Bankless - 134 - Ethereum Uncensored with Justin Drake
Episode Date: August 29, 2022✨ DEBRIEF ✨ | Ryan & David's Unfiltered Thoughts on the Episode: https://shows.banklesshq.com/p/debrief-ethereum-unsensored With Tornado Cash sanctioning news making waves, the crypto community ...is asking a big question: Is censorship on Ethereum possible? We brought on Ethereum researcher Justin Drake to explore this question in detail. Establishing and preserving censorship resistance is possibly the most important challenge faced by the Ethereum. Covering deep topics like weak vs strong censorship, user-activated soft forks, Justin takes us down what is perhaps our most important rabbit hole yet. ------ 📣 Chainlink | Register for SmartCon 2022 with promo code “BANKLESS” https://bankless.cc/smartcon ------ 🚀 SUBSCRIBE TO NEWSLETTER: https://newsletter.banklesshq.com/ 🎙️ SUBSCRIBE TO PODCAST: http://podcast.banklesshq.com/ ------ BANKLESS SPONSOR TOOLS: 🌱 LENS | ACCESS CODE: MERGE (only valid for 24 hours!) https://bankless.cc/Lens 🚀 ROCKET POOL | ETH STAKING https://bankless.cc/RocketPool ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🦁 BRAVE | THE BROWSER NATIVE WALLET https://bankless.cc/Brave 🌉 JUNO | BRIDGE FIAT TO LAYER 2 https://bankless.cc/Juno ⚡️ ZKSYNC | THE LAYER 2 SCALING ENDGAME https://bankless.cc/zkSync ------ Topics Covered: 0:00 Intro 6:00 Justin Drake Returns 8:45 What is Censorship Resistance? 13:00 Censorship in Crypto 15:25 Weak vs Strong Censorship 21:25 Ethereum Today 26:35 The Ethereum Nation 31:12 Why This Matters 35:25 Preventing Weak Censorship 42:55 Light Clients 46:26 Proposers and Builders 52:50 Enforcing Transactions 59:24 The Mempool 1:03:45 The Weak Censorship Endgame 1:10:00 Preventing Strong Censorship 1:15:00 Diversity 1:20:00 Activist Staking 1:26:25 A Recovery Scenario 1:33:40 Social Fork 1:40:40 A Forking Deterrent 1:44:45 The Human Shield 1:50:45 Property Rights 2:01:00 The Strong Censorship Endgame 2:05:00 The Broader Context 2:10:56 Justin’s Confidence ------ Resources: Justin Drake https://twitter.com/drakefjustin Flashbots Episode https://youtu.be/xex9WVmVfbg Justin Drake Episodes https://youtu.be/1m12zgJ42dI https://youtu.be/dHpAC0m8Rkk https://youtu.be/FQTZSb3Rc9I https://youtu.be/bWqhn1hXvVc Solo Staking https://www.reddit.com/r/ethstaker/ https://rocketpool.net/ Crypto Lobby Groups https://gitcoin.co/coincenter https://www.defieducationfund.org/ https://gitcoin.co/grants/3974/electronic-frontier-foundation ----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.
Transcript
Discussion (0)
Welcome to bankless, where we explore the frontier of internet money and internet finance.
This is how to get started, how to get better, how to front run the opportunity.
This is Ryan Sean Adams.
I'm here with David Hoffman, and we're here to help you become more bankless.
Guys, fantastic episode today, timely episode, uncensored Ethereum.
The topic is censorship on Ethereum.
Is it possible?
We brought on Justin Drake, who is one of Ethereum's top researchers to answer this question in detail.
of how hard is it to actually censor Ethereum?
A few benefits and takeaways for you today.
Number one, is Ethereum really censorship resistant?
We asked Justin this question.
We find out where the weak points actually are.
Number two, how do we preserve censorship resistance in Ethereum in the future?
Justin talks about the roadmap towards doing this.
He's bullish.
Number three, weak censorship versus strong censorship.
This is an essential mental model that Justin gives us for,
trying to understand censorship on Ethereum and how it can occur.
And number four, how the community can censor the sensors.
This is the nuclear option.
We talk about a social fork near the end and what this would mean and how it would play out
and the dynamics behind it.
David, this was a fantastic episode.
Not the first time we've had Justin Drake on.
Of course, he was on for our ultrasound money episodes, moon math, cryptography.
There's a lot of other episodes we'll include in the show note details.
But I don't know. This is one of my favorites, I guess, you know, because we get into a topic that we haven't really explored. And it is actually linked to the ultrasound money topic because ultrasound money does rest on Ethereum being censorship resistant. We talk about that too. What were your thoughts?
Yeah, of course, good money requires, you know, censorship resistance. You can't have money being a system that only works for some people. You have to have money that works for all people. And that also goes with a very good.
financial system. So, you know, there are these core properties of what makes good money and good
finance. And at the start of a long list of properties that makes up these things come censorship
resistance. So in order to have ultrasound money, you must have ultra censorship resistant Ethereum.
And so that's really the topic of today's show with Justin. And every time we have Justin on,
we get down to what really feels like the basement of crypto economics or crypto primitives. And so
it's why everyone feels so educated when they come out of a Justin Drake podcast is Professor Drake.
Professor Drake. Yeah, we really get down to the bottom of things. And we do it in a very thorough way.
These are long episodes because we cover absolutely everything. And so I feel very educated coming out of this.
And I think just the big takeaway here is I'm reading this book, Ryan, called The Code Book. And it's just a history of ciphers and cryptography before cryptography was really about just like codes.
And it talks about this arm's race between code breakers and code writers.
And inevitably, the pendulum generally shifts towards the defenders, as in the code writers.
And this is what cryptography has really instantiated ever since we, like, invented it in the 60s and 70s, is that the power always shifts to the defenders.
It's just a matter of can the defenders come up with the mechanisms to keep themselves in power?
And with blockchains and public key cryptography, we have these.
tools to put so much power in the hand of the defenders. And what that means is the individual,
the people who are trying to remain censorship resistant and free from oppression. And so this is a line
that Justin uses in the podcast is that we have the core primitives to always put power in the
hand of the defenders. And it's just about getting that power to everyone. And so this is a podcast
that explores how we enable everyone in the world to become censorship resistant in money and
finance. So listen to this episode with Professor Drake, and you tell us, do you think Ethereum
can maintain its censorship resistance over the decades to come? Of course, premium subscribers.
If you are a bankless premium subscriber, make sure you stick around after the show for the
debrief. That's David and I's opportunity to talk about the show that was. It's our raw,
unfiltered thoughts to the bankless nation. We've got some thoughts on this episode. It was technically
a very difficult episode to do. If you were not a bankless premium member, go clear.
click that link and upgrade and you can get access to that podcast as well. Well, let's get right
into it with Justin. But before we do, we want to thank the sponsors that made this episode possible.
Juno is bringing crypto-friendly banking straight into your checking account. With Juno, you can send
money from your Juno checking account straight onto a layer two like Polygon, optimism, Arbitrum,
and they have ZK Sync and StarkNet support on their way. You can skip the ACH wait times. You can skip
all the gas fees and go straight from your checking count to an Ethereum layer two,
in seconds. Inside Juneau, you can buy and sell crypto with zero dollar fees, and your Juno checking
account comes with a metal master card that gives you up to 5% cashback on your spending.
Juneau is also giving you $10 cash back on your first crypto deposit and $100 when you set up a
direct deposit. This ad just writes itself, so go sign up at juno.finance slash bankless.
Lens Protocol is an open source tech stack for building decentralized social media
applications. It is the new era for social media. We all have toxic relationships with our
web two apps. We want to break up with them.
but we can't. These applications own our digital lives and all the relationships that we've made.
We need to break through to a new paradigm of social networking applications that we control
rather than them controlling us. Lens isn't a social media app. It's a protocol to let a
thousand web three social apps bloom. Lens is a permissionless and transparent social
graph that is owned by the user. In crypto, we say not your keys, not your crypto, and on Lens,
we say not your keys, not your profile. With Lens, your followers go with you to whatever social
media application you want to use. And instead of being trapped by an algorithm chosen by that app,
Lens lets you choose the way you want to experience your social media.
Lens is the last social media handle that you'll ever need to create.
So in order to get started, there is a secret code word in the show notes.
Enter that code word in the Google Forum links,
and you'll be well on your way to entering the world of Web3 social.
The Brave browser is the user-first browser for the Web3 internet,
with over 60 million monthly active users.
And inside the Brave browser, you'll find the Brave wallet,
the secure multi-chain crypto wallet built right into the browser.
Web3 is freedom from big tech and Wall Street.
more control and better privacy, but there's a weak point in Web3, your crypto wallet.
And most crypto wallets are browser extensions, which can easily be spoofed.
But the Brave wallet is different.
No extensions are required, which gives Brave browser an extra level of security versus other
wallets.
Brave wallet is your secure passport for the possibilities of Web3 and supports multiple chains,
including Ethereum and Solana.
You can even buy crypto directly inside the wallet with RAMP.
And of course, you can store, send, and swap your crypto assets, manage your NFTs,
and connect to other wallets and defy apps.
So whether you're new to crypto or you're a season pro, it's time to ditch those risky extensions,
and it's time to switch to the Brave wallet. Download Brave at brave.com slash bankless and click the wallet icon
to get started. Bankless Nation, we are super excited to be joined once again by Justin Drake. He is a researcher
at the Ethereum Foundation. You might know him as the guy who originally explained ultrasound money
to all of us, legendary episode, that on the bankless feed. But of course, you can't have
ultrasound money without censorship resistance. That's got to be a core property of any sound money.
That's what we're going to talk about today. Gold, of course, can't be censored. That's why it's been held
up as sound money throughout the ages. And our sound money currencies have to be cryptocurrencies,
have to be censorship resistant to. And now, as we introduced Justin, of course, there's recent talk
that Ethereum can be censored. It's been in the headlines lately. There's talk that proof of stake is a vector
for increased Ethereum censorship, that all it takes is a government agency to sanction a few addresses,
and Ethereum censorship resistance will be brought to its knees. That is the topic we're going to
discuss with Justin today. Justin, welcome back to bankless. Thanks for having me. So here's what I think
people want to know. I know we're going to come about these questions from a very bottom-up approach
and base principles approach, but I'm going to just set this out for the listener. I think what people
want to know is how hard is it to censor Ethereum today? How can we design Ethereum to make that
harder, more censorship resistant? And how does all this compare to other cryptocurrencies? So we're
going to get into all of those questions, not sequentially, but that is the thrust in the theme of
this episode. Justin, you ready to dig in? Let's do it. Okay, why don't we start with some
foundations, the basics here? Why is censorship resistance an important topic in crypto? And what is
it. Right. So censorship resistance is this idea that transactions that are valid and paying
transaction fees should get included on chain. And, you know, one of the reasons why it's important is
because of this kind of memetic chain. Basically, censorship resistance is required for credible
neutrality. Credible neutrality is required for legitimacy and legitimacy is required for monetary premium.
And monetary premium is required.
It has actual utility because it leads to economic security with staking.
And it also leads to economic bandwidth when you start using EF as collateral money in the context of DFI.
And so if you start, you know, attacking or weakening your sensory resistance, then everything starts to crumble apart.
