Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Sharon Goldberg: Arwen – Centralized Exchange Trading Without Counterparty Risk
Episode Date: September 18, 2019We're joined by Sharon Goldberg, CEO of Arwen, a protocol solution for non-custodial trading. From communications engineering to Internet protocol security, to then becoming a Professor at Boston Univ...ersity, she shares her journey into the world of cryptography. Beginning as a whitepaper on eclipse attacks, Arwen has grown into a platform enabling atomic swaps on centralized exchanges. Sharon chats about Arwen's integration with KuCoin, how it compares to ShapeShift, Interledger, and Lightning, and the exciting new release of the Layer-2 atomic swaps from Ethereum into Bitcoin.Topics covered in this episode:- How Sharon became interested in blockchain technology- The meaning of an eclipse attack- Arwen's co-founder Ethan Heilman- The backbone of Arwen- The Arwen protocol and how it uses atomic swaps- How trading takes place on the exchange- Arwen vs Shapeshift and Interledger- Creating multiple orders using the same channel- Arwen vs Lightning and the use of SegWit- How the relationship with KuCoin was formedEpisode links: - [Arwen website](https://www.arwen.io/)- [Arwen's first white paper on eclipse attacks](https://eprint.iacr.org/2015/263.pdf)- [Arwen's Trading Protocol whitepaper](https://arwen.io/whitepaper.pdf)- [Announcement of Arwen's partnership with KuCoin](https://medium.com/arwensecure/arwen-partners-with-kucoin-to-offer-secure-non-custodial-trading-24af298d5dbd)- [Arwen's Twitter](https://twitter.com/arwensecure)- [Sharon Goldberg on Twitter](https://twitter.com/goldbe)Sponsors: - Cosmos: Join the most interoperable ecosystem of connected blockchains - http://cosmos.network/epicenterThis episode is hosted by Sunny Aggarwal & Friederike Ernst. Show notes and listening options: [epicenter.tv/305](https://epicenter.tv/305)
Transcript
Discussion (0)
This is Epicenter, episode 305, with a guest Sharon Goldberg.
This episode of Epicenter is brought you by Cosmos, the internet of blockchains.
The next Cosmos hackathon is happening during SF Blockchain Week in November.
The theme is Defy and there's a $50,000 prize pool for participants.
Visit epicenter.orgas slash SF Cosmos for more details.
Hi, welcome to Epicenter.
My name is Frederica Ernst.
My name is Sonia Agarwal.
And today we're speaking with Sharon Goldberg, who is the CEO of Arwen.
Arwen is a technological protocol that plugs into centralized exchanges, currently Q-coin,
and allows users of those exchanges to retain custody of their tokens while still being able to exchange them over that exchange.
Sunny, what did you think of this week's episode?
It's pretty cool.
I've actually been looking into Arwen quite a bit recently.
I mean, the past couple months, I've been doing a lot of just like
decks research on like and exploring everything in that space.
And so I definitely came across Arvin.
And I thought it was really cool because it's the first time I saw someone kind of,
you know, atomic swaps are an old idea.
But it's the first time I saw someone building a centralized order book
that settles on atomic swaps.
And I've never really seen that before.
And so that was very interesting.
As of now, there seem to be some limitations from what I could tell in the current design that's mentioned in the paper.
And Sharon says that, like, you know, they're working on a lot of things to improve a lot of these things.
Unfortunately, she couldn't really, you know, go too much into them throughout the episode because I think some of them are, like, you know, very active projects that they're working on.
But if they can solve a lot of those problems, I think that's a very huge step forward for just safety and security in the crypto space.
for people who want to be active traders.
How do you feel it stacks up against just using a Dex while self-custodying your own tokens?
I think using a Dex like ZeroX or something or Dutch X or whatever,
like it's great when all the tokens are on that chain.
So if you're trading Ether for ERC20s, I think the Dex makes a lot of sense.
But if you're trying to use a Bitcoin for Likecoin or Bitcoin for Ethereum,
And one of the things she really talks about throughout the episode is how simplistic Arwin protocol is meant to be.
And simplistic not in like the protocol is simple in that it's meant to work with very simple blockchains,
even things like Bitcoin Cash that don't even have Segwit right now.
And so I think that's kind of one of the key differentiators is that it's great for settling cross-blockchain trades,
which today is the vast, vast, vast majority of trading on centralized exchanges.
Yeah, true.
And she also said that in her mind,
this is going to become a solution for players
who actually want to settle large trades
without giving up custody of their coins,
which makes total sense.
The one thing that I was a bit disappointed about
was that she didn't want to disclose
what the current trading volume on Arwen is.
But maybe we'll find out soon.
Are there any announcements?
Are you going to any events coming up soon?
I know this week, Sebastian, when this goes out,
he's going to be at the Tel Aviv blockchain week still,
or it seems like more it's like Tel Aviv blockchain biweek or something.
There's two weeks of it.
First week was scaling Bitcoin,
and then this week that the episode comes out,
you'll be at the Starkware sessions.
So if you see him around there, give him a shout out.
Frederica, are you having any events and stuff you're planning on going to?
Not in the upcoming week.
I think the next bigger thing I'm going to is a DefCon,
where I'll have a talk.
I don't know when yet because there's no agenda.
as of the recording of this episode.
But yeah, I think it'll probably fall into place eventually.
You're going to DevCon as well, right?
Yeah, I'll be at DevCon.
I'm giving a talk as well.
And then I'll be at the Ethereum Classic Summit the week before.
In Vancouver.
Yes, in Vancouver.
And it'll be fun to see the contrast between the two events.
The contrast is going to be stuck, I can tell you.
I'm sure there's going to be a meetup at DefCon in Osaka.
We'll probably announce that next week.
Yeah, so please enjoy.
the episode with Sharon.
Hi.
We're here with Sharon Goldberg,
the CEO of Arwen.
Hi, Sharon.
Good to have you on.
Hi, guys.
Sharon, can you tell us
about your background
and how you got interested
into blockchain technology?
Yeah, so I come
from an academic
cryptography and security background.
I was starting my PhD
in 2004 at Princeton
and in electrical engineering,
actually, in communications engineering.
And then I was
working on this project that had to do with optical encryption.
And part of the way through the project, I decided that I didn't know what encryption actually
was. So I took a course in cryptography in 2005.
And that was actually a really fun course because a lot of the people in my course are now
like famous cryptographers.
So one of them is Nadia Henninger, actually, who you may have seen breaking a lot of factoring
keys that were used in blockchains to hold crypto assets.
Anyway, so I took that class in 2005 and I just loved it.
And I decided I would become a cryptographer.
But unfortunately, I wasn't a computer scientist.
And at the time, cryptography at Princeton was really theoretical computer scientists.
And I was not one at all.
So I decided that I would have to find some way to become a cryptographer without being the worst cryptographer out there.
And so the way I did that was to combine cryptography with network security and telecommunications,
which is what I'd been doing, telecommunications at least I'd been doing for like four years at that point.
I did a bunch of work on Internet Protocol Security.
So internet routing in particular is the thing that I focused on for a really long time.
And then I expanded a little bit into the DNS domain name system.
I did a bunch of work on NTP, the network time protocol.
That was my PhD.
I started as a professor at Boston University in 2010.
And then, you know, was running a lab there with two other professors.
And in 2013, I got a new PhD student, which is Ethan Heilman.
Who is my co-founder at Arwen.
And so in 2013, when Ethan joined the lab,
he was one of these people, these early, like, Bitcoin obsessed people.
Ethan is just an incredibly knowledgeable and very talkative person, if you let him, you know, get started.
And so he was all, you know, talking, talking our ears off about Bitcoin for basically a year,
while we were kind of all working together on various projects that were sort of the continuations of stuff I'd been doing up to that point.
So, in fact, Ethan and I have papers together on routing security that we wrote when he just recently joined my lab.
And then after about a year of that, it was clear that, like, we had to work on Bitcoin.
And so we started to work on Bitcoin.
And so the first thing that we did together with Ethan was this paper in 2015.
We basically coined the term eclipse attacks in the blockchain world.
It was a term that was used outside of blockchain world.
But we were the first to think about eclipse attacks in blockchains.
And we found an attack on Bitcoin.
What is an eclipse attack?
Just for my benefit.
Oh, yeah.
So eclipse attack is an attack on the peer-to-peer network of a blockchain.
