Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Vitalik Buterin: Ethereum, Proof-of-Stake, The Future of Bitcoin
Episode Date: December 22, 2014At just 20-years young, Vitalik Buterin is one of the most brilliant minds in the cryptocurrency space. Previously, a co-founder of Bitcoin Magazine, he has conceptualized Ethereum, the most radical a...nd ambitious cryptocurrency project since Bitcoin. After raising $18m in a crowdsale, a team of over 30 are working on launching the project by March 2015. In his work on designing a system for the future, he has been grappling with many of the hardest problems in the cryptocurrency space over the past year. Topics covered in this episode: How Ethereum has evolved since the white paper The problems of Proof-of-Work Why Proof-of-Stake is the future of consensus protocols Why his main focus has been on consensus issues and scalability Why Bitcoin will never be stable enough to price things in The flawed ideology of ‘Bitcoin maximalism’ that prevents people from considering Proof-of-Work alternatives Episode links: Ethereum How to get started: Your first DApp in under one hour Ethereum Proof-of-Concept 7 Proof of Stake: How I Learned to Love Weak Subjectivity Slasher: A Punitive Proof-of-Stake Algorithm This episode is hosted by Brian Fabian Crain and Sébastien Couture. Show notes and listening options: epicenter.tv/058
Transcript
Discussion (0)
This episode of Epicenter Bitcoin is brought to you by Fairlay. Fairlay is a Bitcoin prediction market
where you can place predictions on the likelihood of sporting events, the Bitcoin price, or current
affairs. You earn money if your predictions are correct. Head over to Fairlay.com slash epicenter,
that's F-A-I-R-L-A-Y dot com slash epicenter to place your first bet today.
And by the GemS social messaging app. We believe Gems has a real potential to bring new users
into the Bitcoin ecosystem and take adoption to the next level.
It's social messaging on cryptocurrency steroids.
The Gems pre-sale is running now, and you too can benefit from becoming an early supporter.
Head over to getGems.org to learn more.
And by Shapeshift.io.
With no account or sign up required, it's the easiest way to buy and sell light coin,
doche coin, dark coin, and other leading cryptocurrencies.
Go to shapeshift.io to instantly convert all coins and to discover the future of cryptocurrency.
currency exchanges.
Hello, welcome to Epicenter Bitcoin, the show which talks about the technologies, projects,
and startups driving decentralization and the global cryptocurrency revolution.
My name is Sebastian Coutiou.
And my name is Brian Trevent Cray.
So we're here today with a man that pretty much everyone I will know in the Bitcoin space,
who is Vitalik, with Perrin.
Of course, you know Vitalik as the founder of Ethereum, mainly.
He also used to be a writer at Bitcoin Aguene.
a while ago.
And with those,
I'm sure most of you
will know Ethereum as well,
but if you don't,
we've done two episodes before
on that,
one with Stechon-12,
a very long time ago,
and one with Gavin Wood,
just when the ether sale started.
So thanks so much
for taking the time today,
Vital.
Yeah, thank you.
So perhaps to get started,
we're not going to spend too much time
sort of talking about
what is Ethereum,
but can you briefly
run through maybe very briefly what Ethereum is and then also how it has kind of revolved
from the time when most people heard about it.
Yeah, so originally when I came up with the idea of behind Ethereum last year in November,
I had actually been working on some of the other crypto 2.0 projects,
they were calling themselves crypto 2.0 back then,
but there are these sort of meta layers on top of Bitcoin.
There were these different colored coins projects.
And I saw that there were a whole bunch of projects that were trying to like
stack up different features.
They were trying to use the blockchain for other things.
So there were projects that were trying to like do financial contracts on the blockchain.
There were people trying to do enable registrations on the blockchain.
And like they were trying to, you know, make the platform more and more powerful.
And I, and the thing that I noticed at the time,
is that, you know, this idea of just continuing to add and add more and more protocol features,
ultimately it really doesn't, it's fundamentally limited, right?
It's, you know, okay, you come up with 60 different features,
here's 60 different things people can do with the blockchain, that's it.
What if someone wants to do a thing number 61?
The need to upgrade the protocol again.
And so the realization that I made is that the best way to move these kinds of platforms forward
and make them more useful is by adding in a program.
language. So instead of having a lot of features, you have no features. Instead, you just have a
programming language, and that programming language has the ability to control money and to control
a database, and then people can do whatever features they want on top. So initially, Ethereum was
meant to be actually a meta layer on top of Primecoin. Then in January, it's sort of migrated
it to being its own independent blockchain. Then, so, you know, it's a blockchain that would have,
that has this sort of mechanism built inside of it where you have a special type of accounts called a contract,
and contracts are actually controlled by code that lives inside of the system.
Then over the next few months, GAV came up with this idea of, well, I guess GAV and Jeff together
sort of came up with the idea of having this Ether browser, which is a client,
for Ethereum. It's kind of like an interface inside of which you can view decentralized applications,
basically in exactly the same way that you would view websites inside of a web browser.
Then we had this idea of having two other protocols that would work inside of this ether browser,
which would be called whisper and swarm, whisper decentralized messaging protocol,
swarm kind of decentralized file storage or just data storage.
well more of house storage
and what was the idea
why was it what necessary
to develop a browser
because I mean this is also such a barrier
right if you want people to adopt it
I mean I know you'll be able to use it
through normal web browsers as well
right so there's three alternatives that we had
well really four alternatives
one alternative is to have
either an add-on or a web page
so kind of like blockchain.
4, kind of like CryptoKid,
where basically, you know,
it's all inside of a browser
and people just have an Ethereum client.
And, you know, you could do clever tricks
with iFrames to kind of, you know,
still have this aspect
where you could have decentralized applications
written in HTML and JavaScript
and would kind of work inside,
and it would sort of have like a browser window
inside of a browser window.
That's actually a route that we are developing.
Like, we are going, we do have two people
that are kind of, you know,
dedicated to this idea,
the idea of having that kind of JavaScript clients and people who want, you know, just
a really lazy ability to access Ethereum from inside the same browser as everything else
will have that ability.
Second choice is writing a plugin, so kind of like Flash or Java.
We weren't really interested in the choice, again, in part because, you know, nobody on our
team particularly knew how plugins worked, in part because it's just a...
I mean, it's kind of a halfway-house solution that, you know, has some of the benefits of one approach,
but some of the, and some of the costs and some of the benefits and some of the benefits and some of the costs of the other approach.
And we decided that having an independent browser is a better option because it lets us do a lot more to create an environment that's specifically tailored to these kinds of applications.
So, like one example is adding in a permission system because, you know, with DAPs, you really need that, like basically kind of built a lot.
built-in accounts, the ability to really control exactly what DAPS can and can't do to,
you know, whatever accounts you have on the blockchain.
It's the ability to know just potentially, eventually add in like other ways of writing DAPs.
So, you know, they don't have to be in HTML and JavaScript.
Like, we want to support standalone applications as well.
Now, how would you support those standalone applications on mobile platforms?
Do you envision development frameworks for iOS and Android, for instance?
Yeah, we are going to have an Ethereum library for iOS and Android.
I mean, at the very least, you could probably take our JavaScript code and port it in already.
But it's obviously going to be slow.
Eventually, the next version of Go, as it turns out, we'll have an option to, well,
we'll have basically Android compatibility, so it will be possible for us to like write
and a mobile client.
I recently, there's a nice tutorial as well,
or sort of a web demonstration on YouTube
of the Ethereum browser.
What was the name again of the browser?
It's missed, no?
Yeah, exactly.
So we'll put that in the show notes as well
so people can have a look at it.
To be honest, I have seen it,
sort of demonstrate it.
It does look really cool.
So I do see the logic, especially
because we are talking about
such a radical shift in the way
applications work and they're consumed, that they're distributed and they're paid for.
So it doesn't make sense to me to develop it from the ground up, but also at the same time,
it illustrates very well how the project of creating, I think, a new crypto application platform
has become so huge, you know, and has taken on so many new dimensions.
It's like, oh, we're going to have to do this from scratch as well, this from scratch as well.
Yeah.
So touching on these applications, I mean, recently you had a, you guys hosted a hackathon in Berlin.
It was called DefCon.
Brian, you were there, I believe, right?
Yeah, I would say it for parts of it, yeah.
So what are some of the interesting sort of projects that you saw emerged at DevCon?
I guess, like, basically DefCon was really an event for like everyone on all sides of the projects to kind of show off what they were working on.
So, like, on the one hand, you know, we had Alex Van Avan Santoshov missed, or, you know, what he was working on with missed, what it would look like, what it would be with the, you know, with the permission system built in with how sample adapts would look inside of the browser.
And Jeff talked about that as well.
The guys from Poland that are doing a virtual machine talked about the virtual machine.
Vlad and I were doing proof of stake, talked about proof of stake and so forth.
most interesting things that are probably started
I guess solidity which is the contract programming language
that GAV and Christian Rice Viner are working on
so that's I mean they got some pretty serious points for that
you know they're trying to make a language where contracts would be first class
objects objects inside of contracts would be first class objects
and look it even has like a built-term
informal proof system.