And if no longer can fulfill its mission of being the settlement layer for the instance of
value because you need trillions of dollars of economic security and you need trillions of dollars
of economic bandwidth. And you can only get that with censorship resistance. So how core is it to
Ethereum values then and the promise of Ethereum, right? Is censorship resistance one of the
central principles, the pillars of Ethereum? Or is it sort of a secondary feature, a benefit? We can kind of
take it or leave it. Right. So the way that I think of it is as a pillar to credible neutrality. And
there's kind of three pillars to credible neutrality, one the censorship resistance.
The other one is actually scalability.
And the reason is if you want a platform, which is going to be the sentiment layer for the
end of the value, it can't just cater for the 1%, the rich.
It needs to be, you know, credibly neutral to the whole world.
And that's something we're working on.
And then the third pillar to credible neutrality is full programmability, basically
during completeness.
Because once you've reached that escape velocity,
with programmability, you can cater for any application without any bias within the context of
the internet of value. You're not programming in a very specific application with all sorts
of unintended consequences down the line. And obviously, Ephraim has the third pillar of
credible neutrality. We're working on the second one, which is scalability. And I think it has a
huge head start on the first one, which is sensitive resistance. And I think that really illustrates
It's why this concept of censorship or censorship resistance in the crypto space is core to the ethos of this whole entire experiment.
The through line I hear between all of those three pillars is something like inclusion or accessibility, where if we generate a crypto system, a blockchain that only includes the people that can pay for the most expensive transactions, then we are discluding the rest of the world.
And then the rest of the world will reject that system because they're forced.
to. They can't participate in that. So that system is not inclusive of them. And when we talk about
censorship resistance, we're really talking about, is everyone included? And if we have two competing
systems, like two versions of Ethereum, and one is including more people than the other,
the version of Ethereum that includes more people is going to be adopted and considered legitimate
by the world. And so I really think this inclusion idea is really, really important to run
through as we talk about censorship resistance. Is that a fair shelling point to focus on, Justin?
Exactly. And it can be summarized in two words, equal access. Certainly. Can we talk about just let's
define censorship. What does two censor mean inside of the context of crypto? Right. So censorship can be
hard to define because, you know, you might want to take the perspective of the censor. But it turns out
that in Ethereum specifically, we have an extremely clean definition, which I call economic censorship.
And one of the nice things about this definition is that it doesn't involve any humans.
It just looks at open and free and efficient markets.
And basically it states that if you have a transaction, which is valid and which is paying the base fee,
and it can be included in the next block, meaning that the next block is going to have some unused gas,
then if it's not included in that next block, it's being economically censored.
So there's no kind of economic reason for someone to be censoring a transaction,
a purely rational actor who wants to maximize fees will include that transaction because it's
a valid fee-paying transaction.
And there is block space available.
And the reason why I'd say it's unique to Ethereum is because we have EIP-1559.
And one of the things that EIP-1559 gives us is this idea of a dynamic block size.
So we have a gas limit, which is two times the gas.
target. So the gas target is 15 million gas. The gas limit is 30 million gas. And what that means in
practice is that the vast majority of blocks have unused gas. And so if you're seeing simultaneously two
things, one, unused gas and two, a transaction which is pending in the mempool and could have been
consuming this unused gas, then you have kind of a mechanism to detect the censorship. And so what you're
saying is that there is an objective way to see if there is censorship or not. This is not like,
oh, I feel like I'm being censored. Like, no, no, no. Like there is like a binary outcome of like,
yes, this is censorship versus no, this is not censorship. Exactly. And it's something that,
you know, machines can detect. Is there censorship? Yes or no. And it's something that we can set up,
you know, alert for. So if there is censorship, then everyone within the community can get alerted,
very, very quickly through automatic notifications.
How does it feel for a user to be economically censored?
What is the user experience of that?
And I'm imagining a few things.
So if you're censored, let's say, I want to send some eth or a token to a censored address.
I can never complete that transaction.
Validators, miners, never pick it up because my transaction is being censored.
Is that one way a user might experience it?
maybe another way is I can't complete a transaction on this censored DAP or this set of smart
contracts because the miners or the validators never actually process it. Is that how a user would
experience it or put us in the shoes of a user and tell us what censorship looks like at that level?
Right. So it turns out that there's two very different types of censorship.
Type one is what I call weak censorship. Is this idea that transactions,
do get included on chain, but they get included with a delay. And the reason is because some of the
blocks, a fraction of the blocks, are not including that transaction. And so let's just take a few
examples. Let's imagine, for example, that 90% of the blocks are censoring. That means that your
average block time is going to grow from one slot to 10 slots. Your perceived average block time,
right? Well, no, the actual, like, average block time. Like, the time it takes for your transaction
to get included on chain.
I guess I should call it inclusion time,
not actual block time.
Sure. Okay, cool.
So the inclusion time will be 10 slots,
which is 120 seconds, which is two minutes.
And so, you know, it's a UX degradation.
You know, it's not too bad in the sense
that it's still five times faster than Bitcoin,
which has 10 minutes average block times,
but it's still not ideal.
And then there's this other form of censorship,
which is strong censorship.
And this is the really, really bad stuff,
is when your transaction just never,
gets included on chain. And this, instead of being rooted in block proposals, which are censoring,
it's actually rooted in attestations. And it's a form of 51% attack where the economic majority
is through attestations, effectively, completely censoring certain types of transactions from going
on chain. And here, you know, it's much worse than the UX degradation. It could be like just
the total inability to use a specific type of contract, for example.
So let's say you have deposited, you know, some EF or some other asset in a smart contract
and you're censored from being able to withdraw, you know, you've effectively lost your money.
That could be one of the worst cases from the point of view of a user.
Wow, I didn't even think about that possibility.
Justin, can you define attestations?
I think that might be a new word for listeners.
How do we fit this idea of attestations into previously existing models that listeners?
might have. Right. So Ethereum today, the proof of work Ethereum and Bitcoin bundle two separate
roles. They bundle proposing and attesting. Now, on the beacon chain, we've separated this role.
So we have two roles, the proposers and the attestors. What the proposers do is that they include
blocks on chain. Okay, fairly simple. What the attesters do is that they will basically vote for what
they think is the tip of the chain. And so they participate in the fork choice rule. And so if you have
a majority of attestors that are voting for a specific chain, then that will be the dominant one.
It will win the fork choice rule. And so what the attesters can do is basically only vote
on blocks that don't contain a certain type of transaction, thereby completely and utterly
filtering out this type of transaction from its firm itself. So if we are living,
in a paradigm where Ethereum has fallen victim to censorship. We are perhaps like a proposer
proposes a transaction that has a bunch of tornado cash transactions in it. The attesters
won't attest to that block. And they say that is not the chain tip. That's not the longest
version of the blockchain. It's actually something else. And that something else is a version of
Ethereum that doesn't have any tornado cash transactions in it. Is that how we should think about
this? Exactly. The attesters could basically ignore blocks
and often blocks that contain certain type of transactions.
And back to your link, right?
So if we lose that property of Ethereum, which is censorship resistance,
we collapse one of the core pillars of credible neutrality.
Credible neutrality, of course, is the thing that is backing the ultrasound ETH,
which backs all of the security of Ethereum.
So you can see very quickly why censorship resistance is so important.
And I wanted to get this into listeners' brain,
because we're going to spend a lot of the episode talking about these two forms of censorship
that Justin laid out for us, and it probably bears repeating.
So we've got weak censorship, and that's kind of like a delayed inclusion of censored transactions.
The weak form of censorship is you just get a delay, and maybe instead of it taking minutes,
it could take hours or something to that effect.
Call it partial, call it temporary, or like block-based censorship.
And then the other part, we have the stronger form of censorship,
Justin aptly named strong censorship. So this is censored transactions that never, ever get included
on chain. And I think we're going to talk a lot about these two forms of censorship in the rest of
this episode. But before we do, we've got a few other high-level things to cover. One question I have
in the back of my mind, Justin, is like, I think what we're talking about here is the censorship
resistance of Ethereum, the protocol itself. We don't care so much.
about the app layer on top of Ethereum, or even like the exchanges themselves, that is beyond
the scope of the censorship resistance of Ethereum sort of conversation. So, for instance,
a centralized exchange like Coinbase or Crackin or Binance, it's kind of out of scope of
Ethereum. We sort of expect them to censor and abide by nation-state jurisdictions.
we also expect some of our apps on the app layer of Ethereum to be censored in one degree or another,
AMLKYC, all sorts of various ways.
Is that true?
Are we mainly talking about the scope of this as the protocol level and Ethereum itself
and block production, everything that happens at that level?
Yeah, exactly.
We're thinking about the censorship resistance of the layer one.
And it is true that things that fall outside of the Ethereum jurisdiction,
outside of the Ethereum network state,
well, they don't have to follow our rules, and that's fine.
But I think the trajectory that we're moving towards
is basically the scope of the Ethereum nation state
just keeps on growing week after week after week,
and things like centralized exchanges become decentralized exchanges,
things like centralized domain names like dot com become decentralized domain names,
and one by one, the Ethereum nation state
with its own self-sovereignty and its own jurisdiction,
is growing its territory.
It also does appear like censorship resistance, somewhat like decentralization,
is a spectrum, and you can have more or less censorship resistance.
Would you agree with that characteristic and how censorship resistant would you say Ethereum is today?
So, you know, a score out of 10.
Are we hitting like a 6, a 7, an 8?
I assume we're not 10 because nothing is 10, like 10 is perfection.
but like give us a sense for how well Ethereum ranks on that score and whether it is indeed a spectrum.
Right. So I guess for weak censorship, it can be a spectrum because it basically depends on the fraction of blocks that are basically censoring.
I don't know what the number is because we haven't really seen much censorship. Actually, we have seen Ether Mine sensor sandwiches, for example.
and actually it's possible that we have seen EtherMine also censor some tornado cash transactions.
I don't know what the share of EtherMine is, but I guess it's irrelevant, right?
Because they will be moving to proof of stake and it kind of unclear what it will be.
But if I were to put forward a guess, I'd say less than 50% of blocks would be censoring.
And so your average block time is only the worst case going to double.
So it's going to go from 12 seconds to 24 seconds.
So it's a fairly minor degradation in UX.
On the other hand, the strong censorship is very much black and white.
And the good news is that, you know, as far as I can tell, there's no entity out there, you know,
that is, you know, credibly threatening to somehow attack Ethereum with strong censorship.
And so that hasn't been a concern in the short term.
I don't think it will be concerned in the medium term, but we still need to be prepared for the worst case scenario.
And I guess this is what this discussion is about.
out just making sure that even in the worst case, we are prepared for strong censorship.
And there's two pieces of good news here, both on the weak and the strong censorship.
On the weak censorship, we have technology, at least at the research stage, which can essentially
fully eliminate weak censorship.
So what that means is that not only will transactions get included, but all of them will
get included in a timely manner without delay.
And in terms of the strong censorship, we're also in a position of power.
And this is a heuristic that we have in cryptography.
In cryptography, the defenders are in a position of power.
And this is a heuristic that extends to crypto-economics.
Even for strong censorship, we are in a position to build crypto-economic systems,
both in code that automate actions, but both also at the social layer.
And one of the interesting things about the strong censorship is that it does require some level of involvement from the social layer.
And so the exercise becomes, how can we minimize that involvement and to the maximum extent possible, try and automate the process of recovering from these 51% attacks?