And so if you think about blockchain, if you read the blockchain,
and if you read the Bitcoin White Paper,
what's really interesting in the Bitcoin White Paper
is that there's assumption that all the nodes in the Bitcoin Network
actually can see the same blockchain, right?
So they can see the blockchain is something
and they all have the same view of that.
So how do they actually like see the same blockchain?
Well, there's this assumption that they're all communicating with each other
and sharing the blockchain through this gossip network that they have.
So Bitcoin White Paper is nothing about the peer-to-peer, you know,
gossip network that's used to communicate the blockchain around.
So that was actually never written down anywhere,
but it was in the code.
And so inside the Bitcoin code, there is this part of the code that is the peer-to-peer network that is the block communication cross-nodes.
And so we started to think of like, what happens if you subverted that communication?
What happens if you put, you know, you partition the network so like half the nodes could talk to each other but not to the other half.
And so basically what you're doing is you're splitting the mining power in half.
You have like half the miners on one side of the partition and the other half on the other.
And you can start to think that that's basically you're creating a 51% attack but without actually owning the compute power for.
the 51% attack, you're just owning the network and creating this partition. So this whole idea of
owning the network and creating partitions and manipulating the views of different nodes in the network,
that really comes from an eclipse attack. So an eclipse means, if you think of an eclipse, it's like,
you know, the moon blocks the sun. So essentially what it means is that all of your connections
are owned by the attacker, and he's completely owning your view of the world. That's what an eclipse is.
You're completely owned. So there's not even one connection that you have that isn't controlled by
the attacker. This type of idea, which which can be.
also used to create partitions in the network. That's sort of fundamental attacks on proof
of work consensus. And we were thinking about that in 2015, wrote a paper about it. And then Ethan spent
at least four months basically writing code for Bitcoin Core that ended up getting merged in.
It has to do with the peer-to-peer network. And then recently we actually extended that work
to look at the peer-to-peer network of Ethereum. That was in 2018 with a student of ours,
Yvall Marcus, who's now an undergrad at BU. And actually,
works at Arwin in the summers. What you've all found was actually that the peer-to-peer network
of Ethereum was actually even more vulnerable than the peer-to-peer network of Bitcoin.
We've actually found script-kitty level attacks on Ethereum where you could launch an attack
with one or two machines and, like, completely eclips nodes. In Bitcoin, we needed like a botnet
of 4,000 nodes to actually pull these attacks off. So that's sort of like where we're coming
from, sort of started from the network side, like understanding how blockchains work at the
sort of unsexy network layer. And then in 2016, even got really interested in microposy
payment networks and Lightning Network and all of these sort of payment channel layer two networks
as a way of solving the scaling problem of Bitcoin.
And so again, he pulled me into that.
So we wrote a paper called TumbleBit in 2016 that was a way of doing anonymous mixing
of Bitcoin and it was done at layer two.
So it was fully compatible with Bitcoin at the time pre-Seguit and it was at layer two
so you could instantly sort of mix your coins once you'd set up channels to do the mixing.
That was really the impetus for starting the company.
So by 2016, I was already, you know, doing a bunch of work with Ethan on blockchain.
I was already like pretty interested in the topic.
Generally speaking, like in 2016, what like was super fascinating for me was like, if you come
from a cryptography background and you come from a security background, you're always in this
position of like this struggle, right, to get people to pay attention to you, to pay attention
to security, to pay attention to your work.
And I've been living that struggle for like, how many years, like 10 years, 12 years at that point.
And then what happened all of a sudden was like the whole world got really interested in this blockchain thing, which is really ultimately a cryptographic object that is existing to remove trust, right?
To sort of like have a way of transacting without trusting a central party, which is like the fundamental thing that every cryptographer wants to do to everything.
Get rid of trusted parties, right?
We want to have mutually untrusted parties transact and correctness enforced by the protocol.
So you have this blockchain thing that really solves this trust problem in this fascinating way.
and it should have been this weird obscure thing that only cryptographers and academics care about and ended up exploding and you have companies being built.
You know, you have like massive amounts of funding going into this.
You have like big companies doing blockchain projects and we were watching all this happen.
I was just like amazed.
Like I'd never seen this happen in my entire career that you would get so much attention for really what's a cryptographic object.
And so between that and the tumble bit paper getting a lot of attention and actually being implemented at Nicholas Dori, who's like a,
really, really strong Bitcoin developers started to write an open source implementation of TumbleBid.
And then a bunch of other people started contributing to that.
It was all done independent of us.
Just watching that happen was so exciting.
I had a sabbatical.
And I was like, okay, let's start a company.
So we did.
And so that's how Arwen started in the middle of 2017.
Basically, after a year of us watching all this stuff happening around TumbleBin and in the industry,
we're sitting in the university saying, like, we have to start a company.
We have to start a company.
And then we did in 2017.
So that's my story to how I get here from academia.
Yeah, I mean, I was talking to Dan Bonnet.
And he was telling me like, yeah, man, I would have never imagined I'd ever see the day where like VCs are coming with me, talking with me.
And they know about the latest like developments and BLS signatures.
And it's like, I remember reading the tumble bit paper back when it came out.
But I think Ethan, you know, really got a lot of publicity in the space when he was helping with the Iota like.
Were you involved with that as well?
So I can tell you a story.
No, I wasn't.
So the story is like the following.
In 2017, we basically had finished a lot of different projects we were working on together.
So we've kind of finished Tumblebit.
You know, Ethan's my PhD student.
So like at the beginning, Ethan and I basically wrote every paper on blockchain that Ethan
wrote, we wrote them together where he was really like the like ideas man and the driving
force.
And I was the like sort out what he's saying and make it like understandable.
on academic and all that stuff, right? So I was really like the cleanup crew and Ethan was
like the brilliant ideas person. The thing that happened was I went away for a month and Ethan was
here and he was just, he went out for lunch with someone who showed him this hash function and like
we weren't working on anything. I don't know what he was working on and it was like irresistible.
He saw this hash function. He had to break it. Ethan actually has a really, really strong
background in cryptographic hash functions and like symmetric cryptography that has nothing
to do with me or anything that he's done at BU. That's the reason we admitted him actually. That's the
reason we admitted him actually was he had actually broken a Shaw 3 hash contestant as a
startup engineer. He broke it because he took a class with Ron Revisted MIT for fun and then
he saw this hash function and broke it. So he actually eliminated one of the competitors from the
Shaw 3 competition and he did that unaffiliated like evenings and weekends while he was he was just like
wandering around Boston actually. That's actually the reason I admitted him to the program. I don't even
remember that I actually looked at what his resume said. He just came in and he started
telling us about how he had broken this spectral hash hash function. And I just asked him,
like, how did you do it? And he described, like, walking around at night and thinking about it.
And I was like, aha, there you go. That is what you wanted in a PhD student. So that's how the
whole thing started. And then the Iota piece really was just like, you give him a hash function.
It was so obviously weak. He just, you know, started breaking it. And that was it. And actually,
the fallout from that was a little surprising, I have to say. Like, I wasn't expecting that.
and neither was he because we really come from like this, you know, ethical hacking, white hat,
academic, responsible disclosure.
Like I teach a class at BU and I'm teaching it still now.
Actually, on Tuesday, I'm having a colleague of mine, Andy Sellers, come to the class,
teaching this class with Run Kennedy, but Andy Sellers from BU is like our cyber law clinic
professor.
And he's coming in and he's teaching a class on responsible disclosure and ethics of hacking
and the laws associated with that.
And so, like, I stand there in front of 100 students every year and I tell them, like,
if you find a vulnerability, you have to responsibly disclose it.
There was one class that I couldn't teach that Ethan taught for me at some point in the last five years.
And that was the class he taught.
It was responsible disclosure.
So we really come from this responsible disclosure background.
I will tell my students that if you plan on selling vulnerabilities on the great market or on the black market, you will fail my class.
Right.
Like that is unacceptable.
I'm not going to teach you to hack.
You can do unethical things.
And so he just disclosed it.
And then there was all this fallout.
It was really a big surprise.
It was just like we found a bug, like fix it.
And that was the plan.
And that was all that was going on there.
So, Sharon, what's the current makeup of Awyn?
And why is it called Awyn?
Is this a Lod of the Rings reference?
Yeah, so we are currently 10 people at Arwen.
Of the 10, only two of us are from a non-technical background.
And the name actually is our second name.
