Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Silvio Micali: Algorand – A New Scalable and Secure Approach to Byzantine Fault Tolerant Consensus
Episode Date: February 8, 2017There is no doubt that proof of work, introduced in the Bitcoin white paper, has stood the test of time as a robust and resilient Byzantine Fault Tolerant consensus mechanism. However, many issues may... prevent Nakamoto Consensus from securely scaling over the long term. The risk of validator centralization, network forking, block scarcity and high energy costs required to mine a block have all been extensively debated with no realistic long-term solutions to date. A new paper titled “Algorand” attempts to addresses these problems. We’re pleased to be joined by Professor Silvio Micali, a computer scientist at MIT, who is known for his work in many of the technologies blockchains rely on today. As one of the co-inventors of zero-knowledge proofs, he has been decorated with a number of prizes and awards, including the Turing Award, which he received in 2012 for his work in cryptography. Prof. Micali describes the concept of Algorand, an alternative approach to proof of work which offers high security guarantees while allowing the network to scale with demand. Relying only on a trivial amount of computation to validate transactions, Algorand also reduces the probability of network forks to near-zero. It uses novel mechanisms to select validators for blocks and enabling them to come to consensus on them. Topics covered in this episode: Professor Micali’s fascinating career in the fields of computer science and cryptography The technical limitations of proof of work The ideal properties for a truly decentralized, secure and scalable cryptocurrency Algorand’s new approach to Byzantine consensus Algorand’s strong adversarial model How validators are randomly selected by the network How validators are chosen and how they arrive at consensus How Algorand guarantees a low probability of network forks How Algorand addresses the issue of scaling and block size Algorand’s roadmap and future plans Episode links: Algorand White Paper Algorand talk by Silvo Micali on YouTube Silvio Micali - Wikipedia This episode is hosted by Meher Roy and Sébastien Couture. Show notes and listening options: epicenter.tv/169
Transcript
Discussion (0)
This is Epicenter. Episode 169 with guest, Professor Silvio Mikali.
This episode of Epicenter is brought you by Jax.
Jacks is a user-friendly wallet that works across all your devices and handles both Bitcoin and Ether.
Go to JAAWX.I.O and embrace the future of cryptocurrency wallets.
Hi, welcome to Epicenter. The show is talks about the technologies, projects, and startups driving
decentralization and the global blockchain revolution. My name is Sybess Senguji.
And I'm Meheroi. Today we have an extremely.
distinguished guest on our show. So we are going to talk to Professor Silvio
Mikhaili who is a professor at MIT's computer science and artificial intelligence
laboratory. Now Professor McKelly is a recipient of the Godell Prize and the
Turing Award, two of the biggest awards in computer science. And I actually came to
know of Professor McKellie's work when I was researching Z-Cash in the last year.
So in Z-Cash we have this knowledge of zero knowledge proofs or ZK SNARCs.
And it turns out that Professor McKelly is the co-inventor of the idea itself of zero knowledge proofs.
So he wrote a paper in 95, the knowledge complexity of interactive proof systems where he sort of went into the idea of zero knowledge.
But I was surprised, pleasantly surprised to discover this year at the beginning of this year that he has come out with a new consensus algorithm,
and which has the potential to power cryptocurrency-like systems
and blockchain-like systems in the future.
And he calls this system Algorand.
So we're going to talk to about Al-Gurand
in this particular interview over the next hour.
But before we start, let's perhaps have some words
from the professor himself.
And Professor, tell us how you got to be interested
in the field of Bitcoin and cryptocurrency.
Oh, thank you, Mayor.
So somehow I...
I've been working in cryptography for a long time.
Then I took a pause and started working in game theory.
But I heard about Bitcoin in the background.
And so finally, I decided to ask, well, what is Bitcoin?
And once I heard about it, I thought for a while and said,
could you please one more time?
And so I got a second explanation.
Then I saw it, I was like, wow, this is a great idea.
and point one, but point two, you know, can one do better?
And then that's what I got interested in trying to somehow improve the all approach.
And in fact, actually, at the end, I ended up starting with a totally new approach altogether.
So Bitcoin was my main motivator, and I think actually he has motivated a lot of people.
So whoever Mr. Nakamoto is, you know, thank you very much.
So, Professor, there's only one video about Algorithm on the internet where I think you're talking at one of the events celebrating Professor Whitgerson's work and you're talking about Algorand.
And you mentioned Bitcoin as like a beautiful, beautiful invention that is going to change how society works.
So why do you think this invention is important from a computer science perspective?
What the Bitcoin wants to do is to implement a shared ledger.
And so somehow, you know, we need to have as a society a way to generate consensus
about a few things that are important to us.
So to think about it that there is, if you have a guarantee that there is, you know,
every 10 minutes, a page of a newspaper, which, you know, you know that whatever you're reading,
the rest of the world is reading.
And so we record there what is important, transactions,
for example, and then another 10 minutes, there is another page that everybody somehow agrees upon.
So what I'm reading, you are reading, and that somehow essentially common knowledge idea is very, very powerful.
So if you look at the Internet as it is and as a web, is a repository of information,
but the timing of it is not clear.
It's not clear that whatever I see really is the same thing that you see.
So one needs to put some kind of a law and order of the internet and on the web.
And if they have been so useful right now, think how much more useful are going to be
if you have also this other common knowledge aspect to it and timed aspect to it.
And so that is no question in my mind that that is an extremely useful tool to have for a society,
particularly for a modern and digital society.
And the question is really, how do we really bring into existence?
What is the right way to bring it into existence?
So in your paper, I have to say, we're talking about this earlier.
It's a fascinating paper.
It's a fascinating idea.
There's a talk that we'll link to in the show notes,
in which you explain the concept of this paper.
But for someone who doesn't have a mathematical learning,
engineering background, it is a daunting thing to look at because it's about, well, it's quite long,
and it's a lot of mathematical formulas that you need a high level of technology to understand.
So we'll try to make this discussion as, and I'm sure we will, because you're very good at
explaining things and very articulate, but in the paper, you start by describing
some of the technical limitations of proof of work and some of the requirements in a cryptocurrency
like Bitcoin. So could you take us through some of those key points? Somehow, Bitcoin is
predicated on the honest majority of the miners, that is a specialized group that somehow
generate blocks, a block being a page of this global newspaper that appears every
the minute to all of us. And so that insofar to ever requirement of honesty doesn't
bother me at all. In fact, actually, I believe that honesty exists. Society would not
exist at all if some other was not an honest majority out there. So that doesn't bother me.
