Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Christian Reitwiessner & Jason Teutsch: TrueBit – Scalable Off-Chain Computations for Ethereum
Episode Date: April 4, 2017Bitcoin and Ethereum miners collectively make up what is perhaps the most powerful computational resource in the world. However, mobile phones from the early 2000’s could arguably run more complex o...perations than these networks combined. While blockchains themselves may never reach the level of computational power of modern computers, they may be leveraged as the underlying verification layer for centralized computing. We’re joined by Jason Teutsch and Christian Reitwiessner. They are the co-authors of a visionary whitepaper which describes Truebit. This protocol would allow complex computations to be executed on off-chain systems while being validated by Ethereum miners. The results of these computations would consequently be available to on-chain smart contracts. Truebit makes clever use of proof systems and game theory to build a protocol where a Task Giver can ask a third party, the Solver, to execute a complex computation in exchange for a reward. Not limited to Solidity, these could be executed in traditional languages such as Go, Python or C++. Verifiers could then challenge the results, incentivising the Solver to be honest or see his reward be stripped away. This incentive structure would guarantee fast and reliable results while eliminating the need for a trusted third party. Topics covered in this episode: Jason and Christian respective backgrounds in the ecosystem. The core problem being addressed by Truebit Why a scalable decentralized computational resource is desirable How Truebit makes use of proof systems and game theory to enable trusted computations off-chain How the verification game works the incentive structures proposed in Truebit The various use cases for Truebit How Truebit could allow for blockchain interoperability without the need for “blockchain of blockchains” type networks Episode links: TrueBit Website TrueBit Subreddit TrueBit: Scalable Computation talk by Christian Reitwiessner at Ethereum Meetup in Berlin Slides for the Scalable Computation talk This episode is hosted by Meher Roy and Sébastien Couture. Show notes and listening options: epicenter.tv/177
Transcript
Discussion (0)
This is Epicenter, Episode 177 with guests Jason Toich and Christian Reitfichner.
This episode of Epicenter is brought you by Jax.
Jax is the user-friendly wallet that works across all your devices and handles both Bitcoin and Ether.
Go to J-A-A-WX.I.O and embrace the future of cryptocurrency wallets.
Hi, welcome to Eppacenter of the show which talks about the technologies, projects, and startups driving decentralization and the global blockchain revolution.
My name is Sebastian Quichuio.
And I'm My Hero.
So today we have a really awesome episode for all of you.
We are going to talk about TrueBid, which is one of the truly visionary projects that I see in the ecosystem.
So TrueBid is a project that somehow scales the amount of computation we can do using smart contracts.
And we are going to talk to the people who wrote the white paper for TrueBid.
They are Jason Toitch and Christian Reitwisner.
So many of you would know Christian from from his role at the Ethereum Foundation
where he leads the development of solidity remix and the form and their formal
verification effort Jason Jason it has had like postdoc positions at
multiple universities including NUS in Singapore and we're going to interview the
two of them today on their efforts at true bit so before we start let's have
a brief background about both Christian and Jason, starting with Jason. Jason, tell us how
you got into the blockchain space in the first place. I think my blockchain story
starts back in 2014 when Project Xxana, who was a computer science professor at the
National University of Singapore, invited me to work on a research project with him. And I read my
first research paper about Bitcoin as I was on my plane over to Singapore. He had given me
the paper that you wrote called Power Splitting Games which is about it was a
block withholding attack that sort of hurts Bitcoin mining pools and I thought it had
some interesting game theory in it so I was I was
sort of excited about that. And so, so, I mean, of course, Pratic before he came, you sort
of mentioned the project that we were going to be, he had mentioned a project about sort
of verifiable computing. So, sort of, you know, this is, you know, people send tasks out to
to cloud, so there's this sort of cloud computing going on these days. You send, you ask Amazon to
perform a task for you and Amazon comes back and says the answer is 47. Well, how do you know the answer is 47?
Besides, I'm just saying, well, I trust Amazon. I mean, can we do better than that? So, you know,
I started when I came into Singapore, we were looking at sort of, you know, what sort of problems are easy to verify.
Maybe they're hard to compute, but they're easy to verify. And, you know, one day I'm sitting in
in Pratik's office and graduate student walks in,
and Loy Lou, he walked into the office and said,
hey guys, there's a new cryptocurrency, it's got a turn-complete
scripting language.
You know, it's called Ethereum.
It doesn't exist yet, but there's a guy, you know,
Vitalik Buterin who's going to make it happen.
And, you know, it didn't take long for us to sort of
of the verifiable computing meet blockchain.
And that was really the birth of the consensus computer.
What is the consensus computer?
It's basically a way of making Ethereum smart contracts
to compute certain tasks correctly,
specifically those which don't require much verification.
So you turn Ethereum into a sort of computer.
So we wrote the first academic paper.
about Ethereum. And that was, you know, two months after I had, you know, read my first, well,
really found out, two months after I knew what the Bitcoin was. So I was really a newbie here.
We sent the paper to CCS, which is, you know, one of the major security conferences in the United
States, and they rejected our paper. You know, they said, you know, this attack in your paper,
it's never going to happen.
You know, it's just, you know, it's a bunch of theory.
But, of course, then during the rebuttal period,
the attack did happen on the Bitcoin Network.
So that was the July 4th, 4th.
If you remember, July 4th, 2015,
there was a fork on the Bitcoin Network,
which was six blocks long.
And the next day, July 5th,
there was another one that was three blocks long.
So our paper sort of predicted
that failure on the network.
And, well, they changed their mind.