Our first name was Commonwealth Crypto,
which was the name that Ethan picked because we liked the amount of letters
and awkwardness of the name.
But then we sort of eventually found that this was not like an effective way to market
company or product. So we had to think of a new name. And we actually worked with an external
consultant to help us find a name because we had a variety of like really stupid names that we came up
internally. And then this idea of Arwen as the sort of protector and the guide as you go through
dangerous territory in the forest, that was that was how we sort of came to the name. I guess we just
really liked it because it was port. We also, you know, our companies really built around atomic swaps.
So this A in sort of atomic swaps, at least in my head, was part of the piece of how we arrived at the name Ireland.
But really it is what you would expect.
It's the Lord of the Rings character.
Have you checked into Cosmos lately?
The ecosystem is growing so fast and there are already dozens of DAPs and projects building on the SDK.
The next hackathon is happening during SF Blockchain Week from November 1st to November 3rd.
The theme is Defi and there's a $50,000 price pool in Adam for winning teams.
This is going to be a huge event with over 400 participants from all around the world.
So come to the hackathon and build something cool like staking derivatives or a lending platform.
You know, you could even build the next make or die like stable coin for Cosmos.
All these things are possible with the Cosmos SEC.
And another cool thing is that the inter-block chain communications protocol, IBC, will be ready by this time,
which means that your DAP will be able to interoperate with other DAPs in the Cosmos ecosystem.
And I think this is one of the most exciting things about this platform.
You don't need to be a developer to apply.
In fact, you can apply as a designer, a project manager, a legal expert.
All skill sets are welcome.
So the first 100 people who sign up before September 21st and who are accepted
will receive a free ticket to SF Blockchain Week epicenter.
It's the main event.
It's got the same name as the podcast, but it's not affiliated to the podcast.
And if you register after September 21st, you'll be entered into a raffle to win a round-trip flight to San Francisco.
To register, go to epicenter.rocks slash sFcosmos and make sure to let them know you heard about it on epicenter.
We'd like to thank Cosmos for their support of the podcast.
So could you tell us, describe to us, like on a high level, what is Rwin?
Like it has something to do with atomic swaps.
But what is this project?
What are you guys working on?
So let me like pop it up a level actually because I think what I want to talk about is really like in what direction we're going.
I think there's two currents right now in this industry that we're seeing.
And sort of one of them is really this notion of like decentralization
and sort of using the blockchain to provide people with the ability to sort of hold their own assets
or this idea of self-sovereignty.
Anyway, the idea of kind of holding your own coins where you decide you want to hold them
without having to necessarily seed control of those coins to a bank
or to put everything in sort of the same central trusted party.
And so this idea, which is really like if you think about where I'm coming from,
I talked about a lot about my background in cryptography, right?
The idea that you should want to, you know, choose your own place to custody your assets and have that choice
and not really have to trust anyone else to custody your assets if you don't want to.
Right.
So I should be able to custody my assets like on my ledger or inside Anchorage, right?
Maybe I trust Anchorage.
Maybe I want to use fireblocks, which is a self-custody solution.
Or maybe I want to use, you know, fidelity, which is going to be a custodian and I would have to trust them.
There's like this array of solutions in the industry.
And really like our point of view is that people should be.
be able to choose. They should be able to have the ability to custody their assets wherever they
feel is the right place for them. And then they should be able to transact trustlessly with others.
You know, the reason that I think this is interesting is because if you look, on the other hand,
you have sort of other solutions and other approaches. And in fact, if you even just look at
simple centralized exchanges, right, if you want to trade on a centralized exchange, you have
to actually cede custody of your assets to that exchange. So you have to deposit your assets at
the exchange and then you can trade, right? So alternatively, we see sort of like settlement
and clearing solutions that are there being built in the industry where like if we are all
inside the same custodian, we can send assets to each other, right, inside that custodian,
but we all have to share that custodian. So this idea of like having to trust a single
party with your assets and therefore that allows you to transact with other parties who also
trust the single party with their assets, that's really the old-fashioned way of doing things.
That's the way we would do things in sort of traditional markets. And so from our point of view,
what we're trying to do is break all that apart, right? And give people,
the ability to transact with each other without all having to agree on like the same single
custody solution. And so it's not just self-custody. Sometimes you hear people talk about self-custody.
Like I want to hold my own keys, like I want to have my hardware wallet and I want to hold
the keys in that wallet. It's really more than that. It's like if I want to hold my keys in my
hardware wallet, I should be able to and I should still be able to transact with you who wants
to hold your coins in fidelity. And that's sort of the type of financial tools that we're
building at Arwen. We're allowing people to swap assets without having to trust each other and without
having to have the same sort of trusted party custody their assets. And so if I bring that down
a level, right, really the specific problem that we're solving here is that when you want to trade
on a centralized exchange, you have to custody your assets at the exchange because otherwise the
exchange won't really credit you with having these assets and won't let you trade. Right. And so we're
really trying to guide the industry in a direction that is to allow for this heterogeneous custody for
allowing people to store coins wherever they want. And I think that personally for me, that's what really
drives me and I think it drives most of the people on my team if you were to talk to them about
this, this idea that like blockchain can do things that don't exist in the physical world that
we're not possible in the traditional financial system. And so just trying to build something
where there's a central or trusted party and just giving them your assets and like trusting them
to like have a database and track who's moving what asset to who. That's what we did before.
Like we can go and rebuild that now, but we're not going to sort of take over the financial
system if that's all that this industry can produce. And so we're really trying to produce,
you know, something a lot more than that.
The other thing that you asked me is like, you know, what does Arwen do and what are atomic swaps?
So I want to sort of just quickly talk about atomic swaps.
I'm pretty sure most people listening have already understood what atomic swap is, but I'll just get into it really simply.
So typical way where you were to exchange assets, like in the physical world, if Alice has something A and Bob has something B, what we would normally do is something called a second send protocol, right?
Alice would have to give up her asset to Bob.
and then once Bob has the asset, Bob will give up his asset to Alice.
And so that's called a second send protocol because Bob sends his asset second to Alice.
And so if you think of the trust model here, Bob gets all the power in this deal, right?
Bob gets to decide whether or not, once he has Alice's asset, he gets to decide whether he actually
wants to give Alice something back in return or whether he wants to run off with both assets and just
keep them both for himself.
So in a second send protocol, there's always one party that has counterparty risk.
And in the example I gave it was Alice.
And so in the real world, the way we solve this problem often is with a trusted party, right?
So Alice and Bob will give their assets to the trusted party.
And then the trusted party will give Alice's asset to Bob and Bob's asset to Alice at the same time.
So in cryptography, this is actually called the fair exchange problem.
So the blockchain world, we found our answer to the fair exchange problem with the atomic swap.
So the atomic swap basically, when atomic swap is exactly what I described,
it's like giving both of your assets to a trusted party.
and having it sort of swap the assets for you.
But the thing is that there is no trusted party.
In fact, what you do is you trust the blockchain
to enable you to do this atomic swap.
And so the guarantee is that Alice's asset will go to Bob.
Bob's asset will go to Alice.
And so either the swap will happen,
or there will be no swap.
It can never be the case that one party has both assets
at the end of the trade.
And actually, there is a result in cryptography
that says fair exchange is impossible without a trusted third party.
This is a really old result.
It's from the late 90s, I think.
I forget who it's by.
And blockchain breaks through that negative result.
It's a sort of technological breakthrough that allows you to have fair exchange without a trusted party.
And the reason you can do that is because you have this blockchain, which is this distributed ledger created by a lot of different parties.
And you can trust that, basically, because you trust the ledger, you can achieve fair exchange.
And so what we're doing with Arwen is really enabling atomic swaps to be brought into trading a financial asset.
Right.
And you kind of use in the blockchain as the trusted third party.
and a very highly trusted third party.
Exactly.
Yes.
Atomic swaps have been like around since like, you know, very early days.
Like, yeah, 2013 or so before even lightning.
So what does Arwin bring to the table?
And well, I guess also before that, are there any existing implementations of like atomic swap marketplaces?
So I know like Summa has a version that they've been working on recently.
But in the six years that atomic swaps have been a known concept, have we seen any production
grade peer-to-peer atomic swap marketplaces yet?
Yes, we have seen production grade peer-to-peer atomic swap marketplaces.
But let me take a step back.
