Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Adam Back & Greg Maxwell: Sidechains Unchained
Episode Date: February 9, 2015Backbone to the financial system? Powering decentralized technology? The first true world currency? There is probably who hasn’t dreamt of a world ten years from now when Bitcoin would be all those ...things. The promise of cryptocurrencies are enormous, but will Bitcoin really emerge as the winner? And how can we reconcile this grand vision for Bitcoin with an ecosystem where projects launch new coins and blockchains every day? The one project that rekindles those Bitcoin dreams and paints a potential path to Bitcoin’s ultimate success are sidechains. Developed by Adam Back, Greg Maxwell and several other Bitcoin core developers, sidechains aims to allow the permissionless, rapid innovation of alt chains, but using the established monetary base and network of Bitcoin. It’s a complex project, but with Blockstream founders and sidechains visionaries Adam Back and Greg Maxwell we couldn’t have had better companions on our journey into understanding the coming Bitcoin-Sidechains-Macrocosm. Topics covered in this episode: The motivation behind sidechains The concept of digital scarcity Concerns about the security of sidechains Different stages of sidechains from federated pegs to merged mining to block extension Episode links: Blockstream Sidechains white paper Saving Bitcoin From Destruction This episode is hosted by Brian Fabian Crain and Sébastien Couture. Show notes and listening options: epicenter.tv/065
Transcript
Discussion (0)
This episode of Epicenter Bitcoin is brought to you by Shapeshift.I.O. With no account of signup required,
it's the easiest way to buy and sell light coin, doge coin, dark coin, and other leading cryptocurrencies.
Go to shapeshift.io to instantly convert all coins and to discover the future of cryptocurrency exchanges.
Hello, welcome to Epicenter Bitcoin, the show which talks about the technologies, projects, and startups driving decentralization and the global cryptocurrency revolution.
My name is Sebastian Quichu.
And my name is Brian Fabin, Khrin.
We're here today with Adam back in Beck maximal to anyone who's sort of following Bitcoin
and Bitcoin's development, they will probably have heard of these two gentlemen.
I was fortunate enough that the first time I went to a Bitcoin conference sort of at the beginning of my involvement in the space.
It was in Amsterdam in 2013 and somehow randomly I ended up having dinner twice with Adam,
which was really super fascinating talking about about.
talking from about Bitcoin.
And so we're really excited to have them on today,
especially because we're going to have a chance to talk about a project
that we've actually talked about many times on the show before
with different people, which is side chains.
Because side chains, I think everyone is in agreement on that
is definitely one of the most interesting and important projects in the space
and also very controversial.
And a lot of people have many questions about it,
so today we'll get to ask all of those.
all of those. So thanks so much for joining us.
Stay, Admin, Greg.
All right.
And I'd just like to say that it's been so long since we've done sort of a Bitcoin episode.
We've been talking so much lately about all kinds of other things like, you know,
Bitcoin 2.0 stuff and decentralized apps and all this other, you know, interesting things.
But it's nice to just kind of come back to the roots, right?
To a good old, good old Bitcoin.
Maybe Bitcoin 1.1.
Yeah, let's talk about Bitcoin 1.1.
So, well, let's get started right off.
Can you guys, for those who haven't heard about it, or for those who have, but want to sort of, we remember what Sightchins are about, what is the main thing that Sight chains is trying to accomplish?
Yeah. So what sidechains are trying to do is address a sort of fundamental limitation we run into in the Bitcoin space. So the whole Bitcoin network and Bitcoin system works based on consensus. It's this big distributed cryptographic infrastructure that produces a currency as a side effect of all of the computers coming together to agree all on exactly the same thing. And this is quite complicated to get right. But most importantly,
It means that we all have to be doing the same thing.
And having to do the same thing is really bad for innovation,
because it basically ends up being that you've got this enormous, difficult-to-change, distributed system
that has to decide on the behavior for everything that's going on in the system.
And so if you want to make an enhancement or add a feature or do something interesting with your Bitcoin
that the system doesn't support, you're kind of stuck.
You have to convince the rest of the network to add functionality.
And that's a difficult way to develop software, and it's politically limiting, right?
Users shouldn't have to ask the network for permission, even if it's a decentralized network,
for different ways of using the Bitcoin.
So the obvious alternative to sidechains is to, well, let's just start a new cryptocurrency
for every kind of application, every new feature set, every new functionality, maybe for every user.
And that works from a technical sense, but it doesn't necessarily make a lot of sense from an economic perspective, right?
Because money has sort of value in its scarcity and starting up a new currency for every new feature set you want to deploy.
That doesn't make a lot of sense.
And there's also no natural stopping point, right?
If someone forks Bitcoin to create food coin, well, why won't someone fork food coin to create bar coin?
and at the end of the day,
a bystander looking at cryptocurrency on the sidelines
may say, well, I'm not going to get involved in this
because it's just constantly getting replaced.
So the whole idea with sidechains is we came up now a couple of years ago
with a very general cryptographic protocol
that says you can build an alt-chain,
like a separate cryptocurrency system,
and transfer the Bitcoin values you already have,
to and from that system.
So you can move your Bitcoin into another,
chain, transact in it, and gain feature set and capabilities, and move coins back if you want
to transact with someone who isn't using that chain.
And so this would hopefully unlock innovation and allow more technology to be deployed in a
rapid manner and not have the network acting as a gatekeeper.
Now, this, like you mentioned, it is a very dividing issue in the community.
Some people are for it.
Others have come out being sort of against it.
And, you know, there are different arguments on each side.
Why do you think that is? Why do you think it's such a dividing issue among the community?
Well, so maybe I live in a bubble, but I've seen some sort of vocal negative voices,
some of which are concerned based on things like any change is a potential risk, which is a concern I share,
and it's actually one of the motivations for side chains.
So I want to stop having any changes happen to Bitcoin.
So that's one vector of concern.
There are other people whom are quite transparently and open about the fact that they're concerned
because they have investments in competing systems and that sidechains may make Bitcoin more competitive with them.
But really, maybe I live in a bubble, but I haven't seen actually a lot of genuine controversy in the technical circles about this.
I think the view of most of the really hardcore technical people involved in contributing.
to the Bitcoin software and really active in the Bitcoin space as opposed to various
all-coin systems has been, yeah, this sounds really interesting if it works great.
And let's see how that works out.
So I would say that that's cautiously positive rather than controversy, from that camp,
at least.
Yeah, I think a lot of the concerns that people have are also around the security, and we will
dive into that in depth today.
One thing that I find really sort of astonishing about the sidechains idea is that, you know, we talk of Bitcoin as a Bitcoin with the Big B, like the network and the technology and the little B, the value.
And then, you know, you can say, oh, those two are kind of independent, right?
You have people who develop on top of a network, but we don't use the thing.
thing I think is separated the other way, right, to say we keep using the Bitcoin, the monetary
value, but we separate that from the network and at least, you know, to some extent.
And I think that's a really amazing way to look at this.
Well, I would even say that it's interesting to say for the purpose of a money, you actually,
money wants to have a monopoly.
You know, money works better when it's sort of grows with a very strong.
network effect and money wants to have, you know, few monies. And we get better in our
op if there's fewer monies. But in terms of methods of transmitting money, we actually want
the greatest diversity of that possible. I mean, the way I transmit money to you should
be between me and you, and no one else should have a say in that. Yeah, absolutely. I mean,
I've heard people say something recently. It's become fashionable to say that they like the
blockchain, but they don't like Bitcoin or something like that. And I think that is not actually
a technologically grounded statement because Bitcoin is the sort of tokenized
representation of security in the blockchain and if you remove I mean and a
blockchain is distributed data structure that provides security and so if you
if you take the currency out of it you you collapse the incentive structure
of it and you have nothing left basically so I don't
I don't think that particular side comment, I've seen it in the media a few times and maybe
some people have commented on that, but I don't think that's actually correct.
Anyway, that was a kind of sidetrack and not directly related to what you said.
Yeah, so like, you know, the...
Go back to what Greg said about being able to extend Bitcoin.
So when I first started getting interested in Bitcoin,
in a technical basis, I came up with some potential ideas and there are a lot of ideas floating
around in terms of things people would like to do with Bitcoin. Some of them are quite direct, simple,
and elegant, useful things to do to Bitcoin and to fix limitations or improve certain aspects of it,
which if we had known at the beginning would have been implemented in a slightly different way.