Our paper got accepted to CCS,
and what could I say?
We got lucky.
So that was actually,
that was the beginning of True Bit,
although none of us really knew it at the time.
So that's kind of how it all started.
And Christian,
so you've been involved with Ethereum
for quite some time, too,
Tell us about your background, how you got to be involved with Ethereum and leading up to this current important time working on TrueBit.
So, yeah, actually I don't remember when I first heard about Bitcoin and blockchains.
But I was observing Bitcoin, but no, it was really a part of it.
And I always felt I was missing out on something.
and then
I mean I was also always interested in
this peer-to-peer stuff
and decentralization
and yeah
taking away the power
from centralized entities and so on
and then
yeah I have a background in computation
complexity
so yeah
the theory that talks about
computation and resources needed for that
and so yeah
during the
the pre-sale for Ethereum. I heard about Ethereum for the first time and yeah, I really felt,
yeah, that's it. I have to, I have to do that. So I joined in October 2014 and, yeah, started working
on solidity. Yeah, and I think so how did I get to true a bit? At some point, I think it was
the discussion about the, yeah, I think we'll get you into that later.
about the Dogecoin bridge and how you can verify the Dogecoin proof of work on Ethereum.
And I think it was a discussion with Vitalik.
And we came up with the general idea, I think.
And I think at some later point, Jason Vitalik met you at a conference,
and he told you about that, right?
And then that's how we got the connection.
Oh, that's right.
Oh, yeah, there's this guy at this conference.
he has exactly the same idea.
That's right.
We were right.
So I guess Petalek put us, introduced us together,
and the rest was sort of history.
But I wanted to mention, you know, in terms of my background,
you know, I'm a mathematician.
And, you know, I think one of the things that was so, you know,
really, really struck me, you know,
and it was a game changer when I,
about the CCS paper, you know, I never in my life had a time when, you know, a current
offense, like, sort of directly impacted the research that I was doing. I mean, it's just sort
of unthinkable in mathematics, you know. We don't wake up in the morning and say, you know,
is the Pythagorean theorem going to be true today? I mean, does it depend on, you know,
anyway, I can come up with any number of examples. So for me, that was like kind of like a real
eye-opener and it's sort of, you know, and now, you know, being in Trubit, you know, I can't even
imagine being, you know, interviewed for the work that we're doing and stuff like this. It's,
it's tremendously exciting to see that, you know, mathematics can have, you know, an impact
in the real world and especially, you know, game theory and...
I could totally understand that. Like, here's...
at some level it sometimes feels like here's most of us you know just a just a bunch of
nerds you know thinking about like money gold nature of money nature of computation in your
case mathematics and suddenly with this technology it's like you know all of our thoughts
suddenly start to have real monetary impact you know like like we would do we do things like this
just as a hobby but now it turns out like our hobbies are worth you know like in aggregate
like billions of dollars and you know like with us episodes we make can influence the markets
right like like recently we did an episode on ripple xRP and lo and behold like two days later
everything else is down but ripple xRP is like up 25% and you're like what happened to
ripple xRP at that time and and it's almost as if like you know you know
like things you do end up connecting to the real world in this technology in a strange way.
So I think it must be similar for you on the, on the mathematics side of it.
So Christian, tell us like about your journey in Ethereum.
Like when you started working with Ethereum, did you ever think it would be so big?
Did have recent events caught you by surprise or did you expect it to be so influential?
I mean, it was a gradual thing, right?
So we always thought, I mean, the potential of this is huge.
And we thought about, oh, I'm, yeah, this might be used in the real world somewhere.
And we wrote the code and we had some of the early ideas and so on.
But, yeah, I mean, it's still not mainstream.
So it doesn't feel like, I don't know, my parents using it.
It's definitely, yeah, grew quite big, right?
So moving on to the topic that we're here to discuss the true bit,
I have to say I've dabbled at the white paper.
It's a very interesting concept on the face of it.
Now, I'm hoping that you guys can shed some light on how it works
and what the use cases are.
And so explaining to us at the core,
or what Trubit is trying to solve as a problem
and then after we can go into how it's doing that?
Maybe we just start with what the problem is first.
I think in order to say what problem we're solving,
we need to sort of explain where we are right now.
Sure.
So smart contracts that are in Ethereum,
so I'm going to sort of assume that people are familiar
with what smart contracts are.
They're basically programs that live on the blockchain.
They're uncensurable.
They're unstoppable.
They do whatever they're programmed to do when they're first issued.
But they have very limited computational capacity.
You can't do anything more than very trivial tasks with a smart contract.
And, you know, there's a gas limit in Ethereum, you know, so that sort of gives a bound on the amount of computation you could do.
So, you know, Trubbit is a solution which basically
makes allows smart contracts to do, you know,
real computation like you'd expect on your home computer,
for example.
But, you know, but let's get the elephant out of the room.
You know, why not just wipe out the gas limit?
You know, that's the obvious thing.
You know, then everyone can just compute whatever they want.
But it's just simply not secure.
So for one thing, you know, folklore say, you know, why can't smart contracts do more computation?
A lot of people say, well, it's because everyone in the network has to duplicate everything.
It's just too expensive, you know.
But that doesn't, you know, you, that's very superficial level.
I mean, you could always pay people more.
So if you scratch a little bit deeper, the real reason you can't do substantial computations over the Ethereum network is that you're basically
asking the miners to do these computations for free. Now everyone knows about transaction fees,
but those only go to the minor that finds the block. But every minor has to now check these blocks.