So what we're doing with Arwen with atomic swaps is we're facilitating trading on centralized
exchanges.
And so with Arwin, you can trade at a centralized exchange without trusting the exchange.
That's our tagline.
Why do you not need to trust the exchange?
Well, because whenever you do a trade, it's an atomic swap.
And so the guarantee is that if you sold your Bitcoin,
you're definitely going to get some light coin in return.
That's what the atomic swap will guarantee for you.
And so we're specifically solving the problem of trading on centralized exchanges.
So essentially what it is is like a trustless settlement
and clearing layer for transacting on centralized exchanges.
So that's our very, very specific use case that we've focused on.
And you asked me, you know, what does Arwin bring that's different from all the other
atomic swaps that we've seen in the industry. So let me just start with like a history of atomic swaps,
which I'm now channeling Ethan again, but I'll do my best. What's different about the atomic swaps
that we're doing in Arwen, for example, from something like the Lightning Network or some of the
other on blockchain atomic swaps that we've seen is the two things. So the first thing is that
Arwin atomic swaps are cross-blockchain atomic swaps. And so what we want to do is enable the
swapping of one asset that's native to one blockchain with another asset that's native to another
blockchain. So like, you know, the simple example is Bitcoin to Lightcoin. Those are two kind of
separate blockchains. They have some differences, right? Bitcoin block time is 10 minutes and
Lightcoin blockchain, two and a half minutes on average and so on. Different, you know,
proof of work and stuff like that. But ultimately, they're very similar kinds of blockchains.
And you can swap, you know, Bitcoins for lightcoins atomically using the Bitcoin blockchain to
back your trade and the Lightcoin blockchain to back your trade. So the actual backing of the
atomic swap is both of those blockchings. That's a, I think.
sort of the simplest cross-blockchain atomic swap.
And those are some of the earliest sort of cross-block chain atomic swaps that we saw pre-Arwin.
The reason that everything was Bitcoin to Lightcoin was because those two chains are so similar.
At Arwin, we're doing, you know, we're trying to support chains that are more, you know,
heterogeneous than just Bitcoin and Lightcoin.
At the moment, we support, you can go use it today for Bitcoin, Lightcoin, and Bitcoin Cash.
And I think by the time this podcast comes out, you'll be able to do at least an atomic swap with Ethereum on TestNet.
with Arwin. So we're just about to release that. I think today will be the day that this comes out.
You know, in order to do that, you need to actually support these different types of
blockchains that have different types of scripting languages. So famously, Bitcoin uses Bitcoin
script, which is a very restrictive scripting language. Ethereum uses solidity, which is like the
complete opposite of Bitcoin script in every way. And you want to sort of let these two
blockchains communicate and do swaps between them. And so that's one of the things that we've
really focused on doing at Arwin. We actually can do a Bitcoin.
cash through Ethereum atomic swap. You can probably try that today on TestNet if you'd like.
And so, like, how can we support so many change? Well, what we're doing is we're very,
very focused on the simple use case of trading atomic swaps, not sort of the more elaborate
use cases that some of these other protocols are focusing on. And so by keeping it very narrow
to the idea of trading, that allows us to support as many blockchains as possible. So we've been
very, very careful to design our protocol that it's so extremely simple that you'll be able to
use it on as many blockchains as possible. And that's been our sort of guiding principle in the
design of what sort of smart contracts actually need to be used in order to enable these protocols.
So that's the first difference. Generally speaking, when you see sort of atomic swap protocols,
they're focused on sort of one class of blockchains or even within a single blockchain like
lightning, which is really for Bitcoin only. Another key difference that we have from some of the
earlier atomic swaps is the notion of doing them off blockchain. And so the earliest atomic swaps like
the 2013 Tiernolan is an on blockchain atomic swap. What that means is the swap time takes,
it corresponds to the amount of time that it takes to confirm blocks on whatever blockchain that
you're using. So if it's Bitcoin and it's a Tiernolan swap, you have to wait for a single block
confirmation time on Bitcoin at the minimum, which takes 10 minutes, if you're lucky. And so
the issue with that is that if you're thinking about atomic swaps for the purpose of trading,
if you have to wait 10 minutes for your trade to actually execute, there's a lot that will happen
in the price volatility of the coin that you're trading in that 10 minutes.
And that's really what we're trying to eliminate with Arwin.
We are doing our atomic swaps instantly, so they happen at the speed of an API call, right?
And that allows us to avoid this issue of like the swap taking so long that the price has
sort of moved in the time that you started the swap and the time that you ended the swap.
And so we are really, we were from day one, you know, really focused on layer two atomic swaps.
Layer two means that the swap will happen instantly off blockchain and it'll be backed by
smart contracts on the blockchain. So this approach is the same approach that's used in Lightning.
There's a lot of different layer two protocols out there. Lightning is one of the best known.
There are other protocols like the Raiden protocol for Ethereum and a variety of other protocols.
All of these layer two protocols are in the class of protocols where you put something on the
blockchain first. You confirm it. But that is not the actual action that you're taking.
You may be doing a trade or you may be doing a payment or you may be doing any number of other
things with Tumblebit, we were mixing Bitcoins. You may be doing any number of things,
but those actions only take place after the first escrow or channel, you know, panchannel open
is actually confirmed on the blockchain. So that's what we do with Arwin. We have this notion of
escrows where you first set up escrows on the blockchain. And then once those are set up,
you can trade at the speed of an API call. That's very similar to what you see in Lightning,
where you would open Lightning channels and then you can pay through the Lightning Network at the
speed of, you know, basically API calls as well. Like, you're just sending payments across this network.
The last thing I would say is, like, the real difference between Arwin and some of these other layer
two protocols is that we've really focused on making it across blockchain protocol. And so that
means we had to really strip out a lot of the sort of extra functionality that you would see in, like,
a lightning network. We don't have a network. There's only, like, a user and the exchange.
There's not, like, a network of nodes that you go through. You know, we don't have things like
relative time locks. We don't have things like popping up the channel with more coins.
because all of that is really complex and not necessarily supported by a lot of blockchains.
So we've really tried to stay away from that.
So there was a lot here.
So let's try to unpack this.
We talked about custody.
We talked about centralized exchanges and we talked about atomic swaps.
So the way that these actually fit together is you are letting the user retain custody of their own coins
while at the same time enabling them to do an atomic swap.
with an exchange de facto using the liquidity on that exchange while retaining custody at any time, right?
That's right, yep.
So the goal is you can use Arwen to trade trustlessly at an exchange, and you would be doing that
using atomic swaps.
And so what that means is that you're actually custodying your assets inside whatever your
custodian is, and you are basically holding your assets in your custodian, and then when you
actually go to trade, that trade is an atomic swap with the exchange.
that trade is basically placed on the exchange's order book.
They're really interesting and weird thing about Arwen
is that the other side of the trade,
the counterparty to that trade, is actually not an Arwin user.
It would be a custodial user of the exchange,
just some regular user of the exchange.
That's what's matching your order on the exchange's order book.
And then, you know, it's getting confirmed to you
through the blockchain protocol of Arwen.
What we do, if you want to think about Arwen,
is really you're holding your assets inside your wallet
and you're placing trades on the exchange,
and somehow you're being matched with a counterparty who's not an R1 user,
who's placed an order on the exchange's regular order book.
And so you're doing trades basically at the speed of an API call on the exchange's centralized order book,
but you're doing that while holding the keys in your own custody solution,
and you're doing that with atomic swaps.
So kind of, I guess, one of the big differences here is in most past atomic swap like marketplaces,
You usually had some sort of listing service that would list a bunch of potential counterparties,
and you could kind of like, you would open up an atomic swap setup with them.
In Lightning, for example, you kind of, you use the Lightning routing tables as a way to do this as well.
So what's happening here, you're not creating an atomic swap with a counterparty.
You're creating it with an exchange, right?
You're trading against the exchange.
How does the exchange have to hold possesses?
in all of these assets that it's wanting to trade, that users are wanting to trade?
This is a complicated question.
So let me take a step back.
So the important point that you said, and this is the really unusual thing about
Arwen that you don't really see in any of these other atomic swap protocols really anywhere,
is the idea that when you do an Arwin trade and you're an Arwin user,
you're typically matched with a user who is not an Arwin user.
And that is really strange, right?
So essentially, you're doing, if you read our white paper,
it always talks about the user and the exchange.
The user is doing a swap with the exchange.