You know, so one example is for the value of a transaction to be part of the signed data.
So because that's absent, for the kind of offline Bitcoin wallets, they need to drag some transaction history to tell how much money they have.
Because they're not connected to the networks, they can't see a transaction value.
And if you have the value in the transaction, it solves the problem because, I mean, what happens to them if they don't do this extra work is they end up being tricked into spending all of their money to a massive.
fee transaction or something like that because they don't actually know how much money they have.
Whereas if the value being spent is in the signature, you know, that has to be accurate
and the blockchain itself will enforce that's the face.
And so there's a simple fix.
If we could do a hard fork, it would be easy to do that,
but hard forks are difficult in a consensus network and it's a live system.
So you can't just, you know, there's no kind of beta protocol.
So I had some other ideas to go with those, like, um,
being able to encrypt the values so that you can get, you can still have blockchain validation,
but without leaking commercial confidentiality, which is something I think businesses would want to have
in order to do actual share trading or company transactions on them at scale.
And so I got excited about, you know, could we get this, could we explore adding this to Bitcoin?
And I came to realize that, that's actually quite demoniac.
and challenging to do that.
And so then I became interested,
well, could we,
and so I started focusing instead on
how could we have a general extension mechanism for Bitcoin.
And that's when I started talking some time ago now
about the long-way peg,
and Reg later articulated this two-way peg mechanism,
which needs a soft fork to Bitcoin to enable,
is so that you can have
innovation on the blockchain without affecting this kind of, you know, software risk factor.
So, I mean, if you look at sort of internet history, I mean, when the worldwide web first
started and you had HTTP 1.0, you know, there was lots of very rapid innovation on the protocol.
And given, you know, some people draw analogies between Bitcoin and the web and the internet
and so on. And if you look at Bitcoin versus web technology,
at what people are assuming as a similar early phase of adoption, there was way faster, rapid
experimental development going on.
And so the Bitcoin Core can't really directly accommodate that kind of rate of change, even
though the demand is probably there to see some of it.
So this is not to say that the Bitcoin Core is not changing.
If you go look at the GitHub, a number of things are changing, but they're changing in a kind
of focused consensus preserving.
doing sort of critical bug fixing priority first,
and less on the wide-ranging must must
have sort of next generation ideas.
Because you have to control software rescue
tend to have to proceed in small, carefully validated steps
or something like that.
So one of the main criticism has been
that if you have a thousand different side chains,
And a lot of them only have a very small amount of hashing power mining that chain.
It would be very easy and basically free because it's merge mined for any mining pool to attack any smaller side chain.
And so it's not really clear how the security of the side chains would work.
So essentially, I guess the risk scenario would be, right, that somebody holds coins on a side chain.
they use those coins to get back the coins that have been suspended to move money in the side chain
and then they would go back and do essentially a 51% attack
and sort of essentially it would be able to steal the money from other people in the side chain
right yeah I mean so a site chain so there are sort of I guess to say two phases of a
side chain. So the first phase is maybe a loosely coupled phase. And in that model, the Bitcoin
network is an SPV client of the side chain. And so if you look at the existing security limitations
of being an SPV wallet in the Bitcoin network, the majority of the hash rate of miners could
convince you that you've received money that you haven't really, basically, right? Yeah, so some context.
Side chains provide a somewhat different security model than Bitcoin by itself. The difference
are kind of subtle. Because in the long term,
Bitcoin miners could also attack the Bitcoin system, and they lose out the transaction fees
they would get otherwise. And that's also true in side chains. The difference is
sort of the magnitude of what can happen when you attack. So in Bitcoin,
miners who attack the network will lose out on the transaction fees, but all they can do
is double spend, unless they do a really long attack that rewrites
a large chunk of the chain, in which case they can steal all the coins as well.
So there's some subtle differences there in the case where a side chain is,
side chain is an SPV wallet, like an Android wallet or multi-bit or many of the common
or electrum, the common wallets that people use today.
And so what sidechains do is they trust the miners mining on the side chain implicitly,
like an SPV wallet trusts the miners of Bitcoin implicitly.
And that means that a large hash power attack that reorganizes a side chain could potentially steal coins that are stored on the side chain, not just double spend them.
So, I mean, this relates to, so some of your readers would be familiar with softwalks, right?
So there's a way that has been, that has evolved since Bitcoin started to introduce a software change in Bitcoin that is backwards compatible.
And so I'll just outline that briefly because it relates to this discussion.
So the idea is that if you look at the network has multiple versions of software on it, right?
So let's say the current version of software, there's an operation code called opt true.
And if there are Bitcoins with an opt true script attached to them, that basically means that anybody can take the points.
whoever can get to the miner first to get the transaction verified and validated by the miner or receive the coins.
So in practice, that typically would mean that the miners will take the points.
Now, you can do those today, but people tend not to do them because you're distantly losing coins.
But the fact that the opt-2 transaction exists, and it can have parameters after it that will be ignored,
is the kind of seed of a backwards-compatible upgrade mechanism that can be pushed out into the network.
And so how that would work is say that we want to introduce a new type of transaction with a particular feature.
So we will put up true in some parameters that describe this transaction, you know, who the current owner is,
or so we want to introduce a new signature algorithm, like a Schnorr signature or something.
So it's a kind of crude example, so some very technical people might be cringing, but I just want to illustrate the point.
So this signature is in the extension field, and the miners that have become interested to support this new feature, look at the extended information, and they have a narrower interpretation of what optory means.
It doesn't mean anybody can take.
it means to them anybody can take, if they have this schnoor signature
with the public key that's listed in the extended op code, right?
And so basically once the mining of this,
the number of miners who understand this extended interpretation
has reached a decent number, let's say 90%,
then the feature can be turned on,
and the miners would reject attempts to take that coin
by somebody who doesn't understand these extra rules.
So if I, as a naive user, go and say, oh, there's a Bitcoin, anybody can take it, let me take it.
The miners would censor that transaction because I've ignored these extended meanings after it.
So this software mechanism has been used several times.
It was used by BIP 16, BIP 34, and we've used it, BIP 30, we've used it to fix bugs and upgrade the Bitcoin system in the past.
So it's nothing new.
And it's just a mechanism that allows us to extend the system in a way that's backwards compatible.
Right. And so why I was bringing it up is if you look at, so I mean, the idea of sidechings is to allow innovation and upgrade and so on.
So if you look at the way that Bitcoin currently upgrades itself, it's using this kind of soft fork mechanism.
And if you look at what's going on the network, when a soft fork is in effect, there are maybe two or three kinds of users, right?
There's the miners who have upgraded to a version of the protocol that understands these extended meanings.
There's a small number of miners who haven't got upgraded yet.
And if they say anything contradictory with these rules, their blocks would be rejected by the hash rate majority.
And then you've got users who, you know, some users have upgraded and some users haven't who are just clients, right?
And so as a user with a client who hasn't upgraded, you can receive an opt-to, a transaction that was formally controlled by what looks to you like an opt-to address.
So you think, well, that's lucky.
Somebody decided to grab that transaction that anybody could spend and spend it to me.
But what's really going on is that some extended feature allowed that, right?
And so if you look at it from the point of view of the number of users who are still on the old version of the protocol,
they are susceptible to a 51% attack.
You know, 51% of the network could just grab an opt-true transaction, or all of them, and pay it to itself.
Right?
And the people who don't understand the protocol upgrade would suffer that security downgrade.
So you can look at a side chain is basically the same thing.
it's more modular, so it's on a separate chain.
But for people who don't understand the side chain,
when they receive payments from it,
it just looks as if somebody grabbed something
that they understand in a simplified way,
and they're the lucky beneficiaries of that, right?
So I think there's, you know,
it's just to say that this is actually much more similar
to the way Bitcoin works
than people are imagining when they say that
side chains are less secure than Bitcoin,
because actually when there's a protocol upgrade using a soft fork in Bitcoin,
the security properties are essentially the same as adding a protocol upgrade in the side chain,
which is if you're not with the program, if you're not validating these things,
you can be fooled by the hash rate majority.
And so at any given time, in a period after a soft fork in Bitcoin,
there are presumably still lots of clients running on a Bitcoin network
who haven't upgraded from previous softwalks who could write,
now be fooled by a hash rate majority on Bitcoin.
So it's not, it's not changing as much as people imagine it's changing.
So you get up through, the up through basically it looks to someone who hasn't upgraded.
It looks like this is coins I can just take.