So I'll have all these sort of features that are specifically tailored to, you know,
the specific fact that this is a language where different people are writing programs and
they kind of all talk to each other.
And you really, really care about code being absolutely correct the first time.
I mix the integrated development environment.
We saw the initial plan for that.
You mentioned something interesting there, contracts as objects.
Is that right?
I never really thought of it that way
and that's an interesting way to look at it.
Yeah, I'm he'd
You know, the word contract
is kind of really bad terminology at this point
to be honest, because
originally the reason why I called them
contracts in Ethereum is because when I was
working on
MasterCoin before that,
I had been developed, it was about
financial contracts and specifically it was about
contracts for difference.
And the whole idea of,
you know you having a programming language control money actually came out as the result of this
of this approach of trying to take the idea behind contracts for difference and basically like
generalize them and you know allow basically allow people to bet on arbitrary mathematical formulas
and so it just kind of the name just kind of stuck but really you can it's almost more accurate
to think of them as being agents like kind of you know my current style autonomous agents um i guess
You can call them objects.
They call them accounts sometimes, actors.
So kind of the bulk, so our listeners don't know what sort of the main topic of this episode
we had in mind and what we really want to dive into.
So perhaps let's get started with that.
And just to give some brief, it seems like judging from reading your blog posts,
the one thing you've spent the most time on, no, has been consensus systems, right?
talking about proof of work, proof of state,
what the right proof of stake implementation is,
that's also one thing I came away with from DefCon.
It's just how complicated proof of stake is
and how many different options there are
and different possibilities.
And the other thing is scalability.
So we'll really dive sort of into that.
And I think it will give us a nice window
also in the future of cryptocurrencies.
So perhaps I'll start off.
Can you talk a bit about why this is the area
are where you focus on during the last year.
So, I've been looking at consensus systems,
and I've been looking at trying to figure out
what function they serve, what people want them for,
and, you know, specific,
and how, under what circumstances,
they can become something that people actually adopt
as, you know, a fabric for substantial portions of social interactions.
So the problem, I mean, two problems that I see with Bix,
Bitcoin are number one, proof, number one, proof of work is expensive. So, you know, with
basically what Bitcoin is doing is it, as I've said a couple of times, it's paying $600 million
dollars a year. That's, you know, that's the cost of all of the, of all of the mining hardware
and all the electricity roughly, $600 million per year on a five of ten multi-sig. Because,
you know, ultimately there's maybe about like five or five or ten big mining farms and mining companies
that control the entire network, especially with ASICs out.
So, you know, we're paying a really huge amount.
It's this incredibly inefficient protocol that basically involves miners literally competing
to see who can waste the most resources the fastest.
And on the other hand, it's not getting us all that much decentralization because we
have this ASIC specialization problem.
So with proof of work, I've been trying to at least solve the ASIC problem.
so come up with the proof-of-work algorithm, which is CPU-friendly.
And we've been looking through a whole bunch of approaches around that.
So initially we took the memory hard route,
which is trying to make something that's kind of like script, but better.
And I invented this algorithm called Dagger
that basically allows you to create an algorithm
which is memory hard to compute, but memory easy to verify,
which is important in making memory hardness scalable,
because, you know, if it takes a gigabyte to actually perform a rounds of an algorithm,
then the problem is it also takes a gigabyte to verify it and also takes a billion steps to verify it,
which is completely non-viable, especially for a frog-like clients.
So that's the first step.
So then from there, Sergio made his post pointing out how Deager is basically vulnerable to shared memory attacks.
And so from there, you know, we went into a bunch of different routes.
At first, we went into blockchain-based proof of work.
which is this idea of running contracts on the blockchain as a proof fork algorithm.
Then we did this random circuit approach where basically we would randomly generate programs.
And the idea is that in order to, like, because the random program generator can conceivably create any kind of program,
the computer which would be, like, you can't really specialize for it because you're sort of specializing for everything.
It turns out that the problem is that it turns out to be very, very hard to actually come up with a sort of way of generating random programs that actually match the kinds of programs people realistically run on CPUs.
And so, you know, there's ASIC problems around that.
So the thing that we finally settled on is this idea of I.O. bound proof of work.
So the idea being that the primary limiting factor is not computation, it's input and output on memory.
So it's an algorithm
I mean actually
So the algorithm that we took the idea from is called
Hashimoto
It's this thing invented by Thaddeus Derejo
Which is
It actually does two things at once
The first thing is its IO bound
But the data
The data set that you have to fetch from
In order to do the computation
Is actually the blockchain
So it also simultaneously forces every node
Every miner to be a full node
So
I came
So I came up with a version of Hashimoto that I'm calling Dagger Hashimoto, which kind of separates out the, it actually uses two data sets.
It uses the blockchain as a data set once, and then it uses a dagger-generated data set another time.
And the point of that is that Hashimoto by itself is not really light client-friendly to verify, because of what clients are not going to store the entire blockchain.
So it's the, but dagger sets, on the other hand, they're very easy to, it's very, the whole point of a day-of-of-dict.
as a data-generating algorithm is that it's very easy to, like, generate individual nodes at the
bottom of the set. So I'm sort of combining those two approaches and figuring out something,
which is simultaneously I-O-bound and has this light-client property.
So are there any centralization concerns with every minor having to run a full node?
Partially it increases centralization, but partially it reduces it, I assume.
say, because, so the problem is that from a centralization standpoint, okay, you're not going to be
able to mine on a smartphone. Fine. But the problem from a, or the benefit from a centralization
standpoint is that because every miner is forced to be a full node, first of all, it actually reduces
the amount of speed up you can get from having an ASIC. And the reason is that, like, if you
look at the way Bitcoin ASICs work, none of them actually have Bitcoin nodes on them.
That's part of why they can afford to be so efficient.
Like, they sort of all outsource the functionality to a centralized mining pool.
So the way that this proof of work algorithm forces every phone, every miner to actually, you know,
maintain the Ethereum blockchain, sort of reduces the benefit of doing that.
And the second thing is that one of the problems that Bitcoin's having is actually full node centralization.
It's that there's the number of full nodes has actually been steadily declining for a couple of years.
and it's like under 7,000 right now.
And so, you know, if we can just sort of do this to artificially force the number of full nodes up,
then it, you know, it has a beneficial effect from that standpoint.
So another advantage, I guess, that's often been touted of proof of work is that because you can only mine officially on A6,
there's no way to mine with botnet or stolen computers.
So is that a concern that you will be able to mine with botnets?
So, yeah, I mean, it's an issue.
My opinion is that it's overrated.
There are two reasons.
So first reason is that if you look at the kind of hardware that botnet tends to infect,
I mean, first, it's generally, you know, really old laptops running Windows XP.
So, you know, 100,000 botanek computers are really worth only like 10,000 normal computers.
And the second thing is that if you take over a computer,
and then you still need to keep under, you know, some level of resource utilization,
like you need to keep under, you know, 10 or 20%, otherwise you get noticed.
So really, you know, it's like 50 to 100 botnet computers are worth as much as one normal mining rig.
So that's one argument.
And the other issue is that if botnets actually are effective,
then I think legitimate botnets are going out compete illegitimate ones.
And what I mean by legitimate botnets basically is companies that are developing software applications will build in miners as a form of monetization.
So, you know, if you download some particular thing, like, you know, if, say if you, if you download, I don't know, some antivirus package, then, you know, it would scan your computer for viruses, but then it would also say, you know, mine on your computer, and it would carefully calibrate it to mine.
only when it's not interfering with your battery life or your other activities.
And it could even give you like a cut of the profits.
Could we also extrapolate that to hardware, like embedded hardware,
such as smart refrigerators and smart washing machines?
Embedded hardware probably not.
Well, it's not in the specific case because, well, the whole point of CPU mining
is the reason why it's so decent, it has this potential of being so decent.
is that everyone has some quantity of computing power to them, to them that's basically free, right?
So computing power up to some constant, up to some value N, you only have to pay for the electricity,
you don't have to pay for the hardware.
So that makes it cheap.
And then going beyond N, you have to, you know, that's the point where your first computer is up to 100%,
and you have to pay for more electricity and more hardware.
So it's this a really weird sort of super linear cost curve that you pretty much very rarely see in economics.
So, and then, like, that's basically why, you know, you could actually realistically expect that home users will be able to mine, and they're not going to get out competed by even specialized data farms.
So the problem with refrigerators is that they have no reason to have spare CPU capacity by default.
And so if you put miners into them, then, well, you know, it's not going to be, like, they'll have to pay for hardware and electricity.
Now, although, now, the one argument that I will grant is that, for.
heating devices, there might be a legitimate case that for heating devices, it's electricity
that's free.
So actually, look, this is like the one potential salvation that ASIC mining could possibly have
is that, you know, maybe just maybe it makes economic sense to put ASICs inside of every home
heater, in which case the whole thing actually will be decentralized again.