That's a little bit of an oversimplification.
We kind of wrote it that way because we wanted to focus on a two-party protocol
where there's two mutually untrusted parties, untrusting parties.
One is the user and one is the exchange,
and there's swaps happening from the user to the exchange.
If you read our white paper, actually, there's no mention really of order books
or how this integration works or what's actually happening here.
You're just basically saying the user's doing these swaps with the exchange.
And so what that actually means in practice is that the user is taking her trade
and placing it on the exchanges order book.
So how does that happen?
That's really the piece on the integration
that we had to really work very hard on
to figure out how to actually make that work in practice.
The way Arwin works at the protocols,
so there's kind of two worlds.
There's the Arwin protocol,
which is like what is going on
when blockchain messages going back and forth.
And then there's the actual,
like, how do you translate this onto something
that's going on to the exchanges order book?
So there's almost like two worlds.
There's the Arwin world,
and then there's the translating back
into the exchange world. And so we've had to solve both problems. If you read our white paper,
we really only reveal how to solve the first problem, which is the Arwin world. And so in the
Arwen world, what happens is the user will set up an escrow with the exchange. She'll deposit some
coins in that escrow. And then the exchange will set up an escrow with the user and deposit some coins
in that escrow. And then, so, you know, bitcoins go into the user's escrow deposited by the user,
light coins go into the exchange's escrow deposited by the exchange. And then once those are
confirmed on the Bitcoin and Lightcoin blockchain, you can do instant atomic swaps to do trading
of Bitcoin for Lightcoin. That's what the white paper talks about. And we go into a lot of detail
on how do you actually build a protocol to achieve this for different types of trading instruments
and different types of blockchain. So that's the Arwin world. And then you have to somehow actually
like get this trade done on the exchange. So how do you do that? That's really like the Rwin go to market
question that we've been working through in the last like year and a half and the different ways
of doing that. So I can tell you about, you know, we're live right now on Ku-Coyn, which is like
one of the top exchanges in Asia.
And I can tell you about our integration there
was basically done with the coins that were going into the escrows
were Ku-Koins coins.
They are Ku-Koins coins.
And they fund those escrows and they enable the trades
to be placed on the order book.
And really, when you trace a trade on an order book,
you really are just making an API call.
Hub or Arwin Cloud is placing a trade
on behalf of the user using a call to the API.
So anytime a trade comes through the R1 protocol,
you know, the hub receives that speaking the R1 protocol
translates it into a simple API
Colin places it on the exchange through the API.
And that's the integration with the way that we did it with KuKoin.
And we've been pursuing that with a variety of different players.
But there are other ways to do this too.
And we've been exploring a lot of different ways.
I'm not in a position to sort of talk about any of those plans that we have,
but there are a lot of different ways to achieve this that don't only involve
like taking coins from the exchange.
And I think that that's like one of the fun, exciting things that I'll be able to talk about too.
So in the Q-coin example case, right?
So let's say I'm a user who's trying to trade some Bitcoin for like coin.
I want to trade one Bitcoin for 10 like coin, let's say.
I send the exchange my request, like to put an order in their limit in their order book.
And now when it's time for my order to be matched, do I have to be online in order to
participate in that swap that's needed to be executed?
That's a good question. So this is really sort of protocol level questions of how Arwin would work. So we have two trading instruments that we support in the paper. At the moment, we are live only with one of them, which is RFQ. So RFQ is really a translation of the idea of an atomic swap into sort of an order type that is familiar to people in the financial market. Right. So RFQ is a very, very simple type of protocol. It is not a market order. What it is is that, you know, the user says, I would like to buy some coin.
I want to sell some Bitcoin, one Bitcoin, and then it asks for a quote, how many light coins can I get?
So then it gets that quote. And then once it gets that quote, it can either execute or not execute on that quote.
And that is really sort of very, very well tied into atomic swaps because the idea of an atomic swap is like Alice has something.
Bob has something else. They agree they're going to stop swap these two things atomically.
And so that either the swap fully happens or doesn't happen. Right. And so the RFQ, the quote instrument really lets you say,
okay, this is the amount of coin that we're going to swap, and now let's do the swap. And so
RFQ is something that executes instantly. Like once the user says, let's do the swap, it happens,
and we're done. So there's this question of like whether it's live or not is irrelevant because
RFQ is really like a takeer order on an order book as opposed to a maker. Or if you're streaming
quotes, you're just taking the quote. So kind of like a dealer market. And so just for context,
I guess the most similar thing for people in the crypto space to like analogize it to is sort
of the UX of using ShapeShift. When I want to use Shapeshift, I say, hey, I'm going to send
some Bitcoin back. And then it's like on the website, you know, they quote prices. I think it
updates every like, I don't know how often it updates. We had Eric Burhe's on the show a two weeks
ago. There's no order book here for me to see. It's sort of just, I'm asking the exchange,
tell me what price and they kind of, and then the exchange would have a spread that they're making.
Yeah, that's right. So it looks a lot like Shapeshift. It's a real difference. Like if you're an R1 user
versus shape shift user is that when you actually try to do a shape shift, when you do with the
shape shift, you will be sitting there waiting a long time for the shape shift to execute.
That's because it's happening on blockchain.
Also, at the very beginning of this conversation, I mentioned second send protocols in which
Alice first sends her asset and then she receives the asset in return.
So shape shift is a second send protocol.
So you are first sending your Bitcoin and then you are waiting to receive your like coin.
But this idea of, yes, you sort of receive your price, you agree on the price and you do the
swap.
that's what an RFQ is.
And it fits very nicely in with an atomic swap.
So that's why we started with that.
If you read the white paper, we also have limit orders.
All or nothing limit orders, in fact,
are what we have in the white paper,
where you would place an order on the order book
and it would either be filled or not filled completely.
But the cool thing is that, no,
the user doesn't have to be online
in order for that trade to execute.
If you get into like the little details of the protocol,
what happens is that the execution in Arwin is you just,
like the final execution is the exchange,
releasing a random value that we call a pre-image or a solution.
And so if the user is not online to receive that solution,
it's not a big deal because she doesn't have to do anything with it.
Like she can just get it when she comes online later.
And if the exchange doesn't give it to her and claims that the trade actually happened,
then she goes into her like, you just attacked me.
I'm going to do my exit procedure to recover my coins.
And so there is no requirement that the user is online in order to sort of see the limit
order execute.
And it's just because the execution is like,
the exchange side sending like one value over to the user.
And that's it.
The user can like be there or not be there when that value is being sent.
You could come back online and request that value.
And so I assume it's always in the user's incentive that when they come online,
let's say there's a price change between the time that exchange sends it.
Is there any case where the user might want to not, like pretend that they never received
it and want to actually execute at a at a previous state?
Okay.
So let me just start.
The simple answer is like there is.
no rollbacks. You placed an order. The trade is done. You can't just say, sorry, guys, I want to go back
to the previous state. That doesn't happen with the way that Arwin is using is implemented right now,
where it's like a trade-by-trade settlement. We're not doing any net settlement where we do a bunch
of trades and then you could net out at the end of the day. I will say that we think that's a
really, really interesting model for designing protocols in, so stay tuned. But currently Arwin is not doing
that. We are doing trade-by-trade settlement and you cannot roll back at any point. Think about a limit order.
when you do a limit order, you place a limit order,
and then you can come back later and change your mind and cancel the limit order.
So Arwin does support canceling the limit order,
but it does not support, like, just saying, like,
oh, sorry, I didn't mean to actually do this order, right?
So if you try to cancel a limit order in Arwin,
what that is is a protocol that you undergo with the exchange to cancel the order.
And if the exchange sort of deviates from that protocol,
you claim that the exchange is attacking you
and you go into the coin recovery procedure.
Right?
So we do have the ability to cancel orders.
We don't have the ability to rollback orders that have already happened, which is what you need for a limit order.
Okay, so no rollbacks.
So you earlier said that limit orders are all or nothing.
Do you have a way of doing partial fields on limit orders?
So we haven't published anything on that at this point.
So at the moment we don't support that.
It's currently all or nothing.
But there are a bunch of different ways that we've considered actually building out some of that stuff.
Can you go into some details on how that would look?
because I'm super interested in partial fields on atomic wooders,
just because, you know, it's so fascinating.
Well, I mean, I guess the best I can do right now is just explain why this is hard
and what's sort of like antithetical about this.