Justin, I really liked what you said about Ethereum as a nation and having censorship resistance as like one of our laws.
the Ethereum Protocol is extra jurisdictional from other nation states. And what we're really concerned about here and why this has been such a big conversation is that with this OFAC ruling of Tornado Cash, we're seeing the laws of a nation state imparts its values upon Ethereum. And that is really chipping away at the self-sovereignty of the Ethereum Protocol. But what we're saying here, what you're saying here is that, no, Ethereum as a nation has its own value. You
its own laws that are independent and sovereign from other nation states. And we actually have the
tools and mechanisms in like ready to go, maybe not today, but soon, TM, to enthrine Ethereum's
values of censorship resistance at the protocol level. Is that a fair way of describing this?
Exactly. Weak censorship, we can fully solve with just technology. And so that can be something
of the past where every transaction can be included in a timely manner.
And similar thing with strong censorship, we can be in a position where technology brings us to a point where the involvement of the social layer to recover from 51% attacks is actually fairly minimal.
And Justin, I just want to do this one more time defining strong and weak censorship, just one last model to really get this into listeners' heads.
And also, I want to check my own reasoning on this.
Weak censorship happens above the protocol layer, right?
we have these defy front ends that can prevent somebody from accessing them selectively.
We have things like infura or alchemy that can restrict certain transactions that go through
their nodes. There are other ways that, you know, different parts of this technological stack
above Ethereum can pick and choose to not include transactions or to include them. And so all of that
censorship happens above the Ethereum protocol. And that's what we're calling weak censorship.
And then there's actual censorship at the protocol level, at the Ethereum protocol, and that's
what we're calling strong censorship.
Is this a good way to define these things?
Yeah.
So I guess one thing worth mentioning for weak censorship is that there's actually several
types of participants.
There's the interfaces, which are far from the layer one.
And then there's kind of the builders, which are maybe slightly closer to the layer one.
And then you have the actual proposers, which are basically validators, layer one participants.
So for weak censorship, you do have a spectrum.
And part of the strategy that we're taking is to try and enshrine more and more of the block building process into layer one.
And so, for example, with enshrined PBS, builders have more of a native role.
But philosophically, I do agree with you that with weak censorship, you know, you could argue that it's not a theorem itself that is censoring.
Instead, it's individual participants in their own, you know, nation.
state jurisdictions that are doing the censorship.
On the other hand, for strong censorship,
when you do get to this critical threshold of 50% of the attestations,
then yes, you can argue that Ethereum itself is censoring.
And the reason is that the amalgation of all these individual participants,
which might be subject to the constraints of their own jurisdictions,
as an aggregate, they now have control over the machine consensus,
and they can control Ethereum at this machine consensus level.
And the reason why I specify machine is because there's actually two layers to consensus.
One is the machine layer consensus, and the other one is the social consensus.
And even though the machine layer consensus could be compromised,
that doesn't mean that the social layer has to be compromised.
And this is where the social layer can come in and basically do a reboot, a recovery of the machine consensus.
All right. So I think one last thing before we get into you, the details of how to fix both strong and
and weak censorship. We want to address some of the crypto critics who are listening to this,
maybe it's their first time. And they're asking themselves, okay, so why are the crypto people so
obsessed with censorship resistance in the first place? Like, aren't in the majority of cases,
aren't we censoring North Korea? Aren't we censoring the bad guys? Aren't we censoring the Russian
oligarchs? My take on this, and the case for credible neutrality is, we want to partake
in a system where if we were not the rule setter, we would still be fine partaking in that
system. So it's one thing if America is censoring, you know, North Korea or other bad actors,
terrorists, Russian oligarchs. But what if China was in control of the theory of networked?
And they started censoring NBA players who were speaking out against Hong Kong, for instance.
What if Russia was in charge and just started censoring U.S. politicians who were not
supportive of their geopolitical actions. You could see why credible neutrality is a desirable
property, even at the nation state level, because they want to all collectively participate in a system
where no one geopolitically can bend the rules. That's what we have with protocols like TCIP
and the internet right now, pre-kind of balkanization of the internet. That's why censorship resistance
is a desirable property, because it has no geopolitical bias. It doesn't make a decision as to whether
this group of actors should be censored or that group of actors should be censors.
It just says if you have an ethadress and you can pay the gas fee, then you get your transaction
through. And what we are saying is the crypto people believe this is actually a good property
to have and will lead to beneficial things for humanity, more coordination, fewer wars,
like, you know, kind of a crypto utopia, or at least like vestiges of that and hopes for
that. What would you guys say about that defense of censorship resistance and credible
neutrality. Is that why we support it? Yeah, I would agree with this. One of the things that I'd say
is that, you know, if Bitcoin is Swiss banking, then Ethereum is all of Switzerland, right? Like,
the product that we're giving here is secure block space and one of the properties of being secure
is being censorship resistant. And we don't want to lose the self-sovereignty. We don't want to
become a U.S. chain or an EU chain or a China chain. And one of the reasons is that we want
credible World War III resistance. We want
Ephraim to survive even the most extreme of human situations.
And in order to get there, we need to have immunity from nation states.
We want Ephem to be a public good, not a private good, which is owned by some external
jurisdiction. I guess another thing worth mentioning is around permissionlessness.
If you have censorship, then now you basically
basically as an innovator, you need to ask for permission from the sensor.
And I think one of the big selling points of Ethereum is that it's a magnet for talent.
And why is it a magnet for talent?
It's because people feel like they can go build infrastructure on Ethereum and it's going
to last for decades and centuries.
And this is in stark contrast to APIs like Facebook's API or Twitter's API,
which is known to have this inherent platform risk.
You know, one day from another, you've built this multibular,
billion dollar business on top of Facebook and they just rug you by censoring the APIs.
And so if we want to attract to the best and brightest, we need to have this strong,
credible permissionlessness to it as well.
So Justin, let's go ahead and start to get into some solutions that we have in the Ethereum
ecosystem for some of these various flavors of censorship.
And we'll start with weak censorship first and talk about all the mechanisms that we have
to prevent and eliminate weak censorship.
And then we'll go to strong censorship later.
But just to recap, weak censorship is, there's many different vectors of censorship here because of this tech stack.
There's website front ends. There's RPC endpoint providers like Inferra or Alchemy. We have individual block proposers or block builders.
And this weak censorship would look like you make a transaction to tornado cash and you have to wait a few extra blocks to get your transaction in.
Maybe you have to pay a little bit of a higher gas. Maybe it's just a little bit more difficult to use Ethereum.
And then there are some other second order consequences for weak censorship as well.
And maybe we can go into those.
But overall, like, how would you say what are the mechanisms that Ethereum has at its disposal to prevent weak censorship?
Right.
So because this block production pipeline is quite complicated, I guess it's maybe worth going through the participants one by one.
And I'd say it's kind of easy to deal with the so-called secondary participants that play a fairly minor role.
So let's start with the searches.
Like, searchers are, you know, participants who will basically create these so-called bundles of transactions.
And basically, their job involves inserting and reordering transactions into small bundles.
You know, they do things like arbitrage and sandwiches.
You know, their job is not about filtering or censoring.
So searches are not to worry.
We can't move on.
I guess the next type of participant would be the relays.
And here, the good news is that relays are a temporary feature.
thing with Mev Boost. Once we have so-called enshrined proposer build a separation, enshrined PBS,
we no longer have the relays. And so what might be a short-term sensitive vector won't be
in the long term. And realistically, you know, we'd be looking at, let's say, 18 months, you know,
after the merge, at least for enshrined PBS to come in, but, you know, it can be prioritized if
necessary. So just to pause really quick there, Justin, with respect to, because we just did an
episode with flashb on MEV. Bankless listeners can go back in kind of the RSS feed to go look at.
But what you're saying is from a relays perspective, once we have protocol builder separation
enshrined in the protocol, then relays are no longer a vector for censorship. But that change is coming
maybe not next hard fork, but the hard fork after, let's call it, which could be.
like, you know, 18 months plus away. And so in that window of time, we do have a censorship vector
for relays. But longer term, you're not concerned about it because of critical builder separation.
That's already on the roadmap. We have a defined solution to that. We just need to implement it.
Am I getting that correct? That's correct. And there's another piece of good news is that for the relays,
we benefit from what's called an honest or non-censoring minority. We just need one or a few
relays to be non-censoring, and that's enough. And the reason is that it gives the option to
proposers who don't want to censor to be using these non-censoring relays. And one of the events
that happened recently with flashbots is that they open-sourced their relays. And so that gives
anyone in the world the ability to just spin up a server and not have the censorship as part
of the relay node. Interesting. Okay. Okay, so let's continue.
So go on to the next part of the stack?
Yeah, sure.
So that would be interfaces.
And, you know, I'm thinking here things like Metamask and Ave.
So the reality is that today the interfaces are, you know, largely centralized.
But the good news is that there is a very clear roadmap towards decentralizing these front ends.
So if you take Metamask, for example, really what we want to be having is an in-browser-like client.
So instead of having to go through RPC endpoints, which is operated by inferior,
we have our own like client running within our browser or on our computer,
and then we're not subject to the censorship.
And the good news here is that proof of stake like clients are significantly simpler
to build than proof of work like clients.
So assuming that this was kind of a friction point for Metamask in the past,
post-merge, you know, I guess there should be really.
reasonable expectation that Metamask will move towards like clients.
Another thing with front-ends is around the domains and the hosting.
So we have ENS domains.
They don't have perfect integration, but we have more and more integrations,
sometimes native to browsers.
And over time, I expect that more and more browsers will have native integrations with
ENS and that there won't be censorship there.
You can also use IPFS for the static,
content. And you can also combine that with Falkoin, whereby you're in the position to pay to make
sure that the data, which is on IPFS, is served reliably. And in terms of the dynamic content,
this is more ambitious than static content, but there are projects like the graph, for example,
that have this ambition to process and index Web3 and do so in a decentralized fashion so that
you don't have censorship.
And I think what will happen is that basically there will be incremental improvements
to decentralization for these front ends over time.
Okay, so from the front end perspective, the interfaces perspective,
the Ethereum solution would be we've got light clients for something like Metamask.
And then we have also something like ENS for domain names.
And then we have decentralized storage providers like IPFS and Filecoin.
And so all of these are being worked on.
And also from a data indexing perspective, we have solutions like the graph.
And you think through this kind of cocktail of solutions, we can be in a much better place
from an interface perspective to not be decentralized.
You know, I've also seen some teams like Uniswap, for example, basically open source their
entire front end.
So someone else could run it.
So you could run this in a, you know, maybe a different jurisdiction without the same
censorship issues. Does that help solve it as well? Yeah, exactly. And I think there's actually
maybe an opportunity for a doubt to come forward and curate and maintain this decentralized set
of front ends, most of which are open source. And so, as you said, it's very easy to copy
and just remove the censorship. Justin, for the listeners, can we just quickly clarify what a
light client is? My mental model for light clients is that you are able to create a
version of Ethereum that's like native to your computer, kind of like running your own node,
but it's a lot faster, a lot lighter, hence the name, Light Clients. And instead of having to
call Inferra or Alchemy to ask what is the state of Ethereum and also can you
broadcast my transaction, you can get a light client spun up in your browser pretty damn quickly
that allows for you to have your own like sovereign vision of the Ethereum chain and being
able to broadcast your own transactions. Is that a fair definition for like clients or what would
you add to that? Exactly. So there's kind of two components to a like client. The first one is
figuring out what the tip of the chain is. And here for proof of stake, we have what I call
sync committees. And the reason they call sync committees is that they help you sync up to the chain
as a light client. And this is ultra lightweight in the sense that you have to download a few
aggregated BLS signatures, verify them, and then you're kind of synced up to the head of the
chain. The other aspect of
like clients once you are aware
of the head is to basically
make queries. So like clients have
the ability to
read the full
state of Ethereum and make arbitrary
queries, at least fairly simple
queries. And so they can ask
for example,
was my transaction included?