But what bothers me is assuming the honest majority of a specialized group of people,
namely these miners, which essentially is quite orthogonal to us as users in general.
Originally, in the original conception, I could be a miner and a user.
You could be a manor and a user.
But then it turns out of it somehow from the structure of the Bitcoin,
the incentives were such that mining, so just,
generating blocks, meaning deciding, being able to print the page of the newspaper
that everybody reads every time minutes is becoming so computational expensive and actually so expensive
in electricity alone because computation is powered by electricity, that, you and I are going
to lose money despite the rewards that they are given by Bitcoin to the producer of the page
every time in minutes if we attempt to do it. And so there are right now,
mining pools groups of people who join together to try in this giant effort to print the page
and that there are now five consortia five pools and so when you actually ask about the majority of just out of five pools
that is a little bit a lot to ask I have no problem assuming the majority of the users and all in the world or in anything
of it because if there is not a majority of users right there, we are,
A, life is not worth living and life will be very short.
Society will crumble.
But somehow, to put in all this extraordinary power,
deciding what is going to be print in every page, every 10 minutes,
into the hands of five groups of people that is, to me,
I'm sure it was not whatever Mr. Nagamoto originally intended.
So that is a problem, not to the honest majority,
of society, but the honest majority of miners, yes.
Another problem is, of course, this waste of power.
So my understanding is that with relatively few users,
Bitcoin already absorbs for the production of this page
every eight minutes, so much electricity as a small country.
This does not scale.
And I believe that if you really want to have a public ledger
that brings us together,
generate common knowledge, you know, in business, in society, in all of humanity, you know,
it has to scale much better. And the other point that I, that worries me is this forks,
because somehow in the design of Bitcoin, it happens to be a fork. So think of it like
you're watching somehow the page of this newspaper appeared at a minute, and suddenly,
for the next page, there are two contenders or three contenders.
And so somehow, of course, it generates some ambiguity in the poor reader
because they say, you know, how do I know now what other page everybody is reading and focusing in?
So I'm seeing the same thing that everybody else is seeing.
And there is a fork resolution, some way in which later on somehow we are going to have another single sequence of pages out there.
but somehow we have to wait quite a while for this to happen.
Very often you cannot rely on the content of one page until, say, five more pages
have been actually appended.
And actually, if you want to have a probability that is a really small,
that this page is not going to disappear and is going to remain in our common history,
year to wait not for six more pages to appear, but maybe 20.
So if you think about it, 10 minutes a page and yet to have a delay of 20,
six is an hour, and 20 is much more.
So it's three hours.
That is a little bit of a burden.
And moreover, I believe that, you know, the notion of ambiguity,
that whenever you see something on a page,
you cannot rely on it right away because there is this lingering ambiguity.
Psychologically is very disturbing because for the success of the operation,
and not only for a speed,
you actually need to have some very strong sense that once a page is out there,
you can rely on it and it's not going to disappear on you.
And yes, if you see it, everybody will see it,
and we can assume that it's common knowledge and keep going.
Does this all make sense?
And objectively, I think, you know, if you look at the Bitcoin protocol with a fresh set of eyes,
and you can look at these problems, say, objectively, these are issues that perhaps would prevent it from scaling
or would make it vulnerable to certain types of attacks.
And this is what you lay out here.
Now, I'm curious, have you tried confronting these ideas to people in certain Bitcoin forums, for instance?
No, I must say that I came to this essentially like a scientist and an academic.
So I have not, I did not somehow publish in a Bitcoin forum, a forum, and I did not a,
I'm not a part of this.
I just went to the design board and say, okay, if you don't want to rely on minors,
if you don't want to concentrate the powers in five hands,
if you don't want to have this lingering ambiguity that actually translates into a long time,
to long wait, to certainly certainty, and if you want to reduce the cost of production,
because otherwise, you know, it really is not going to scale. What do you do? And then, you know,
I just went on on my own path. I was being slightly facetious because I know how these types of very
objective facts somehow get misconstrued by certain types of people in certain specific forms.
But enough of that.
So you also outline the properties of a good public distributed ledger.
Take us through what, in your opinion, are good properties for a good public distributed ledger.
First of all, it should work in a permissionless environment.
So in other words, you should be always open to new users coming in anytime they want
end up being part of the operation.
It should be computationally trivial, very fast, so that it's not going to absorb much of our computation power
and is very low cost.
It should have actually, it should have, in my opinion, every page as soon as you appear
they can be relied upon instantly rather than having to have to wait for long.
And the total number of bits sent around should be low.
And in my opinion, then I should have no fork.
So I already said this, but also should have a very strong security.
Because in my opinion, if the ledger is going to become useful to humanity,
if the world, the society really relies on it,
and a business in particular as a part of society realize on it,
you can be sure it's going to be attacked.
And so we need to have a stronger model of our security
for having, you know, the ledger that we deserve and want.
So one of these specialities, I think, about Algorand
is that you actually define the stronger notion of security
and you define a notion of adversary as well, right?
Like, so in all of the cryptographic protocols, we always have this notion of adversary that's either trying to listen on the communications or is trying to break the security of systems.
And you have your own unique definition of what should be considered as an adversary when one designs a distributed ledger protocol.
So could you walk us through this notion of an adversary?
of
your notion
that adversary is not a notion
I'm afraid to say
something that everybody knows
so is a truism
that adversaries are a reality
so I said before
that I really believe
that there is no society
without honest majority
so there is
honesty but there is also
gratuitous malice
and very often
we have been a little bit
a cavalier when discussing about the adversary
because, oh, the system is secure because
an adversary is not profitable to be an adversary.
I mean, very often out there, the way there are people who are honest,
thanks goodness, there are also people
who actually want to be malicious for his own sake.
And if they want to bring the system to a halt,
they may not make a dime, but they feel proud.
Think about people who spread viruses.
Very often, they don't have much to gain at all.
So I believe that if you really want to have a fundamental infrastructure,
and if you don't believe that to have a very strong adversarial model,
we are not having actually a practical infrastructure,
and actually we're going to have a dangerous infrastructure,
because in some sense we will be better off without it
than relying on something that ultimately is not secure overall.
So in my view, here is what I'd love to have an adversary.
Our anniversary is able to corrupt anyone he wants, whenever he wants, instantly.
Perhaps we can actually put a budget of how many you can do, and that is an old approach.
Perhaps you cannot corrupt more than a third of the users in the world.
And actually, if you're thinking about an infrastructure that is used by millions and millions and millions of people over the Internet,
if you can corrupt, a 10% is a miracle.
This is going to be, it takes time to corrupt.