And so maybe that's where we can go with that.
So, okay, what is an atomic swap?
Alice has one Bitcoin.
Bob has 100 light coin and they're going to swap, right?
That's what an atomic swap is supposed to do.
It's supposed to fully swap one asset for another asset.
And so when you build an atomic swap protocol, what's comfortable for you is to do a sort of,
I swap my entire Bitcoin for your full lot of 100 light coins.
So that's what these protocols are naturally able to do.
When you start to get into like a partial fill where like I have one Bitcoin and I want to buy
100 light coins, but I can't fully fill it so I end up selling half a Bitcoin for 50 light coins.
What you have to do is basically break up that order into, potentially into pieces.
Right?
That's one way you can do it.
Or you can just throw the whole thing out the window and think about other completely new ways of designing protocols that do that, which we also have done and are doing.
But at this point, I can't really explain the techniques that we're using.
You can sort of think, I guess, at a very high level, one way to think about it is like you can sort of just write down what the swap was.
And if like sort of post hoc, like so we do like a limit order and it partially fills.
And so, you know, when it partially fills, the exchange will say, okay, this is what the.
the partial fill looked like. And then there would be some protocol that enforces that if the exchange
actually doesn't give you the assets associated with that partial fill, you could punish them
or you could sort of get that asset anyway. But that's very different from what Arwin is actually
doing at the moment. So like looking at Arwin and seeing that protocol is not that easy.
Would that work on something like Bitcoin script? It starts to get really fancy when you work
with Bitcoin script. So generally speaking, I think what I would say is like when you think about
something like Bitcoin script and these more elaborate sort of partial-filled protocols, you often
need to have a currency pair where one of the currencies is like got a more rich scripting language.
So it's more like Ethereum or Cosmos or something like that that has the ability to write
more complex smart contract.
It's a lot easier to do these types of tricks with Bitcoin when the other side of the trade
is not like like Bitcoin or something like that.
What are your thoughts on like, for example, comparing something like Arwin to the interledger
protocol where an interledger, they kind of make this assumption saying that, like, maybe the
atomicity isn't that important to this entire system. What they do is, just for a reminder for
some of the listeners, is they use these streaming payments where they say, I want to trade
Bitcoin for like coin. I'll stream like micropayments to the exchange and they'll stream
like coin, uh, micro payments back to me. And worst case, the exchange might run away with one
Satoshi or Vine or something.
And, you know, in that case, yeah, you know, I'll just stop using that exchange and they
probably just lost my business.
How important do you think the acmicity is and how do you think about compared to like interledger
like solutions?
Okay, so I really like the interledger protocol.
I think it's really cool.
And I love that it has this sort of like analogy of everything to like the internet.
So there's this TCPIP analogy and then there's the BGP analogy, which I like a huge BGP
person before I started on this whole like sort of second career that I'm in.
right now. So first of all, I think it's really cool. But I think there's a couple of things that
we think are really important for the trading use case that are absent from that protocol.
So first of all is speed, right? Speed of execution. You don't want to worry and wait for this
long streaming process. And so you said, in worst case, the exchange steals one Satoshi for me.
Well, if that's really the case, and we're going to stream one Satoshi at a time, like,
think how long that would take if you're trading 100 Bitcoin, huge amounts of money.
Right. And so if you're trading huge amounts of money, you don't want to be sitting there.
they're waiting for this streaming thing to do its thing. That's the first thing. And the second thing
is that often when you think about trading, you are really worried that something breaks down.
So if you're doing a payment, right, and the payment doesn't go through, it's like not the end of
the world, okay, you couldn't buy the thing you're buying, right? But if you're doing a big trade,
like if you think of a way financial markets work, there are all these complex mechanisms that
allow people to do trades in financial markets without anyone seeing them or without anyone
interrupting them because the notion of like interrupting a trade, you can actually move the market
by interrupting a trade. And so using a protocol that has the ability to potentially interrupt
a trade or sort of cause it to not completely fill, that can actually move the market in a way
that you don't want. And so if you want to do this really cleanly, I think that atomic swaps are
actually the right tool, especially when you're talking about things like OTC trades or
big trades. You don't want to be sitting there waiting for something to stream and you don't
want to be sitting there, you know, worried that someone's going to interrupt your trade in the
middle, right? Because if you look, for example, in an OTC trade, like, if you do an OTC trade and it's big,
you're going to want that trade to fill. You don't want, like, 5% of it to fill. You've just wasted
your time with these people if they're only going to fill 5% of it. Right? So, so this notion of,
like, instant and a full atomic swap, I think is really important, especially when you're talking
about big trades. And so what about creating multiple orders using the same channel? So can I,
for example, let's say I have an escrow with the exchange for, I have a big, an output, an
outgoing Bitcoin escrow, and I have some incoming likecoin and Bitcoin cash escrows.
So in the limit order model, can I have a concurrent order open on the like coin order book
and the Bitcoin Cash order book, or even on the same order book, but at different prices,
but using a single Rwin channel?
Yeah.
So let's talk about mixing and matching Rwin traits.
So there's a lot of different things you can do.
I can set up a Bitcoin escrow and a light coin escrow.
then I can do many, many Bitcoin and light coin trades, Bitcoin to light coin trades.
I can just sit there trading, selling Bitcoin and buying like coin.
I could do that five times and then close my escrows.
So that's the sort of simplest thing I could do.
Here's another thing I could do.
I could have a Bitcoin escrow to sell Bitcoin.
And then I can have a light coin escrow and an Ethereum escrow.
And so I want to buy light coin and I want to buy Ethereum.
And so I can use the bitcoins that I've locked in my Bitcoin escrow to buy some light coin.
Then I go buy some ETH.
Then I go buy some light coin.
And again, another light coin, then more ETH.
So I can do multiple trades and I can pair my escrows with each other in arbitrary ways.
So I take my Bitcoin and I buy a bunch of lightcoins with it.
And then I buy some ETH and then I buy some Bitcoin cash and then whatever else.
So that's all possible in terms of the flexibility of the protocol and allowing multiple trades.
The other question was, can I have multiple limit orders open at the same time?
And the answer is yes.
In the limit order protocol, you would be able to do that.
You could have a few of them open at the same time.
So the only problem is if you have, you know, massive numbers of them, it starts to stop scaling.
But if you have, you know, three or four limit orders at the same time, then that would be easily supported by what we would build.
So unlike, like, you know, traditional lightning channels, they don't have to be sequential.
I could kind of have forks in my, I don't know how to recall this, like payment channel's logical machine where like normally in lightning, we have to go like, okay, we have these sequence numbers that we're following.
But here I can execute my Bitcoin cash limit order and my like coin limit order.
That's right.
One of them would fill and then the other one would later.
You could do that.
Yeah, there's, I mean, R1 and Lightning are quite different.
I mean, it's very similar in like the high level way.
But when you look at the mechanics, like Lightcoin is a much richer protocol.
There's a lot more things that you can do.
But we're also focused on a different use case.
So it's a different looking protocol.
You just said that Lightning and Arwen are very different.
They also sound very similar in some respect.
Would you do a short breakdown of how they differ, you know, like Arwin and multi-chain lightning?
Specifically for the atomic, for the swapping use case of lightning.
So protocol wise, Arwen does not have a network. Lightning does have a network.
Arwin is a two-party protocol.
Lightning is a, you know, past protocol.
You have to route through the network.
We specifically did not want to have routing through the network because I earlier mentioned
that if you interrupt a trade, that can be really.
bad, it can move the market. So you don't want to have arbitrary players on the path,
you know, with the ability to sort of close a channel and interrupt a trade or something in the
middle. So that's the first thing. From a tech perspective, Arwen does not use Segwit. And so
if you look at the protocol, it looks super different because we don't use Segwit. When you have
Segwit, you can do a lot of things that you cannot do if you don't. And so we chose that approach
because we could support more chains that way. It gives us more flexibility on what we could do.
And when we were building in 2017, in fact, we were seeing a lot of chains that don't have the ability to survive malleability attacks on them.
So Arwin is sort of ignorant to whether the chain is malleable or not.
So that was like sort of highly technical pieces of like what are the differences between them.
The other thing is like we think about things like limit orders as part of the protocol.
So a lightning really is concerned with like movement of value across these paths.
So it's more like a payment use case.
So, I mean, I can go into more and more details.