Yes or no. If it was included,
how much gas did I pay?
Et cetera, et cetera. And the way that
you do that is by asking
other full nodes that are willing to serve these like-client queries. So instead of making
requests to inferior, you could make a request to any full node that is accepting of like-quant
queries. And so long as you have a few non-censoring full nodes that are answering these queries,
then you have censorship resistance. So this concept of routing around is now coming to mind.
And just to recap where we are thus far, if we have a centralized front end that is
censoring our transactions, we can route around that censoring front end with alternative front
ends using something like IPFS or ENS names or a front end that is in a different jurisdiction.
Another centralized front end, but it's outside of the United States, for example.
And famously, of course, there's like seemingly hundreds of different ways of accessing uniswap
through other centralized front ends. And you'll call it Zappers, Zerion, you know, pick your
interbase, or you could actually go to the IPFS version of the Uniswap front end.
And so if the Uniswap front end is banning you, there are many, many different ways to route around that front end.
And so that's one way to get around censorship.
And now what we're talking about with RPC endpoints, so things like the centralization and possible censorship vectors of Infura or Alchemy or Metamask,
we can route around having to be dependent on those centralized node providers if they are censoring because we have this technology called light clients that makes it trivially easy to access the parts of it.
Ethereum that you need to access in order to do your defy things like Uniswap or, you know, tornado cash or
whatever. And so we have these different mechanisms for routing around both the centralized front end,
but then also the stack behind that, which is inferior or alchemy or these MPRPC providers with
things like light clients. Justin, let's keep on going down the stack a little bit deeper to
proposers and builders, people that actually put our transactions into blocks. How do we get around
potential censorship from these parties? Right. So the builders,
are the brains in the sense that they order transactions optimally so that they maximize
the value of the block, they maximize the transaction fees and the MEV. And so if we want to
defend against builders, one very low-tech solution is what I call altruistic self-building.
It's this idea that you build your own blocks. For example, you use the naive block building
strategy, which is to just order the transactions in the mempool decreasing by tip. The big downside
of self-building is that you have to reduce your income as a self-building proposer. So there is a bit of a
financial sacrifice. But we only need a fairly small number of outright-stick proposers,
for example, 10% in order for the UX to be good enough, even in the case where every single
builder is censoring or every single relay. And the good news is that we have thousands of
Ethereum nodes that are operated altruistically, you know, even at a loss. And there's some
voices in the community, for example, superfiz that are actively advocating for self-building.
And so I think that we can expect some number of validators, myself included, to be altruistic
self-building. And it might actually be a rational thing to self-built, right? Because you're improving
censorship resistance and credible neutrality, which therefore leads to improved monetary premium,
which therefore leads to your if, you know, being worth more, which is something that you want as a validator.
And of course, the builders are those that are actually ordering the transactions.
They're not the ones that are proposing them for inclusion.
Those that are proposing them for inclusion, those are more of the validators.
Can we talk about that group?
How do we protect against proposer centralization or validator centralization?
Right.
So this is where MEV smoothing comes in.
So the idea of MEV smoothing, by the way, it comes from MEV research and there's a lot of intersections between like weak censorship resistance and MEV and all the tools that we've built for MEV apply here.
So the idea of MEV smoothing is that as a proposer, you have very little choice.
You either accept the top paying bid from the builders or you don't get to engage.
include the block at all. So it's a very binary thing where you don't get any discretion. You're
basically reducing the role of proposing in a single slot to one bit. Either you pick the top paying
block or you don't, in which case you lose all the MEV and all the tips and all the rewards
associated with that block. And the way that it works is basically the attestors are only going
to attest to the block that you're proposing if they observe it to be the most economically
paying block. And so that's basically one way to remove the power that the proposers have.
And then there's another piece of technology, which is known as censorship resistance lists
or CR lists. You know, maybe there's some better names, for example, transaction inclusion
lists or padding transactions. And the idea here is that it's a
mechanism to fight against the builders without having to incur a financial loss. And the way that it
works is that as a proposer, I am going to put forward some transactions that I think are being
censored. And these transactions must be included in blocks that are not full. So basically,
you're constraining the builder to build blocks that must include these transactions if these
blocks are not full. And as we know, most of the blocks with EIP-1559 are not full. Roughly 80% of the
blocks have at least one million gas, which is unused. And if you want to have all the blocks being
completely full, then the base fee will kind of rise exponentially, and then eventually there will be
blocks that are not full. So this is a way basically for proposers to simultaneously,
have the benefits of proposer build the separation, basically have the maximum income that you can get,
while at the same time being able to force through some transactions that you believe are being censored.
And so at this point in the stack, we're pretty deep in the weak censorship part of Ethereum.
So like we're much deeper than front ends. We're well deeper than like inferior.
And so now we're at the point of like the mempool. And we're starting to talk about mechanisms.
that force block proposers and block producers to include transactions that are in a list
into the actual blockchain. Can we go through, how does it actually become forced? It's like,
how does that enforcement happen of block proposers must include these transactions in this
CR list, this censorship resistant list? How does that happen? Right. So the way that it works
is that before the slot of the proposer, the proposer, the proposal, the proposal
has the opportunity to advertise transactions that they think are being censored. And basically,
it's a constraint to the builders. And the proposals are basically saying, please build blocks
with this constraint that you must include these transactions. If you don't include these
transactions, then your block is not even valid and won't make it on chain. So basically, it's a way
for proposers to impose some sort of preference over the builders as opposed to the
the builders just nilly-willy being able to impose whatever policy that they want on the chain.
So the reason why we came up with these, you know, transaction inclusion lists is because, you know,
we were worried about a scenario where the building market becomes extremely centralized.
You know, that might be like a handful of block builders.
And the reason that the block building market could become centralized is because it's very sophisticated.
You might need an army of PhDs and a lot of fancy algorithms and lots of computational resources to build these optimal blocks.
And so basically we wanted to design a release valve for the proposers, which we assume some fraction are going to be wanting to not censor to force through these transactions by constraining what these builders can do.
And so listeners who read my article not too long ago titled like the Ethereum Watershed will be familiar.
with this flow, but it's a very specific flow of transaction inclusion in the future Ethereum.
And Justin's already talked about the idea of searchers, and that's where this flow starts.
You have MEV searchers that bundle up a bunch of transactions into a bundle.
Then you have block builders who add all these bundles together to build a block.
And that makes it really easy for block proposers who are also called Ethereum Stakers.
These are the same people.
Block proposers and Ethereum stakers or ethelidators are the same people, same name.
And so the idea here is that we are worried that block builders, the people that construct a block
that make block construction very easy for proposers because they're doing all of this work
of ordering transactions on behalf of the ETH stakers.
What we're worried about is that that activity becomes very professionalized and not really
accessible.
And again, accessibility is another core primitive that we want to have instantiated into
the values of Ethereum.
And so what we're saying here with this CR list is that the proposers actually go back to the block builders and say, hey, when you are building me a block, you've got to include all of these transactions or else I'm not going to propose it. And so it puts the power into the hands of the eth stakers who are designed as an entity, as a cohort of people to be much more decentralized than block builders. And so we have the possibility of solo stakers, you know, you just run your own nodes, stake your own 32 eth. And these people,
have the power over perhaps centralized block builders and say, hey, it's great that you can build me
blocks, but you've got to build me blocks with these transactions in it or else I'm not going to
accept that block. And that's how we have this forcing mechanism to ensure that all transactions
ultimately get included into the blockchain because we're putting power into the hands of a more
decentralized set of the Ethereum like blockchain supply chain. Is that a good summary, Justin?
Yeah, good summary. Yes. Now, I'm still a little bit confused on MEV smoothing. How does
MEV smoothing kind of fit into this flow? And what's the mechanism behind that? And what does that do?
Right. So the idea of MEV smoothing is to try and have some sort of perfectly efficient market
and remove the discretion that proposers might have, right? Because proposers always have,
at least today, they have the option to have their blocks be built by censoring builders.
So in almost the same way that censorship resistance lists work where they say, Builder, please include these transactions, the proposers can say, hey, builder, please don't include these transactions.
So basically, this technology of constraining the builder is a neutral technology that can be used in either way.
And so what we want to do, instead of having proposers have this discretionary power, we want to remove this discretionary power.
And the way we do that is that we ask the attestors to observe the block building market.
So what is the block building market?
Basically, you have a bunch of builders who at every slot produce a block header, and that header contains a bid.
So this bid is how much the proposal will get if the block header gets included on chain.
And so basically what we're asking attestors to do.
do is to find the top paying bid and only attest if the proposal has included that top paying bid.
And so in a way, what we're doing here is that we're forcing the auction to be fair in the sense that
whoever's paying the most for their block has a guarantee that that block will be chosen
or that no other block will be chosen.
So we're reducing the discretionary power of proposers to just a single bit.
And now, Justin, we're pretty damn deep in this deck that I keep on referencing, but there's one last layer deeper, which is the mempool in its entirety.
And we have this idea of an encrypted mempool, which I think is really just like this very strong final line of defense of preventing censorship of transactions.
Can you go into this encrypted mempool mechanism and talk about what it does?
Right.
So if we zoom out, we have two different types of auctions within the block building process, at least two.
One is the block auction process and the other one is the transaction one.
So censorship resistance and MEV smoothing is all about improving the block auction.
Can we also improve the naive transaction auction?
And the answer is yes.
And the idea of encrypted mempools is that as a user, you are going to encrypt your transaction
before broadcasting it.
And only once the transaction is included on chain, does it get decrypted?
So what you get basically is this in-flight encryption, which basically prevents the sensors from knowing the contents of the transactions during this block building process, which makes it essentially very hard for them to apply the censorship.
So, for example, if a certain jurisdiction says you can't send transactions, you know, you can't include transactions that have this type of sender address or this type of destination address.
address, well, now these sender and destination addresses are encrypted, at least in flight,
before these transactions get included on chain. And so it becomes much, much harder to censor.
And this technology was actually initially thought of in the context of MEV, right? Because if,
as a user, you don't leak the contents of your transactions while it's in flight, it can't get
front run. And so encrypted memples kind of kills two birds with one stone.
On the one hand, it removes toxic MEP and front running, and it also improves the transaction
auction against censorship.
And so it's this defense-in-depth idea where, you know, in theory, MEPV smoothing and
censorship resistance lists could be sufficient, but we have like this extra layer of
defense with encrypted mempools.
And this encrypted mempool thing, it sounds really strong.
It's like putting a cloak of invisibility around the entire.
mempool and really just reducing the options that people have that block proposers have or block builders
have. Just like, well, I don't know what that transaction does. So I'm just going to include the one
with the highest fee. And there is no really way to like understand what that transaction does,
whether it's like a tornado cash transaction or just a unoswap trade until after it gets included
into the blockchain. Is that the gist? Yeah, that's correct. I mean, in theory, there is a way
to break it, which is that as a block builder, you can require your users to have some sort of
short cryptographic proof, for example, proving that your transaction, which is encrypted,
does not, you know, is compliant. And so it's not a perfect strategy, but then it goes back to
what level of paranoia are you assuming? Like, how dystopic is your nation state? What kind of
personal freedoms do you enjoy? Like in, you know, many countries, at the very least, you have the
ability to, you know, own private keys. That's like a fundamental pillar of personal freedoms.