And nonetheless, you can corrupt anybody who wants up to, say, a certain percentage, just say 10%, 20%, 30%, if you really want to be very pessimistic and very, very safe.
And then you want to say, now that I've corrupted, actually, I can, they do my bidding.
So, I mean, I really seized your computer.
Now your computer no longer belongs to you, but belongs to me, the bad guy.
And I can let you say any message you want and organize perfectly all the bad people.
Okay?
Because if we prepare and defeat this adversary, actually we are going to be safe.
And if we think it's going to be something milder, we are not going to be safe.
And trust me that there is a currency that the world uses,
and somebody can prevent from transacting because nobody has access to his or her own money anyway.
It will happen.
So it's not somehow a sort of fantasy.
That's what I really believe is the versory that I have in mind.
So it's extremely powerful.
However, it's not capable of his computationally bounded.
They cannot forge digital signatures.
And the only concession that I'm giving is that once, you know, a message is sent out to the network,
propagated viral in the network by an honest person,
he cannot put the message back into the bottle.
I mean, no more than a government can put back in the bottle a message who is very spread by weaklyx.
So once it's out of a bottle, it's a bit too late to stop.
But otherwise, can corrupt anybody, instant anews, he organize them, and so on and so forth.
So within the properties of good public ledger, you talk about this notion of true democracy.
And in the paper, you describe the fact that in Agarand, all.
participants are treated equal. So there's no distinction between miners and nodes and regular
users and so on and so forth. And if you compare that to, it's quite novel because in other
blockchain systems, that's not the case. So obviously in Bitcoin, it's not the case. And if you
compare it to some newer, more scalable BFT proof of stake type systems like, say, Casper, for instance,
there is a network participants and validators who are offline are in fact penalized,
and this is so that we have a high network availability, right?
If miners are penalized for coming offline, or validators rather,
then we can assume that the network would say available and resilient.
Can you explain and then how in Algarand you counter this problem,
knowing that all my validators and nodes are the same,
and they can come in and out of the network at any time.
All right.
So not everything is easily explainable.
So first of all, I think, yes, I think it's important that somehow is to be a democratic system,
because my faith is in the honesty of the majority of people.
or actually, if you want, technically speaking,
then the majority of the money
belongs to honest people.
That is okay, which I believe it is true,
because after all, the money is in our pockets
and the majority of money is in honest people
that seems to be the safest assumption.
Then I don't want to bet on the majority
of this particular group of this other specialized group at all.
And therefore, it is important
that somehow the computation
that is required to a user to be mild enough
that you can actually do it without problems
or even in a background in your laptop
without being being worried.
So if the participation is very computationally inexpensive,
in some sense you can say you can leave it on your laptop
the same way that you leave it on
or application running in the background,
anyway and that is very different than running a computational intensive operation and so in
some sense one can somehow dismiss the fact that people want to go offline because being
online and giving this occasional light help to Algorand is not going to prevent it for doing
anything else you want to do but if you want to go one step farther and Algorand that can
actually somehow tell you in advance when you are going to be, you are going to be taking
some crucial steps, when your intervention is really crucial, not just passing along
messages, facilitating the propagation of messages, algorithm messages of the network.
As I'm saying, you know, me here, Sebastian, somehow, if please be online six months from now
from noon to noon or five because I think, you know, you're going to boost, you know, the thing of the system.
Of course, that is a metaphor because Algarand is a collective protocol, is a totally distributed
ledger, nobody is going to tell you, it's your time of things, but somehow you realize yourself
when is crucial that you are going to act?
And so, and I believe that if you are going to tell people say, hey, if you know in advance
in a year that, you know, one or that 10 minutes that you're really needed,
could you please possibly be there?
And I think people will comply.
It's a kind of a different model.
So think about it differently.
Assume that to say everybody should vote in elections,
but very often when you think that the election is a foregone conclusion,
you can say, you know, I have better things to do.
Now, mind you, that being an algorithm in an election is quite different
because algorithm runs in the background in a computer.
In an election, I should personally go to the poll and cast my vote.
But assume now that there is an election to say, Silvio, you know what, if you show up at this election, you are going to decide the next president.
You bet that I will show up.
And I believe that most people will.
So this notion that you can somehow actually not only being online because it costs you nothing to be online, nobody is going to require any mining or expensive operation.
But actually, I can actually schedule and give you just a very short time window.
when you actually have to show up and make a difference,
may actually solve the problem.
Does this make any sense?
I think that's the best I could do in this context
in terms of explanation.
Definitely. It definitely makes sense.
Let's take a short break to talk about Jacks.
Jacks is a multi-coin wallet created by the people at DeCentral.
Now, in the past, if he had a whole bunch of cryptocurrencies,
it was a pain to handle them.
You either had to leave them on an exchange,
which was insecure,
or you had to have all these different wallets, which was a hassle.
Fortunately, now with Jacks, those medieval days of darkness, misery, and suffering are over.
Jack supports multiple cryptocurrencies and new ones are being added.
But it's not just storing cryptocurrencies you can do with Jacks,
but you can also exchange them directly from within side the wallet,
thanks to their shape-shift integration.
And since there's only one seed,
Jax makes it super easy to back up and sync to the other devices.
Jax works with Windows, MacOS, Linux, Android, iOS,
and has browser extensions for Firefox and Chrome.
So go to jacks.io, that's J-A-A-W-X.I-O,
to download the wallet and get started today.
We'd like to thank Jax for the support of Epicenter.
I think we've been talking about Algonand in multiple questions.
So let's just have you describe Algorand, like a paint-a-boh.
broad brush in broad strokes and explain to us what are the key components that you're using to
make algorithm. Right. So if I want to do it in broad stroke and then I'm going to say is the
phone. Like what is the problem that we are actually facing here? The problem is that there are millions
and millions of people all over the world and we want to say I have in my mind a page of the paper that
should be written.
You have a different page of the paper
that it should be written.
So does everybody else.
So it's a question of consensus of agreement.
We want to agree on a page
in which everybody is behind that page.
But it should be my page, your page.
So we need to have this agreement.
And tell you the truth,
this problem was actually discussed
and invented actually in the 80s.
So it's over 30 years ago.
And it's called the Byzantine Agreement.
And it's a very, very strong type of agreement.
You imagine there is a powerful adversary of the type that I was describing before.
And despite this adversary could corrupt and totally control, say,
after a third of a player, you know, you are going to have,
all the good guys are going to agree on a single page.
Hey, that's wonderful.
So then aren't we done?
Well, not really.
Why?
because these protocols essentially want that everybody talks to everybody else over and over and over again in a sequence of rounds.