Right.
And then is the idea that, but if the majority of the miners are aware of side chains,
are aware of this upgrade, then they will know that if somebody takes that coin that
appears to just lie there to be spendable and tries to spend it, they know that's invalid and they will object it.
So as long as more than half are using the new software, you know, those rules of the upgrade will be respected and people weren't old, they will be confused and maybe try to take the money, but it won't work.
That's how softworks work.
And it really has to be more than just a strict majority or there's network instability,
potentially as a result. But that's the idea.
Initially, I mean there are kind of soft flag days.
Great could explain it maybe in more detail, but when the version, you know, this feature is implemented,
part of the code that introduces the feature, there's like a block number of version increase.
And so all full nodes can look at this block version and the format they can estimate the
proportion of miners that are with the program, that understand the new feature.
because 90% of the blocks that seem to be being mined in this time interval are on this new version.
That tells them that it's now relatively safe to use the feature.
So it tends to get deployed a kind of two-stage thing, where it's in the network,
but nobody would create one of those blocks until the hash rate reaches its,
what has been deemed in acceptable mining ratio, minor understanding ratio,
and then those transactions are safe to use.
I mean, if you use them before, there's a possibility that some of the,
could just say, oh, well, I'll take that coin.
It looks like anybody can take it, right?
So it's deemed that it's not safe to use it until this software understood proportion of miners
understands it.
So this sort of explains how it deals with the thing, right?
Because when you move a Bitcoin to a side chain, you're sort of like suspending it in
it's lying there, and, you know, this deals with that thing.
But can we come back to the question of the question of the...
the merged mining.
So one thing that often comes up in sidechains discussion is that there's this assumption
that side chains have to be merged mine, and that really isn't true.
I mean, the sidechains white paper is also quite explicit about this,
that merge mining is an option for sidechains, but it's a design option that each side chain
could choose to use or not use.
I think it's almost always a prudent option, so we talk about that a lot, but it's not
fundamentally necessary.
The issue that comes up with merge mining that often gets cited is that in the case of merge mining,
you don't have kind of a hardware capital cost because you have that hardware to mine Bitcoin.
And so the incentive versus attacking is basically do make more money attacking versus mining honestly.
And you don't have to worry about this upfront cost of the hardware.
I think normally when we analyze Bitcoin security, we kind of ignore.
the upfront cost of the hardware just due to latent hash power and things like purchase cloud mining
that you can buy mining on demand. So I just wanted to mention that merge mining isn't really
essential to side chain's proposal because it does often come up. So then going back to comparing
like software upgrades in the Bitcoin blockchain and a side chain, which is another kind of protocol
upgrade, right? Now, you could re-articulate the situation of a soft fork upgrade to say that
the people who have upgraded, so the subset of the Bitcoin network is upgraded, you could view
that as an in-chain side chain, right? There's a subset of people who understand an extended
feature. That's exactly what sidechains do, and the people who have not upgraded and aren't
aware of those rules are susceptible to losing their coins to a dishonest, hash majority,
that does understand those features. And so basically, a side chain is sort of, if you want to
express it that way, a generalization and modularization of that existing upgrade behavior.
So to make that more concrete, one of the advantages of sidechains is that by making
the Bitcoin network effectively an SBV client of the side chain network, we get
very loose coupling so that the problems on the side chain network don't leak into the Bitcoin
network. But we get that at a cost of a different security model, that hash rate on the side
chain network can steal all these coins when normally the hash rate you have to compete with
is the hash rate on the Bitcoin network. Now, if there's merge mining and there are transaction
fees, hopefully these hash rates are relatively equal, but maybe they're not. And there's some
different models that you can think about how Bitcoin should be secure. Like should Bitcoin be secure,
as Satoshi said, if 51% of the hash rate is honest, or should we require something stronger,
like evidence that the economic incentives are such that 51% of the hash rate will be honest,
you know, not an assumption, taking that assumption away and using the economics. And so there's
a risk that if you've got this side chain thing where you could potentially mind Bitcoin honestly
and attack the side chain, that it might be in your economic interest to do so.
And so that's a byproduct of this loose coupling.
But one of the things pointed out in the side chain white paper is that this loose coupling
isn't inherent.
You can sort of pick your degree of looseness.
So one possible outcome for sidechains, and there are several different ways the side chain
security can be boosted with complex cryptography that we can talk about for hours.
But one of the pathways is to say, well,
the Bitcoin network could, like a regular soft-working rule, enforce the validity of side-chain
blocks. So the Bitcoin network, the Bitcoin hash rate, the Bitcoin miners, won't allow you to
make a side-chain recovery transaction unless the side-chain says you can do this.
Now, there's a downside, and it's listed as a risk in the side-chain's white paper,
that now this introduces sort of the complexity of the side-chain into the consensus model
of the Bitcoin network. So it tightens up that coupling that was previously loose.
But on the flip side, it makes the security story basically the same as the Bitcoin security story,
where if the miners are a Bitcoin are not totally blowing up the system, the coins can't be stolen.
So, I mean, yeah, concretely that would mean that, you know, you go through a loosely coupled phase where, you know, let's say 85% of the miners are merge mining.
And so those miners have both of Bitcoin D and a side point D.
but there are separate consensus rules running in there.
And when you, if, but they actually have the information, right?
So if an attack was going on where somebody was collecting Bitcoin reward
but attacking the side chain, the miner actually has the information there, right?
He's already running the demon, and the side chain demon is saying,
wait, wait, that's an incorrect block.
You know, somebody's taking something that they don't own or what have you.
And so you can at some point do a soft fork, and what soft fork looks.
like is just to tie the consensus together so that the Bitcoin D says, okay, this is a valid
Bitcoin block, but it also wants a response from the side chain demon that the associated
merge mine block on the side chain is also valid according to the side chain.
And if it requires both of those to be valid, then it's equivalent to a soft fork.
I mean, you would get the same outcome.
If the side chain logic were copied into the Bitcoin code base, it's just in a separate
But doesn't this get rid of one of the main arguments for side chains, which is that you can have all the
certification without introducing risk to Bitcoin?
I mean, this seems to introduce a lot of risks.
So, I mean, there are two kinds of risks.
So one kind of risk is a consensus risk that the code in the side chain is more complicated.
I mean, there's three.
I mean, there's also just a sheer complexity risk, right?
but if that's packaged up in a demon with process separation,
your kind of complexity and security risk can be managed.
The other kind of risk is a consensus risk.
So I think as long as the side chain demon was deterministic,
maybe you don't care so much,
but because it's a generic binary,
it's hard to be sure of determinism.
Maybe it has some random factor or random bug that on, you know,
Some operating systems it says one thing and on another operating system it says the conflicting thing.
And if Bitcoin is relying on that, it could fork the network.
So that becomes dangerous.
And so what you really need is to impose determinism on the experimental or extended code that goes in sidechance.
You need a robust way to enforce determinism.
And that's where abstract virtual machines that are security focused, like Moxie and Moxiboxybox, come into the picture.
So what that is is the notion that you can have the code that runs for the side chain
run in a very simple CPU simulator, or simple virtual machine,
kind of like the Bitcoin script system that is exactly the same on all of the Bitcoin hosts.
And that allows you to be very sure that the side chain validating code runs identically on all of the systems.
And so this allows you to get around this risk to the consensus from nondeterminism.
There's another point here, which is that, yes, tightening the coupling does weaken the argument for side chains somewhat.
But what's nice is that you have this sort of on-ramp where you can develop a new side chain.
The security story is weaker than Bitcoin's security story, but you don't have to cooperate with anyone.
You don't have to get anyone else to run it.
You just go.
And then if that becomes widely used and the security becomes important and everyone is using and depending on it,
then it would be reasonable to say, okay, well, this system is reasonable.
is using it anyways, now we'll just regard it as an upgrade to Bitcoin. And then we can use tools
like deterministic virtual machines to make it a safe upgrade to Bitcoin, even safer than the changes
we've been making in the past. Well, we've got lots more to talk about. I'd like to come back
to use cases and talk about economics, also Bitcoin Core development and also talk about
your company, Blockstream that's working on all this. But first, let's talk about Shapeshift, our sponsor
for today's show. Shapeshift is the fast and easy way to buy and sell altcoins. They support,
I think, over 15 alt coins now. And you can get started by with ShapeShift by, oh, that's wrong.