Yeah, of course, then, I mean, Dacia now is going to be that you need to be able to plan ahead,
right?
something like a heating device would only make sense if you know you can mine with that for five years
and you have some expectation of the profit and that's definitely going to be there in the short or medium term
maybe in the long term right well i mean the thing is that it's uh something that could happen right
but it's not something that we can necessarily count on so i mean i really don't know enough
home heating economics to say exactly how viable
an ASIC as a home heater is.
And I guess the immediate problem is that they're kind of a lot more, you know,
is that an ASIC is way more expensive than just, you know,
a box that sits there in waste of electricity.
So, you know, might be cheaper to just use boxes of waste electricity instead if you have heating.
But yeah, we're all a good goal either way.
So we're going to move on to proof of stake in a second because that's kind of,
I think where it also gets really interesting to talk about that.
But before, we'll just briefly do an ad about ShapeShift.
Yeah, absolutely.
So, I mean, if anybody out there has ever tried to buy altcoins, you know that it's probably
very complicated and cumbersome.
And one of the reasons for that is because most people that want to buy altcoins have to go
through exchanges.
So you have to find the rubber people that will exchange, sign up, give them a bunch of
personal information, send Bitcoins to that exchange, and then place an order, wait for that
order to be fulfilled. That just takes a long time to do. And it's just a hassle. So there's a
company that we've been working with for the last couple of weeks called ShapeShift. And Shapeshift offers
an alternative to that. And actually last week, Alan Scott of Coin Telegraph came up with this
interesting analogy, which I'm going to use. And that Shapeshift is much like Google Translate
for currencies for crypto.
currencies. So actually we're we're going to demo this because that's how easy
there's we can actually like demo this within within the show. Let me just share my
screen here. There we go. All right so I've got shape shift running here and you'll
see so on the right on the left hand side I've got BTC and on the left hand side I've got
light points. Now all you need to do really is just enter your light coin payment
address and a specific amount and hit start and then that will generate
an address and a QR code to which you send money to and in just a few seconds
Shapeshift will send light coins to your account so I'm gonna get my light coin
address all right let's see here oh I don't have my light corn address handy that's a
shame because you probably should have prepared for this right Brian yes well well
let's let's do it next time we'll do it with
it live again. But I used it. But yeah, anyway, it only takes about.
But yeah, let's send some. Yeah, sure. If you can send me, if you've got one handy,
you can send me in the chat. I'll, I'll add it in right now. But no, so essentially how
this works is you just send the amount of bitcoins that ShapeShift will specify to the address
that it specifies. And in just a few seconds, you'll get like one on your account. Okay,
Vitellic just sent me a light coin address.
Thanks, Patelic.
All right.
So let's say we want to get, I don't know, one light coin.
How much that start?
Okay.
So here it says within the next 10 minutes, I need to send this much Bitcoin to this deposit
address that I can do.
Maybe I can, may I?
The demo went surprisingly well last week.
Too late.
I sent it already.
Oh, you sent it?
Oh, there we go.
Okay.
So now we're awaiting exchange and in just a few seconds, Vitalik will have some light coin in his account.
QR codes are really nice.
Yeah, well, if you hadn't been so fast, we've gotten a light coin for the show.
So now it's awaiting exchange and there you go.
So that took about 20 seconds and we didn't have to create any accounts,
give shape-shift our email address or wait for orders to be fulfilled.
for orders to be fulfilled.
So the idea is to allow you to buy and sell light coins
quickly and easily.
And they accept a whole bunch of alt coins.
So light coin, peer coin, dark coin, doge coin,
name coin, feather coin, black coin.
And who knows, maybe someday Ethereum, gems,
all these app coins, all these app points that are coming up.
So give ShapeShift to try.
Go over to Shapeshift.io.
It's fast and easy.
And we would like to thank them for those support
of Episenter.
one. Absolutely. So let's move on to Proof the Steak. So I, you know, Proof
Mistake is one of those things. I've been sort of wanting to look into it for ages. I was always
like, I always want to read about proof of mistake and really understand how it works.
And I somehow have never gotten down to it and, you know, recently I've more and more started to
think about it, really about it. I still feel I have a fairly poor understanding of proof of
I did actually read one of your, Vitalik, one of your articles, like really old article that you wrote for
Bitcoin magazine just the other week.
It was very clear, very understandable, but of course things have changed a lot.
So can you briefly explain to those who don't know about proof of stake?
What proof of stake is?
So proof of stake basically, I mean, it is a consensus algorithm, much of,
like proof of work is a consensus algorithm.
And the point of a consensus algorithm is to have, is to have a way of updating the
blockchain such that you, such that it's very, it's very hard to, to revert essentially.
So, like, you, you, you want to avoid situations where, you know, you have a little
blockchain, it's growing, blocks are being added to it.
And then some attacker is just, is able to create a new blockchain.
that starts off at some point, you know, 100 blocks back,
and the attacker creates 200 blocks,
and everyone switches off to the attacker's chain,
so it reverts history.
So the point of a consensus algorithm is to make it expensive
or to restrict block creation in some fashion,
so that you can't,
so that people can't suggest to create blocks
at whatever rate they want,
starting from wherever they want.
and also try to incentivize people to work on continuing to, like, expand one particular chain.
So, you know, so time only moves forward.
It doesn't jump backward.
So proof of work does that by making each block computationally hard to produce.
So, you know, every time, once a block gets released, there's this math problem where if you can come up with a block based on the block that already exists, such that your block has a hash, which is less than,
like 2 to the 176 or whatever,
some really low number compared to,
you know, compared to the numbers that hashes usually take,
then you, then that block is valid.
And so that block jumps out onto the network,
everyone receives the block,
and people start producing the next block from there.
The idea behind Proof-Stake is that instead of the limiting factor
being computing power,
the limiting factor basically is stake.
so steak being, you know, coins themselves.
So the really simple way to describe,
the really simple sort of naive proof of steak
that people were thinking about three years ago
is this idea that you would have,
every single account would have a chance per second
of being the accounts that has the right
to create a block at some particular time.
And that chance per second is proportional
to how many coins that account has.
So you can think,
of every account as kind of being like a simulated mining rig where it's where the power of
the simulating mining rig is proportional to the yeah like the the amount of coins in the account
so like that's basically you know that's basically you know the idea behind proof of stake it's some
kind of way of limiting block creation where the base where your probability of being or the
amount of influence that you have in the block creation process is proportional to how many coins you have
Now, I've got a question about how this actually works, because we've talked about proof of stake in a sort of theoretical sense a lot.
I mean, you have in your blog posts.
But in actuality, when you're mining with stake with your coins, do all of your coins have to be in one address or can you mine with multiple addresses?
How does that work?
I mean, why can't you mind with multiple addresses?
I mean, any system is going to let you pretend to be multiple people.
Yeah, basically, like you can, if you have an account and that account has coins in it,
then you can, then there's, you know, there's some option that you'll be able to turn on in your client,
and that option will basically, will look for opportunities when you have the ability to,
when you have the right to create a new block.
And if you have the right to create a new block, you'll end up creating a new block.
So if you have 10 coins, then let's say, so let's say the total number of coins in the system is 1,000,
and let's say you have 10 coins, and it's a model where it's a model where it's done,
on a sort of block-by-block basis.
Then the way you would expect it to work is that an account with 10 coins,
once a block it gets created, an account with 10 coins would have a 1% chance of being
the account that gets to create the next block, right?
So, or it could be, you know, it could be per second as well.
So you could have a 1% chance of having the right to create a block during the next interval.
So then that's, so you, if you have all 10 of your coins,
in one account, then, you know, that's what you have.
You just keep, your client keeps on waiting 1% in 1% of all the intervals you get lucky,
and your client pushes out a new block onto the network.
If you were to split your 10 coins up into two accounts,
then each individual account would have five coins.
Each individual accounts would have a 0.5% chance.
And so basically the same thing would happen.
So here you have a, you know, one of the advantages,
the main advantage of mining forward is that it increases the variance.
of mining. And obviously here you'd have a huge problem where small miners or small coinholders
that because of the high variance, they also may never mine a block. Yeah, in every system has a
variance problem. So in proof of stake, you theoretically could have stake pools. In fact, you even
could have decentralized stake pools. And decentralized stakeholders are interesting because, like, the way I
see it is that, you know, I think
they're, decentralized stakeholders
are actually, you know, a perfectly fine and
natural thing. And
in fact, there's actually
a market incentive for people to come up
with stake pools that are more decentralized
because the way, with
the way, at least a slasher model of proof of steak,
which is the model that I've been working
on since, or that
I came up with in January and I've been working on ever since,
if you're,
if you end up, you know,
doing something bad, like if you end
up signing two blocks at the same height, or if you, you know, if you want, or if you end up
mining on the wrong chain and so forth, then you get, then a proof that you acted in an incorrect
way can actually be reincorporated into the blockchain, and then that can punish you by taking
away your security deposit. So if you were to give your coins, if you were to allow an insecure
stake pool, the right to vote with your coins, then that insecure stake pool could theoretically end up,
it could theoretically end up doing something bad with your coins,
at which point you'll lose your deposit into your coins will be gone.
So your incentive is to look for stake pools that are good.
And by good, that means, you know, secure and secure basically means, you know,
not vulnerable to one particular party.