And the question is, how many rounds?
And so the number of rounds has to be one more than the possible number of bad people.
So think of it that assume that you have a medium deployment, right?
So a million users, not much, and assume that the diversity can corrupt and control 10% of the users, which is already a lot.
Okay, 10% of a million is 100,000.
So you have to talk over and over and over again, or 100,000 plus one rounds.
Now, that is a lot of talking.
So even if you take a tenth of a second to implement a round, it's going to take 69 days to publish a single page of a paper.
that cannot possibly work.
And what Mr. Nakamoto did is a totally different approach.
Essentially, he did say, hey, when you imagine your page of paper,
you have actually to solve a very difficult computational reader.
Think about an equation that is defined by your own page
and yet to find the solution to this equation.
So I work independently on the equation on my page,
you work independently on the equation of your page,
all equations are equally hard,
and they're hard enough so that one person in the world,
no matter how many people try,
every time minutes only one person is going to solve this on equation.
And one who solves it propagates a solution to the equation
and the page that goes with it.
So if you look at it, what is magic and what I really much admire about Bitcoin is this idea
that in this agreement, we don't need to talk at all, because talking back and forth with
a million people can take a long time.
But what I do?
I stay in my own room, I solve my own equation related to my page.
And so does everybody else in parallel and separately.
And then the one who succeeds, then communicates the solution and the page.
That looks much better than before.
The problem is that introduces a long computation,
because you must make sure the riddle,
the question you have to solve,
it's hard enough that despite everybody's trying to solve it,
only one every minute solve it,
and the people who don't solve is just wasted work, etc., etc.
And then the concentration of power, latency, and everything else.
But it's a brilliant idea.
So what does the algorithm do?
I go back to the message passing Byzantine Agreement Protocol.
But I do two things.
First, I find the Byzantine Agreement on steroids,
which is very, very, very fast.
So everybody, there are going to be the number of rounds of communication.
Think of it is nine in expectation.
But nine, whether the users are a million or a hundred million or a billion,
you only have to talk for expected nine times in a row.
And moreover, everybody who has something to say in a round
should send a single message,
not different messages to different people,
like to us the case in the past.
So you have only one message to send,
and you have to send this messages
and I expected nine times only.
Wow, that's already quite a better.
and perhaps with a million people, it could be almost usable directly as it is.
But then Algorand does something else.
I want to have really super-efficiency.
So what I'm going to do, I take this protocol that it could possibly work for a million,
but say not for 10 or more, 10 million or more, and say,
and then now I shrink the participants by a cryptographic process,
say, to simplify computation, by a factor of a thousand.
So rather than having a million people conducting this super-efficient protocol,
now have a thousand people conducting this super-efficient protocol.
And that is so much better.
So what you do is that you invent a new protocol.
That's what Algorithm does, provides a new protocol for Byzantine Agreement,
which has some extraordinary property as it is.
And furthermore, you don't even run it with the old users,
but somehow you shrink the number of users
in a guaranteed fair way to a random subset, say, of size of thousand, all the old users.
So even though whatever it was already really really fast, now it becomes a thousand times faster.
And therefore it becomes much easier to produce the page we want to have produced.
That is essentially, if I want to summarize in one way in two steps of this application,
is Byzantine Agreement, message passing Byzantine Agreement, not proof of work of
Byzantine Agreement on steroids, and then shrinking Byzantine Agreement in a guaranteed
fair way to a much smaller subset of users.
So I think that was a brilliant explanation.
And just for the convenience of our future selves, let us give names to those two things, right?
Like, let us give, so tell us what the name of this Byzantine Agreement on steroids is,
and tell us what the name of this method of shrinking from a million to a thousand, that is.
Okay, well, the name of the Byzantine Agreement on Stero, which has two names.
One is the nerdy name, and then I call it a BBA Star, B binary Byzantine Agreement,
and Star, well, because it's self-promoting question.
I think it's really is a good Byzantine agreement algorithm.
But the colloquial name is Fast and Furious Byzantine Agreement.
Because in some sense, that's what it is.
So what are the names?
Fast and Furious Byzantine Agreement or BA Star, if you prefer.
The other, that is the agreement proper.
The other technique to really shrink instead a million users to say a thousand,
has also a name and it's called the cryptographic sortition.
So first of all, the name was actually suggested by Morris Hervey, a friend of mine,
and it's a great name.
Let me tell you what sortition is.
Sortition is actually an ancient method to decide magistracies in very ancient republics,
such Athens, Florence, Venice, and so forth.
And in some sense, those people felt that it was a good idea somehow
to feel certain positions at random rather than by any other process.
And so cryptographic sortition is a way in which you rely on cryptography
to guarantee to everybody that the people who are ultimately
I've been elected fairly and randomly.
And in a way that is unambiguous.
So everybody should die.
Who are the Fassan people in charge of this page?
Of agreeing on this page.
Everybody should know who they are
and everybody should somehow believe
that they've been fairly selected.
And so why this is important
because the page essentially is going to be digitally signed
by a suitable majority of these Fassan people.
So if I know that thousand people, and as I see of this particular page,
and if I see that this page has been digitally signed by sufficiently many of these thousand people,
then I'm happy and everybody can rely on it.
And so somehow a bit better, there is also secret cryptographic sortition.
And that is something that is even more unique to algorithm,
in which it is a way to select people in a way that is secret and provable.
Secret, so that nobody knows that you've been elected,
but if you've been selected for participating to the small committee
who is in charge of this page, you can prove it,
but nobody knows in advance who is part of this.
So in some sense, what Algorithm does is,
by secret cryptographic sortition,
is make sure that the people,
select themselves.
And that's very weird because how do it is, I select myself if I want to go, if I want to squish down a million people to a thousand,
assume that I run my own private secret lottery in which I win with probability one in a thousand.
So if everybody wins it a probability one in a thousand and there are a million people, how many winners there are going to be?
be, well, roughly on average, a thousand, right? Because a thousand times a thousand is a million.
So the point is that Argonaut does not ask a million people or 10 million or 100 million
to talk in order to select together in a fair way a thousand people, because so much talking
is really a dog eating his own tail, right? I want to select the people, and that's going to
take a while so that then once they are few,
they can select the page.
This is a circular argument.
I want the people to select themselves.
And if they are selected, come back with the answer.
To give you an analogy, perhaps, is this.
I don't know.
I think that this is a way in which Google hire talented people
and mathematicians.
Sometimes there is a web page, or even some physical banner
somewhere close to, you know,
universities, and you say, can you solve this mathematical riddle?
If you can call this number.