You know, they have to check it for free so they know which is the longest valid chain.
And you're asking to do it for free. Remarkable that they're willing to do anything for free.
I mean, but they're willing to do a little bit for free. This is the sort of the amazing piece of Bitcoin
in Ethereum that makes it.
work and if you go back to the, you know, idea of the consensus computer, yeah, you can compute
things that are trivial, but what's, what's, you know, we had a piece there called the,
what we call the verifier's dilemma, and what does that mean? So basically, you said, suppose a,
suppose a task came in that was actually difficult to verify, it took a minor a long time. So now there's
this sort of incentive for a minor to skip the verification, right? So, so he could, he could, you
could skip the verification. Well, that's bad because then you could get wrong things on the
blockchain. But it's even worse than that because even though the minor can skip, skip verification,
if everyone else is also verifying, he may end up by skipping, you know, mining on the wrong
block. So, so then he doesn't, a rational miner doesn't even know whether to verify or not, right?
I mean, because if everyone else is verifying, he better verify too.
And if everyone else is skipping, then he has to skip.
But for a very high computation, it's impossible to know what, you know,
Minor wants to be on the longest chain because that's sort of the convention.
But that's what the verifier's dilemma is about.
Don't know whether to verify or not.
So you can get all sorts of garbage onto the blockchain if you just ignore the gas limit in Ethereum.
And not only that, but you could have denial of cert.
service attacks too because people just throw stuff out there to waste miners time and they
have finite resources.
If I could refresh, let me see if I'm getting it correct.
So what you're essentially saying is that, so in Ethereum we have this analogy of the
world computer, right?
That a computer is basically a machine that executes, is able to execute some form of instructions.
And in history, like we have implemented computers as these mainframes inside universities,
as desktops, as laptops, as mobiles.
And like Vitalik's sort of idea was that you could imagine a whole blockchain network as this
computer that can also execute these instructions.
It can like you can store data there and you can basically do any kinds of computations
on a blockchain network.
And these computations are called smart contracts and you can
obviously also put data in these smart contracts.
Now, if you think of, start thinking of it as a computer, it can only do very limited
amounts of computation. So I think somebody compared it to being like a smartphone,
right? Like it can, it can do a very little amount of computation. What you're saying is like
what true bit is trying to do is kind of scale it from just being, just having the capability
of computing equal to let's say a smartphone to something maybe, you know,
thousands of millions of times greater.
And the other piece you're saying is that what is the ultimate reason why Ethereum the system
is only able to do such less computation?
There you're saying that the reason for that is something called the verifies dilemma, which
is that if the four of us are minors in Ethereum, like spread around the world, and let's say
there's a one of us discovers the next block, so Jason discovers the next block, so Jason discovers
the next block, then Jason is paid for that block to include transactions and computations
inside the block. But then there is no incentive for Christian Sebastian and Meher to verify
that what Jason claims as the results of these computations are actually correct. Is that right?
Right. They don't get paid for it. So there is, I mean, there's an incentive in the sense that
if they don't verify, they might end up mining on the wrong chain and they won't get rewards. But they
don't receive a payment for the verification per se.
Yeah, for Ethereum, it's also a bit different because, so at the point where you stop
verifying, you're also unable to include new transactions yourself, because in Ethereum
you have state, and you need to update that, and if you only have the Merkel route of the
state, you can't really update the state.
So if you stop verifying as a miner, you can't get fees from including transactions.
But yeah, you can mine empty blocks, so that's still an option for you.
So tell us what is the core concept behind TrueBit.
How are you, what are you doing and how do you intend to do it?
So we have basically two assumptions on TrueBit.
One is that the consensus computer works.
In other words, smart contracts can do trivial computations correctly,
and this is just an empirical observation.
We see Ethereum doing what it's supposed to do, and that's why people use it.
The other thing is that we assume that people, you know, participants are rational.
And by rational means they're working individually to maximize their own personal profit
in collecting Ethereum tokens or whatever Bitcoin.
Well, I guess we're really talking about Ethereum here.
So let's just focus on that.
So of course the assumption of rationality is somewhat idiosyncratic.
It's also somewhat pessimistic because Satoshi Nakamoto said that, you know, the majority
of minors are just going to be honest.
And while that may have been true in the very beginning when people, when Bitcoin was getting
started and it was about the politics and the people really didn't trust the government and
that's why they were there playing Bitcoin.
Since then, you know, we've seen, you know, people switching from CPU hardware to ASIC
miners so they can get more coins.
Also, well, I guess we can't judge people's intentions, but people are switching hardware.
We see, we also see that, you know, miners joining mining pools, in effect, changing the
software.
So my feeling is people are, you know, miners are actually in the network.
They want to make money.
I mean, that's sort of the assumption of a few bit.
So how can we, given that most people are rational, you know, how can we sort of take advantage of this sort of natural inclination that people seem to have?
So those are the core two pieces, and we will assume that, you know, we have this small thing that works correctly and we want to blow it up.
So we do this in two pieces.
So first of all, how can you get a tiny computer, like a consensus computer, to even check a really hard computation?
So we designed this game, which we call the verification game, which Christian alluded to earlier.
That was what Vitalik heard about the verification game for me, and he heard about it from Christian.
And for those of you who were around back in 2011, you might have heard it from,
Kenetti, Riva, and Rothblum, who published a paper with almost exactly the same idea.
Of course, they didn't have cryptocurrency in mind, so it was, you know, really about a situation of cloud computing back then.
But so, so what we do is you're, you imagine that there's the
consensus computer sort of acts as a judge.