If, you know, we fight for this idea of in-flight encryption, which, you know, will last only a few
seconds, you only have privacy for a few seconds, then, you know, maybe in many countries,
it would be reasonable, you know, to not mandate this additional cryptocons.
So Justin, we haven't gotten to strong censorship yet, which we're going to in just a minute. And I want to
kind of conclude this section. But just one thought that comes to mind is some people are listening to
you describe the solution to weak censorship. And they're hearing like many different solutions here.
And like it sounds relatively complex. And we haven't talked about dates for this. It sounds almost like
a patchwork of different defenses and solutions. But, you know, and maybe this is because I just recently
went to London and visited some castles over there. But like, this is kind of the way defense works,
right? If like say the analogy of a castle, right, you fortify a wall over here, you build another
tower there, you increase your fortifications and you dig a moat, you install an entirely new perimeter
wall. This is sort of how you fortify a network. And so all of these are not just like single shot
approaches, but we are going through a fortification process to try to solve weak censorship.
Is that how we should be thinking about it? And what's the overall timeline on these solutions?
Yeah, I think that's a good way to think about it. Another way to think about it is this
divide and conquer strategy. So we have multiple actors in the pipeline and how can we
remove some of them from being able to censor? And so we talked about MEV-smoving as basically
removing the relevance of proposers.
Like, proposer just become dumb pipes
that do one thing, which is just
select the highest buying
block. And so they are no longer a concern
in the big picture.
And one of the things, interesting things
about encrypted mempools is
that they might actually be
able to remove builders, or
at least to a very large extent, from the picture.
And the reason is that the vast
majority of transactions can
be encrypted, and so it just looks like
white noise. And so the naïre
The naive way to build a block, which is just to look at the pool of encrypted transactions
and order them by tip, could just work just fine from a validator on a Raspberry Pi
that's self-building.
There's no need for sophistication there.
And so my guess is that for the vast majority of transactions, let's say 95% of the transactions,
we won't need a builder and they will be self-built.
And the remaining 5% is where all the really fancy stuff will happen, like arbitrary,
and liquidations and whatnot.
And so the block building process will be narrowed down to just this top 5% of the transactions,
thereby reducing the power that the builders have.
Okay, so let's conclude this before we move on, conclude the section on weak censorship here.
So, of course, weak censorship, it just sort of delays a transaction.
But you've described a whole bunch of different technologies and solutions at various points
in the, you know, blockchain supply chain of.
how we address the censorship vectors through technology. So overall, does Ethereum have a
solution to this? What's kind of the endgame for weak censorship with Ethereum? Is this thing solvable?
So yes, this, you know, it might sound like a strong claim, but I believe that we have the technology,
at least at the research level, to effectively completely remove weak censorship. We'll be in a
position where if you make a transaction and this transaction can be included in a block,
then it will be included in a block, either because your transaction is encrypted and or because
the proposers have no discretionary power and they have to include it because it's part of the
highest building block. And or because even in the case where all the builders are censoring,
which is a very extreme position to take, they will.
still be a release valve where the proposers can themselves force through the inclusion of these
transactions. And one of the, I guess, interesting things here is the concept of anti-fagility.
So we have this endgame, and the more we're being attacked, the sooner we're going to see
this endgame, because every attack is an opportunity to accelerate the inevitable, like, total
hardening of Ethereum from the perspective of weak censorship.
So what you're saying effectively is every time Ethereum gets attacked in one of these weak censorship type of ways,
it's an opportunity to kind of get stronger. It's almost like a hydra in that way.
Exactly, yep.
Arbitrum is an Ethereum layer two scaling solution that is going to completely change how we use Defi and NFTs.
Some of the coolest new NFT collections have chosen Arbitrum as their home,
while Defi protocols continue to see increased liquidity and usage.
You can now bridge straight into Arbitrum for more than 10 different exchanges,
including finance, FTX, Whoobie, and Crypto.com.
Once on Arbitrum, you'll enjoy fast transactions with cheap fees,
allowing you to explore new frontiers of the crypto universe.
New to Arbitrum, for a limited time, you can get Arbitrum NFTs designed by the famous artist,
Ratwell and Sugoy for joining the Arbitrum Odyssey.
The Odyssey is an eight-week-long event, where you can play on-chain activities and receive a free
NFT as a reward. Find out more by visiting the Discord at discord.g.g.orgorghum.
You can also bridge your assets to Arbitrum at bridge.
arbitrum.io and access all of Arbitrum's apps at portal.
dot arbitrum.1 in order to experience
defy and NFTs, the way it was always
meant to be fast, cheap, secure,
and fiction-free.
Rocket Pool is your decentralized Ethereum
staking protocol. You can stake your
eth in Rocket Pool and get our ETH in return,
allowing you to stake your ETH and use it
in Defi at the same time. You can get
4% on your ETH by staking it
with Rocket Pool, but you can get even more by
running a node. Rocket Pool is the only
staking provider that allows anyone to
permissionlessly join their network of
validating Ethereum nodes. Setting up your
rocket pool node,
is easier than running a node solo, and you only need 16Eath to get started.
You get an extra 15% staking commission on the pooled ETH that uses your node to stake.
You also get RPL token rewards on top.
So if you're bullish e-staking, you can boost your yield by adding your node to the decentralized
rocket pool network, which currently has over 1,000 independent node operators.
It's yield farming, but with Ethereum notes.
You can get started at rocket pool.net, and you can also join the rocket pool community
in their Discord.
You can find me hanging out there sometimes in the chat, so I'll see you there.
ZK Sync is an Ethereum layer 2 network that is pushing the frontier of high-performance blockchains
that don't compromise on security or decentralization.
ZKSink has combined the power of zero-knowledge roll-ups in the Ethereum virtual machine,
enabling developers to build the greatest Web3 projects possible, ones we haven't even seen yet.
Crypto needs its killer applications to onboard the world,
but crypto-killer apps need ZKSink as a platform to build on first.
It's generally accepted that zero-knowledge roll-ups are the conclusion of crypto-blockchain scaling technology.
And ZKSync is leading the charge into the final frontier of crypto economics.
So if you're a developer who wants to build your app on a future proof foundation,
which gives your users the best UX possible,
check out ZKSync's website at ZKSink.io.
And yes, there's also going to be a token,
so give them a follow on Twitter 2 at ZKSink.
Okay, well, let's turn to strong censorship,
because I have a feeling the solutions around this are not completely solved
or the attack is a little bit different.
This is, I don't know if it's a bit less like enemies at the gate,
and a bit more like the enemies inside of the castle.
Like, it's a more pernicious attack.
It's harder to defend against.
And of course, this is a, as we described earlier in the episode, this means that the
censored transaction never actually gets included on chain.
It means the transaction gets censored, completely orphaned.
It's like full censorship is another name for this, or permanent censorship.
So I think we've described it fairly well and what the consequences of a network like
Ethereum of protocol like Ethereum losing its strong censorship characteristics.
But can we talk a little bit about the solution here?
So, Justin, how do we solve the strong censorship problem?
Right.
So I think there's two things that we can do.
One is that we can have preventative measures, basically make it extremely hard to even get
in such a position.
And then the other aspect is basically recovery.
if we are being attacked, how do we recover?
Now, at a high level, the recovery is the recovery of a 51% attack,
and it involves forking away.
It involves ironically censoring the censorer.
And one of the things that we want to try and do here is automate the process as much as possible.
And this is something we can discuss, but roughly speaking, 80% of the process can be automated,
and then we kind of need the social layer to kick in to enshrine or confirm the fork,
the recovery. But I guess before talking about the recovery, it might be worth talking about
the preventative measures. What can we do to make it really, really hard to get into this
bad situation in the first place? Well, before we do that, Justin, can we actually just talk about
how this concept of strong censorship and a 51% attack is actually the same thing?
because I think that might actually help listeners kind of wrap their heads around what we're actually talking about.
If we're talking about strong censorship, how is it basically the same thing as like a 51% of attack on a blockchain?
How are those similar?
Right. So strong censorship is a special type of 51% attack.
It's when the economic majority has taken over the chain and is compromising the liveliness of the chain.
So there's two aspects to security.
There's safety and there's liveliness.
The good news with safety is that we have the so-called finality gadget, which means that if there's a 51% attack and the history is rewritten, then there's automatic slashing.
So that's something that we can deal with completely automatically without any involvement from the social layer.
But there's another type of 51% attack, which is a liveliness, 51% attack.
And censorship is a special type of liveliness, 51% attack.
And here it's a little bit more subtle.
It's a little bit more subjective and we can't fully deal with it automatically.
Instead, kind of the best thing that we can hope for is trying to maximize the amount of
things that we do automatically and minimize the involvement of the social layer.
And the reason we want to try and do that is around credible neutrality.
We want to have recovery mechanisms which are credibly neutral and minimize the involvement
of humans. All right, so we've got these two pieces here. We've got, number one, the preventative
measures we can take, just making this a very high bar to attack Ethereum. And then secondly,
we have kind of the recovery piece of it. How can the community, from a social area perspective,
censor the sensor? But let's start with the preventative measures then. How do we make this a very
high bar to do a strong censorship attack on Ethereum? So one of the things we can focus on is
diversity and specifically jurisdictional diversity because realistically the only type of actor
nowadays that can go perform these 51% attacks are nation states. And so just like we've had this
kind of battle at the social layer in terms of client diversity, you know, with Prism originally
having 70% of all the validators and now only having 35% of the validators, we can go through a
similar process to try and improve jurisdictional diversity. And what that means is that we want
validators to be operated from all sorts of jurisdictions. And, you know, just like we have client
diversity.org, which has been tracking the diversity of the clients, we kind of need a similar
website for jurisdictional diversity. We can also focus on operator diversity. So this is something,
quite related, and we have already a website for this called rated.network, which kind of gives
you a breakdown of where the stake is from an operator standpoint. And, you know, we can also
focus on similar things like geographical diversity. So we might want to spread the validators
across, you know, five different continents, just in the same way that we have five different
consensus clients and we kind of spread out the stake. And Justin, you have to do all of that
at the social layer, right? Like, we can't design that in the protocol in any way.
Exactly. So this is a social battle. And, you know, you can think of it as being a social
shield, which is kind of invisible, but there and playing a really crucial role.
And this should make intuitive sense when we say that we want a bunch of ETH validators,
East Stakers, to be geographically distributed, when we also say that we believe Ethereum to be
this extra-national entity. It's this thing that is not owned or operated by any one specific
nation state. And so you could imagine if every single Ethereum validator happen to exist inside
the United States, well, at that point, then every single validator is beholden to the laws of
the United States. And so we need all these validators to be across every single continent in order
to claim that we are creating the system that exists beyond the nation state. And this is why it's
so important that we have focused in the Ethereum ecosystem on reducing the barriers to
becoming an e-staker down to the absolute minimum where all you need is a consumer grade like
laptop and access to the internet and you can take part in consensus and like you can do that
with 32 eth or even lower than that with other innovations like rocket pool or obel's like distributed
validated technology so the idea here is that not only are we geographically distributed we're
also culturally distributed too it doesn't matter what culture you're from or what part of the continent
or what part of the world you're from is that you can actually represent Ethereum and its
values and there is no centralization into a certain set of laws. And that's what creates Ethereum
to have this globally relevant and also centricisip resistant nature in the fact that no country
actually has a claim on Ethereum because we're all so well distributed. Exactly. And if you were to
kind of zoom out and ask yourself, how can an attacker acquire 51% of the stake? There's kind of
two ways that they can do so. One is through coercion and the other one is just through buying steak.