And that's how they recruit.
And that's a very smart idea of recruiting.
Because millions of people tried to solve it.
But the few of them who actually solve this mathematical
rule call up and they are offered a job
after presumably some additional interviewing.
Think of the alternative.
even if Google were the one who would do it.
So how many people should you hire to interview millions and millions of people
who believe in good conscience to be talented enough to work at Google?
So it's going to take forever and it's going to be very expensive process.
Instead, here, by magic, you say, if you solve it, on your own time, on your own time,
only if you solve it, come back and report the solution and you are interviewed right now.
And essentially, by this secret self-selection,
Algorand has extreme efficiency
because we don't need to talk at all to generate the committee.
But if you're part of the committee,
give me proof that you won your own lottery
because your own lottery is not cheatable by you,
even if you are the only one running it.
So if you win, report and welcome to the committee.
That essentially is the way secret cryptographic sortition works.
Okay, so is it correct to think that let's say there's a newspaper, right?
And each page is like, let's say one block and you have had a lot of them.
So let's say the newspaper is already like 20 pages thick.
And now we need to make the 21st page, right?
So in order to make the 21st page, and there are like a million users, right, there are all the million users, they're holding some kind of currency like Bitcoin, like an algorithm coin or something.
And now in order to make the 21st page, we need to select out of these million, a thousand, and these thousand will be in charge of creating that 21st page.
So my question is like, let's say I'm one of those million who got lucky and got selected to be, is one of the 1000 to create that 21st page.
When do I get to know that I have the power to participate in the process to create the 21st page?
Right.
So there are different implementations of Algonaut.
but say in the basic implementation,
as soon as the 20th page is published,
you can determine right away
where you are going to help to generate
the 21st page yes or no, immediately.
And you do some very simple local computation to you
that is going to tell you whether you've been selected or not.
That is the answer to your question.
Okay.
Now if, I'm interested to know like,
what this puzzle is that is being used to do cryptographic sortation.
And the second question is,
if my selection as one of the 1000 in the 21st page depends on page number 20,
then if I'm an adversary,
if I can manipulate page number 20,
then I could also make sure that the 1,000 people for page number 21 are also, you know, corrupt.
How do you prevent that?
Well, congratulations.
That is really a heart of a problem.
It's a main component of the problem.
And the way actually, you're totally right,
because if you select the 1,000 people in charge of page 21
from the content of page 20.
And so somehow could decide what transaction
or what to write on page 20
in a way that is going to affect the next page.
And even minor choices are going to create very different committees in charge of creating the next page,
and therefore you select the ones which are most convenient to you.
So one of the technical contributions of Algorand, even though it is a bit more technical and not,
is really to figure out something, a different quantity that is part of the page, but is a new quantity.
And this new quantity has nothing to do with the transaction.
It's somehow a non-manipulatable quantity, not influential quantity,
that somehow guarantees that the people of the next page are really selected properly.
And that is really the zest of the matter.
And it cannot be the block itself.
It cannot be the payments in the block.
There are payments.
It cannot be the ash of the block.
A lot of things cannot be.
but you have to invent this other quantity that somehow is inductively defined.
So the quantity of one page somehow determines the quantity of the second page.
But in a way in which you focus on the problem,
I want to take out from this quantity all influence from the bad guys.
And if you face it like this,
rather than just working with a generic block,
then you are able to algorithm solves a problem.
Today's magic word is steroids.
S-T-E-R-O-I-D-S.
Head over less-stock-Fitcoin.com to sign in,
enter the magic word, and claim you're part of the listener award.
So, Professor, you have walked us through this notion of,
to this fundamental component of secret cryptographic certition.
And your claim is that the thousand,
validators for newspaper page 21 will be generated from the contents of newspaper page 20.
You've also said that in order to select the thousand of newspaper page 21, all of them only have
to look at some data inside page number 20 and they self-select themselves.
But how do you ensure that the data on page newspaper page 20, which will determine the selection
of the thousand is truly random and cannot be controlled by anybody.
And how does it exactly work in the algorithm?
Well, exactly work is on this medium.
Even without a whiteboard is a little bit much.
But I can give you that zest.
So the idea is remember that we do have here a system
in which people, for instance, have a secret key.
Why? Because any algorithm users or any user is going to say for his use a secret key, say, to make payments.
So there is a secret digital design key.
Okay.
And moreover, this digitally signed key, right, who knows it?
Only I do know.
And are my signatures predictable by others?
Not really, right?
Because if we know a billionaire's, if we can predict a billionaire's digital signatures, how about we can predict, please,
what the signature is he owns me a billion dollars.
So there is already intuitively some randomness,
which is not the randomness in the block,
but some randomness comes from the secret key that people use
because digital signature has to be somewhat unpredictable.
So now if you combine these things,
there is already a source, a cryptographic source of unpredictability,
if you manage to distill it
and to make it something very, very random and small,
like a 20-byte random extract from that,
then you are better served.
And if you further constrain so somehow that I cannot shop around
with my secret key for many things to sign
so that I can pick and choose which random outcome I want from being selected.
But if the system somehow forces me
that I can produce a single digital signature
that can be verified.
And then from it, this single thing, I extract whether I'm winning of my own lottery or not, that makes the deal.
So essentially, I need to know, to realize if I'm selected, only 20 byte from the previous page.
I use my secret key to determine a proof that only I can produce.
And this proof is a proof that actually belonged to the committee of the next page only with probability one in a thousand.
So you can see that, you know, everybody can, you don't need to select people among the people that are somehow present in the network right now.
However, once you see the previous page, once you see this 20-byte quantity of the previous page, I somehow do essentially a digital signature.
And from it, I can prove to myself, I have nothing to do with the next page, which most of the time that is the case.
but the probability one in a thousand, I'm actually called to act to produce the next page.
And only the people who call to act, even though we were not visible, particularly to other people in the network,
so somehow they can certainly propagate one digital senior approving that a member of the next page,
the committee in charge of the next page.
And so these proofs now go in the network, and everybody knows who is the committee in charge
of the term in the next page.
Does this make any sense?
That actually makes a lot of sense.
Although we couldn't go into the technical details
because it might be just too complex without whiteboard.
But I do get the sense that you are somehow using the randomness embedded
inside a private key itself,
that a private key has to be random in order to be secure.
You're using that sort of randomness to create a process
that ends up selecting a thousand people.
out of a million.
Each of this thousand people select themselves.
Each of these thousand people are self-selecting themselves.
So now I think we could move on to the next stage.
So cryptographic, secret cryptographic sortation is we have pages 1 to 20 and we have a way
to get the committee of 1,000 people to create page 21.