I think in terms of just like being a protocol engineer,
the biggest difference is that we don't have Segwit,
and so that just changes everything.
It just changes the way you build everything.
In terms of like thinking about what this protocol does
versus what Lightning does is like, you know,
with Lightning, you're using it for small payments
that should move quickly through a network.
And with Arwin, you're potentially doing big trades
that should move just between two parties.
So that's what, you know,
you end up with like a very different looking protocol in that case.
How do you do the challenge periods without Segwit?
So the reason Lightning needed Segwit was for the relative time locks.
How do you avoid the need for the relative time locks in Arwin?
Lightning needs Segwit for so many things.
I mean, I can go into it.
So I'll just answer this really simply.
Like if you have Segwit, you can do really cool stuff at the protocol level.
If you don't have Segwit, you can basically do nothing.
And so you have to build this protocol that's super, super simple that survives
despite the fact that you can't do anything.
So that's what Hartwin is.
Relative time locks versus absolute time locks is,
if you're building across blockchain protocol,
think about time.
Okay?
So think about time in like different chains
that are running by different nodes
and different software in different places
and different clocks, right?
And I've actually done a bunch of research on clocks in my other life.
So we really want to have absolute time
because it's hard to sort of think about like how chains will evolve
when they're different chains and you're doing swaps across them.
And so the notion of sort of like,
absolute time is actually very appealing because you don't necessarily know what's going to happen in
the blockchain, like one blockchain and the other blockchain as they evolve separately. So that's the
approach that we took. But if you think that it's just time locks that are creating the differences
here, like, no, like as someone who's been designing Segwit-free protocols for a long time,
like if you don't have Segwit, you really are limited in what you can do. You can, like,
Segwit is just like it's so easy. You can do so many things. It's amazing.
This is fascinating, but I feel like we're getting stuck into a hole here. So maybe let's
switch gears and talk about higher level stuff again. So you're currently integrated into one exchange,
Quito. So how did that relationship form? So it was just an introduction that was made. And we had a
couple of calls with them and talked to them about the sort of the vision that we had for non-custodial
trading and that really resonated with them. And so we just decided that we would start to
integrate this product into their platform. And it was actually really easy and really smooth.
The only challenge is that we are in different time zones.
And so there's like a particular hour of the day where we will talk to each other.
And also like if someone from Ku Koi pings me at any time of day, I will like drop everything
I'm doing and make sure I'm talking to them because it's probably like 11 p.m.
where they are in 11 a.m. where I am or, you know, the opposite.
So that was the real challenge.
But I think the time zone challenge, but that's fine because if you're an insomniac, it's no big deal.
The really interesting and exciting thing about the partnership was that they really see this
idea of non-custodial trading or self-custody is really important. And sort of like, that's
an important direction for the industry. And that's sort of how this relationship, how this
relationship started. What I wanted to add to that is sort of if you, if you look at like what's
going on in Asia and with Asian exchanges, there's a lot of thought being given to this notion of
custody and dexives and self-custody. I thought it was really interesting, for instance,
when the CEO of Coin of Liquid, he was interviewed by TechCrunch, and they asked him,
you know, what is your Dex strategy?
What are you going to be doing about decentralized exchanges or self-custody for trading on your
exchange?
That was asked of him as he was sort of like doing his interview on, you know, closing like a series
A or I don't remember what funding round it was.
And so like if you look at like all of these exchanges in Asia, they were, they're all really
thinking about this issue of where do you, how do you allow users to self-custody?
And so I think that we just really resonated with the way they were thinking about this and kind of what's going on in Asia.
And then, you know, this can segue into a longer conversation about like the difference between Arwen and Dex's and how they operate differently and the difference between Arwen and like a pegged approach to trading assets that I'd love to go into.
But I think what I think is really interesting is that the notion that like even centralized exchanges are sort of thinking about self-custody and how you support that.
And we do see more of that sort of discussed, at least if you look at the media, that's talking to the Asian exchanges.
Why do you think this is a thing that's big with Asian exchanges?
I assume you've approached a large number of exchanges to actually integrate with them as well.
I mean, I think probably it's coming from Binance.
So the Binance Dex when it was announced.
And there's a lot of discussion by CZ on Twitter.
I'm like, you know, we're going to, I don't remember what he said something.
like we're going to, we allow you to self-custody and we will disrupt ourselves.
Like he said something about disrupting himself, but I don't think he's doing, by the way.
But building this decks that finance has launched is a sort of new way of trading,
and that would be disruptive to their model as a centralized exchange.
And I think then all of the other exchanges kind of looked at that and said, like,
what are they doing and should we be doing this and what does it mean for the industry?
And that sort of made a lot of, got a lot of attention in Asia from all the exchanges.
And so when an exchange wants to sort of integrate into the R-WIN protocol, so, you know,
I installed the R-W-R-W-N application, do you have to go sort of custom-build into their APIs,
or do they sort of, is there a standard R-WIN trading API that the exchanges kind of have to integrate into their systems?
So we went through a lot of evolution of how we did this, and we've done it all.
We've thought about all possible ways.
We've thought about having our own APIs.
We thought about using the exchanges existing APIs.
Generally speaking, it's better not to have people terminate to your APIs if they don't have to.
So I will leave you to guess where we've converged to at this point after sort of a lot of thinking about the right design of an API.
One of the things that for me was really interesting coming out of academia is like, and I'm saying this, you know, if people listening are, you know, have done startups before and like this is the most obvious thing.
But like your API is like one of the most important things you could ever design.
And we've put a lot of thought into how this whole thing works with, you know, existing APIs or our own APIs and how to structure this.
It's really like the number one thing you need to be thinking about sort of when you're building at least something that's integrated by API.
What is the format of the API?
Are there any upcoming integrations you can talk about?
I think the thing that I'm going to talk about today is really our Ethereum test net launch.
So basically, I think, but I'm not sure.
I think this might be the first time you can do layer two atomic swaps from Ethereum into Bitcoin.
I'm pretty sure it's the only way you can do layer two atomic swaps from Ethereum into Bitcoin cash.
I don't think anyone else has even attempted to do that.
And so that's the key thing I want to announce.
I want to say that on the back end, like I was highly unprepared for this podcast.
Actually this morning I had to run around looking for headphones and stuff.
And part of the reason for that is because we've been working on a whole bunch of other really interesting, you know,
go-to-market items that I'd be very excited to talk about, but I unfortunately can't do today.
Cool. And then one more business item. So what's the business model of Arwin like? How do you make money?
With Arwen, when you set up escrows, what's happening is that you're getting coins that are locked
up for your use in order to trade in an exchange. And so this doesn't come for free because otherwise
we would end up with griefing problems where the user is requesting escrows from the exchange and
they're just sitting there and she's not trading and these coins are being locked up and not used.
So we charge an escrow or escrow fee that's associated with holding the escrow's open for the users.
And that's basically where we make our revenue.
It comes from that part.
How high is your escrow fee?
So at the moment, it's pretty low.
We're experimenting with a variety of different business models for the escrow fee,
ranging from basis points on the escrow to sort of a flat fee on the escrow,
ranging from having it depend on the amount of time that the escrow is open,
to having it basically be like you get six hours with this fee of escrow time.
So there's a variety of experiments we're working on right now with this,
but at the moment it's very, very low in the sense that it's just around like one basis point,
I think, per day, so very, very low.
And this is just to get people started with this product.
But there's a lot of sort of innovation going on on that side as well.
So one of the things that you mentioned about sort of the finance kind of system
as well is what Binance is sort of doing is they're allowing it.
Currently, most dexes have been pretty limited to using, like, for example, most
dexes are currently on Ethereum, and they're mostly limited to trading ether and
ERC 20 tokens.
But as we see more pegging solutions coming into play, so, you know, for example, in
Ethereum, we see this TBTC, which is using, like, you know, it's a pretty trustworthy.
I hate the term decentralized or trustless peg, but I like to use the term pretty trustworthy peg
and things like IBC, which is like, you know, kind of what I work on at Cosmos, where we can make
it very easy to peg between chains. What is the benefit of settling on a atomic swap rather than
doing something similar to zero X and settling on a single state machine? And yeah, so how do you
decide, how do you compare these? So let me talk a little bit about what a peg is.
So everyone listening to this podcast,
probably heard of tether, UST.
And so UST is a coin that is tethered to the US dollar.
And so the idea is one tether should be worth one US dollar.