You can get started with ShapeShift by going to Shapeshift.io and using their currency conversion
tool to convert all the altcoins that support into any other altcoin of your choice. So for today's
demo well we're going to show you the shape shift lens um google chrome extension and i wanted to tip
actually i thought this would be fitting for today's show i want to tip nicodacourtois for
writing for his excellent article saving bitcoin from destruction right here so i suggest everybody
read this article it's on better blog dot better crypto.com nicola courtois of course is a well-known
and a supporter of the side chain's proposal and I'm going to tip him for his article.
So if you go to the bottom of his website, he's got a donate button right here.
And I'm going to use Dogecoin to tip him on his Bitcoin address.
So I've clicked on the donate button. I've got the little Fox icon right here. I can click it.
Oh, and the demo guides are not, are not with us today.
That's okay.
I could just take the address, go to ShapeShift, and I'm going to say I want to send Dochecoin to Bitcoin.
I'm going to paste the address here, hit start, and then scan the address.
And there we go, I'll send them a dollar.
Now it's just awaiting the exchange in just a few seconds that there you can.
go so it's waiting in exchange now so as I said it support a bunch of different
alt coins they're adding all coins every week again I really recommend this article
have you guys read it no I haven't but it seems to be worth at least a one
dollar in Dogecoin yeah and so we're just waiting a change now and it should
be completed in just a few seconds yeah so the nice thing is you can sort of be your
own payment processor like you reverse payment processor like you know bit pay
goes from crypto, Bitcoin to Fiat, you can be like, you're on your end to go from whatever
to whatever other cryptocurrency they support.
It's taking a little bit longer for today.
I don't know why.
Yeah, so shape, shift.
It's a fast and easy way to convert your Bitcoin to any altcoins or vice versa.
And you don't even need to create account.
This is a great thing about it is that your privacy is protected.
And they only take a small fee for their services.
And that's integrated in the amount that you, that you, that you,
transfer up front. So head over to ShipShift.io, give it a try. Tell us what you think,
and we'd like to thank them for those support of Epicenter Bitcoin. Now before, when we just briefly
discussed before the show, you mentioned the increase in block size, right? So that's the way,
I guess, this merged mining would be accomplished. Can you explain how that will work?
So another way to look at a side chain is this other thought experiment, which is, could you
increase the block size without doing a hard fork? Like, could you soft fork in a block size increase?
And perhaps surprisingly to some people, actually, you could. And the way that would work is that
you have the Bitcoin block, which is, say, one megabyte. And you introduce an extension block,
which is 10 megabytes, or if you want to take it to the extreme, like a gigabyte or something,
huge, so that you can think about the centralization side effects of actually practically doing it.
So, you know, the Bitcoin blockchain, the one megabyte block has a Merkel tree, some kind of data structure representing all the transactions in it.
And there are ways to sort of add links into that, which are ignored by people who don't understand the links.
So you can sort of add a hook in at the bottom of the one megabyte block tree, so a whole other tree.
So let's say a tree for a 10 megabyte or even a gigabyte block could be hooked in there.
And then you could consider adding a new transaction version and people who have upgraded software could look at and understand the transactions in this extension block.
And then, you know, so if the majority of miners are receiving these transactions and understanding them, they can facilitate people who want to do transactions that wouldn't fit in one megabyte because they're very low value transactions or their transaction.
or the transactions that are currently happening off the blockchain, for example, in exchanges and so on,
that then they could have a hope of fitting into this larger extension block with some other trade-offs.
And so it's easy for an existing Bitcoin user to pay to an extension block address,
because it would just look like a P2SH address or something.
They don't really need to understand too much about the criteria of the recipient
because how the recipient spends their money using some extended rules
and parameters is their problem.
The sender can send money to other people.
The harder part is to think about how somebody in the extension block could send a Bitcoin
to somebody who only understands a one megabyte block.
And how that works goes back to what we were saying about how soft forks work, which is that
you have transactions and coins resting on what looks like an opt-true address, right?
So from the one-megabyte block's point of view, if people don't understand the
extension, there might be one suspiciously large op true address that holds, you know, all of the
coins in the extension block, which could be a lot of coins.
And so if they had to receive a payment, it would just look like somebody decided to send,
you know, a fraction of a Bitcoin from this huge Bitcoin address that anybody could take,
that for some reason the system decided to assign to them.
And they might have a go at taking those coins, but of course, the miners understanding
the full details of the extension block would block any such a test.
And so you have the similar kind of thing, but in chain now with an extension block.
And so in addition to allowing different block frequency and different block sizes,
the more interesting thing perhaps is that you could put additional features in an extension block.
So it could be extended to do some of the same kinds of things that people are interested in side chains to do,
such as support additional types of assets representing shares or other things that people are interested in,
you know, smart property and so forth.
And it could support, you know, extended smart contracts or zero cash or whatever else people are interested to experiment with.
And again, for software risk and determinism, so you'll notice there's a difference there when we said,
really to get the best assurance of security on a soft forked side chain, you would want to put
the side chain code in a moxie box like environment. You notice that that hasn't so far been described
for the extension block. So the code that is validating the extension block is in the same
code area and has access to shared memory or something as the Bitcoin D. And so that
introduces an element of software complexity risk. So you can observe that you could
run, the validation rules for the extension block could also run in a moxie box container,
and I think you would have similar reasons for arguing that that should be done to control
software risk. The point here is that when you can think of this sort of extension block line
of thinking and realize that in the extreme end case where the rules have been soft forked in
a side chain, the extension block and the side chain are effectively the same.
thing. Right. So it's sort of another line of thinking to get to the same kind of potential
approach to handling these things. So if I may jump in here, so you were talking of a Bitcoin
client like Bitcoin D and then there would be the side chain D. Doesn't that mean there has to be
an agreement of like the side chain D like what that client does? So does that mean there's one
side chain client that may have let's say zero cash and micropayments and
and different block sizes, et cetera,
but there has to be an agreement on what's in there?
Or how would someone go about creating a new side chain
and putting it in there?
Now, the behavior of it would be defined by the side chain damon itself.
And in the case where Bitcoin is actually enforcing the sidechains' rules for transactions,
there would just be a simple RPC between the two damens
where side chain D says, yep, this side chain block is valid.
So if it tells you to spend coins, you can spend coins.
And that's what the side chain would tell Bitcoin and vice versa.
So the softer would still be separate in the case of a side chain,
even if it were soft forked into the system.
Right.
So the observation is you can be soft forked.
I mean, the soft fork just means that a block has to be valid for both versions
or both points of view to be accepted.
Because that means if somebody tries to, you know, put an invalid side chain block,
or take some coins that the side chain rules don't allow them to take,
they wouldn't be able to pass that second test.
And if the Bitcoin D is softwarked with a side chain D,
it won't allow that because the side chain D says,
no, that's an invalid block, right?
So that would punish people.
If you consider the extension block case,
and you could have multiple extension blocks,
and each extension block would be implemented in Moxiboxybox scripts,
definition of an extension block is basically, you know, among the shalt-256 hash of the bytecode
that represents the compiled version of its validation.
Then you can have quite good assurance in a side chain-like way.
The other aspect of a side-chain is it provides a security firewall so that, you know,
the only people with coins at risk of the validation rules being in some way limited or defective
is people who put coins into it.
So you would have that kind of assurance between extension blocks.
And you could argue that this may provide a path forward for Bitcoin to improve its security.
So earlier we talked about the fact that whenever Bitcoin goes to a soft fork,
because some feature has been added to it, and as Greg mentioned,
this has happened a few times in Bitcoin,
there's a transition period where some subset of the users have not yet upgraded,
and some of them never upgrade,
and those people are at some degraded security level.
such that the ability to do a soft fork admits change to the network.
And if you have a moxiboxybox-like container and you can put the validation code in it,
in the longer term, perhaps you can put the main blockchain's validation code
into a moxiboxybox container.
And then basically what's left in the core is much simpler.
It's a moxybox interpreter and some basic thing about,
choosing the longest block all right and so if if we can do that and we have
much simpler core code we can reach a higher level of software assurance and
disallow further softwalks which is actually you know it's a security
enhancement for the blockchain because if as a user who is not you know
keeping up to date and understanding these new extensions or you know it's
basically you could view softwalks as allowing miners to giving them additional
power to propose rules. I mean, it's not a black and white thing, but it does slightly
elevate the ability of miners to bring soft forking rules into the network. So it would be possible
technically to block further soft forks. And if you have moxiboxybox extension blocks, which can
be added into the network, that becomes an upgrade mechanism that doesn't need soft fork risk
because it's still within network, right?