Now, what happens once we have these, once these 1,000 people individually know that they
they have the power to somehow influence page 21.
What do they do?
And how do they come to consensus?
Oh, excellent.
So remember that now all of the, so naively,
what you should think about doing is the following.
Hey, I have a Byzantine agreement on steroid.
It almost works with a million people.
Surely works with just a thousand people.
And now I see who the other thousand people are
because they just gave their proof
that they belong like me in the competition.
So why don't I engage in this Byzantine agreement on steroid,
Fast and Furious Byzantine Agreement, to select the next page.
And by the way, if you remember,
this should take roughly on average, you know, nine steps of communication,
nine rounds of communication.
That's not so bad.
Why do I say it naively?
Because remember that I do want to work with a very strong adversary.
And I, if I'm member of this small committee,
small committee and I sent the proof around to the network and the other 99, on average,
have done the same.
Everybody in the world now knows who are the committee in charge of running the fast and furious
advisors agreement to select the next page.
So what is a bad adversary going to do?
Say a bad adversary who just says, you know, I don't want these guys to agree on anything.
He can just corrupt all of them.
I mean, mind you, it's not going to be so easy, but maybe I was already corrupted a lot.
you know, 10% of the people.
One thing is to say that you cannot corrupt 10% of the internet.
That's okay.
That's a good assumption, perhaps.
But one thing is to say, can you corrupt, you know,
now the majority of a thousand people?
That's a totally different question.
So to corrupt 10% of the internet or 20% of the internet
may be out of bounds for anybody.
But to corrupt, you know, a small committee,
well, maybe it should be possible.
So the idea therefore is to have this Byzantine steroid to have an additional property that is really a new requirement in protocol design, which is, I want to call it player replaceability or generic player protocols.
I call them before.
I think player replaceability is really a bit better.
Because what does he mean?
Because computing a committee essentially, it costs nothing to the nature.
each one selects himself, how about if you have a different committee for each step of the
Fast and Furious of Basantine Agreement? So there are nine steps, nine committee. No problem.
Well, there is a way, there are problems, isn't it? Because what is a protocol, even a nine-step
message protocol, is a discussion. And can you imagine an intelligent discussion if you take
people talk once
and then they are killed or corrupted
by our adversary and take it out.
And a new set of people come in
which had nothing to do with the first.
And they say something and they are immediately killed
and a different set of
some people comes in.
And do this for nine times.
What can they accomplish in this conversation?
They can talk about the waiver.
For instance, if I'm now replacing
in the middle of a conversation which I don't have any
shared variables
inner variables of the people before me,
I can just say,
today the weather is good,
and I get killed.
Somebody else replaces me,
and out of the blue,
what can he or she say?
He says, you know,
let's hope tomorrow is a better day.
Generic discussions.
We cannot do something as complex to agree
on a page that matters.
So the idea of algorithm
is actually to do this Byzantine agreement,
but not only is on average, you know,
somehow nine steps,
not only the people are self-selected
at every single step, but they don't need to be the same people.
They don't need to be the same number.
They can really start afresh from a new set of disconsons for nine times in a row,
and by magic somehow meaningful progress is made,
even though the players who act are totally different players.
And that is something that you really need if you want to defeat the adversary.
If you want to have a vanilla thing and say,
oh, I understand that scaling is good.
I take, you know, here is how to do to use a generically Byzantine agreement, take a
Byzantine agreement, even though he's not on steroids, but scale it down to very few people.
You know, then it becomes, you know, almost faster necessarily if you really scale it down.
But what do you, people have to consider that if scaling down is a good idea for efficiency,
is terrible for security, because once you have a small target, the diversity can control all of them.
And only if you have this, you know, player replaceability property,
that you mean that, you know, the people who need to speak,
they need to send only one message,
and then new people will show up in the next round of communication.
Then the adversary, if he corrupts me after I send to the network,
I'm Sylvia McAlli or I'm publicly so-and-so,
here is the proof that I'm elected and I'm right to talk in step one.
and here is my message of step one.
Then the adversary say, oh, this corrupt him.
I'm out.
But my message cannot stop.
Remember, my message is now verbally reached the adversary
by he's traveling through the network
and is reaching everybody else.
And whoever is going to belong to the second committee,
even using my generic message,
you can start to say something in step two
that cannot be stopped the adversary
because the adversary would like to shoot anybody who speaks
who doesn't know a priori who is going to speak,
because the people secretly select themselves
for membership in the committee.
And the moment in which they announce who they are
and say what they're to say is too late for them to corrupt.
So this layer of placeability,
that is a new requirement that is satisfied by this fast and furious
of Byzantine agreement,
is really what is needed to somehow scale down
like crazy agreement,
because you cannot safely put,
put in charge a small set of people,
even though their adversary is plenty capable
of attacking somebody
any time he wants as efficiently as you want.
And in fact, actually, even a simple denial of service attack,
you start bombarding with a few committee members by messages,
is going to prevent them from here from each other.
So I think it is very important,
but if you scale down, you must have these additional property
for a Byzantine agreement.
So if I gave you a partial list of requirements before,
now I'm going to extend it.
I want a system that the Byzantine agreement is permissionless,
that's computationally fast,
that has low communication,
and that is player replaceable.
So that if I am in the middle of execution, I'm corrupted,
it doesn't matter.
The computation correctly keeps on going all the time.
that actually to me when I when I listen to hear that it sort of seems impossible because like like the imagination that comes to my head is like here's there's a big room so imagine you know um imagine it's like the pope is being elected and you know there's a thousand cardinals inside the Sistine chapel right that's a good thing man
and you know like they have to agree on a pope right so they can they can send up
message, you know, there's like two candidates or something, they can write down the candidate name and they can send a message or something.
And there's going to be nine rounds of communication, right? So some of the cardinals are going to speak in round one, some of the cardinals in round two, some in round three, and some in round nine.
If you are one of the cardinals, you get to speak only once, right? You need to send only one message, right?
and once you send that message you can be corrupted right so it's like thousand divided by nine is what
133 or something some maybe i don't know 111 or something like that right so 111 cardinals send a message
they are corrupted then the next 111 send a message they are corrupted the next 11 send a message then
they're corrupted and so on but even with that system the pope gets elected
So here is a step that is part of any actually every Byzantine agreement ever thought since the invention roughly 40 years ago of Byzantine agreement itself, right?
45 years ago, whatever.
So an important step is somehow to take a majority, right?
I mean, you can imagine that this is very intuitive, right?