You know, being decentralized is just the simplest way of doing that.
So the slasher algorithm that you wrote is a way to address what we call
nothing to stake problem.
So perhaps could you just explain what that is?
And also perhaps give some of the challenges that remain to be solved even with this algorithm that you've developed.
Sure.
So the idea by nothing at stake is this.
So let's suppose that you have the main blockchain, it's chain A.
Then an attack, so chain A comes along, it's growing.
And then an attacker starts off, the attacker makes chain B.
And chain B is trying to reverse some transaction or whatever.
So in mining, you would have, so you have four choices.
Choice number one is you would mine on neither chain.
So screw away, screw B.
I'm just sitting there.
Choice two is you just mine on A.
Choice three, you just mine on B.
Choice three, you just mine on A and B at the same time.
So just sorry, when you're mining on A and B at the same time,
you're putting half of your hashing power on one and half on the other chain.
And that's the thing.
Exactly.
When you're mining, you have to split it.
You only have one unit of hashing power.
You have to split it up.
So if, let's say,
you, if, because chain A is ahead, the probability of chain A winning is, let's say, 90%, then if you mine on neither chain, you get zero expected revenue.
If you mine on chain A, you get 0.9 expected revenue, because it's 90% chance of getting a block.
If you mine on chain B, then you get 0.1 expected revenue.
And if you mine on both chains, then it's going to be 0.5, because, you know, there's 100% chance that either of these, that either of those block chains is going to, is, or that one of those.
two block chains is going to make the next block, but you're only mining with half power
on that particular chain. So because you're splitting your mining power in half, the half
option is going to give you a return that's exactly halfway between the good option and the
bad option. And so it makes sense to go with a good option. And so because of that, there is this rapid
convergence property where if one chain has an even slightly higher chance of succeeding, everyone's
incentives to mine on that chain, and so it rapidly converges to being the only chain. So
Proof-stake, you have a problem.
The problem is that there is, you know, mine on neither chain,
expected revenue is zero.
Mine on chain A expected revenue 0.9.
Mine on chain B expected revenue 0.1.
Or rather, vote on chain A, vote on chain B.
But if you vote on chains A and B at the same time,
then the problem is that you're not actually splitting up anything.
Because you're mining on chain A with coins on chain A,
and you're mining on chain B with coins on chain B.
so you're actually getting both at the same time.
And both chains aren't aware of the state of the other, so that is what allows you to do that.
Yeah.
So you're expected to return is 0.9 from this one and 0.1 from that one, so it's one.
And so rationally speaking, everyone is going to vote on every chain.
So slasher is an algorithm I came up with in January.
And what it slasher does is it says, okay, we are, what we're going to say is when you mine a block,
then you are not going to get your reward for another 3,000 blocks.
Now, if you get caught mining on chain A and chain B at the same time,
then what happens is that anyone in the network can create a transaction,
and what that transaction is is just a proof of mine,
a proof containing the signature on chain A and the signature in chain B at the same block number.
And then they can submit that as a transaction into a block,
And then that deletes your signing reward, and it also gives as a third of the signing reward to whoever submitted the evidence as a bounty.
So the idea there is that you're sort of explicitly punishing this chain A plus B approach, and so as a result, the chain A plus B approach has a return of zero.
So since then, so one of the problems that Slashr 1.0 had is that in order, so the problem is that if you're voting, if you're sort of, if you're sort of, if you're, if you're sort of, if you're, if you're,
you're doing this sort of double-vote strategy, then chances are you're not going to, you know, chances
are you're not going to have an opportunity to mine on either chain, because it's, you know, it's a relatively
low probability thing. It happens rarely. So even if you choose the strategy that you're going to
vote on A and you're going to vote on B, most of the time you never get an opportunity on both.
You either get an opportunity on one or you get an opportunity on the other. So even if you adopt
the double-voting strategy, most of the time, it's still going to look like single voting.
because, you know, it's probabilistic, you only see one.
So the way that Slashr in January has solved the problem is it also pre-selected voters.
So, yeah, that's exactly the slasher.
So if you scroll down a bit, actually scroll a bit way down.
There we go.
Up, up, up.
See the four points.
So, um, so point number, number two is that you know, or points number one.
one and two, which you notice that the signer for the set of signers or the for block number
number n plus 3,000 get picked during block N. So you really, really, you pre-select who the voters
are going to be. Yeah, so the point of that is that if a fork starts, the voters on chain A and
on chain B at the same number are actually always going to be the same. So you always, you know,
you can either vote on both chains or you can vote on no chain. So if you're double voting,
then you actually are voting on both chains,
and you actually will get caught.
And so it makes sense to a single vote in to stick to the blockchain
that has a high probability of one in.
Cool. So that seems like a pretty elegant solution.
Are there any problems with that?
So there's a small problem and there's a large problem.
So the small problem is that if you select voters 3,000 blocks in advance,
then you have this extra denial of service.
vulnerability and you have a bit of a collusion vulnerability because, you know, you, the set of
voters for a block are going to be known like many hours in advance. And so if they're known
many hours in advance, then, you know, first of all, they might have the ability to like get
together and all extort the entire network and say, okay, we're not going to sign unless you
give us a million dollars. And the second problem is that they become targets for a denial of service
attack. Just one question. How would the miners collude with one another? How would they come into contact?
I mean, they all have, I mean, it's public what their public keys are. Right. Okay. And especially
with, especially with Ethereum, because you have whisper, you know, you'll be able to send a message
through that public key directly and they'll see it. So the way you solve that problem is, I mean,
there's two approaches. One approach is this is a tender mid strategy, which is you just say, okay,
everyone is going to be a signer at every block.
It's convenient.
It actually also resolves a double voting problem
because everyone votes every block.
It's not probabilistic.
But it has this issue that you need a really,
really huge number of signatures for every block
and it's going to be expensive to produce,
expensive to validate lots of data.
So the other approach is with the approach
that I'm calling Slashor 2.0.
And with Swasher 2.0, the idea is that,
instead of punishing double voting, you're punishing voting on the wrong chain.
So if you vote on A, then if B wins, then even if you just voted on A, then your vote on A can be put into B, and that takes away your deposit.
So that's all, and that generally solves the problem because it actually only lets you pick voters like one or two blocks in advance.
Like there are some other complications, like how you have a random number generator inside of proof of stake.
And there's some approaches for solving that.
There is the NXT approach, which basically uses absentee voters as a source of randomness.
We came up with an improved version of that approach based on something called low-influence function.
There's also, you can also actually take the Slashire 1.0 route.
There was a built-in cryptographically secure, provable random number generator in Swashire 1.0.
and you can actually take that technology and compress it down to five blocks and make it work.
So the smaller problems, you know, they have solutions.
The bigger problem is, okay, so you say that if you vote, then, or if you produce a block,
then you get your reward after some number of blocks.
So, and before that, if someone comes up with proof that you cheated, then your reward gets taken away.
Problem.
What if someone starts, what if you start a fork, or what if,
if someone starts a fork, that's so far back in history that everyone who voted at that
particular time already got, already got their coins taken out of the deposit. So the deposit
doesn't, so the deposit doesn't exist anymore. They have their money. They have their money and
there's no way to punish them. Then, once again, there is no incentive for them not to
sign on, you know, every attacker's fork. So this is, so this is called the long range attack
problem. So the issue is what if you have a fork that starts really, really, really far back.
Like, it could even be as far back as a Genesis block. You could have a situation where someone
goes to each and every one of the participants in the currency's Genesis sale and asks them for,
you know, it tells them, I'll give you $5 for your private key. So all of the participants in the
as a sale, they're going to be fine giving up their private key because, you know, they have the
ability to, even if they're still using the private key, they have the ability to just switch to a new
one, right, and move their coins over. And then they'll say, oh, sure, you know, it's my private key.
I'm not using anymore. Here you go. Thanks for the five bucks. So, okay, attacker pays five bucks
times a few hundred, take, you know, has two-thirds of the coins in the Genesis sale. And then the
attacker has the ability to basically simulate an entire history, which is equivalent to, which is a
distinguishable from a legitimate history, and then that blockchain actually looks even more legit
than the normal one, because the attacker's nodes they're online 100% of the time.
So that problem, like, you basically can't solve the problem crypto economically.
I actually tried, like, whacking my head against solving the problem and using some clever economic
tricks, like transactions as proof of stake, and I tried it for two months, but eventually
figured out, you know, it's fundamentally and resolvable.
and so that's when I came up with this concept that I described in a recent block post,
which is called weak subjectivity.
So the idea behind weak subjectivity is that instead of, so with proof of work,
it's a consensus mode that you can call it objective.
So what that means is that if some new node joining the network sees the current set of blocks
that have been produced, that new node will be able to come to exactly the same conclusion
as everyone else about what the valid block is, because they just check.
you know, which blockchain has the highest total proof of work on it.
So with proof of stake, I'm arguing that in order to make proof of stake work,
you need a consensus model, which is weakly subjective.
So in order to define weekly subjective, I guess so strongly subjective would be something like
ripple consensus where, you know, there is no objective scoring system.