And here, this idea of focusing on diversity is to minimize the impact of coercion, right? It's
trying to remove these central choke points. So it could be, for example, like one staking pool,
which is especially large and is in one specific jurisdiction. That becomes a choke point for
coercion. And so if they have, let's say, 20% of the stake, then in one fell swoop,
this 20% could go from non-censoring to censoring. So what about things like staking pools,
Justin, where we have Lido, which has a very large amount of ETH stake, but we also have
things like Rocket Pool. Is it okay to have staking pools grow large? Is there a way to both
have staking pools, which gives further access to being a part of network consensus, while also
maintaining censorship resistance.
Right.
So one of the things that you want to try and do is, first of all, have, you know, a
plurality and a diversity of staking pools, but also make sure that these staking pools
are themselves very difficult to coerce.
And this is where, you know, the decentralization comes in.
So, for example, Lido is a Dow and Rocket Pool is also a Dow.
And, you know, dolls are in a way their own jurisdictions, just like Ethereum.
is that their own network states.
And so we want to be, you know, trying to incorporate these staking pools within these
micro jurisdictions that are created for the purpose of securing Ethereum.
So if we are going to be forced to a future of staking pools, which is debatable, but let's assume
it is, then we want to be participating in staking pools, which are incorporated in non-sovereign
jurisdictions. Basically, we want to be incorporating in network states, not nation states.
It's kind of cool because a lot of the defenses or the preventative measures against these
strong forms of censorship are actually at what David and I would call the layer zero.
It's actually like, you know, you call it the social shield. And that's incredibly important,
right? So like we're talking about diversity that happens at the social layer across jurisdictions,
also talking about an emphasis on solo versus pool staking wherever possible, making that
easier, you know, getting into the mindset, not your keys, not your attestations, just in the way we've
gotten in the mindset of not your keys, not your coins. And so I think deterrence, social education
is a huge part of this. And we also have like some legal groundwork that we can start to do.
Right. So we have lobbyists in Washington. There are other crypto lobby groups all around the
world, the coin centers and such. And creating a culture around activist type of staking, right?
So like, it is your patriotic duty to the.
Ethereum nation state to stake. I think Bitcoiners in particular have done this very well with running
Bitcoin nodes. And I think we need to foster that sort of culture in Ethereum. But these are all of
our defenses and preventative measures against strong forms of censorship attack here. It's all
the social layer, isn't it? Yes, exactly. And activist staking is interesting. Basically, it's this
idea that we can try and rebalance stake in order to make sure that we don't get in the bad
position in the first place. So, you know, you can try and restake, for example. Once
withdrawals are enabled, you can take your stake from one place and point it to another place.
You know, this would be like redirecting hash rate from one pool or another. Or, you know,
you can just bring in fresh stake, just like you could deploy fresh hash rate to try and balance
things out. Or there's also the option of just unstaking. Let's say that there is a jurisdiction
which is particularly dystopian,
whereby not only are they forcing the pools and the exchanges
to be acting in a certain way,
but they're also forcing the individuals to be, you know, censoring,
even if you're solo staking on your Raspberry Pi,
then here one of the best options that you have is simply unstaking.
And so there's this idea of, you know, activist unstaking.
And one of the good news here is that you can still earn yield
even if you on stake.
And the reason is that we should expect the EF yields on DFI and the EF yields on staking to, you know, more or less, you know, arbitrage and track each other.
And, you know, one of the reasons is that, you know, if you can go borrow if in DFI, you know, for, let's say, 3%, and you can make 4% staking, then people will go borrow in DFI and just go stake.
And so they'll arbitrage away this 1% difference.
So you can still be earning yield even if you're not staking.
because, you know, part of a particularly dystopian network state.
Now, one of the things worth highlighting is that activists staking in the context of proof of stake
does not help with recovery.
And this is one of the downsides of proof of stake versus proof of work.
Generally speaking, proof of stake has like strictly better sensual persistence, but this is
the one place where proof of work is better.
because in the context of proof of work, if an attacker has made a 51% attack,
it is possible to redirect your hash rate.
It is possible to bring a new hash rate to try and heal the system.
But with proof of stake, once an attacker has 51% of the stake,
they can censor the deposits and the exits themselves so that it becomes impossible
to come in or impossible to restake.
We'll definitely touch on this in the recovery section, but I just want to highlight
as we close in this preventative section, all these various mechanisms, right?
So we would love people to solo stake their ether across all continents all over the world.
We would love for people to do this activist staking that allows for censorship to not be fully expressed in the protocol.
And then there's also just what we're focusing on in the layer zero where we can also fight this in the nation state territory themselves,
where we have people like coin center and other like legal entities going after nation states to make sure
that they don't even bother and accept Ethereum as it is. And this is all preventative. This is all
getting before there's an issue. But Justin, I'd like to turn this conversation to the recovery side.
So we can imagine that there is an entity with perhaps a significant amount of stake. Say, for example,
the nation state has talked to Coinbase and to Lido. And these two entities have agreed that
they are going to censor transactions under threat of going to jail. And so both,
both Coinbase, Brian Armstrong, and Lido are censoring transactions. And let's just, again, define
what would that look like if Coinbase and Lido are censoring transactions? And how do we, as a
community, go from there? How do we move forward from that point? Right. So let's assume that an attacker
has more than 50% of the attestations and they want to censor. I mean, I question the premise that
Lido could be censored, you know, partly because it's a Dow and also partly because they have,
you know, many different operators. But let's just assume that an
attacker has more than 50% of the attestations. Then what they can do is basically only a test
to blocks that don't include a certain type of transactions. And so you're in a position where you
have strong censorship, some type of transactions don't go in. And here what you need to do is
basically fork off. You need to reboot the system or at least exit the system so that the minority
can coordinate on a fresh version of a firm.
So basically you have a fork with two versions of a firm.
You have the censored version and the non-sensed version.
And here there's a whole design space, right?
Are we going to hard fork?
Are we going to soft fork?
Are we going to try and do this manually?
Or we're going to try and do this automatically?
But they all ball down to the same thing,
which is this idea of the minority opting out from the tyranny of the majority.
and in the process kind of re-declaring sovereignty over the chain
and the ability to maintain and uphold credible neutrality.
Now, one of the things that is, you know, expensive about forking
is that it involves a social layer.
And this is something that can be, you know, messy, it can be slow.
It can be very human intensive.
It can be contentious.
And so we want to try and come up with protocols.
both in code and in the social layer that will, you know, just streamline everything to the maximum
extent. And so one of the high-level ideas here is that we can have code that automatically
creates a fork. You can think of it as like a template or a seedling. It's like a fork which
has detected censorship and which has started the process of secession.
basically an independence.
But there are like technical limitations as to what you can do with full automations.
So the first caveat is that in order to even be able to detect censorship, you need to be
online.
And so if you go offline and then censorship happens and, you know, this forking process happens
and you come back online after the fact, then you won't know which chain is legitimate and
which chain has been censoring because the process happens.
because the process of detecting censorship requires you to be online.
Another big caveat is related to like clients.
So, you know, the like clients often won't be online.
They will be wallets that will, you know, only come online when they're being used.
And so they can't even observe the mempool, right?
Because the detection of censorship happens by observing the mempool.
You have a transaction, which is pending in the mempool.
is not being included, therefore it's being censored.
But you need to be observing the mempool to make this observation.
And it's even worse for smart contract like clients.
So these are like clients that are embedded within a blockchain
in order to build bridges between chains.
And these like clients fundamentally cannot observe the mempool.
And so this is where the social layer needs to come in and patch up
or strengthen this fork template into the real,
enshrined version of reality.
There's a couple other
caveats to this automatic forking.
One is this idea
that in order to come
to consensus on censorship, there shouldn't
be abnormally high peer-to-peer
networking latency.
If the internet is a massive
mess and people are
not receiving packets properly
or things are being
delayed or controlled by an attacker,
then there could be
some noise there at the
networking level, which needs to be smoothen out and patched up at the social layer.
And then another kind of caveat is that around this idea of automatic forking is that sometimes
censorship could be, you know, accidental.
It could be a client bug, which is fixed a few hours or a few days later.
And this idea of automatic forking can't really discern intent.
Is this real malicious intent or is this like an innocuous client bug which is being fixed?
And so just to recap, the strategy that is available to us is for full nodes that are online and observing the mempool to do several things.
One, detect censorship.
And then two, identify some sort of non-censoring minority chain.
And then three, kind of automatically fork off and punish the sensors.
And then all of these things can be done in a fully automated way, except that.
that the full nodes are not sufficient.
We also want all the light clients and, you know,
all the social layer to be following through this automatic fork.
So, Justin, I think it's probably news.
It's actually news to me.
I never thought about the possibility of an automatic fork actually being triggered.
But I want to even, you know, go back to like automated or manual aside,
what a recovery like this would look like, what a social fork would look like.
So essentially, we would have in that world,
where we have some nasty censorship going on, there would be a new Ethereum that would fork from that.
And that would be maybe the community would brand that as Ethereum, like the original Ethereum.
This is what Ethereum is, censorship resistance in the social contract.
And then there would be another branch, another fork, that would continue on as the censored version of Ethereum.
And essentially, all of the actors in the Ethereum ecosystem, whether you're an eth holder,
whether you're just a user of the network, whether you have an asset like USDC that you're issuing,
whether you are a smart contract developer, an app, ecosystem provider, Metamask,
everyone would have to make a decision in terms of which of those two forks to support or both.
And ultimately what would happen is kind of the market would decide and the community would decide,
as we have in past forks with Ethereum and with Bitcoin.
So Bitcoin, of course, went through a big fork of big block-sized debate.
And what was left from that was Bitcoin and then Bitcoin Cash and a whole bunch of the 12 dwarves there of other Bitcoins.
And of course, we know that Bitcoin won because we can see it in terms of market cap.
And we had Ethereum and Ethereum Classic.
And we could sort of see which fork sort of won, at least the mine share and the market.
And so we'd go through another episode of this and everyone would have to choose the censored version of Ethereum or the original version of Ethereum.
that was uncensurable. Let me ask you, what makes you confident or hopeful that people will
actually choose the uncensurable version of Ethereum? I've had people say to me, well,
like, Ryan, that's like Ethereum's described like this is pretty naive because, you know,
providers like USC, they will obviously choose the censored version of Ethereum. And, you know,
ultimately a lot of state will collect there and they are the true dictators over which
Ethereum a fork gets adopted and which doesn't. Can you talk a bit about some of this?
Right. So I really like the way that you describe this process where we start with an automatic fork
and that trickles in to the social layer where it's being fought out. And one of the things that
you can envision is the fork is automatic. This automatically spins up a futures market where you
have these two tokens competing out.
And then even before the fork happens, you have kind of a declared winner.
Now, to your question around, you know, could there be some impediments to forking at the
social layer, you know, infrastructure like USDC might be compelled to go through and choose
the censoring fork?
And I guess there's two answers here.
Like one is that it's important to pace ourselves.
It's important to do these forks slowly, if not very slowly.
So we have two types of consensus, right?
We have the machine consensus, which operates on the timescale of seconds, and then we have
the human consensus, which operates on the timescale of weeks.
And so one of the things that's important to do is for the automatic forking to happen with
a lot of time in advance.
And my specific suggestion here is that an automatic fork should only happen at most, you know, let's say with at least 30 days of lead time and it must happen on the first Wednesday of the month at 12 p.m. UTC.
I kind of just created this shelling point out of nowhere.
I guess you could call that, you know, shelling point design.