It doesn't require a core change.
You can introduce a new extension block,
and all you need is the interpreter of the Moxiebox byte string
and the longest chain rules,
and then you can move coins between them via the core or directly.
So these are just general ideas
that they're not concrete yet,
and they're not in the immediate future.
But some of this thinking has been circulating for a while.
So from the Bitcoin Core perspective, we've been working on reorganizing the code base so that it's easier to isolate the code.
So that easier to isolate the code that implements the consensus algorithm.
And one of the reasons that we're doing this is because it makes it possible to try out things like moving the whole of the consensus algorithm into a bytecoded virtual machine to get better assurances about the consistency of the consensus in the network.
So this couples into that.
So you can take that idea and extend it more broadly and make it so that you can extend the network also through adding more code that runs in this very rigid virtual machine and not have such an ad hoc process for extending the system.
So we want to talk a little bit more about the sort of economics and big picture questions of that.
But perhaps to bring this down to a level that is a bit more like graspable for people in concrete.
Can we get into some of that?
For example, how would a side chain then be created in this kind of scenario where they'd be run as these extension blocks?
So, I mean, somebody would write some caves, carefully validate it, maybe get other people to audit it.
and sign, you know, make a digital signature, like you have code signing, so you could have code
in existing systems. And then they would start to transfer, you know, publish that in the blockchain
and start to transfer coins in it. And other people who were interested in the features of that chain
would do likewise and benefit from those features, but it's kind of opt-in. And, you know,
people with coins in the main blockchain or other extension blocks are not affected by some
kind of subtle bug in the validation of a brand new extension block or something like that.
So the point that Adam was making is that they would actually, in this sort of grand, extreme
version of this idea, you would actually have the capability to publish your new
crypto system rules as a special kind of transaction and says, okay, I'm defining, I'm creating a
new extension block, and here's its rules. And you would just advertise this into the network,
and it would get mined into the network like any other transaction. And then people could continue
to send funds and interact with these new rules that have been introduced that run in this
sandbox in the network. But does that mean the rules will have to fit into a transaction?
They'd have to fit into a specially formed transaction for it,
which is why it's very important that the bytecode for this be succinct.
So you'd have to implement the rules in the context of it.
But a transaction can technically be a megabyte in the Bitcoin system today.
So that's actually quite a bit of code.
And it's more code than is in the current Bitcoin consensus code right now.
Okay.
Yeah, I was going to say something else, which is that, you know,
in an ideal world, Bitcoin would have been born like bug-free, perfect, complete, extensible,
and the core could have been frozen and soft forks disallowed by some technical mechanism.
So this is basically a sort of long-term tract to arrive at that position, right,
or to get closer to that position, because Bitcoin has a set-off,
features and rules which are fundamental to its meaning. And nobody wants those to change,
obviously, right? I mean, the key point here is that if Bitcoin, we have this sort of twin
pooling, right, where in one direction, if Bitcoin can change, it means it can change out from
under people and potentially compromise the promises it made to them about their autonomy and
control of their money. But if Bitcoin can't change, then it's mortarbound and can't adapt to people's
new needs for their money. And so what Adam is,
trying to talk about here is how do you push the system into a case where there's a rigid
core part which we can use everything in our power to prevent from changing at all. And so everyone
can depend on that, but still have enough extensibility so that when people need to do
functionality, that it's not precluded. So I would like to talk about an idea that seems to me,
at least listening and talking to you as well, Adam, and hearing you speak about this in
in other context, that seems to be very central to what you guys are doing at Blockstream
and what side change is about, which is this idea of digital scarcity.
Why is that important?
So I think much earlier Greg had mentioned, actually, I'm not sure if that was in the prequel
or not, but the idea that, you know, money is a kind of social network, so it benefits
from network effect.
And, you know, at the extreme, if everybody has their own money supply, it ceases to make,
have meaning because that's basically an IOU.
And, you know, there's no limit, right?
I can print an IOU up to the limit of what people are willing to trust me with.
And so that's no longer scarce at all.
And in between, we have maybe a situation where, so I think it's useful for that to be
digital scarcity in a sense, I think you mean, because, you know, if, you know, if,
we have too many
forks.
So we start with Bitcoin,
there were some early alt coins, let's say,
and
they grew a bit,
and then somebody forked them.
And if that were to,
you know,
if Bitcoin were to disappear,
and all we were to left with
is a constantly sort of growing
to a certain viable size
and then forking because of competition,
it would be an unattractive proposition.
Bitcoin would lose, you know,
the properties of money
about unit of account,
medium of exchange,
store of value, Bitcoin or the cryptocurrency that's left would lose its store of value because,
you know, the bubbles pop every three months or something.
And that would be, you know, that would be bad.
It would lose some of its security because it's not a long-term stable thing.
It would lose it to store of value property and it may fail to reach unit of account property,
which needs, you know, wider use and sort of less,
volatility which would come with more unified use.
There's another point to this where there certainly are applications for cryptocurrency
technology that don't involve any scarcity at all, but the networks themselves involve
some scarcity, right? A network, particularly a global broadcast network like a blockchain,
has limited capacity, whatever that capacity is, right? Computers can only handle so much
and if you make it too big, the decentralization goes away.
So one of the things you can do with a scarce asset, you can't do with a non-scarious asset, is you can align the incentives.
You can say, okay, well, to use my resources, you have to pay me, you have to pay me some money of some kind.
And because money is scarce, I know you can't unfairly exhaust all of my resources because you're just printing an infinite supply of money.
Actually, yeah, that's interesting.
So the other thing that people sometimes wonder about is could you, you know,
start a new cryptocurrency or add support for other types of assets into a cryptocurrency,
and then use those other assets that are issued by people or businesses or have you
as fees.
And I think there's a fundamental limitation, which is a blockchain can't validate the scarcity
of something that's issued by humans, right?
So if I issued a coin in my garage or something and I used it as fees, I could,
completely flood the network because, you know, tomorrow I could decide to print a billion
of them and saturate the network so that nobody else could conduct transactions. And the
problem is the network has no way to know whether I am somebody just playing around or trying
to create mischief or a reputable business or bank that has, you know, some client funds or
gold on deposit or something. It's not something it can validate. So for fees are basically
to make the network work smoothly
and to prevent denial of service
and to sort of allocate resources in the network.
And for that to be the case,
they need to be something directly machine readable
and understandable.
Like the fact that it's scarce has to be validatable.
Right.
So if we have lots of people creating things
just definitionally, that won't be the case.
And it also, I guess, won't tend to be the case
in new independent networks that spring up.
because you know they tend to come with larger and larger numbers of points like a trillion
points or more what have you right so those are not they lose their scarcity sort of
definitionally at some point so scarcity also in that way is is a kind of element
so absolutely necessary for for true decentralization no because if you if you
don't have that then in a sense you depend on an issue or something
Good observation, yeah.
And one of the things, and I don't know if you guys share that view, but one of the things
I find kind of interesting, so like let's say Bitcoin has achieved a certain success today
as a store value.
And the question is like how far can that go, right?
Like will we ever, for example, be able to say like I keep my savings in Bitcoin as sort
of a prudent person, not someone who is like crazy risk taking?
And it seems to me that maybe Bitcoin is the only chance, right?
Because let's say Bitcoin doesn't work out.
Or let's say we sort of hope Bitcoin's going to be it.
But then somehow Bitcoin fails.
There's the next thing.
And then that's it.
But the thing is, if Bitcoin isn't it, so if it wasn't like the first one and now this
is the one that's going to sort of represent a digitally scarce unit of value,
then wouldn't there always be the first?
fear or the possibility that there's going to be something else later that's maybe better,
right? So I think maybe also from that perspective, the idea of having a purely digital
sort of tied to Bitcoin. Did you see that the same way? Yeah, I think that I, so from the very
first beginning that I got involved with Bitcoin, I somewhat felt that this was sort of as a
cypherpunk. This was kind of our one chance to get a worldwide used by practical people,
digital currency, because if it fails, if it fails, people won't sign up for the successor,
right? Because they won't sign up because they won't trust it. They won't sign up because,
you know, they'll just be waiting for the next successor, right, the point you were making.
And, but at the same time, Bitcoin, you know, as released in the very first version,
couldn't be something that replaced all of our fiat money in the, you know,
Bitcoin's just another digital kind of more fair fiat money.