So you have one solver who says, here's the solution and a verify
who says, no, it's not. So the consensus computer just has to adjudicate and decide who's right.
Well, it creates a game in such that the judge only has to enforce the rules of the game,
but doesn't actually have to do the computation itself.
So in each round of the game, you reduce the sort of possible places where the error could occur.
So the judge has to pinpoint the error, and eventually it becomes such a small piece that he can actually look at it
and determine who was right, whether the challenge was justified.
So I'm trying to understand what a use case of this might be
and tell me if this makes any sense or not.
I want to use a world computer, a distributed computer,
to do something like compile software.
Like, I want to compile the Ethereum Go client.
Is this something I could do using Trubit?
And if so, then how would I do that?
And if not, where am I getting this wrong?
So that's a very interesting use case.
And let me modify it a bit.
So can I use Trubit to verify inside a smart contract that a certain piece of solidity source code
was compiled with a certain compiler into a certain piece of EVM bytecode?
And that's definitely something that can be done with Trubit and yes, it's one of the use cases.
Okay, because earlier we were talking about so this idea that you could, I don't know if this was pre-show or what,
but we're talking about this idea that, you know, the model right now is you have, say,
AWS and you ask AWS to do some kind of computation that could be calculating some really complex formula
or doing some encryption or maybe decryption or maybe maybe,
compiling software or you know encoding video and as far as i understand it true bit is a way to do this
in a distributed way so that you don't have to trust amazon or you don't have to trust a central
entity and ethereum does that but it does that in a way that only is available for smaller computations
and not large computations so if this is the the premise then how does that port over then
to Trubit? Or am I getting the premise wrong?
I guess one thing I sort of maybe like to clear up is that, as you pointed out,
Truebit is a completely democratic system. There's no reputation. There are no upper class nodes.
There's no, you know, federation or anything like that. In that sense, it resembles Bitcoin
in the way Ethereum originally was and the way Ethereum is right now.
And in fact, when an error occurs, it's also a different kind of consensus where it's not a majority consensus.
We're talking about a unanimous consensus, right?
So anyone on the network can challenge a solution before it hits the blockchain.
Anyone can do it.
And then they will play this verification game.
I guess the real trick, if you want to say, to getting Trubit to work is, you know, how do you convince people to actually play the verification game?
I mean, normally, if everyone knows that all the answers are going to be right, then who's going to be around to check the answers, right?
I mean, if you get, for example, if you get a prize for fighting a bug in the, in the, in the, in the, in the, you find a mistake in the computation, but you know that you don't have any reason to believe that mistakes will actually occur, then,
Why are you wasting your time doing the verification at all?
Trubit is in two parts.
The first one is this verification game that we just discussed.
And the second one is an incentive layer to convince people that they should participate in verification.
The idea there is that we sort of force the system to occasionally create mistakes so that verifiers are
actually got to look out for them and, you know, they have an incentive to participate
that way. So you have a, we call this a forced error mechanism. So occasionally,
Trubit will create these forced errors and then the verifiers should find those and that
should keep them available and interested in playing the game and it also serves as a sort
of a proof that the verifiers are actually verifying because otherwise how does the system know
that anyone's checking the answer that's the problem I think we need to go into
the basics concept basic concept a little bit right like so imagine imagine like this
they did like this simple scenario this Sebastian right and Sebastian wants
wants to run a smart contract that is going to consume 50 million gas units
right doesn't it doesn't matter what Sebastian wants to do it is it is
it is something that is complex enough like he wants to run a very complicated gambling lottery
right it has a it has a lot of rules and in order to do some steps inside his gambling application
he needs 50 million gas today so today if you look at the ethereum system the gas limit is what
like 5 million or something right which means sebastian's transaction will never fit into an
an Ethereum block as it stands today.
Now what you're saying is like true bit is a solution that Sebastian could use to have to have a smart
contract computation that can that can run in enough steps to consume 50 million gas.
Now how would it work?
How would how would Sebastian get his computation or transaction that consumes 50 million gas
into the blockchain.
Like, what does it need to do?
And who are the players that allow Sebastian to do this?
True bit itself is a smart contract in Ethereum.
That's what it is.
It takes that form.
So I guess you can think of it as a smart contract
that can be called by other smart contracts
that need additional gas.
And then this Trubit smart contract, if you will, will recruit the other parties needed and incentivize them properly to make sure that the output of that contract is the correct answer to the query that came in.
I mean, the main parties you have there is that you have a task giver who's the one who sends in the task that needs to be performed.
You have a solver who's going to provide an alleged solution,
and then you have a verifier who's going to make sure
that that alleged solution is actually correct.
And then you also have the miners who function as judges and referees
to make sure that they play by the rules of the game
without actually doing the computation themselves.
And those are the players.
So normally when like a computation happens on Ethereum,
computation is triggered by a transaction.
So for example, I created transaction and that transaction like triggers a computation and then
there's an output to that computation.
And I broadcast this transaction to the miners and the minor that includes my transaction
the next block has to make the computation and all of the other nodes have to verify that
computation.
right now in this case what we are doing is when i create a transaction that like triggers a very
large computation the blockchain sort of outsources that computation to an individual solver am i
am i reading that right that instead of all of the nodes of the ethereum network needing
to do that computation they're going to outsource that computation to a particular solver which is like an
individual machine and in order to ensure that that that
the output of that individual machine is correct, there are going to be other verifiers
that are going to verify that that output is correct and this game between
solvers and verifiers is going to ensure me the user that the output given by the
system is correct. So this is not something which needs to be implemented as part of
Ethereum itself. So nothing in its Ethereum itself changes and
So that's why I wouldn't use the term transaction.