So you say, you count how many people said X, say, in the step before, and say, if, say, two-thirds of the people said X, right, then you do Y.
Else you do something else, right?
They are not the only, the only type of instruction in a Bicent agreement, but it is a component of an instruction.
Now think of this.
Assume that even they are not even in the system in trouble
when you can actually more or less see each other on the page
but the cardinals because there is this Byzantine agreement that they work
so with an adversary, they stay at home all over the world
and they talk to one another, right, in a way that the adversary cannot control.
So think about this.
If I am somehow, I am part of the first batch of cardinals selected
and I say X and somebody says Z and so on and so forth.
And then I'm immediately corrupted.
Now, you are part of the second batch.
And the instruction is of the type,
how many people in the first batch said X?
Do you need to be me in order to make this determination?
No. Why?
Because whoever is in the first batch of cardinals
say something and whatever he or she says
propagates for the network.
And so it reaches you, even though you're not part of the first batch of the Cardinal.
So you can make an easy determination of the kind how many people said X,
even though you are not at all part of the first batch.
So the old trick is to define the entire protocol.
So that only relies on instructions like this,
instructions that allow for player replaceability.
I mean, that is the essence of the problem.
to take essentially at discussions in which to be player replaceable.
You can talk about the waiver.
You can talk about random things,
but you can talk about minimally more interesting things,
such as determine branch on an instruction.
If two-thirds said X do a vice, otherwise do something else, right?
This is also player replaceable.
So if all the instruction in this Fast and Furious Protocol,
But as all the property that everybody ever wanted from Byzantine Agreement,
also guarantees that the instructions are all of this type, then you're done.
And that's what the system is.
Take what seems a very complex agreement protocol and distill it to something that not only is very fast,
not only people can self-select, but also is permissionless and everything else,
but also as this other property of a player replaceability.
so that the conversation keeps on going and you get to wherever you want to go, you reach the right conclusion, even though people every time the speak are corrupted.
So earlier in the discussion, we talked about forking and how forking was, well, it is a problem in Bitcoin, especially in terms of user experience.
When you make a transaction, you have to assume that you're waiting for blocks to come in in order for that transaction to be safely validated.
Let's take the discussion then, sort of the logical next step into how this player
replaceability prevents forking or at least makes forking a very, very, very low probabilistic event.
Great.
So player replaceability speaks about the ability of the protocol not to be impeded,
allows a protocol to go on for nine steps, even though the adversary can corrupt or create a denial of service against the,
to the members of every single step.
But the old protocol, the old Byzantine agreement,
that is a probabilistic protocol that allows to get the right decision.
So because to agree completely on the page,
you really want to say that there has to be a right decision,
and the probability that the right decision is taken
is essentially, I'm thinking of it like one minus one over a trillion.
So the probability something goes wrong is one in a trillion.
So now one in a trillion, well, assume that every page takes the minutes,
when you expect somehow to have a fork in the system,
once every 1.9 million years, roughly speaking, one every two million years.
Now with this time scale, in some sense, you can't even forget about four.
because in a time scale of two million years,
we have to much more worry about the surviving
of our species rather than a fork in our payment networks, right?
I mean, that's a very long time.
None of the less, should a fork occur,
algorithm does also a fork resolution.
But what I'm saying is that you don't have to even bother
to think about it, right?
Because the probability is so low,
And that is a variable that you can set to whatever you want.
And I thought of setting it to one in a trillion, also known as one in 10 to the 12, is low enough.
By the way, there is such a thing, a notion that generally used for a catastrophic event,
such as we don't want a plane to go down, you know, probability greater than one in 10 to the 10.
But you know, they say one in 10 to the 10, let's make when people worry about their money very often more than their lives, let's make it even 10 times lower.
You know what? Make it 100 times lower.
So now we have 10 to the minus 12, one in a trillion.
And if you don't like this, wait to see there is a fork before you rely on your thing.
But I think it's, I suspect to be good enough for most people because again, you know, whatever happens to 2 million years from now, if there is a
fork will deal our descent, our descendant or the same, we'll have to worry about it.
But in any case, there is also fork resolution process if you really want, right?
Okay, good.
That's reassuring that there's a fork resolution process because, you know,
probably realistically it could happen next year.
You know, the fork could happen, you know, in our lifetime.
Bound of a probability, but yes, in principle, it's good to have something.
Something happens.
So before we, we close the show here, there's a few words.
the things that we want to talk about. But there's there is one topic that keeps coming up again and
again and again and again when talking about blockchains and specifically in the realm of Bitcoin,
and that is scalability. And I'm sure you're at least familiar with the topic of the block size
and how that has become a debate that has been ongoing for the last of, you know, God knows how many
years. And there are multiple proposals on how we should address scalability in Bitcoin. And
what it essentially comes down to is, well, should Bitcoin be a network that is sort of all-inclusive
and allows for a high volume of transactions while perhaps succumbing to the risk of being
centralized or should we preserve sort of the ideals of Nakamoto where the network is
decentralized but potentially having really high demand on a network with a limited amount of
transactions per block and then therefore perhaps having high transaction fees.
So, you know, I'm sort of paraphrasing here making simplistic analogies, but that's what
it kind of comes down to.
How does Al-Gbrand address this?
Is block size something that is even addressed in Algarand?
Is it something that you've thought about?
Or perhaps you have some interesting insights for the Bitcoin community
on how they should handle scaling?
Yeah.
So essentially here is what I remember,
many competing forces when you want to do a public ledger.
And so Bitcoin is a specific public ledger.
And so somehow has a certain block size and so on, so forth.
and because also has to avoid forks,
not to be too often.
So everything, you know, is balanced out.
Algorithm does things differently, right?
So think about it.
So if you want a decentralized system,
the page that you,
before thinking about the sides of the page
is how do you distribute the page?
Well, if it is a decentralized system,
you have to distribute by gossiping.
So I send this page to my, say, eight or ten of my neighbors.
They will sell them to random eight of their friends and so on so forth.
And then there is a amount of time in which it takes for this page,
propagated this way to reach everybody or 95% of the people on Earth.
So there are very few hopes, but nonetheless, there is some limitation, intrinsic,
latency, which is the time for a page to go around the network in a distributed manner
to reach everybody.
Well, what Algorithm does is says this limitation is the only limitation.
Because the other limitation, the computation is not there to limit anybody.
To decide that you are part of a committee, you do a digital signature, and only the people
who win propagate their signature.
That's nonsense.
This is small potatoes relative to a block.
And so, and you do this nine times.
Oh, big deal, okay?