But, you know, trying to find something credibly neutral where we agree ahead of time that this is when we fork.
so that at the very least, the schedule has been set ahead of time,
and it allows for the social layer to do its work of, you know, debating and lobbying and all of these things.
The second aspect is around the ability of gracefully winding down, right?
So if you look at a project like USDC, they may well choose the censored fork.
But what will happen is that if we allow the social layer to gracefully unwind, then they'll just lose most of their business.
People will withdraw the USDC for real US dollars and exit USDC.
Or what they might do is they might dump USDC for another stable coin like USDT and then arbitrageers can go buy this USDC at a small discount and then do the withdrawal there.
And so, you know, we might see over a process of a few weeks,
USC go from a mammoth, let's say, $100 billion stable coin project to like a much smaller,
let's say, $10 billion stable coin project.
And so when you're designing these applications, whether or not they're fully trustless
and truly decentralized finance or whether they are, you know, they have the centralized
component, what I think we're going to see is a.
desire from the social layer to have this graceful wind down process that takes, let's say,
on the order of weeks. If there isn't such a graceful wind down, then the alternative would be
like an instant collapse, which is something that we don't want. And I think the market will be
prioritizing products that provide this graceful wind down in the case where they themselves
kind of become compromised. And this is a similar philosophy to what the core developers and the
researchers are trying to do. We're trying to design systems where there is always an exit hatch,
even if the creators of the projects go malicious. Yeah, and I feel like this is the ultimate exit
hatch and kind of the last exit hatch and maybe the most powerful is this kind of ability
to fork and create an original Ethereum that is completely uncensored. And of course, we haven't
gone into the details there, but my impression is there can be some forks that slash parts of
of the stake that are originally censoring, and we can get into that. But I want to get into the
principle. I know we're talking about recovery here, but the threat of a fork is also preventative
in and of itself. Is it not? Because we are effectively saying the social community, the layer
of Ethereum is saying, hey, powers that be, if you decide to censor, we plant a fork. And by the way,
if we have automated forking, we'll detect that automatically, and it'll happen the second Wednesday
of the month at 12 p.m. UTC time, right? So they can see it on chain. And that in itself acts as a
preventative mechanism for would-be censors to say, nope, you know, instead of censoring, if it's
illegal in my jurisdiction to provide validation services and staking services, I'll just discontinue
those services because I don't want to actually get into a place where I'm on the bad end of a fork and I'm
losing depositors money. Can you talk about that dimension a little bit? Yeah, you said it very well,
where basically education and infrastructure that we can put forward out there acts as a deterrent,
because now, you know, participants in this crypto-economic game can be more rational. And it turns out
that the equilibrium is for the chain to not be censored. Anytime you have a chain which is
censored that puts the attacker in a precarious position because they can be forked off and they
can be penalized. One of the things we haven't talked about is the penalization, but basically what we
have at our disposal is the ability to completely wipe off the stake of the attacker. And so the
mere fact that this infrastructure exists kind of from a rational standpoint should prevent
the attack from ever happening. This is very similar, by the way, to optimistic roll-ups. With
optimistic roll-ups, engineers have spent countless hours to design this fraud-proof game,
where if there ever is fraud, then someone can, you know, provably show to the optimistic
roll-up that there has been fraud and then revert and correct the states.
But if you do commit fraud on an optimistic roll-up, you get financially penalized.
And so the equilibrium from a crypto-economic game perspective is that the fraud never happens.
Now, one thing could be said whereby, you know, it's all good to be resistant in theory,
you know, and from a rational standpoint, but an attacker, you know, might be kind of stupid
and kind of very determined to make an attack and don't go do it anyway.
And I think the best that we can hope for here is actually go through the process of forking off
and prove to the world that it is not just theory, but it's actual practice.
And ironically, this would put Ethereum in a stronger position from a censorship resistance standpoint
because it will already have gone through the legwork of recovering from a 51% attack.
And so it would be really, really stupid for an attacker to try that a second time
because the first time round, they failed and they got penalized.
Is this saying like, we dare you?
Yeah.
We dare you.
I dare you, nation states to censor us.
It's one thing if, for example, perhaps it was like the CIA that was censoring Ethereum
and the CIA had 51% of stake teeth.
I don't think there would be too much controversy or much less controversy at the very
least if the Ethereum community was like, you know what, let's just slash the entirety
of the CIA.
We'll just delete all of their ether.
Like, that would be one scenario.
I think a far more like reasonable and expected scenario is something a little bit along
the lines of staking as a service protocol.
calls where they actually didn't have to buy the ether themselves. It was actually retail investors
that bought the ether. And then they just staked with Coinbase. And slashing Coinbase, if Coinbase is the one
doing the censoring, but they're doing the censoring with their customers' deposits, all of a sudden,
that becomes a lot less untenable. I don't really think the crypto community would shed a tear if we
slash the CIA, but if we slashed, you know, millions of retail investors' savings of ether
because they were staking with Coinbase, that would become a lot more politically hairy. Justin,
what would you say is a solution to this scenario where it's actually retail deposits into a centralized staking
provider that's actually doing the censoring? Right. So there's several answers here. Like the first one is
education and lead time. If there is censorship that's discovered, we want to give people the time to
unstake from Coinbase. The other thing is that we want people to understand, even before they stake on
Coinbase, that there is a risk associated with staking. Like, there are real costs to delegation.
And this is one of the reasons why in the long term, I think solo staking has a real shot as
becoming dominant versus delegated staking through pools. And, you know, one cost, which is obvious
in Coinbase, is that you have to pay a 25% fee on the rewards. So you've been diligently
staking on Coinbase for two years, let's say, you've made four if in profits.
And one of that if just goes away and is absorbed by Coinbase through fees.
But there's other costs to delegation.
One is this idea of insider risk where not your keys, not your attestations,
which means that an insider within Coinbase who has access to the staking keys,
which by the way are hot keys, they're not in cold storage,
they can perform a ransom attack where they can say, hey, Coinbase customers,
we are going to slash you unless you pay up a ransom.
And the game theory is basically for the victim of the ransom to pay up the ransom.
And that's kind of a cost which is not visible, but it's there.
And then another cost to delegation, which is not visible, is this outsider risk,
where basically the community, the social layer, outside of consensus might declare consensus
to be a bad actor and then penalize.
So when we penalize, we actually have a certain amount of power at our disposal.
So one thing that we can do is, and it's like the most straightforward, is to do a soft fork.
And the idea of a soft fork is whereby the minority chain ignores the attestations of the attacker
and leads to the attacker leaking out, basically accumulating so-called inactivity.
penalties. And the best move for the attacker is to basically exit from the staking duties,
go through the exit queue, and then recover and withdraw their if. But if we're going to force
through 51% of the stake to go through the execute, the execute is going to last quite a
long time, like several months. And during these several months, there's going to be some
inactivity penalties that are accumulated. And that might make up, let's say, a fairly small
penalty on the order of one or two percent.
So that I think is something which is acceptable from the social layer for Coinbase customers
to be suffering 1 or 2% for putting their stake in the custodian, which ended up censoring.
Now, there are like stronger options at our disposal, namely the option to do either hard fork
or soft fork, which completely wipes out the stake of the attacker.
And I think, you know, going back to this idea of being maximally, credibly neutral in our forking strategies, I think there's two forking strategies which stand out as being credibly neutral.
The first one is you push attacking validators to the exit queue.
Their if is kind of frozen effectively in the execute for a small amount of time, a few months.
And they also incur this small penalty.
and then if the attack happens a second time by the same attacker,
then in that case, the next reasonable thing to do,
which is credibly neutral, is to slash 100%.
And then there you basically remove the ability to do an attack a third time.
But in the process of doing this forced exit,
the customers of Coinbase are going to realize that something went really wrong.
And it would be foolish of them to go ahead and restake with Coinbase,
knowing that the second most natural thing to do is to slash everything.
I want to make two points here.
I mean, the first point is that this is only possible.
This kind of like inactivity leak and complete slashing of the stake is only possible
in proof of stake was not an avenue Ethereum had available to it in proof of work.
It's not an avenue that Bitcoin has available to it unless it, I guess, changes its core
hashing algorithm and resets everyone from scratch, which is a lot.
different than this. And what we're seeing here is kind of a defined escalation path that the
Ethereum community can start to distribute and educate people on so that hopefully these risks
start to get priced into the yield of a more centralized staking provider. Like, yes, it's good yield,
but you have to take into account these centralization risks. The second point I want to make is
we keep using Coinbase as an example. And I think that's maybe service to Coinbase that they've done a
good job. They're kind of the largest staking provider in the U.S. and one that's, at least in the U.S.,
most connected to kind of retail. But there's also evidence that sort of the equilibrium
that we talked about, the game theoretic equilibrium is playing out because Coinbase is nowhere
close to, you know, creating a censorship-only validation pool and staking pool. Indeed, I think
Brian Armstrong publicly, as in the last week or two, came out and said, if they were ever
asked by authorities to not process, to censor some transactions at the block production
validator level, they would rather discontinue their entire business than proceed in that
censorship. So this is like the charitable explanation of that is Brian Armstrong's been in
crypto. He has strong crypto values. And that's the reason why he's doing it because he believes
in the principles of decentralization. You want to take the cynical explanation.
it's also that he realizes that censorship puts Coinbase down a path closer to mutually assured
destruction, and he's trying to avoid that at all costs.
So I just think all of these dynamics are very interesting, and this social slashing capability
is incredibly powerful as a deterrence, as well as kind of a recovery method.
Maybe you two have comments on that, and then, David, I think you had a question.
No, I think you summarized it very well.
There's some very interesting dynamics at play, but ultimately the heuristic is that the defender is in the position of power.
And any time the attacker comes in and censored, that's an unstable equilibrium and they stand to be penalized.
Just to really drive this point home, there's just conversations around the illegitimacy of penalizing any retail depositor in a centralized staking service.
And like we take our property rights very, very seriously in this crypto world.
that's one of these core pillars that I would say crypto stands on is that property rights are the thing that you do not violate the most.
Like don't break property rights. That's what crypto stands on.
Cryptography is meant to instantiate property rights.
But I will make, and we've alluded to this, and I just want to make this super explicit, when you decide to stake your ether on Ethereum,
you are giving up some certain element of property rights and giving the Ethereum protocol control over your ether.
That is what it means to stake your ether.
You are staking your ether that you will behave a certain way.
If you want to behave in any particular way that you want to and have the strongest property rights
possible, don't stake your ether.
If you're staking your ether, you are committing to accepting slashing penalties or any sort of
other penalties.
And so if you are a retail depositor who's choosing to stake, you are taking on some sort
of responsibility or some sort of risk that is more powerful than your property rights.
You are saying, like, I agree to the rules and laws of the Ethereum protocol.
called beyond my rights to my own ether. And whatever outcome happens as a result of me staking
is what I agree to and that's why we stake. And so this conflation of, oh, you can't slash
Coinbase because those are retail depositors. Well, actually the responsibility was on retail to
choose their staking service provider correctly. And if their staking service provider is malicious,
that is a responsibility that they are behooven to. And that was their choice. And so I'd like to
just really drive that point home is that when you choose to stake, you are actually giving up your
property rights to the Ethereum Protocol. And if you choose to stake with a centralized service provider,
you are trusting that they are aligned with the Ethereum Protocol or else they will also be slashed.