It all depends on what each individual node's unique node list is, right?
So weak subjectivity is an interesting compromise between the two,
where you basically say that if you are a node
and you have already connected to the network
within some period of time in the past.
So I'm thinking something like, you know, three months
or, you know, could be 12 months or whatever,
then you have the ability to come to the same consensus
as everyone else just by seeing the data.
But a node that is a node that has either been dormant
for a really long period of time
or a node that's connected to the network for the first time,
that node is going to have to basically,
we get a checkpoint from someone.
I don't know.
I wanted to ask a question that sort of touches on proof of state from a broad perspective.
And so Sebastian pointed out, he sent me a video the other day.
And there is an idea that proof of state, if you explain proof of state to someone who is
maybe not from the cryptocurrency space, and they say, well, you vote with your coins, right?
It sounds like it's very much a sort of a rich get richer scheme.
right, where sort of money controls everything.
And, you know, maybe one can say this is a bit flawed, right?
Because who gets to buy mining hardware?
But I'm curious, what is your point of view on that?
Yeah, my point of view basically is that mining hardware is exactly that kind of game
to exactly the same extent.
I mean, when you think about it, I mean, to buy mining hardware,
which would allow you to mine anything reasonable, you need to be rich.
I mean, essentially, you need to have a large amount of resources to buy that mining hardware.
So we're looking at the same problem, basically.
It's displaced.
Yeah.
Another interesting way of looking at it, and I'm really curious how this works, right?
Because you can say that with mining, even if it doesn't solve that problem, one problem or one effect it has,
it dilutes early adopters, and it creates a sort of like coin distribution.
right. So what are you thoughts on distribution and proof of stake?
And that's kind of interesting because the same people, the same people that advocate proof of work
are often the same people that advocate Bitcoin's finite supply model.
Right. Yeah. So, I mean, yeah, I do think that a growing, you know,
a growing supply would be optimal, well, no, it is more optimal, but the thing is that, you know,
just doing, like, if all you're doing is you're just,
having like some amount like wasted work basically and you're distributing coins to people who
waste work that's i mean it's basically a make work program it's not really something it's not really
a particularly useful way of distributing money right i agree with that it seems like an extremely
inefficient way of doing it but still so with proof of stake it means basically right if you own like
10% of the coin in the beginning it me and assuming you keep mining then you will keep owning 10%
Because even if there's a block reward or not, if the coin supply grows or not, if you get 10% of all the block reward in transaction fees, it sort of works out the same thing.
Correct.
Yeah, I mean, the only category of models that kind of get around that is the whole idea of, well, you know, let's have the stakeholders in some, you know, or the participants in the network in some fashion decide who to distribute coins to in order to pay for ongoing development.
So like BitSier's Deepboss is probably the one sort of live implementation of that kind of a mechanism.
So, I mean, that's an interesting set of strategies that could be promising.
Cool, yeah.
Yeah, yeah.
Aside from that, I mean, in general, I don't think, I mean, if people are looking for fairness and egalitarianism out of cryptocurrency, I mean, ultimately, you know, the people that need that the most are like people in Africa that are on one dollar living on one.
one dollar a day and they don't even have access to laptops or A6 or coins.
And so if we're looking at this as an egalitarian revolution,
it's not going to come from the currency issuance.
It's going to come from the fact that this is technology that massively lowers
barriers to entry to participating in a whole bunch of systems.
Exactly.
I mean, I think the one thing, and you've written about this as well,
but let's not go in there because it's a whole other discussion.
But if you could verify that, you know, you are, someone is a unique person.
then of course you could have a cryptocurrency that just gets issued, like, let's say, in a monthly
way to all unique people.
And then that could be very revolutionary in that way.
Exactly.
So I know, you know, your view is and the view of many people that proof of stake, at least
assuming all these things get figured out and it gets tested and it really works, that it is
in the long run superior to proof of work.
So do you think, first of all, is it technically possible that Bitcoin would switch to proof of stake?
And do you think that do you see any plausible scenario that there could actually be a consensus to that, you know, a majority of hashing power?
Okay, so technically speaking, it's entirely possible.
So, you know, it's actually a bit of a misconception that it's the majority of the hashing power that decides,
who controls the protocol.
Because ultimately, you know, if we all decide that, you know, shot 256 is a bad mining algorithm
and we should instead use shot three.
And Gavin and Jason pushes out a version of the Bitcoin clients, Bitcoin 0.10.
And Bitcoin 0.10 says that a block is that blocks up to block number 400,000 are valid
if they use shot 256.
And above to 400,000, they have to use shot 3.
and if everyone downloads that client,
then once block 400,000 hits,
even if there's only like four people mining shot three
and there's this entire industry of basic hardware mining shot 256,
you know, the fact is that entire industry is going to be producing invalid blocks,
and the four people that are running shot three are going to be, well, producing valid blocks.
And so the four people that are running shot three are going to win.
So it really is all about the users and not the minds.
So the mining industry basically has very little say in the mining algorithms or whether or not we, I mean, we go to proof of stake or any other proof system.
Exactly.
I mean, they wouldn't be very happy about it, I'm sure.
Yeah, miners are going to yell and scream, but.
But, I mean, that would, that could potentially have some sort of an impact on a broader impact.
Not specifically with relation to their business model, but what type of impact would that have?
what type of impacts would what have on chrome well i mean the mining miners getting getting
getting chafed um yeah yeah i agree there'd be a lot definitely a lot a lot of angry people um it's
you know hard to hard to imagine you know what exactly what exactly the uh anger would materialize
into just uh because you know it you it's like they they just their entire set of
your entire $600 million industry just instantly becomes valueless.
So that's very interesting, though.
Your point, I wasn't, of course, it makes total sense if you think about it,
but I just hadn't made that realization that actually,
if the users are sort of in the consensus, you know,
they can just switch over without having the consensus of the mining industry.
do you think that's
what percentage do you attribute to that?
What likelihood?
That's the thing.
Technically, it's entirely possible.
Politically, it's a bit hard.
Several reasons.
Number one, I think that Bitcoin is,
right now it's to a large extent
committed to being this, you know,
slow and steady coin that doesn't really,
you know, whose protocol doesn't particularly change all that often.
And now if Bitcoin wants to have a niche,
as being a sort of like digital gold 2.0,
then that's actually exactly the correct strategy to take.
You don't want to rock the boat.
You want to be exactly the same thing, and you want to be stable.
And, you know, the fact is that as much as I think it's a horrible environmental tragedy
that we're wasting $600 million a year on unuseless computations,
gold mining is even worse because it's people wasting resources in order to acquire gold.
And on top of that, you have negative environmental externalities.
So, you know, I think, so if Bitcoin takes the, you know, takes the route of specializing in order to sort of replace gold, which I think it should, then it probably makes sense for it to just be as conservative as possible.
So being conservative is probably is just one aspect.
The other aspect is that the Bitcoin community is, is, seems to be to a very large degree dedicated to the concept of proof of work.
especially to the, I think a lot of them especially feel kind of uncomfortable about the weak subjectivity idea
because like I've actually debated this on forum so many times where I know I argue that like there's this problem that
a new node connecting to the connecting to the network and if a node's been dormant by more than one year it has to ask some other node for a checkpoint.
And I mean it's not going to be a random node, you know, like realistically it'll be asking you'll be asking a friend,
you'll be looking up a block hash on blockchain.
Or you'll just get it from the software developer.
And a lot of people either see this as some kind of, you know, centralization,
which I really don't believe it is because, you know, anyone can produce checkpoints.
And other people also see this as being some kind of, you know, quote, subjectivity or even trust,
which is this, you know, incredible really evil thing that we're, exactly.
It's this really evil thing that we're supposed to have at all costs.
Yes.
So, it's, it'll be a really, really, really long road to trying to convince the Bakely
community that we see the activity is fine, probably an even longer road than, you know,
basically just replacing it with something, replacing it outright with something based on proof of stake.
Yeah, I mean, I think one issue is also, you know, the default is to do nothing, right?
So you'll just keep on in the same.
And then the question is, when are you actually going to get to the point where maybe a majority says,
okay, we need to do something.
It's probably at the point where something really bad happened.
There are a lot of alternatives already that are working.
And the danger then is just, it's going to be too late.
Yeah.
Like, you know, what I guess the biggest dangers are, well, number one, what if, you know,
okay, the thing that will convince Bitcoin to change the consensus algorithm.
Now, it's not going to be, you know, these sort of moralistic arguments about how they're wasting.
600 million dollars. I mean, that's, like, it's a problem, but it's a sort of, you know, slow,
boiling type of problem. It's not really critical at any point. The kind of problem that, you know,
that would convince them is if there is a 51% attack. So, you know, two possibilities. One possibility
is that, you know, a mining company actually manages to get over 50%. Entirely possible. Like, I think
for Litecoin at some point, there actually was one company.
that had 50%, they might still have that now.
Another possibility is, you know, there are backdoor tricks to attacking proof of work.
Like, you know, you theoretically, it would take $70 million to do a double-span attack on
Bitcoin, by actually building the AISCs directly.