It couldn't replace the other fiat monies out there because it didn't have the right
properties.
They had a lot of the properties, but it didn't have the scale and the flexibility that you
can get with, you know, insecure, issued kind of fiat monies that exist in the world today.
So that is a lot about what sidechains is about, is about how do we preserve Bitcoin as
the first one, the thing that has the irreplaceable unique starting position as being this
surprise technological marvel, but expanded out so that it can cover the whole world and be used
in many more applications. Right. I mean, I don't see, you know, as we can see already the viability
of sidechains and extension blocks and other potential extension mechanisms, any reason to suppose
if somebody finds some useful extensions and useful scaling improvements or additional features,
the ability to support other asset types, why there's no fundamental reason that can't be added
to Bitcoin. If it's useful, it should be added. I mean, yeah, you know, so when we talk
about network effects and internet and so on, that arose because everybody built around an
interoperable neutral standard. And I think Bitcoin also has the
property of being neutral, there's no proprietary ownership or control or vested interest
that's centralized and associated with it.
So one thing we've been talking about quite a few times in recent episode, so I don't know
if you guys are aware of Robert Sam's and his paper on scenery shares, and we talked with
this about with Vitalik of Ethereum as well, is the idea of a stable cryptocurrency.
So there's the question of to what extent is volatility a problem.
and to what extent is volatility going to go down as Bitcoin is more adopted?
Personally, I think volatility will remain high for a long time, even if Bitcoin gets
very widely adopted.
So the kind of idea of maybe Bitcoin's going to be relatively fine as the store value,
but if you talk of a unit of account, I have some doubts that this will ever be stable enough.
So what do you guys think of that and what do you think of the actual?
the idea of stable cryptocurrencies.
So I don't know so much about the sort of, you know,
funky things where there's some sort of algorithm and reserve pool
that implements a conventional currency peg, you know,
that tries to prop the price up by buying because, you know,
I talked to some people with an economics background about that,
and they were saying that if you look at the existence,
financial system typically when those things arise they are unstable and
collapse you know they're often constructed as synthetic assets built from
derivatives in the underlying asset and you have a problem that the the market
for the synthetic is different as a smaller market and there's an element of
belief and trust so somebody can bet against it and you saw this where
George Soros but against the British pound and and you saw it more
recently with a Swiss franc right there was some loss of um you know confidence or they felt
that they had gone as far as they wanted to go or whatever reasons they abandoned the peg
sort of conventional currency peg and so even automated systems will tend to have that problem
that somebody could decide to bet against it and you know the the algorithm is fully laid out so
you can decide to do that so so many of the specific prop I haven't I may not have seen
the specific proposal you were referring to.
Ones I've seen in the past often had problems where the algorithmic behavior could be rigged
by minor censorship of data in the blockchain.
So there were some really interesting ways to game it.
But if people want to experiment with technology like that, the more power to them, right?
Maybe it's possible, maybe it's not.
But if it's valuable to people, they should be able to create it.
I think that one of the neat things you can get with Bitcoin is you, regardless of how
that stabilized daily currency works, the unit of account currency works, and regardless of
whatever its security properties are, it could be backed with very strong Bitcoin behind it.
And then maybe you're willing to take some trade-off where you lose some security over how
that system works, that maybe to get around problems like minor censorship, you build
the stabilized currency that has some central banker signing off on its peg rate.
And, you know, that would be attractive to some people.
And I may think those people are foolish, but they should have the ability to try out that idea.
Yeah.
I mean, so we don't know where Bitcoin is going in terms of its kind of wider use, you know,
for the use of it to grow for international settlement or actually to reach unit of account status.
So that's quite hazy and speculative.
We can see it grew very fast over the last few years.
So within a few more years, some surprising things might come to pass.
And there can be some political interest to see a genuinely neutral currency exists
that isn't within the kind of remit of a given country or a group of countries
to do quantitative easing or have political influence over it.
So they could be interested in that.
and I suppose you could draw some loose analogy to the gold standard, which survived, you know, for, I don't know, 6,000 years or something, plus or minus, depending on how you look at it, and was actually used internationally, you know, I mean, currencies, like coins issued by reputable central banks,
physical gold coins were accepted internationally for a long period of time.
So I don't know if that necessarily works in this day and age, but maybe.
And also you can look at gold and see that even gold is relatively volatile at this point in time.
So it is, yeah.
And I mean, the other thing is that you could look at a blockchain.
I mean, a blockchain is a good sort of financial networking technology for storing all kinds of things,
be they shares issued by companies that have some intrinsic rate.
to ownership of the company to allocate new share issues and sell those units or what have you.
But also, fiat currencies could be issued into a blockchain format,
and there's something interesting about the ability to do that.
So, you know, a central bank could make some assertions about their intent.
So monetary policy committees have usually some remit and self-imposed or political constraints.
you know, objectives around the inflation rates or state assurances about the level of
quantitative easing they would engage in different market conditions.
And some of those things could be expressed as a smart monetary policy statement and enforced
by a blockchain.
So if you took a weak currency, and I guess there are a few hundred currencies in the world,
and we're maybe more used to dealing with the top 50 to 25 of them, but some of the lower
ones are quite volatile and have currency exchange controls and hyperinflation and volatility,
that if one of those weaker currencies were to issue its currency onto a blockchain,
and together with an assurance that it wouldn't engage in more than 2% quantitative easing,
and the blockchain could enforce that, that could add to their attractiveness of that currency
because they would basically be voluntarily ceding some political control to provide a stronger currency assurance.
So can we talk a little bit about the issue of mining centralization, right?
So because in my view there have been a few sort of main criticisms of Bitcoin, right?
And I totally agree with you that the idea of this stable cryptocurrencies, well, it's very attractive, but so far there are no,
implementations, although some people told me this new bits thing, but I haven't looked into it.
So there's mostly that thing, but at least the Robert Sam's paper, it's not implemented,
and it's more complex, so there definitely will be additional risks.
So maybe it doesn't work.
But the other thing is the whole question of the security of mining and whether Bitcoin mining
really is fit and will be fit to back the security of a network.
potentially worth hundreds of billions or trillions of dollars.
What are your views on that?
Well, so, I mean, the Bitcoin network has gone through different phases of relative centralization.
And some of the centralization we see is artificial in the sense that it could be removed
with simple protocol changes.
So, for example, when you use a pool, often people are seeding.
their vote of which transaction set is valid to the pool, even though they have their own hash rate.
And that's not technically necessary. I mean, you could run your own full node to decide
on which transactions you think should go in the next block and then separately use the pool
to reduce variance in mining. Those things don't have to be tied together. So if we could see
those separated, the mining centralization would look a lot better than it does right now.
But there is obviously some centralization arising from people who,
actually own their own basics.
And there's a kind of reverse of that.
So maybe Greg, you want to talk about the smart property.
Right.
So there's another angle on this where mining centralization occurs
because people will, they often co-locate their mining hardware
in places where energy is inexpensive,
where it can be held in one spot.
And there are some dis-economies of scale that show up
when you put a lot of mining in one place.
It's expensive to cool.
it's expensive to get the power to the location.
But there are still plenty of reasons to have large mining facilities.
And so these mining facilities become, they become risk points for the network.
There are places where someone could seize control the facility
and have a bunch of hash power, which they could use to attack the network.
So one of the ideas that I've been working on with the number of other people
is building sort of next generation mining A6 that have intelligence in them
so that they have an idea who their actual owner is,
and when that owner is different than the person who sort of has physical proximity to it.
So the idea is that there's some keys that are known inside the mining chip,
and then the work you tell the, when you compute your consensus vote,
you tell your mining chip what to mine,
has to be signed or authenticated with those keys,
so that the mining hardware only follows its actual owner.
And the actual owner could be far separated, right?
Like, you know, the mining hardware is in a data center in Iceland, but the owner is, you know, in Idaho.
And what that means is that then this physical facility is less of a point of centralization risk
because somebody who gets physical control of the facility, all they can do is, you know, turn it off.
Or they can begin a very expensive process of trying to decap each of the mining ASICs and trying to extract their private keys, which isn't practical.
So, I mean, you can think of that as a kind of smart lease, you know, so if you buy a mining contract or you buy the ASIC but it's housed by somebody else, you can opt to use this new feature of the ASIC to program it to say, well, I just bought a 12-month mining contract.