So really, ultimately, you can bounce,
the latency in Algorand coincides essentially
with the latency, right, of the intrinsic latency
or moving a block until reaches everybody.
That's all.
In some sense, better than this,
algorithm or nobody else who wants to be really decentralized can be because it is the order of
this plus small potatoes right so more than this you cannot get so therefore you can just say well
what the immediate thing is that if our networks becomes faster hey my oh my so assume the double
the speed we can send you know twice as many blocks in algorithm right away and they can be relied
upon right away rather than in an hour or a 200 minutes, right?
Point one.
Point two is that if you want to do algorithm
where the validators are actually, say, a separate entity,
that's an option, is a political option,
is a business compromise that you may want to do.
You may actually have two algorithms, right,
one for the libertarians and one for,
the people who accept somehow banks or other people to do just the validation.
You can choose who is your own validator, right?
And you can share fees if it constructs the blocks with you.
That is all within the algorithm portfolio of options.
But what is the idea?
If you subcontract this to a bunch of validators, say to 10,000 validators,
the more than the merrier, but these are actually ever-properitory network,
because I bank network.
Well, you know, you're not talking about the 10, 1 megabyte per second
that common folks have.
Now you can have a gigabyte per second networks,
and therefore the old thing scales are like crazy.
So to me, as a designer of algorithm,
my responsibility was to make sure that no force,
nothing else, impedes the latency of my system.
So the latency of algorithm is really coincides with an intrinsic, absolutely necessary latency needed to propagate a block plus epsilon.
Okay?
That's the message.
And then you can actually say, if the network improves the thing, we can automatically improve because we don't have to avoid that forks occur too often.
Because forks has nothing to do, you know, is largely different than the speed of the network.
Moreover, if you want to go on a sub-network, which is even faster, then the sky is the limit.
Then you can, right, but more than this in a distributed system to guarantee that there is, this, the latency coincides with intrinsic latency, more than this, they cannot do.
So, in summary, we have a consensus mechanism that is being made available to us that is, that relies on tributtal.
real computation that is truly democratic in the sense that it does not distinguish between
minors or validators and nodes that is scalable, that prevents to a very high probability
forks, and also, and most importantly, I would say, eliminates the block size debate.
What are the next steps here?
This seems like a very elegant solution.
Where are you in the sort of roadmap of deploying this?
Have you considered, is someone writing this algorithm so that it can be used in blockchain networks?
Well, great question.
First of all, so let me make it very clear that I'm fully determined to see that this technology is deployed
and that actually can be an engine for societal and business growth.
And so that is for sure.
And right now I'm doing further optimization in the fear of it and a formal proof,
not only just somehow the basic intuition,
but the things that are crossing all T's and causing all eyes.
And then, you know, we've a wonderful group of very talented colleagues,
we are actually working on ensuring that there are no technical issues in the implementations,
as a separate from that design.
And that's all I'm prepared to say at this point in time.
Have you reached out to anybody from the blockchain space or like,
because there's lots of really smart people that are not necessarily academics,
but people that are working on things like Casper, on tenement PBFT,
and that are sort of influential within the,
blockchain space, have we reached out to those people?
So first of all, I must say, I agree on one thing that these are very smart people.
So I'm not saying I'm not part of any blog on that way is a generational thing and is much more
also perhaps and much more of my traditional academic style.
But I'm very impressed by the level of ideas and talent.
and, you know, real intelligence is uniformly distributed,
let it be known that it's not the monopolies of universes
and think tank and think like this.
It's amazing how many smart ideas people have.
In fact, actually, is no day it goes by
that a new smart controls,
all kinds of a great application of a ledger occur.
And I think that actually Al-Guard would love to somehow leverage
all this creativity that it goes on there.
So it's not only about money,
it's not about cryptocurrency,
it's not about an electronic payment,
if you want to have a not self-floating currency,
is really about a public ledger.
And essentially this idea that we actually have,
we endow society to have a common trusted party.
Now, trusted parties are already rare.
Common is even rarer, right?
because I may have some, my 10 people who are a trusted party, you may have your own.
There may be no intersection.
But think about it.
Suddenly, for this ledger, essentially we share a common trusted party that can be leveraged in so many ways.
So they are very smart.
I agree.
And there is so much to read.
I'm a slow in reading and as long in communicating.
But I will try to reach everybody in the way I know, you know,
conferences, talks, you know, I'm not a blogger that is not me, it's a generational issue,
perhaps, so he's a, is a little bit who I am, but certainly I do want a confrontational
ideas and I will find to publicize algorithm in the ways I'm most familiar with, right?
And so, I mean, this is, in fact, you know, this is probably one really good channel to reach that, you know, to bridge the gaps between, you know, this sort of academic community in which you're part of and this blockchain community.
If people want to reach out to you and perhaps get involved or, you know, collaborate or contribute to some code, how can you do that?
My plan is to put something out there.
I'm not an avid email reader.
So I must say that very often I read 10 emails a day when I get overwhelmed and I don't read
the others.
So nobody should take offense if I'd not respond.
I didn't know that I was signing up for receiving a lot of emails.
But I think that's positive news.
and I certainly, you know, I am here in Cambridge.
My door is always open.
It works much better than email.
And my telephone works better with email, at least with me.
And until such a time of whichever is somebody handling call, that is not me, I think
would be the preferred mode of interacting.
But, you know, things may change soon.
Thanks.
Okay.
Well, we're at the end of our show here.
We've went over the normal schedule amount of time that we usually take, but I think we could have went on for much longer.
We'll be looking forward to seeing how Algarand develops, looking forward to seeing perhaps some code, and seeing this being implemented as part of some sort of blockchain network.
I'm anxious to see when actual real-life testing and at scale starts to emerge.
So thank you very much, Professor, for joining us today.
It was a fascinating discussion, and we look forward to seeing where this takes us in the future.
Thank you, Sebastian, Sabash, and Sevue Meher.
It has been a lot of fun.
Thanks.
And so thank you also to our listeners for tuning in.
We are part of Let's Talk Bitcoin Network.
You can find lots of great shows about Bitcoin, blockchain, Ethereum, decentralized technologies,
all kinds of good stuff over at Let's Stock Bitcoin.com.
We release new episodes of Epicenter every Monday.
You can download the audio version through iTunes, SoundCloud, or wherever you get your podcast.
You can also tune in on YouTube to watch the video episodes.
And you can also leave us a tip.
The tipping address is in the description of the show.
And we're also always interested in getting reviews on iTunes.
It helps the show being discovered.
And it's always very encouraging to see you guys comment and leave reviews on iTunes.
So thanks so much.
And we look forward to being back next week.