a protocol for the auxiliary coin which accepts proof-of-work done on the blockchain of the parent coin as valid proof-of-work on its own blockchain.
This is done by injecting a hash of a block from the auxiliary chain into a new block of the parent chain – and then hashing the parent block until it is solved at the level of difficulty required by the auxiliary chain.
(For more detail see the following discussion, which also contains an excellent outline by Isaac Kriegman of the race-to-the-bottom scenario, which we address below).
Why Merged Mining Exists
Merged mining has already been implemented in the Namecoin protocol (a blockchain based system for allocating scarce names, including .bit domain names):
Miners can simultaneously work on securing both the Bitcoin and Namecoin blockchains; without burning any more money computational resources.
The benefit to Namecoin is that the security of its blockchain is increased because of its parasitic use of Bitcoin hashing, effectively increasing the Namecoin beyond what it would have been on its own.
Note that Bitcoin does not support merged mining, but this is not necessary for it to be used by Namecoin this way.
Lower Entry Barriers
Merged mining reduces the barriers to entry. Without it every new entrant would need to generate enough dedicated mining interest in its own currency to secure its blockchain.
By enabling merged mining a new entrant can quickly ramp up hash rates. All that needs to be done is convincing existing miners of the parent coin(s) to patch their mining software. This is an easy sell because there is no extra cost involved for the miner, but (s)he starts getting rewards in more than one currency.
Enhanced Security Scenario
Intuitively merged mining should increase the security of auxiliary blockchains, leave the security of the parent blockchains unchanged and therefore increase the overall security of coins collectively.
However this rests on the assumption that the incentives of miners to mine the host coins are unaffected by the possibility for merged mining, and this is not the case in certain scenarios.
If auxiliary and parent coins are competing for the same demand, then auxiliary coins can undercut the parent coins by reducing seigniorage and/or transaction fees – effectively increasing the total supply of coins while at the same time reducing the economic incentives to mine, since the price of coins will decrease as there is no corresponding increase in demand for coins.
Further auxiliary coins can be set up to merge-mine in a race to the bottom in terms of paying rewards to miners.
If coin demand is driven primarily by use as a medium of exchange *and* there are no significant network effects associated with a particular coin, which individuates it, *then* the coins can be regarded as (near) perfect substitutes and demand for a particular coin among the alternatives is a function of its transaction cost and the transaction costs of rival coins.
A race to reduce transaction fees to pick up medium-of-exchange demand, reduces the incentives to mine, in turn reducing the amount of mining that is done and reducing the security of all blockchains.
Hence coins exposed to merged mining (like Bitcoin) may face a significant security problem.
A defence could be if there are network effects preventing rival coins from being close substitutes. Then there is a switching cost associated with using a new entrant coin, and demand will not respond as strongly to the lower transaction fees it can offer.
Another defence could be that the coin’s protocol is modified to prevent it becoming a parent coin for merged mining. At the moment it is the ability to inject arbitrary data into the coinbase transaction which makes it open to merged mining.
Beyond Merged Mining: Logarithmic vs Growth Coins
In the very interesting post ‘The Marginal Cost of Cryptocurrency’, Robert Sams argues that coins with a logarithmic money supply growth, like Bitcoin, may be at a competitive disadvantage against rival coins, which are designed to be close substitutes, *if* transaction costs are the main demand driver, and the main source of demand is for medium-of-exchange purposes.
This is because log-coins effectively subsidise existing holders of the coin by reducing money supply growth, thereby necessitating an increase in transaction fees to provide mining incentives.
Hence even if there is an implementable technical solution to prevent Bitcoin from acting as a merged-mining parent currency, a lot seems to suggest that its ability to maintain its market share will depend on the network effects associated with it.. More on that very shortly.