And so this chip will itself defend against anybody requesting it to mine anything that I haven't signed for that period of time, after which it might change its control or it might, you know, remain in my own.
control and I take physical delivery of it. So it gives you the flexibility to further separate
ownership from the physical location of the chip. Yeah, there's there's a number of technical
measures like these that can be used to improve the centralization of mining. And this has been
real important to us because obviously keeping mining very decentralized is essential to the security
of Bitcoin and anything that depends on it, right? It's essential to the Bitcoin network
end of the Bitcoin currency and any side chains.
So there are a bunch of tools we can use to improve it,
and we're not sure what level of impact those tools will have yet.
Right. I mean, you could say also, I mean, I think you maybe were asking a higher level
question like geopolitically longer term, that longer term, other, you know, there is a
metro incentive to see decentralization, because if cryptocurrency as embodied by Bitcoin
is going to have wider use and more value is going to depend on its integrity, now,
central banks and countries, all these kinds of people and large Bitcoin ecosystem players
and payment processes and exchanges all have a strong interest for there to be decentralization.
And so there's an easy way to achieve that, which is they just buy and maintain a small
percentage of a hash rate each.
So if you imagine in the far future where some segment of large companies on stock exchanges
are involved in finance, which is using block.
blockchain technology and there, let's say, you know, a thousand of them worldwide, maybe between
them they own like 50% of the hash rate independently and like the public at large and other
interested people own some. Then there is decentralization and it's very difficult for somebody
to take that away from them, right? It becomes a kind of balance of power kind of structure.
I mean, right now it's sort of enthusiasts and some companies, some sort of people doing it as a
profit-making enterprise, but if you were in this position, you wouldn't even need to make a profit, right?
You could just aim to make not too large of a loss to retain a decentralization.
And if you're taking a small loss because you depend on the decentralization of the network,
it's very hard to compete against the loss.
You could make a bigger loss, but then that's not attractive to do.
Well, I mean, one problem that I see if this is this is sort of a public good scenario, you know, and I don't
I don't know if I would buy this, that this would actually work.
But my maybe bigger question relates to proof of stake,
isn't that just in case one gets some sort of good working solution
superior because essentially the security is the value of the whole network,
not just a subset, which is the value of the actual hardware?
You have a key point here is that if someone gets a good solution.
And it seems, so time travel is also fantastic if someone gets a good solution.
Perpetual motion is also a good thing if someone gets a...
So you don't believe it's possible.
So I was very excited when the first proposals around proof of stake came out in 2011
and thought like, okay, this is going to radically change our risk factors in the future.
But on deeper analysis, we ran into some really fundamental problems that basically you can only work around by making a very different security tradeoff, where you abandon civil resistance or you rely on centralized signers.
And we've seen this in systems that have been deployed out in the wild, where they've deployed proof of stake systems which were attacked, and then they resolve them by applying things like a developer signing blocks to prevent reorganizations.
So, if it were actually viable, it would be very interesting.
But it seems that it's probably not without some different security model.
Different security models can be okay, but they're harder to analyze.
And it's not clear that you don't get the same thing you get from Bitcoin.
It's not clear if the thing you get is actually useful.
Yeah, so a couple of things to add maybe so.
One is there's a sort of economic principle to my
So there's a kind of mining commodity price that the market finds where miners will be willing to expand up to the current market price of the commodity to mine it.
And so if you radically change the cost of getting coins, presuming there is still mining going on, there's a potential for that economic self-interest to flow somewhere else, right, to result in buying,
political favors or influencing this committee or influencing the committee that's handing
out coins or you know attacking a host security or that that built up economic
demand has to go somewhere so it's maybe not necessarily a bad thing that a
commodity costs has a production cost right so add a little more color on the
the proof of stake system right there's it basically a general a generalized
counter argument that you can basically take any proof of stake system and say, well, okay,
what happens if you just, you own some coins, say you owned all the coins at the beginning of the
network.
The network goes on, you sell your coins, you exit the network, but then later you show back up
with your original coins and create a simulated network, a second fork of it, and you show
it to someone who's new to the system, and they can't distinguish between the honest network
and the dishonest network.
So that's a very fundamental difference.
And so what you basically end up having to do to fix that is to say, okay, well, we're not actually going to use proof of stake as our consensus mechanism.
We're going to use like Ask a Friend as a consensus mechanism.
And you can do that, but it has a very different security model.
It's what Bitcoin explicitly doesn't do because Ask a Friend is incredibly difficult to automate in a secure way because of civil attacks.
You know, people who pretend to be many entities in order to rig the state of the system.
So it's a process that gives you a very, I think the proof of stake.
of it is really a distraction, right? The security of that system reduces to whatever you do
to repair the nothing at stake attack. And sometimes those trade-offs are good in some
environments, and maybe they're not good in others. Yeah, often it seems to degrade into a different
proof of work, which is to grind alternate transaction histories to find one which results
in you receiving the coins. So, you know, if that's how it degrades, you're better off
to stick to a proof of work because you can build ASICs for it, which avoid...
So if you were to be able to find a proof of work that can't be optimized by ASICs, which seems generally impossible.
But hypothetically, then it's vulnerable to, you know, renting equipment on a temporary basis.
So going and renting a large portion of Amazon's cloud computing infrastructure.
So you really don't want short-term renting of mining equipment.
And if mining equipment is generic, as would be the case for, you know, grinding alternate transaction histories for proof of state, then you have a problem.
So, I mean, if somebody finds a solution, I mean, as Greg said, he was interested in it until he saw the limitations.
And if somebody does find some magic that solves it, great.
You know, Bitcoin would be very happy to see that happen and would adopt it.
So if this is interesting to you, you should look.
So Andrew Polstra wrote a little white paper that sort of summarizes the common deep technical under soul.
Yeah, so it's got some good information.
Although what it doesn't try to do is do a point-by-point rebuttal of the infinite series of sort of ad hoc patches that people have tried to do to get around the fundamental issues.
But that's pretty interesting, and I recommend people familiarize themselves with that.
It's some good food for thought.
But yeah, if it's made to work in a model that gives good security, it would be useful to use.
It's just I haven't seen it yet.
And a lot of the things we've seen proposed recently for proof of stake,
are actually older ideas that had shown up on Bitcoin Talk
and in Bitcoin Wizards a couple of years ago
and had sort of been discarded
because the goal really there was people were trying to get proof of stake
to offer a decentralization and security like Bitcoins
and couldn't use some of these ideas to achieve it.
But maybe they're still useful if you're willing to make
some different tradeoffs in the security model.
Maybe at some point we'll have to come back to this topic
because it's one that's also been coming up.
And it would be really interesting, I think, to spend some time really digging into that.
So what is the timeline for side chains?
By what time and date do you think this is going to be implemented or what parts of it are going to be implemented at what time?
Sure.
So what we've been trying is we've published the initial white paper and gotten sort of a very well.
widespread response to that. And I consider it a big success, not just not really because of the
excitement it's created, though there's certainly been a bunch of that, but because lots of people
have reviewed it and commented on it and haven't surprised us with any sort of deep fundamental flaws
that weren't brought up in the paper and that, you know, we're unknown. So that that's sort of a
big point of success. What we've been trying to do with the work that we're doing on side chains is
to avoid exhausting review capacity.
So there's this problem in the cryptocurrency ecosystem in general
where someone will propose some system
and I walk up and go,
nope, insecure, I break it this way, toast.
And then they'll go, okay, okay, I'll fix that,
and they apply some band-aid,
and then I'll walk up and then it takes me, you know,
10 minutes to break it,
and then they apply some band-aid,
and it takes me an hour to break it,
and then they apply some more band-aids
and some other people come,
and they break it out,
after weeks of work.
And at the end, you get this sort of patched up system,
which is maybe secure because no one knows how to break it right now,
or maybe it's insecure because everyone got exhausted
in reviewing it.
And so what we've been trying to do with the sidechains work
is there's this trade-off where we want to have
a very interactive development process for this infrastructure,
but at the same time, we don't want to exhaust review capacity
by putting stuff out that people will analyze
and then it has easy shortcomings,
and then it's sort of exhausting that review capacity.
But one of the things we came up with in the development of sidechains
was a way to do this sort of soft launch of it,
where you can use all of the side chain technology,
but with a weaker security model called the federated peg.
So the idea is that instead of soft-forking the changes into Bitcoin for a side chain,
you create a side chain like normal,
and then there's some federation of functionaries.