Justin, how do you feel about this? Yeah, no, that's exactly right. And there is this meme circulating,
which I think is a valid one that, you know, when you're staking, it's basically like the risk
of minimized interest rate. But there's a huge caveat here, which is,
It's only if you're solo staking with your own keys.
As soon as you're delegating, you're forfeiting this risk minimization aspect.
And so, you know, I think we really need to do a bigger focus on solo staking.
And one of the good news here is that there's many improvements that are coming to solo staking.
And there's like about 10 of them.
I'll just list a few things to be excited about.
One is proposer-builder separation.
This basically removes the requirement for validators to be block building.
It's just one less task that they have to do.
MEV-smoving.
How does that improve solo staking?
It improves it because it removes the variance in MEV.
What will happen with block building is that every once in a while you get really lucky
and you get to build a block and then you get an outside reward for this one single slot.
And so that leads to like very spiky returns.
And you want to smooth that out.
M.V smoothing, smooth as the MEPV as the MEP as the name suggests.
Anti-slashing hardware.
No more slashing.
Accidental or not.
So right now as a solo staker, the best infrastructure that we have is for you to have your staking key be a hot key on your computer.
But really what we want to be in a position of.
having this staking key be in a piece of hardware that does slashing protection on your behalf.
Basically, this piece of hardware will track what messages have been signed in the past
and make sure that you don't sign a message which accidentally slashes you.
And maybe someone can write some code that will turn, for example, a ledger hardware wallet
into anti-slashing hardware for validators.
Another thing is single slot finality.
We're going to be in a position where making deposits and making withdrawals will be much, much faster thanks to single slot finality.
And that will yet again improve the experience of being a solo validator.
There's also going to be statelessness and data validity sampling and ZKVMs where basically the hardware cost of being a validator are going to go down to almost zero, like even less than a Raspberry Pi.
The only thing, like in the endgame that you're going to have to be verifying is the zero knowledge proof and just making a few queries to the network and not even have to download the data.
You just do data validity sampling.
These are like very powerful technological things that bring us to a position where being a solo validator is almost no effort.
We're also going to have technology that is going to dramatically reduce the size that you need to become a validator.
Like one of the reasons that people are staking on Coinbase is because they don't have 32-Eaf.
Well, you know, with technology like DVT and secret shed validators and also like improvements to the protocol where we have these like potentially dynamic deposit sizes and variable deposit sizes, that's going to improve the user experience for stakers.
And we might also like envision things like private deposits and private staking whereby in the process of participants,
in staking, you have your privacy preserved. And like all of these things, when you compare them to
the costs of delegation, which we've gone through, like operator fees, insider risk with random
attacks and outsider risk with social polarization, in my opinion, like things tilt towards
solo staking. But it's going to be a fairly long journey of incrementally improving solo staking.
Yeah, I think you're right about the long journey of that. And like, I guess one thing,
I do think you're right that one of the biggest impediments to solo staking,
is having 32-Eath, right? And if we're right, and this is ultrasound money, and we get to
10K and beyond, that's, you know, 320K. So getting this down to like, you know, 16-Eath or, you know,
even 4-Eth, you know, I would think that would be a necessary precondition. I guess the other
comment I would make is sometimes, to your point about this being a slow process,
sometimes crypto doesn't realize the benefits of decentralization until that, like, quote,
unquote, tail-risk event happens, right? And I don't think these are actual tail-
risk events because they happen pretty commonly. But, you know, everyone is talking about the virtues of
centralized lending platforms versus defy. User experience is so much easier, you know, I just connects
directly to my bank account, all of these things. And then we had Celsius, right? And like blockfi,
almost go insolvent as well. And now we appreciate the benefits of being able to audit and see
what's actually backing the assets when we get a collateral loan or when we generate some interest on
top of it. But all of these things, Justin. So where does that leave us strategically
positioned for a strong censorship attack. How is Ethereum positioned for that? We talked about,
you know, you summarized the weak censorship attack and you're like, we have the tech.
We can actually defend against this. Do you feel the same about strong censorship?
Yeah. And I think the strategy is kind of different if you're thinking in the short term,
the median term or the long term. Like in the short term, I think one of the best things we can do
is just education, right? Education is, you know, something that we're doing,
right now, right? There's very little latency to reacting and that's kind of addressing some of the
FUDs, you know, that's been circulating and kind of giving people the knowledge that they need
to believe in the long-term legitimacy of the roadmap. I think what we want to be doing in the
median term is, you know, showing some strength in terms of actually implementing in code
some of these defenses
and kind of
putting forward
some of the most low-hanging
defenses in place
and this is something
where we can take
a strategic approach
in the sense
that we can
keep defenses in the back pocket
and then bring them forward
and prioritize them
when the need comes in.
One of the dilemmas
that we have
within the research team
is do we prioritize
features,
you know,
things like sharding
that kind of gives us all the scalability,
or do we prioritize security?
And I think where I've landed on personally is we want to prioritize features, right,
because we want to remain competitive compared to other blockchains,
but we want to front load as much as possible the security research, right?
So we want to be in a position where we really understand deeply these crypto-economic defenses,
And whenever we need to defend ourselves, we have something ready in the back pocket.
We prioritize it.
And a few months later, it's implemented on chain.
Yeah, I definitely agree with that.
And it strikes me that we have definitely a lot of work to do on the social layer of how
the community would react if censorship started being implemented across the chain.
So like this is what I didn't understand in the early days of my journey into crypto and
Bitcoin was, you know, people would say to me is like, well, what happens if there's
some protocol kind of hack in Bitcoin?
and suddenly there's like a billion Bitcoin rather than 21 million.
In the early stages of my journey into crypto, I was legitimately worried about that.
Well, like, you know, code has errors and what happens if there's a hack, that sort of thing.
Now I know the mechanisms and how this works.
And of course, what the Bitcoin community would just do is create a fork that maintains
the social contract of 21 million.
It would not be an existential threat or risk to Bitcoin.
There would be a blip.
There would be mud on the face.
there would be definitely problems in the short run if suddenly Bitcoin was, you know,
inflating at a billion a day, a billion Bitcoin a day. But the community would just fork that
out and adhere to the social contract of 21 million because that is written into the layer
zero of what Bitcoin is. I think Ethereum needs to also continue to write censorship resistance
into its social contract and develop some of the plans that you were talking about as well.
I guess as we kind of draw to a close with this episode, Justin, thank you so much for your time.
This has been a great positioning, great getting us up to speed on the censorship resistance
of Ethereum now and in the future. How do you think this compares to other cryptocurrencies?
Right. So in our ultrasound money episode, we talked about, you know, Bitcoin probably has more soundness
than Ethereum than ether the asset, like pre-merge.
You could still say Bitcoin is the reigning champion. It has the greatest monetary premium
above and beyond ether right now. Now, probably many of us don't think that will remain the case
in the future. But what do you think about censorship resistance? How is Ethereum positioned
relative to other chains, say Bitcoin or other alternative layer ones right now?
Right. So I guess there's two things to consider here. One is the weak censorship and the
strong censorship. So in terms of the weak censorship, Bitcoin has an advantage over Ethereum.
And the reason is that they have these very simple UTXO transactions where there's no real MEV to be extracted.
And so the whole pipeline of MEV just collapses down to self-building.
So all the concerns that we may have around builders and relays and searches and whatever, that mostly collapses down.
On the other hand, when we talk about strong censorship, Bitcoin is in...
the same position, if not the worst position than Ethereum.
And the reason is that more than 51% of the economic majority, basically the holders of the scarce
resource, which is hash rate, could be compelled to censor.
And there's this kind of several reasons here.
Like one is, you know, again, around the lack of diversity.
So, you know, we've had minors, for example, leave China and go to Texas, for example.
Well, if we have just too much hash rate in the US, then maybe miners in the US could be compelled to censor.
Another thing that I haven't mentioned, but it's very important as well, is also the concept of economic security,
which is how many dollars do you need to go just do a naive brute force 51% attack where you just buy the resource as opposed to coercing it?
And it turns out that in the case of Bitcoin, it's dropping and I expect it to keep on dropping.
So right now there's around 200 million terrahashes per second of hash rate.
And you can go on bitmain.com and you can buy miners, you know, for $15 per terahash per second.
And so, you know, you do the math and buying the hardware will cost you roughly $3 billion to go 51% attack Bitcoin.
Of course, you need to buy transformers.
You need to buy racks.
You know, you need to connect it to the grid.
And, you know, let's say very conservatively that you're doubling your costs.
You know, that brings you to $6 billion of economic security.
It's still peanuts in the grand scheme of things for a nation state.
And so what I think we need to be doing is for a firm, not only focusing on jurisdictional diversity to reduce coercion,
but we also want to have trillions of dollars of economic security so that it's infeasible to buy.
your way in to a 51% attack. And then the other kind of final point, which you mentioned,
which is that from a recovery standpoint, Bitcoin and Ethereum have very different solutions.
Like one is endogenous and the other one is exogenous. So for Bitcoin, the only way that
you can recover from a 51% attack is to basically repoint hash rate or add in new hash rate.
And basically you're in a position where if you're
context, if the real world is just too powerful, then there's no way in which you can escape
the censorship. So if, for example, you believe that the US can go spend like a few billion
dollars to go buy A6 to do censorship, then they can go do that and permanently 51% attack
Bitcoin because there isn't this ability to do like this intrinsic recovery mechanism
where a minority of the chain basically penalizes and slashes the majority.
And so even if you have a bully, which is extremely strong, we can still survive that
and basically create our own minority bubble and preserve the sovereignty of this independent
network state, which is a fairer.
Justin, thank you so much.
Final question for you as we draw this to a close.
what's your confidence that Ethereum will be censorship resistant in five years to an acceptable
degree? And then how about in 10?
So if we're talking about weak censorship, then I think Ethereum in five to ten years will be
close to perfection. You know, it will be futile to try and censor transactions because
you just won't be successful. In terms of the strong censorship, I actually believe that
today, Ethereum is already extremely resistant to this strong censorship. I think, you know,
we have inside us, you know, most implicitly, culturally, we kind of feel this.
We're on the same wavelength that, you know, we do want to preserve censorship resistance.
I think the next step is just making this more explicit and kind of articulating this intuition
that we all have. And going beyond that, not just articulating that in words, but also
articulating that in code, which is something we could do. But I think if a theorem were to be
attacked before we have all these code defenses, we would be more than happy as a community to perform
a manual recovery of a 51% attack. There you go, Bankless Nation. That's where we're going to end it today.
Justin Drake, thank you so much for joining us and walking through the steps on what it's going to
require to make an uncensurable Ethereum. Appreciate you. Thanks for having me. Action items for you,
Bankless Nation. You know, we're going to include a few. We're going to think hard about this and
and include a few links to you to get involved in the solo staking community.
That's pretty important if we want to preserve censorship resistance at the base level.
And also some opportunities to donate to crypto lobby groups who are fighting for our rights
in various jurisdictions around the world.
Rights to private keys, rights to privacy, some of these basic rights that we were talking about
in the episode.
We'll also include a link to some other episodes we've done with Justin Drake, including
ultrasound money episode.
And there's one in particular, if you haven't listened to it,
around cryptography and the moon math that is coming at us and, you know, the bullishness that we see
from cryptography. Justin, I'm about to close and I usually give the risks and disclaimers
at this section, but would you like to take them from me this time? For sure, yes, it would be
an honor. Go for it. Crypto is risky. You could lose what you put in, including your
steak if you put it with a centralized custodian. But we're headed west. This is the frontier.
It isn't for everyone, but we're glad you're with us on the bankless journey. Thank you.