It's just a tribute will just be a smart contract, which people can use by calling its functions.
I mean, in the end, of course, you send transactions to that smart contract,
but it doesn't automatically, so as part of Ethereum, we don't automatically outsource this computational tasks.
And the forms of these computational tasks are also different than what you currently have on Ethereum.
So you don't have the Ethereum virtual machine, for example.
We plan to use a similar thing, but a different virtual machine.
And it's also important that, I mean, that's kind of an implementation detail,
but the tasks that are to be performed have to be kind of pure functions.
So you don't directly have access to the blockchain or things that are available in solidity
like MScd.C.Sender and all this stuff.
You can make that available via
Merkel proofs to the blockchain,
which are easy to verify in such a true-bit computation
because you have a lot more gas, in quotes, available.
I'd also like to add that, you know,
clear up the roles that are being played here,
that anyone can participate in the network,
anyone can choose to be a solver,
the way that the protocol is, is, we designed it, is that, you know, it's, essentially you, there's a lottery that's, that chooses who gets to be a solver, but anyone can always verify. And of course, the more the merrier, the more, you know, we only need one verifier, but if you have more, it doesn't hurt. So, but these, these solvers and verifiers live, live off chain. And really the, the, the only thing that sits on the blockchain itself is the enforcement of these rules of the game.
Let's take a short break to talk about Jax.
Jax is your wallet, your complete user interface to cover all your blockchain needs.
I've been using it and I've been loving it.
Jack supports a lot of different cryptocurrencies.
I suppose Bitcoin, Ether, Litecoin, Ethereum Classic, Zcash, Augurip, and they're adding
many more keep responding to users' needs.
Now with Jax, a nice thing is that you can manage all of those coins within a single
wallet and you are in control of your own private keys, they're not on their server.
And there's a single 12-Vird seed that you can use to backup your wallet, all your coins,
and sync them across different devices.
Talking about devices, they're on pretty much any device that you can think of.
You can get it on PC, Mac, Linux, you can get it on smartphones like Android and Apple and iPhone.
You can get it on tablets or even browser extensions for Chrome and Firefox.
And on top of that, in Jax, you can actually exchange different cryptocurrencies for each other
because they've integrated a shape shift.
And more partnerships and integrations are coming down the line in 2017
that are going to make Jax even better.
So Jax is really making blockchain and cryptocurrency successful for the masses,
easy to use for the masses.
Make sure to get your own Jax wallet at Jax.I.O
or you can get it from any of the app stores you are using.
We'd like to thank Jax for their supportive epicenter.
Let's define then what is a, so there's different participants
right there's a task giver the solver the verifier i think there's a challenger too or is that
define each of them like who is a task giver who is a challenger who is a solver is a verify and what do they
do so you have the task giver which basically specifies the the function to compute the program
to execute and the input so the task giver is the one who sends the smart contract to the to the
blockchain yeah i wouldn't call it a smart contract it's just a a program to execute
execute. Okay. It can be a smart contract, but it's just a program to execute. And the task
giver also provides a pace for, the task give also pays for the whole thing, right? So you pay a fee.
And then a server actually performs the, the execution, runs the program, and then posts the result
onto the blockchain, just the result. And then verifiers can,
basically do the same thing as the solver, just rerun the whole program and check whether they come up with the same result.
Nobody's forced to do that.
And verifiers can also come in from outside at any time and just rerun these programs.
And if they come with a different, if they come up with a different result, then they can challenge the result.
I see.
So the verifier turns into the challenger.
That's a bit clear.
Then once the solver has produced the results,
and you want to have verification, so as the task giver,
I want more than one verification attesting that this is, in fact, the right result.
So I may have one verifier that produces a verification,
another that produces a verification,
and maybe I have like five or six.
And at which point as a task giver can I be sure that or have enough certainty that my computation,
the results of my computation as provided by the solver is accurate?
And is there an incentive model there that starts to drop off?
Because I suppose the solver and the verifiers get paid for all this.
You know, if I'm the 1,000th verifier, does it even make sense for me to participate?
in this verification.
So there's some, this whole thing has, has an interesting property.
So the verification game is always, yeah, we'll always find out who is right and who is wrong.
Okay.
And this is all, this is all deposit based as in other, so if the solver posts an incorrect task,
the solve will be punished.
So this whole system should already work, even with just a,
single solver without any verifier, but you just, so that as long as the task giver knows that the
solver thinks that someone is verifying. So that doesn't have to be an actual verifier out there,
but we design the system in a way that it's extremely likely that there is a verifier out there
and the solver knows that. So the verifier, okay, I see that. So the solver is providing a response
and is incentivized, because he's putting a deposit,
he's incentivized to provide the right result
because a verifier may verify it
and prove him wrong and then therefore get the deposit.
I see.
Okay.
How is there like a time period?
Because, you know, perhaps I, as a solver,
I provided a bad response or bad result.
And then, you know, I get my deposit.
I get, you know, the deposit.
it and then three weeks later someone discovers that it was actually wrong.
How does that play out?
So, yeah, I mean, there are timeouts.
So this whole thing consists of multiple rounds and there are timeouts in each round.
And sure, so if the system fails in the way that the server can post an incorrect answer
and nobody challenges this, then it will not be detected.
So, I mean, at some point you have to basically finalize the result.
Right.
And yeah, I mean, you could build a different system where you can challenge again even after a long time, but that's probably not going to work out.