And so there should be like some US dollars sitting somewhere.
And if you take your tether and you go to that place,
you should be able to get a dollar for that tether.
So that's the idea of a peg.
And that's the simplest idea of a peg.
That's sort of an idea in the tether case.
That's the idea that you basically have to trust the issuer of
tether to really actually have those dollars there and not be just making that up.
So that's the biggest risk that you have that comes from that type of, basically, I might
call it a trusted peg, like a peg in which you have to trust the party that's issuing
the tether.
There are other assets that are just like that all over the place in this industry.
So for instance, BTCB, it's the Binance Bitcoin, is essentially a coin issued on the
finance chain that is tethered to Bitcoin.
So you basically have to trust Binance that there's a Bitcoin available for every BTCB that they issue.
And so that is sort of like this very simple peg, and that comes with pegging risk.
The risk is that someone gives me a BTCB or someone gives me a tether.
And there's actually no Bitcoin there to back that BTCB.
There's no US dollar there to back your tether.
And so that's sort of like at the very simplest level, that's the issue with pegs, right?
It's essentially the same risk that you have when you're trusting a centralized exchange with your assets, right?
When you trust a centralized exchange with your assets, I put my Bitcoin in, I do a bunch of trades, I bought some light coins, and I'm done trading at the end of the day. I want to withdraw my light coins, but oops, the exchange is insolvent. There's no like exchange is insolvent. Same risk with a pegid asset. You know, I've got my BTCB, and then I'm ready to convert it back to Bitcoin. And oops, there's no Bitcoin here because the gateway is insolvent. Right. So we see these types of assets all over the place. We see them like BTCB as an example. If you look at E Toro, they have on their exchange, they have pegged assets like this. They have. They have
have it even, I think, for gold. What was the other one? Waves? There's also a rap TTC on Ethereum,
which is custody by BitGo mostly right now. Right. And then if you look at the Waves platform,
they've also got this colored coins. They were one of the first to do this. They were doing this
back in 2017, right? So there's this notion of pegging sort of all over this industry. And it makes
sense. We have a blockchain. We can issue these assets, but we can't actually tie them to the real
asset. So we just assume that that trust is there and that the real asset, you know, the U.S.
dollar is really there, even though all you have is tether. But, you know, I don't need to tell the
listeners, like, you know, that there's all kinds of security issues and risk issues associated
with that sort of peg. But what about more modern pegs like TBTC, where actually, you know,
you have a relatively decentralized custodian or in the IBC Cosmos scenario, we kind of, you know,
both chains are running on-chain like clients of each other. What about in those cases?
So those are the sort of like the old-fashioned peg, and then there's the newer peg,
which has some sort of cross-blockchain protocol where let's say you have your,
I forget what you would call it in the cosmos world, but you would have some sort of asset
pegged to Bitcoin on the Bitcoin blockchain, and the Cosmos blockchain can verify that,
yes, indeed, there is something locked on the Bitcoin blockchain that corresponds to this
coin that we've issued in the Cosmos world.
Same idea with TBTC.
you would have some Bitcoin locked on the Bitcoin blockchain that really you can validate from
the Ethereum blockchain that's really there.
So you have this wrapped Bitcoin or this trusted Bitcoin, whatever it is called on the Ethereum
blockchain.
You can verify that there's really a Bitcoin on the Bitcoin blockchain that's there backing that peg.
So that's the other approach.
I will in a minute go into sort of the issues that we see with that approach.
But I want to say that with Arwen, like all of that goes away.
There is no pegging.
We don't use pegs, right?
So the really main thing about Arwin is when we say cross-block chain atomic swaps, if you're swapping Bitcoin for
Ethereum, you are taking an actual Bitcoin and swapping it for an actual ether. There's no peg. There's no
sort of like pegging risk associated with any of this. It's just a very, it's a native swap of the asset.
And I think the real advantage of that is that I don't have to sit here and explain to you what the
pegging risk is or is not. It just doesn't exist. We don't have it at all. We just use the native
coins. And there is no pegging risk. I spend a little bit of time telling you.
but the pegging risks associated with tethered coins like tether or BTCB,
I could spend some time talking about the risks associated with like the IBC approach
that you talked about with Bitcoin.
The bottom line is like anytime you have a pegging approach and you have like the
wrapped Bitcoin and the actual Bitcoin, if something goes wrong and that actual Bitcoin isn't
there, you have to run some procedure to recover from this.
And there's all these cases of like, well, what happens if the real Bitcoin is there?
What do you do?
isn't there, what do you do, all sorts of protocols that you have to go through. And there's sort of
varying levels of assurances you can get that you really will get your Bitcoin back for this
wrapped Bitcoin. And we can go into like individual sort of discussions on each different
protocol. But at the end of the day, like you have to worry about that when you're worrying about
when you're working with a peg. With Arwen, we just never had a peg. There is no peg. There's nothing
to discuss here. You're trading a Bitcoin for an ether and that's it. You're done.
So Sharon, can you tell us about what's next for Arwen? So in the next year, where would you like to be
in the years time from now?
I would like to be the sort of chosen way for people to trade assets,
especially for institutional players to trade large blocks of assets.
And so we would really be taking advantage of this atomic swap property
and the instant property where we're fulfilling the ability to trade
and settle instantly and trustlessly between mutually and trusted parties.
And we're really exploring like a large amount of different ways
that we can take this to market with the protocols that we have
and the additional protocols that we've designed as well internally that we haven't really talked
about publicly yet.
So I have a last question, I think.
Maybe Sunny has another one.
So you have spent most of your professional life in academia and have been actively involved
or, you know, involved as the CEO of a startup for the past two and a half years.
How would you say do these two things compare to each other and will you be returning to academia?
First of all, I'm not going to answer the will you be returning to academia question,
because no matter what answer I give, I will lose.
So you will have to see what I do.
But, you know, the differences in the similarities are it's very interesting to go from being a professor to being a CEO.
Most people typically go from being a professor to being a CTO, which I think is an easier transition than going to being a CEO.
But I really am a CEO, and I do the job of a CEO, and it's quite different from being a researcher or a professor.
I do think that there's a bunch of things in common between academia and startup life.
Number one is randomness.
In academia, you write a paper, you spend three years on it, it gets rejected, never gets published.
I can tell you about this that happened to me over and over and over again as an academic.
Papers I loved.
Papers that actually, for example, a paper we wrote that includes the design of a verifiable random function or VRF
that is currently used in Libra and in Algarand and in a number of other like commercial things,
and I've never been able to publish that damn paper.
It keeps getting rejected, and it's been like five years.
Can't publish this thing.
It's an ITF standard now, but I still can't publish the damn paper.
So, you know, that will happen, and you can be in the startup world.
You can work really hard in every sort of deal you try to do fails because of something,
and you just can't get it done.
So this sort of like randomness and living by the role of the dice I've been doing for a while.
And so that's similar.
I think some of the really big differences in academia is just sort of as a researcher.
I am a professor and I have run a lab, but there's still this ability to just close your door
and not talk to anyone for three days and work on something.
And as a CEO, that just goes away.
So the ability to just sit and think for three days or write for three days is like a massive
academic luxury that I don't have anymore as a CEO.
On the other hand, the reason I left academia was not just that like this paper that I loved
couldn't get published for years and years and years and it drove me crazy, which it did.
But as an academic, I spent more and more of my career on more and more applied aspects of my
job. So I spent a bunch of time working with the Internet Engineering Task Force,
standardizing crypto protocols, working on solutions for securing internet protocols.
And sort of kind of like, I got to the point where I was more excited to go to the ITF
than to go to an academic conference. And at that point, I said to myself, like, okay, maybe I need to really
be an industry and building something because I'm just more excited about really getting products
out into the market now and getting my technology used. And so that's how I ended up in this place
now, you know, after about, I know, 15 years in academia. So here I am. And here you are. Cool.
Thank you so much, Sharon. This was really fascinating. Thank you so much for coming on.
Thanks, guys. Thank you for joining us on this week's episode. We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud, or wherever you listen to podcasts.
And if you have a Google Home or Alexa device, you can tell it to listen to the latest episode of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes in your inbox as they're released.
If you want to interact with us, guests or other podcast listeners, you can follow us on Twitter.
And please leave us a review on iTunes.
It helps people find the show, and we're always happy to read them.
So thanks so much, and we look forward to being back next week.