But if your attack vector was to just hack into mining pools, was to hack into AIC data farms,
then I could easily expect you.
And a combination of hacking, you know, maybe even a, maybe even a commoner,
combination of hiring a couple of agents with masks to walk into the data,
to walk into the data centers, you know,
it could easily do it on like, I don't know, a $100,000 or $200,000 budget.
So, and the reason why that's the case is because, like, the fundamental,
like actually, Vlad's exam, here, one of our researchers,
pointed this out in our proof of stake panel a couple weeks ago is that the reason why
proof of stake is superior to proof of work is because with proof of work, the disincentive to be,
against being malicious is capped. It has to be equal to the reward. If you mine on the wrong chain,
then you get nothing, and that's the worst thing can happen to you. With proof of stake,
you could have security deposits. And so the penalty for doing something bad can be much,
much higher than the reward. And so the reason why I expect a lot of Bitcoin mining farms
to be insecure is because they have no incentive to be secure. You know, if they get hacked
and if some attacker takes them over three hours, whoopty-do. They lost three hours of mining
power. Yeah. So if we switch to a proof of stake model where we have very high security deposits,
then everyone has a really, really high incentive to really, really care about the security of
their funds. And so the sort of backdoor strategy doesn't exist. And of course, one big issue, too,
is that with mining, you know, these people care about the value of this hardware, right? You don't
have this, like, I own 1% of the mining power. And, you know, that's, you know, that's, you know,
sort of correlates to me having 1% stake in the currency, you know, it's not like that, right?
Well, it depends. Actually, that is, that point you're raised actually is the one argument in
favor of ASIC mining instead of CPU mining, which is that, you know, a Bitcoin, if they
have a Bitcoin ASIC, then that Bitcoin ASIC is useful for nothing else. And so what they actually,
you know, the asset that they're actually holding is actually, you know, basically a leverage
bet on the Bitcoin price. Right. But the problem is,
10, what is 10% of that worth, right?
10% of the mining power.
It's worth only a fraction of the total value of the market capitalization,
whereas with proof of stake, potentially 10% is actually worth 10%.
Yeah, like that's, yeah, that's kind of, you know,
it's kind of another way of looking at this idea that the disincentive is,
but it could be much higher than the reward.
And so the amount at stake is much higher than the amount being rewarded.
So if you're interested in these topics, one good place to read up on it is on the Ethereum blog.
So all the articles that Vittalik mentioned, the weak subjectivity article and the slasher,
the article explaining the slasher algorithm is also there.
I would say set aside a good hour and a half to read these because you have to read them multiple times.
They're very complex.
I mean, I have to say I read them at least two or three times before I could even grasp about 50% of what you were saying.
So moving on, so Bitcoin has been, there's been some critical system with the Bitcoin in terms of scalability.
There are some scalability issues, particularly the number of transactions per second.
Can you address those?
Yeah.
So with scalability, I see two problems simultaneously.
So the first problem is the number of transactions.
So right now it's at like two one or two transactions.
a second, and the blockchain is already many gigabytes, if it goes up to like 10,000
transactions a second, then the blockchain is going to be many terabytes, and the number of full
notes is going to fall down pretty drastically. So that's one issue. The, you know, that
basically the larger, the more people participating in the network, the more centralized it gets.
And in the limit, what you have is a system that's basically, like, the limiting case of Bitcoin right
now is basically PayPal, because if the whole thing scales up to the point where you have
10,000 transactions a second and you're down to one node processing everything, then, you know,
that one node basically is PayPal. So that's one issue. The second issue, which I think is
extremely related as transaction costs. You know, right now, Bitcoin transaction costs five cents,
which is fine right now because PayPal's fees are even stupider. But, you know,
Yeah. You know, if it, it should not cost you five cents, you know, the internet of money should not cost five cents a transaction. It's kind of absurd. And I know, the reason why it costs, like, for micro, you know, it completely removes all the micropayment use cases. It removes most of the non-financial use cases. And eventually, I, you know, my, my worst fear with the space is that Bitcoin was just going to get out-competed by a centralized alternative that's managed by Google.
So, you know, once Google, once, you know, the regulators get the rack together and, you know, they work with Google on figuring out some kind of digital currency, which, you know, which, you know, has all the properties that people, that normal people would like about Bitcoin, then Google will create a centralized currency.
And that centralized currency will be free to send.
and, you know, no more, there's like basically no more points for Bitcoin at that, you know, except as digital gold from that point on.
So the fundamental reason why both of those issues exist is this problem that in Bitcoin, every node has to process every transaction.
So, you know, every, it's because that's how the consensus database works, is that, you know, everyone has to agree on what the blocks are, and each block has to contain all of the transactions.
So the point, the, so there are.
Now, one approach to solving that problem is you say, okay, instead of having one currency, you have 100 cryptocurrencies,
and each cryptocurrency handles 1% of the funds, and if you want to transfer funds between them,
then you just do a couple decentralized exchanges.
So that's a solution, but the problem is that each individual chain is 100 times less secure, right?
So you have this sort of, you know, Pareto frontier between, on the one hand, security,
and on the other hand, scalability, where if you have...
a lot of security, then you don't have scalability.
If you have a lot of scalability, you don't have a lot of security.
It's a linear relationship.
And so in that language, the way that you fundamentally phrase the scalability problem is you say,
the fundamental scalability problem is the problem of figuring out how to have more,
how to have a larger economic weight of nodes explicitly protecting a blockchain
than the number of nodes that are explicitly protecting it.
So by explicitly protecting it, I basically mean, you know, the number of nodes that are actually watching the blocks on that particular chain and are actually verifying the transactions.
And by implicitly, I mean the actual security level.
So, like, in all the architectures right now, explicit equals implicit, and so you have this linear tradeoff.
So, but, you know, there are architectures that's all in the problem.
Like, I know if you look at the scalability posts that I mean, like the, especially the one on hypercubes,
and one on multi-chain.
And the idea there is to come up with these sort of tricks where you'd basically have a system
where by default, only a small number of nodes would actually be protecting,
would actually be verifying each block.
And those notes could even be randomly selected, right?
So if you randomly select like 200 nodes out of a pool of 10,000,
then you have this situation where, okay, each block is only secured explicitly by 200 nodes,
But implicitly, in order for an attacker to take it over, the attacker would have to actually
control at least 400 nodes in the entire network in order to have a statistical chance
of being the majority in any one of these 200-note juries.
And so, you know, the explicit number of nodes that are processing every block is 200,
but the implicit level of security is somewhere around 4,000 nodes.
So that's one approach.
That's something that I call jury selection.
then the other category of approaches is to say, okay, by default, 200 nodes to look at this block,
but if we notice a substantial level of disagreement, then we're going to do another,
then we're going to not count that round of consensus, and we're going to do another round on the same block
using all 10,000 nodes.
So by default, only a small jury, if there's a problem, then it expands to the entire set.
And so that way, once again, 200 nodes explicitly, but ultimately 10,000 nodes,
implicitly, and they're acting as a sort of deterrent, right? So, you know, because this deterrent
of this sort of second round exists, attackers are not even going to try, and so the 10,000 nodes
never actually all have to become active. So, you know, it's once again, it's a sort of, it's a sort
of reserve capacity mechanism, so explicit, explicit number, amount quantity of attention is
200, and the implicit security is 10,000. So, yeah, so that,
Yeah. So that's basically a summary of scalability theory.
And, you know, I could obviously go into, you know, the complexities of hypercubin multi-chain.
Not sure if we have time for that.
Maybe for another episode.
I don't think we have time.
We'll already be running very late.
But like we, I think it's a fascinating conversation we're having.
So let's totally do that.
And I totally agree with you.
I don't think there's any way around this, right?
There's just no way Bitcoin would go.
it just can't go like that, right?
You can't have nodes processing all the transactions
and scaling this to any size.
It just won't work, right?
So we will obviously have to find a different way
and it's surprisingly tricky, right?
I'm curious, what are your thoughts on projects like FACTOM
that try to address this issue?
I mean, FACTOM is, it seems to be more going into the proof of existence category,
and proof of existence is a much easier problem
than that actually just be, you know, being a scalable cryptocurrency
or being a scalable, decentralized application platform.
Because, like, it's a, like, the problem is that with factum-like applications,
the primary thing that they care about is just proving the thing has got into the blockchain.
Whereas here, you're trying to, number one, prove the things got into the blockchain,
number two, prove that things didn't get into the blockchain.
And, you know, that's a bit harder.
So just before we move on, we wanted to thank our second sponsor and talk briefly about a second sponsor, GEMS.
So you may have heard about GEMS on our earlier podcast episode with Daniel Pillett.
So GEMS is a social messaging app.
It's a bit like WhatsApp, but I like to call it social messaging on cryptocurrency steroids.
So there's a, the cool thing, really, is that if you think of WhatsApp, right, they got to like to,
like 400 million users, some crazy number.
And there was no, the only incentive people had to use this
was just that it was free and was pretty good.
But what James is doing is that they're sort of embedding a cryptocurrency in that
so that you can pay a reward.