It's starting to become clear now. I see. So coming back to my original question, what types of computations are likely to be run on this?
Like, when you say, I want to run this computation, and it's not a smart contract, it's code going through this smart contract that handles this deposit and the, you know,
you know, the verification and the solving and all that, providing the proofs.
Can I, can I throw at it like C++ code or whatever, like in Go or is it that have to be in solidity?
How does it package?
Like, how does one send that payload onto the blockchain?
Yes, we want this to be usable as nicely as possible.
So we want regular programs to be run there, which means, yeah, programs written in C++ or,
go or Python.
And because of that, we chose,
okay, that's the goal.
And the requirement is that we need some kind of
architecture that can be easily implemented
on the Ethereum virtual machine, because
the blockchain, the Trubit smart contract, needs to verify
this single step. And
in the end, you have to implement, so it's a single
step on some machine, and in the end, you have to
implement the full logic of such a machine.
And it turns out that there is an architecture called Lanai.
And this is something developed by Google, and I think nobody really knows what they actually
use it for, but what they did is they built a backend for the LLVM compiler.
So it is possible to take C++ code and Rust code and whatever LLVM can take as input
and compile it into the Lanai architecture.
And from that on, the Trubit contract can verify it.
So this means that, yeah, you will be able to verify any programs at least written in C++ and Rust.
And you can also give a step higher because we don't really have a gas limit
and run programs which are written in a programic language that has an interpreter,
written in C++, for example.
And Python is one of these.
So I have one last question before we go to the next topic,
which is, you know, what applications can we use this for?
And that is, I guess, the determinist,
non-deterministic nature, perhaps of some of these languages.
You know, I perhaps, okay, so I have some understanding of computer science,
but I'm not a computer scientist.
maybe this doesn't make sense, but I'll throw it at you anyways.
I, as a task giver, you know, send some C++ code to be solved by a solver.
It's my understanding that, you know, maybe on my environment, if I run this, I'll get one result and another environment may get some other result.
and that formal verification languages somewhat address this issue or perhaps address this issue fully.
So for these languages that are not, that we cannot formally verify,
is there a risk that a solver may, in good faith, provide a result that was valid on his system,
but maybe not valid on mine or maybe like a verifier checks it and it doesn't check out?
Does that question even make sense?
Sure.
That's what the Lanai is for.
It's to make it all standardized so that you,
the Lanai interpreter will exist also on the blockchain,
the full code.
Okay, so standardization was where I was, I guess,
trying to address here.
Critical, absolutely critical.
I think we will ramp that up in stages
where we first start with only specific tasks
and that we allow arbitrary tasks
when we see that everything works out.
And so the thing is that you, when you, when the server executes the task, then the
solver will probably not run the Lenni interpreter, so go all the way down in the stack
to the final architecture because of performance reasons.
So the idea will be that you take the C++ code and compile it to your native machine,
run it there, and then you get a result.
And of course, it might be that this result is different if you compile it all the way down to Linai.
So in this situation, we might have a fallback where we don't have to play the...
And the verification game will be played on the Linai level.
And so the solver, when we start the verification game, then the solver would notice, oh, yeah, I get a different result.
Sorry, my bad, or something like that.
But yeah, so the time.
tasks that, I mean, in the end, it's a consensus computer again, right?
So the tasks that I give from should be deterministic and should be, yeah, mathematical functions,
so to say, which always yield the same result.
I'd like to add to what Christian just mentioned about, you know, the mistake on, you know,
to say we have to fully trust that the Lanai interpreter is going to interpret the programs correctly.
And, you know, this could be an iterative process.
You know, it's obviously Linai is a new program as well.
But the good news is the entire Linai interpreter is sitting on the blockchain.
So it's fully transparent.
We can issue, you know, a new contract.
Everyone can inspect the code.
It's not like sending it into, you know, a cloud computer on Amazon where you don't see the hardware.
You don't see the software.
I mean, they may tell you what it is, but you can't, you know, witness it in the same way.
that you would be able to do in on a true bit computation.
Okay, so we have, we've walked through the idea of there being like solvers, verifiers,
and the combination of solver, verify, and challenger ensuring that the result of a particular
computation in true bit is correct, right?
So now, like assuming we have this system, we have Ethereum, which is the sort of base layer,
and then we have this other layer, true bit on top.
which allows us to scale computations on,
like scale ownerless computations in a way, right?
Like in Ethereum, you have computations that
are not owned by anybody, and they are guaranteed to be correct,
and we are able to kind of scale these sorts of computations
using Trubit.
So like once that happens, what are the sorts of applications
that open up?
Well, I guess we could say there are many.
You know, we've also had.
several people suggest applications to us.
You know, as Vitalik used to say, the best application for Ethereum is the one that I haven't thought of yet.
And I think the same could be said true for Trubit as well.
You know, this is really, we're talking about a community project.
The abstract machine itself is not an end but a means.
So let's start with the obvious application, outsource computation.
So Trubit, I guess we should clarify when we say outsource computation, we're not computing with the,
We're not competing with the Amazon Cloud in the sense that it's expensive to run a
Trubit computation, and the security of the system may degrade for truly extremely large
computations.
Of course, in the long run, we hope to optimize it for, you know, we believe that there are
optimizations possible that can push it further, but we're, you know, the first goal
to get beyond the trivial computation of what can be done in smart contracts now and then push it further.
So there are several other projects.
As Christian mentioned earlier, the Doge Ethereum Bridge was an early inspiration for this project.