These are parties that hold private keys,
and they'll sign transactions if the side chain code
would have permitted the transaction to occur.
So they're sort of standing in as a protocol gateway adapter.
Now, the trade-off is that if they wanted to,
they could just steal the coins.
So there's some protection against that
in that there would be a threshold of them.
So this is laid out in one of the appendixes
of the sidechains white paper,
And what it lets us do is release side chain software, people can start using it.
They could use it with real Bitcoin, real value, just reduce security because of the
the federation steals the coins.
And then we can gain experience with the technology and show that it's useful to people
and that it has value and that it's realistic and that the software can mature.
And so we're planning on publishing an implementation in a demo of doing that in the next
month or two. And I'm not giving really concrete timeframes because this is cryptographic protocols
and it doesn't do anyone any good to release something that's trivially insecure. And so it's sort of done when
it's done. And then beyond that, we have to see where it goes from there. It'll take some time for
the initial system to mature and for people to gain confidence enough to start saying, okay,
where can we start introducing the soft forking additional script up codes to make it so you can do it
without the functionaries, without the federation.
So by what time do you think we will have some of these side chains running?
I mean, there may be the lower security ones with the federated pegs?
Yeah, just a couple months, two months, one month, two months.
Oh.
Yeah, we have them sort of like the people working on it have privately versions of it that run today.
And we have for some time now.
It's just that it's all immature and buggy and, you know, not really ready,
not really ready to burn people's review cycles on it.
And I don't want to publish it and then have people go, yeah, this, I can crash it like this.
I'm like, okay, yeah, we know that.
It's a demo.
It's got to have some level of integrity before it, before it is really worth people's time to review.
But the actual technology is very easy to develop in the context of just the federated peg.
So well, I don't know if you want to maybe very very briefly the idea so with Blockstream
You guys raised quite a lot of funding
What is the business model behind this or are the investors who put in money? Do they think of this more as a sort of a public good?
And and maybe there are also Bitcoin holders and they think this makes sense because it increases
So that indirectly maybe the value of
their Bitcoins.
So there's definitely an element of public good here.
And in particular, a special form of public good, right, which is, you know, building
infrastructure that Bitcoin needs going forward.
But there's also other business angles on this because there's a line of thinking that I
agree with, which is as sort of the best kind of charity is self-supporting, right?
That you can build a business and the business will receive money because it's doing
things people want.
And then you can use that to do more good, build more infrastructure.
And that's a more sustainable model than just putting money down a hole
and hoping some good comes out of the other end.
So it turns out that once you have this sort of future vision of a world
where Bitcoin is infinitely flexible because you're not stuck in one network,
there are many businesses that you can create out of that.
But you have to get to that first.
So one of the reasons that we raised a fairly large amount of money
was to be able to have the runway to go and give a decent shot
at building this complex, secure cryptographic infrastructure
required to make the other folds of the business possible.
And so to give you a taste of some of the other things that we're doing,
what we're doing is far beyond side chains,
is taking some of the cryptographic concepts of Bitcoin,
these decentralized, provable, secure systems,
and extending them out into the greater business world.
So allowing institutions to make proofs about their books and their finances and tying that back in to the Bitcoin blockchain.
So being able to make smart contracts, which are dependent on those.
But to actually make that real and make it worthwhile, Bitcoin itself has to be more flexible.
Another angle on this is that we have a way to build bank-like services, private servers that can achieve really high transaction volumes.
We're talking about tens of thousands of transactions per second, like the kind of thing you'd need to run in exchange in a cryptographically provable way, but also can't seize people's funds so that they have better security properties than the existing systems.
But in order to make that kind of system possible, again, you need a kind of Bitcoin ecosystem, which is more flexible and can speak to more powerful external systems.
So, I mean, I think Bitcoin has a lot of, I think the smart property and smart contracting
features of Bitcoin have a lot of potential beyond Bitcoin as a currency, which is to say that
you know, your Bitcoin is also providing a kind of real-time audit capability, which is lacking
in a financial system.
When something goes wrong in a financial system, you don't tend to find out until a year
or two later after an audit, kind of, you call them like post-mortem audit.
or something, right? You discover the problem and it's too late and you've got some economic collapse.
And so with the blockchain-like mechanism and a real-time audit, it basically means that each unit of
value that you receive comes with a compact proof of, you know, full balanced books and audit
of the entity that it comes from. So if you build out into the further future where, let's say, a
company and all the internet work companies eventually have their income and expenditure
and dividends and shares all tracked on a blockchain, you can avoid some systemic risk kind of
effects, right, where you don't really know like the credit rating of a company or the
credit rating is misleading or that it turns out it has some large undisclosed debts, or
or has an insurance policy against the liabilities,
but the insurance company is ever extended.
So all those kinds of things, if they're all represented,
all those liabilities and assets and money flows are represented
in a blockchain format with a real-time audit,
you can potentially squeeze out a lot of systemic risk from the system.
And one of the interesting things is,
because of some of the cryptographic features you can build,
you can provide the companies with commercial confidentiality about who they have contracts with,
what their profit margin on those contracts are, how large the values of the recurring payments
for a monthly service contracts, all of those kind of things can be hidden from public view
while simultaneously validated.
So you can make the books add up without disclosing the values due to some kind of encrypted value stuff
that can be made to work.
So I think that's a very interesting high-value thing for humanity to get that kind of assurance.
And I think ultimately, you know, regulators and policymakers and central bankers and businesses
and society at large will value that and see it as a way forward.
But they're going to need help to migrate into that new world.
And in order to make it really valuable for them, it's going to need to tie into
systems like Bitcoin.
And there's just a lot of
cryptographic development. We have to do
to span from what the world is today
to the world that we know it's possible.
Right. And you see
also some limitations in
the Bitcoin ecosystem where
people are over time
improving the security mechanisms.
So, you know, most
of the Bitcoin ecosystem isn't
directly using smart contract
assurances initially.
You know, so where you have like a failed
exchange like Mount Goggs, people are pretty much trusting that in a conventional credit
worthiness, prudently operated business sense. And then we're migrating, you know, people are talking
and starting to deploy multi-signatures. And ultimately, actually the business logic can potentially
be implemented in and enforced by the blockchain. So to give an example, you know, let's say
if you had an account with some Bitcoin in it and you wanted to impose a daily spending limit.
So right now that might look like a multi-signature where you have a smartphone that you might lose
or what have you, it might get compromised.
And there's a central server somewhere that makes a second signature and it won't sign if you go over the transaction volume for the day.
So the problem is that's a step forward improvement.
But if something that compromises a central server, those limitations no longer apply.
So with a bit of work in extending the smart contracting ability, you can have the blockchain
enforce that business logic.
And that extends and scales ultimately to, you know, you want to be programming to get the
most assurance by having the blockchain as a kind of narrow AI that's perfectly honest in forcing
these rules.
So I think that's where the future lies in the longer term.
Yeah, no, I mean absolutely.
I think there's going to be a lot of...
need for this kind of thing and the capabilities to actually implement those is going to be
you know they're going to be extremely rare so I'm sure you guys will be in a great
in a great place to help making a lot of these things come true now we're kind of at the end
our show we went very long I think this may have been our longest episode ever or like
maybe second longest or something so thanks so much for joining us today
I must say it's such a complex project and my understanding of it has been a little bit turned upside down.
So I'm still trying to wrap my head around some of the aspects.
So thanks so much for joining us today, guys.
Thank you.
It was fun.
Thanks.
So if people want to learn more, I think the best way is probably your website, blogstream.com.
Is there some other place you want to appoint people to?
Side chains white paper is a good place.
People haven't read it yet.
And then I encourage people to go and read what's being written about out in the wider community.
Ultimately, if this stuff's going to be adopted and used in the Bitcoin space,
it's more than about what we're saying about it.
Absolutely.
And we definitely look forward to some of those first sidechains coming out
and being able to try them out and see how they work.
Yeah.
So thanks so much for joining us.
and thanks so much for, you know, all our listeners to listening to this episode.
We will be back next week.
And if you want to, you know, you want a support show.
You can follow us on Twitter at Epicenter BTC.
You can also leave us a review on iTunes or sign out for a newsletter, which goes out, well, once a month now,
although we'll also be sending out the episodes on there.
And you can do that at Epicenter Bitcoin.com slash newsletter.
So thanks so much and we look forward to being back soon.