Each time you, for example, invite a new user, you can get a reward.
And it creates really strong incentives that way.
And you can have a similar sort of deflationary model
where the earliest adopters have more incentives
and then hopefully over time
they'll have so much momentum
that the monetary incentive can decrease.
So I really love this
and I think it gives it a great shot
at actually being successful there
because it has this powerful way
of getting incentives right.
What else can we say about that?
So of course it also,
another thing they're trying to do
is sort of solve the adoption problem
because gems will be a social messaging app,
but it will be a Bitcoin wallet at the same time.
So, you know, their view, and I think it's a very valid view,
is that a Bitcoin wallet on its own,
it's hard to get people to use it.
It's hard to spread.
But if you make it a social messaging app at the same time,
and people get started off straight away
using, first of all, cryptocurrency gems
and being able to spend Bitcoin from the same thing,
well, that has a real shot at achieving
a wide adoption. And if you think of, let's say, WhatsApp again, 400 million users,
if you think of the biggest Bitcoin wallet, what's that like 2 million users or 1 million
users with Coinbase and blockchain or info, you don't have to get that far to get very far,
right? You don't have to get that far to really spread Bitcoin and cryptocurrencies.
So those are some of the things I love about that. And so, yeah, so we, we, we're, we, we,
really, really love it. When we add them on, this is a great project, a lot of potential.
And what they are doing is to do something similar to what you guys have done at
Ethereum is that they're doing a crowd sale. And with the money, they raise, they're
for developing the application. And you can get some gems that way.
And it's been going on for a while, but it's still going on for about 10 more days,
I think, until the end of the year. It's until January 5th, actually.
January 5th, okay, so another two weeks.
And you can participate on Coinify.
So if you go to Coinify, you would see the project there.
And you can also check out the app at GetGems.org.
And on Coinify, you can participate in CrowdSip and purchase some gems.
I'm really looking forward to Gems.
I can't wait for it to come on on Android.
Yeah, I really want to try it out.
I have high expectations.
Well, you'll get it first because you use an iPhone, unfortunately.
Yeah.
So actually, very much tied to that.
a user sent us a question
and maybe we can just do that here because it's so
relevant. A user sent us a question
before, now let me pull this up.
So that was a guy
named Jason Wedden
or Reiden. I don't know how you pronounce the last name.
So do you think
Appcoin tokenization model
of healing software endeavors should be
the default for most, if not all technology
startup as a way to eliminate a need for
public stock offerings?
I guess one could also say
as a way to eliminate venture capital in that kind of funding?
I don't think there is a single silver bullet that's going to solve all monetization problems.
I think it's a matter of coming up with tools and having as large a toolbox as possible
so that people can monetize as much as possible.
Or monetize as many categories of good things as possible.
So, you know, in the 2000s, like we came up with this idea of, hey, you know, you can monetize
free content with advertising.
And that was really great.
It generated a huge amount of free content.
And it created this internet where so much stuff is free that you have a library that
literally contains more information than existed in the 1970s.
And, you know, that was available to even like billionaires in the 1970s.
And yet, even homeless people can enjoy it with just a $200 laptop.
So now we have this idea that, you know, with token sales,
there is a way of monetizing things that are decentralized, right?
So the problem with proprietary software and the problem with advertising is that, you know,
you would have to, in order to monetize it, you basically have to control the platform to a very large degree.
And you could argue to a very large extent, that's why centralized solutions have succeeded,
and that's why proprietary and decentralized solutions have fizzled,
because there's just not enough incentive to build one.
Now, with token sales, there is, for the first time,
and plenty of intrinsic incentive to build decentralized systems.
And what's even better is that, you know, unlike what some other people advocate that, you know,
decentralized application builders should somehow monetize by, you know, quote, selling services.
With token sales, what you actually have is you have this alignment of incentives where there, you know,
the success is, or the, you know, the ability, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the, the.
of the
people building
the whole thing
building the platform
to continue to be successful
is dependent on
the token actually being useful
and having value.
If they build a bad platform,
then the crypto fuel isn't really useful
for much and it's worthless.
Right, no, totally.
And the other cool thing is that you can sort of
give on that incentive to the users themselves, right?
So it's not just the founding team,
but you can sort of give it to everyone.
And I think that's really cool.
But of course I agree, right?
It's a new alternative.
It's an interesting alternative.
I think if you're in a show better than anyone,
but yeah, it won't be like the only thing,
but yeah, definitely.
So let's talk a bit.
So we're definitely running late,
but we definitely want to kind of touch on some more topics
because they are extremely important,
extremely interesting.
And they sort of,
I think we arrived at a point now in our discussion
where also the things we talked about
before sort of led us to.
And that's going to what is the cryptocurrency ecosystem
going to look like in the future.
And I've been thinking a lot about that.
And I know you have been thinking a lot about that too,
and you've written some blog posts on that.
And I think one of the central issues
in determining that is it's going to be network effects.
But let's start with that question.
Do you think there will be a purely digital source value?
You mentioned gold 2.0.
Do you think that thing will exist?
Well, it depends what you mean by do I think gold 2.0 will exist.
Like, I mean, think, you know, they exist already.
It's a matter of will it get widely adopted.
Right, right.
Well, okay, let's put it like that.
do you think we will have a one point, a purely digital currency or a token or whatever we call it,
that will have the sort of mass adoption and also the stability,
and maybe those things don't go hand in hand,
the stability and value,
that you'd actually be able to price things in that.
So let's say I would do a life insurance contract and price it in, you know,
purely digital currency.
If that currency succeeds, unfortunately, that currency is not going to be Bitcoin.
Because Bitcoin is, you know, it has a fixed supply, and so it's inevitably going to
forever be just too volatile to be a useful unit of account.
You know, it's unfortunate fact.
Like, you know, the fact is that gold, gold doesn't even have a perfectly fixed supply.
Like, the supply actually somewhat adjusts because you can produce more of it if the price
goes up.
But even still, it's been going up and down by a fact.
for five every decade. That's not a stable unit of account, right? Like, fiat currencies,
you know, people talk about how also bad and unstable they are, but reality is that each
pair of fiat currencies, on average, I've actually looked at a whole bunch of, a whole bunch,
like I've looked at a whole bunch of currency pairs. On average, the price of one random fiat currency
in another, at least in the developed world, only goes up and down by a factor of 1.6 within any
particular decade time span.
So if a crypto coin is to become a unit of account and people start pricing things in it,
it would have to be artificially stabilized in some fashion.
So by artificially stabilized, I don't mean, you know, I don't mean centralization.
I don't mean controlled by Ben Bernanke or Janet Yellen or or the ECB or whatever.
I mean, like I actually wrote a blog post on this.
Like Robert Sam's actually before me, he made the points in his paper on the
Senora shares that, you know, just sure, there are lots of things to be critical about
in centralized monetary policies that we see in the real world, but we shouldn't be
critical, but we shouldn't extend our criticisms to the concept of monetary policy as a whole.
The concept of monetary policy by itself is completely legitimate, right?
It just means that a monetary policy is an algorithm that determines what the supply of a
currency is going to be.
So with Bitcoin, though it's a completely inflexible supply.
predetermined. But if you could come up with a monetary policy that is decentralized and at the
same time adjusts so it's, you know, at least partially aware of what its own price is, then you actually
could get pretty far, right? You could get, if you have even a reasonable estimate, you know,
from things like mining difficulty, from things like transaction fees, from even things like a built-in
in the file storage market, if you had a reasonable estimate of what the value of a coin is from inside the coin,
then you could issue more units of the coin or issue fewer units of the coin, you could stabilize the price.
It is, yeah, I agree.
And so there's two general categories of approaches to that.
One approach is to try and create these kind of estimators that would try to lead to price stabilization.
Another approach is the shelling coin strategy, which is where you use a decentralized Oracle to,
figure out exactly what the price of a coin is relative to, you know, could be U.S.
dollars, could be heroes, could be special drawing rates, could be the consumer price index,
whatever. And you then just have a currency, which is, which issues more units if the price
goes above one, it takes units away if the price goes below one in terms of that index.
So one problem with those kinds of designs is that, you know, in order for it to be stable going up
and stable going down, you have to have a system where if the price goes down, you have to be
able to take units away, right? Because if the supply can go up, but it can't go down,
and as soon as it starts crashing, it's just going to crash more and more and more. There's
something you can do about it. So, well, it's not going to be that bad, but, you know,
like, actually taking away upward volatility does take away downward vulnerability to a
downward volatility to a partial extent. But if you want to have perfect stability, you need to be able to
introduce units and take units away.
So this is where this Robert Sam's is sort of two currency model,
where you have coins and shares,
and,
or, you know, as I call them, stable coins and volatile coins.
And the idea is that if the price of a stable coin goes above one,
then the system sort of issues new stable coins,
and it auctions them off in exchange for volcoins.
So the supply of stable coins goes up and the supply of volcoins goes down.
And if the price of a stable coin,
jumps below one, then stable coins get absorbed. And the way they get absorbed is they have an
auction and new, new volk coins get issued. We're actually going to have Robert Sam's on
on January 5th, I think, like the first week of January to talk about just that. Yeah, perfect. Yeah.