I mean, what the Doge Ethereum Bridge would allow is Shebes, the Dogecoin users, to take their Doge
and basically send them off the Dogecoin blockchain onto the Ethereum blockchain.
Truebit would check the Dogecoin script proof of work to confirm the transfer.
So that's the reason we need True Bit.
And then there would just be some sort of token on the Ethereum network that represents a Dogecoin token.
You could use that in a smart contract.
And then sometime when you're ready, you just send that token back to Dogecoin.
And it's a Doge again.
So then Ethereum is sort of a side chain to the Dogecoin?
chain? So you send a Doge to an address, there's a computation that verifies that the
coins are there, and then they get issued as a token on Ethereum?
Right. So once you send it over to Ethereum, it's sort of Dogecoin, this destroys the
coin, and when you send it back from Ethereum, it annihilates the token. So it's, it's, that's
how the process would work on the high level. But you can imagine that, you can, you can imagine
that if Dogecoin, for example, if Togecoin wasn't the only one that wanted to send
coins to Ethereum, you know, you could have other blockchains also doing this, you know,
sending their coins and turning them into tokens on Ethereum and then you could exchange
them. You know, you wouldn't need, you don't need a third-party exchange to, to, to switch
those tokens. So what's needed in order to, so I think in order to export your tokens to the, to this
conglomerate system, if you will, in order to export, you just need to make some
op code in your system that says export across the bridge, the token, the coin.
And if you want to be a hub that imports them, you need to have some sort of smart
contract functionality that can, you know, as Ethereum does, verify the proof of
work for that other change. So anyone can be a hub and anyone can be a participant. So
obviously being a hub is slightly more involved because doing smart contracts is a big deal.
But that sounds very similar to another project that is about to do a crowd sale for which a host of ours perhaps works there.
Sounds very similar to Cosmos.
I mean, what you're describing, basically.
Except with a very different architecture.
Right.
So the architecture is different, but the functionality and the use that you get out of is essentially the same.
Basically coins that effortlessly move across blockchain.
So you could have like hundreds of chains and the coins of one chain could go to another,
do something there and then come back like that, right?
So this would make all blockchain sort of interoperable.
I don't know if that's the correct word for it.
I think that's fair.
I mean, one difference with Cosmos is they, you sort of,
as my understanding from watching your video is that in order to participate in Cosmos,
you sort of have to delegate responsibility to a set of validators who are going to
execute these exchanges for you and you know in Trubit there are no you know
upper-class nodes you know there's no hierarchy it's it's it's purely
democratic we're we are organic grassroots organization anyone who wants to
build a bridge can build a bridge and anyone who doesn't want anything to do
with the bridge can do their own thing and you don't
You don't have to sort of decide whether or not
to delegate your authority to this, you know,
giant conglomerate that's already out there.
It's just an agreement between two people,
which is, I mean, I don't know, that's the idea.
Not two people, two communities, let's say it like that.
Okay, so I think that's a very, that's a very big application, right?
So you're saying that, okay, so there's one blockchain can verify
what has happened on another chain using,
by delegating this task of sort of verification
to true bit, right?
And what are some other applications for your system?
So another one is, I think, storage solution.
As you can grab information from other blockchains,
you can also grab from say swarm,
which if you have a place when you can permanently
store information, so just in general,
whether it's on a blockchain, whether it's on swarm,
you know, Truebit can sort of use that.
Solvers and verifiers can access that information in their computations.
You know, maybe, you know, import a Merkel route of whatever the data is
that you want to use in the Truebit computation,
and it's accessible.
Could one think of building,
so we've had Marley Gray from Microsoft,
who told us about,
But Bletchley and Criplets and what Microsoft is doing that.
Not to get into too much detail about that.
Well, they're using Intel SGX, or the idea is to use Intel SGX hardware, which allows
to proof computations to do this, right?
So you can delegate a computation to a trusted execution environment to do some form of computation
or to retrieve data from a feat.
So you could have some sort of an Oracle that is retrieving data from, I don't know, like Bloomberg.
And with TLS Notary, you've got the certainty that data feed is, in fact, coming from Bloomberg.
And then that Cripplet, which is a trust execution environment, is feeding that into a smart contract.
Is this something that would be possible with Trubit to build this sort of Oracle that is verifying?
a feed and providing it to a smart contract as an Oracle?
Yes, I think that that doesn't really fit the Truebit model.
So one of the essential requirements for the verification game to work is that
a true bit smart contract needs to ensure that all servers and all verifiers have access
to all data that is involved.
And this can be done on Swarm because on Swarm, at least in the final version, we will
have these storage certificates.
And because of that, you can use Swarm as a, yeah.
So Trubit basically creates the driver, the file system driver to add Swarm as a file
system to Ethereum.
But it doesn't solve the Oracle problem because you have.
Okay.
Yeah.
So because it's not deterministic.
Yeah, it's not, yeah, a function that maps inputs to outputs.
Yeah, exactly.
We also read there were some proposals to use Truebit to build decentralized mining pools for Ethereum itself.
So you'll use Ethereum to build True Bit and then True Bit would be used to build a decentralized mining pool for Ethereum.
Like, tell us how something like that would work.
SmartPool is a project that I was involved in from the very beginning.