So it's a real brilliant idea, because basically, instead of having one coin which is volatile,
you're sort of split the volatility in half when you have one coin which is stable, and then the
other coin sort of absorbs all the volatility, it becomes extra volatile. And you know, whoever wants to
speculate, can speculate, and whoever wants to just, you know, live their peaceful lives
and have a decent unit of account and preserve their value, can do that, can do that as well.
So, you know, that's, like, that's actually the model that probably even the most age we're
sitting in at this point.
So we are sort of coming up at the end, but very briefly want to cover side chains.
can you give your view on the sidechains project?
So sidechains basically is a way of using a currency from another blockchain inside of your blockchain.
So you could have chain A and chain B, and the way it works is that there's a way of locking up a coin in chain A in order to unlock a coin in chain B,
and unlocking up a coin in chain B, and locking up a coin in chain B.
So you could sort of freely convert them back and forth.
So that project, it has a lot of potential because, you know,
first for networks that are either, you know, too weak to try to bootstrap their own currency.
And, you know, it allows them to sort of use other, other blockchains currencies as an alternative.
You know, do I think that sidechains will usher in the rise of Bitcoin as being the one true currency of just about everything,
or even at least everything in crypto, probably not.
Actually, the one big piece of evidence I have for that is that if you look,
right now there's actually been exactly one project which was announced,
which intends to be a Bitcoin side chain that's not run by Blockstream.
And that project is Truthcoin, which is a decentralized prediction market.
And the thing you did is actually this incredibly,
incredibly clever thing of sort of playing both sides at the same time where they say,
oh yeah, truth coin is going to be a Bitcoin side chain.
So guess what it is in reality?
They have two currencies.
One of them is a Bitcoin side chain and the other one, they're going to be crowd selling.
So, you know, it's, I think like just the economics alone, I think.
The, you know, the attraction of token sales is just too good for people to, for people to prefer
wants to take the side chain route en masse is one reason.
Another thing is, you know, there are this,
people are going to watch to experiment with these alternative economic models.
Like, I could easily see, you know, in one or two years down the line,
the stable, stable coin model completely displacing the single currency model.
It could very easily happen.
So, in tight to the side chain thing.
So it seems if you look at the side chain team,
they're incredibly smart people.
We've had some of them on the podcast before as well.
Incredible experience in the cryptocurrency space.
And yet, you know, I also have my doubts similar to yours.
What do you think is going on there?
Do you think that their economic interests
because they tend to be very much earlier doctors,
to what extent do you think that's influencing
what they are doing.
Yeah.
I mean,
they're influenced by an ideology
that I've called,
that I've started to call Bitcoin maximalism,
this idea that Bitcoin should be the one and only currency
to rule them all,
and there should be absolutely nothing else.
And it's a viewpoint that many people in Bitcoin seem to have,
I guess,
in a partial, to a partial extent,
a lot of people somehow, I know, see it as unfair
that a situation where cryptocurrency wins,
and yet Bitcoin doesn't,
And yet Bitcoin doesn't, or I always say, or Bitcoin has to, or, you know,
the number, that the number of cryptocurrencies will have, we'll have to, we'll have to increase.
There's some portion, there's some portion of deflation, of deflationism among them.
There's, uh, I mean, it's probably a combination.
Yeah, yeah.
Factors for each one.
Yeah, you really can't pit it down on one particular thing.
I think that answers the question.
Yeah.
So I'd like to, so we're both the wrap.
up here. It's been a long conversation. We've talked about a lot of things. I mean, we'll have to
have you back on the show at some point because we've got so many listener questions here in the
chat room on YouTube. There's about 50 people in the hangout right now. So we'll have to
have you back on again so we can address those questions. But before you wrap up, I mean,
this is something that I've been thinking about a lot and when thinking of you and the things that
you're doing in the Bitcoin ecosystem and everything that you've achieved with Ethereum,
you know, you've had a very interesting journey.
You went from being a college dropout to now perhaps being one of the most well-known
people in the cryptocurrency space.
In my opinion, you're definitely one of those people who are, who is addressing the issues
at hand and asking the right questions and trying to think of those philosophical things
that will, you know, bring us into the future.
how have you been living this past year?
I've basically spent in a large chunk of my life on airplanes.
I think this year, this year of something like 11 countries and two or three times as many as that in cities.
Like basically, like visiting all of the different Bitcoin communities and cryptic
communities and people who are in conferences and people and people who are involved in it in
Ethereum and I guess to a large extent is just to work extend just to help myself
and to see you know exactly what what everyone in the world is up to so it's
interesting that you've still managed though because if if we look at your writing like your
blog posts I mean I've been a big fan of you writing back to the day when you were
writing Beckle magazine I think my
personal view, I think you are the best writer in the Bitcoin space.
Like, you're the best person at explaining complex topics in a way that are accessible
to, let's say, put it semi-technical audience.
So I'm curious, how do you manage to find the time and attention to write these monster
long blog posts?
I mean, when you got eight hours on a plane, what else do you do?
Yeah, I got to agree.
Plains are probably the place where I'm the most productive.
So, or trains for that.
But, I mean, you just got back to Toronto from basically just touring around the world.
How has that been?
Yeah, it's interesting.
I mean, I saw a whole bunch of a whole bunch of different places, different conferences.
It's, yeah, was that in Israel, UK, Germany, Switzerland, South Korea just recently.
It's interesting to see the kind of different emphasis that all the different groups have.
like different cryptocurrency,
cultures, different things that people are interested in.
Israel is probably the most technically advanced.
Like, you know, people that are interested in proof of stake
and zero knowledge proofs and so forth.
You know, Germany has its own emphasis.
London has a lot of finance.
South Korea is still pretty new,
but, you know, it's exciting to see what will come out of it.
Yeah, no.
Yeah, I mean, it,
Yeah, so this is a global movement that we're part of.
Yeah, absolutely.
I mean, you're definitely at the forefront of that movement in terms of thought.
I really also appreciate your block posts and everything that you've been putting out online.
But you're very young.
I mean, you're what, 21 years old?
20 for another month.
20 for another month.
Where do you, I mean, you've already, it seems like you've already accomplished so much.
Where do you see your role evolving in the future?
probably going more into research um like if i've already started started uh getting really heavily into scalability and consensus
and i know it's i've gotten to the to the point where i'm starting to understand a lot of the
a lot of the issues better.
Eventually,
maybe write a book about some of this stuff.
Yeah.
I'd like to see
crypto economics turn
into a proper and mature
sort of academic discipline, roughly the
same way the standard cryptocurrency
is today.
Yeah, I agree. I think that's something that
sorely needed for the future.
It's so fundamental,
right? I mean, even with Bitcoin, we've
often talked about some of the economic intricacies, like I remember we talked about it,
Jonathan Lennon, with my current very long time ago, we talked about the sort of public
goods problem of transaction fees and all that.
And that's just so little research on that, right?
And it's so fundamental to getting this right.
Exactly.
Yeah, I think we definitely need a lot of research.
We need to also open our minds a bit more.
there's a lot of, there's this big research community that's still dedicated to figuring out these
really, really tiny intricacies of, of how big when they want to work 40 years from now.
And I think it's, I mean, I think that we really need to focus on our probably the more big picture,
big picture fundamentals. So like, you know, how do, how, how can a protocol pay for its
ongoing development? How would, what would decentralized governance look like? What are, you know,
what are some of the challenges in reputation systems?
Sort of all these problems that everyone thinks about that are on some level of the basics
that haven't been solved yet.
Absolutely.
Well, thanks so much Vital for joining us today.
That was super interesting and we would love to have you back on.
I don't know, maybe six months in the future or something, eight months.
Yeah, sure.
And hear what's been going on then.
And also, thanks so much for our listeners.
Now, there were some questions.
let's, we got to one of them.
I don't know if there's another one we should cover.
I think we, I think we will try to address those perhaps in a different context as we are running very late.
But yeah, well, thanks so much, Vitalik, and thanks to all our listeners for listening.
Now, we will be back a week from now.
We will have sort of a year-end episode.
We're not 100% sure about the format and the content yet, but, you know, it'll be the same time
in the same place.
We'll definitely have to get some whiskey or something, Brian.
Yeah, we'll definitely have whiskey.
It's going to be a year-end episode.
It's going to be a year since we first started this.
Like, do you realize that we've been doing this for a year already?
It seems amazing to me.
I know.
It's a long time.
Yeah.
We've done a lot of these.
So, yeah, thanks so much.
If you want to, yeah, so follow us on Twitter of episode of BTC.
I'll let you know about that.
You can also sign up for a newsletter.
episode on Bitcoin.com slash newsletter.
And yeah, leave us in iTunes review.
We would appreciate that and it helps new people find the show.
Although, of course, as cryptocurrency fans, you all know, iTunes is a horribly trusted place,
but people do trust it.
Well, what can you do?
Release someone to HD already.
Yes.
Okay, well, we'll see you next week.
And happy holiday.
Thank you.