You know, I am a co-author of the...
author of the Trubit white paper along with the people who are actually building
smart pool, Loy Lou, Yarlen Velner, and also Pratik Saxena was a co-author
on the white paper. Basically, smart pool is a, it's a mining pool where the
operator for the pool is in Ethereum smart contract. Now that can be a pool for
a Bitcoin, it could be a pool for Ethereum. Of course it's very cool if it's a
pool for Ethereum because the smart contract is on
Ethereum. And, you know, originally I thought they would, I was sure they were going to need
Truebit to build out the Ethereum version of, because of the way the, of SmartPool, because of the
you know, it's hard to check an Ethereum proof of work. It requires a lot of storage, as opposed to
Bitcoin where you could sort of do it right away. But due to some, you know, I guess, I would call it a
fluke and the coincidence in the construction of the Ethereum proof of work.
SmartPool found a clever way to do it without the, I don't think they're going to need
Truebit.
But Trubid may be useful for checking other proof of works.
For example, Dogecoin or Zcash, which are maybe just out of reach of what smart contracts
can do.
So, I mean, the smart pool application is interesting because, you know, if you have a pool
operator who's managing the contract.
There's no censorship.
You can write it at a low cost.
There's no social contract.
Normally, there's a sort of social contract
between members of the pool and the minor
that they get paid and so on.
The smart contract sort of enforces that.
There are other sort of decentralized pools out there
like P2 pool, but they have higher variance,
which sort of negates the purpose
of joining a pool in the first place,
the payout variance.
And of course, it's retrofitting.
You don't need to make any changes to the blockchain itself.
So, I mean, SmartPool is sort of an interesting potential application for TrueBit.
I would say that.
Cool.
So before we wrap up, tell us where, what's the state of this project right now and what's the roadmap?
Where do you plan to take this?
Is there like a release or some sort of, are you probably planning to build a company out of this?
So tell us what you're, where are you taking this?
Well, actually, before I understood that, I wanted to mention sort of, if I may,
one other application, which may be very interesting.
I know we talked about sort of that that Trubit is a connection between the blockchains
along the lines of Cosmos, but I think we want to be not only the connection between, you know,
the blockchain of blockchains, but, you know, as you say,
the glue between blockchains, but also the glue between
blockchains and the real world. So as an example of this, there's a one
project that's very interesting by Doug Pitcanics and Eric Tang called
LivePierre, which is live decentralized streaming video. So they're
basically gonna use TrueBit to do the broadcasting coding. So I guess you
could imagine YouTube without the YouTube, as you know it's expensive to
to do live broadcasts of sporting events
and things like that.
So that's something I think that where we see this technology
can bridge the gap between, you know,
cryptocurrency enthusiasts and really bring the technology
home to your everyday people who can use it.
I mean, this is also similar to, with LivePier,
basically you outsource the actual compression of the stream.
And, yeah, I don't know, Golem and these other projects do a similar thing for other
tasks, for other computational tasks.
And for all of these, Trubit can be the mechanism that ensures that the computation nodes
just don't do anything, but do the actual tasks that they are supposed to do.
All right, so then let's come back to the previous question.
and what is the state of the project and where do you plan to take it?
So we are in the process of, you know, turning this white paper into a reality.
You know, we want to make it available to everyone.
It's partly built out, but we're not ready to release it to the public yet.
So it's a fairly ambitious and experimental system.
and of course it will require a fair bit of testing too because some of the
parameters and so forth are depend on human behavior and things like this which
you know we want to test our assumptions of rationality but you know as we say
it's not this isn't a type of project where you can you can't prove it by
mathematics the proof is is when it actually works in the real world so so that's
the next step is to get it out and you know we're we're right now in the process of
connecting with people who want to use this technology and we encourage, you know,
people with good ideas to get in touch with us and let us know how you want to use TrueBit
and, you know, possibly what features you'd like to see in the next version of the programs.
And if anybody wants to help, you know, participate in any way and get involved, how can you do that?
Right.
Right, so right now we are actively looking for funding for the project and we're looking for people who can help us develop.
So if you want to do either of those things, we're, you know, please get in touch with us.
Will you do an ICO of any kind to raise funding here?
ICO is a possibility for us.
We, you know, we don't have an immediate plan for an ICO.
So in theory, like how would an ICO model work?
So I understand the funding part of it.
So there'll be tokens, people will buy them, they become stakeholders.
But once the system goes live and people start delegating these computations, how do the token holders get compensated?
Or how do they earn a profit on their investment once the system is live?
Well, first of all, we don't consider this an investment because it would be a product.
As a product, you know, if you wanted to, for example, get, one, again, we don't have a specific structure in mind,
but, you know, solvers could get paid for performing tasks, and task givers could pay for having,
tasks they want to have performed.
So anyone can participate, you know,
regardless of what currency is used to do the actual transactions.
That's how the system would work.
It's an outsourced computation model.
You pay for computation time.
And anyone who wants to offer CPU cycles can get paid for doing so.
Okay, great.
Well, thank you so much for coming on the show.
It was a pleasure talking to you guys and learning more about Truebit.
I have to say, I have a much better understanding of it now.
It makes a lot more sense than the use cases also are a lot more clear.
So we'll be looking forward to seeing where this project, how this project evolves and wish you a lot of success.
Thanks a lot.
Yeah.
Thanks for wrapping us.
So thanks again for coming on.
And thank you to our listeners for tuning in.
We are part of Let's Talk Bitcoin Network, soon to be the Let's Stock Network, but still the Let's Talk Bitcoin Network.
And so you can go to let's talk Bitcoin.com to find this show and a lot of other great shows.
you can also support us by leaving us an iTunes review that helps others find the show.
And also, if you're, you know, you can give us a tip or tipping address in Bitcoin and Ether and Ether are both in the show description.
And so, yeah, we'll be looking forward to being back next week.