On The Brink with Castle Island - Nicholas Gregory (CommerceBlock) on statechains for scalability and privacy (EP.211)
Episode Date: May 3, 2021Nicholas Gregory, CEO of CommerceBlock, joins the show to talk about their new statechain implementation, Mercury. In this episode: Origins of CommerceBlock Nicholas' prior career in martial arts ...Nicholas' underground MMA club in NY Did Roger Ver take the most expensive BJJ lesson ever? The purpose of CommerceBlock's Mainstay system The difference between OpenTimestamps and Mainstay How sidechains evolved from the original vision and where they are today What can Bitcoin learn from Ethereum? Nic's rundown of privacy-enhancing technologies Centralized mixers versus coinjoin versus statechains for privacy How statechains allows you to send a UTXO without an on-chain transaction Trust drawbacks and caveats in using statechains CommerceBlock's Mercury statechain implementation Statechains as virtual opendimes Synergies between statechains and Lightning Nicholas' thoughts on Bitcoin scalability Statechain timelines Sponsor notes: Copper is transforming how institutional investors engage with digital assets by developing award-winning custody and next-gen trading infrastructure. Headquartered in London, the firm is scaling rapidly across Asia and North America to bring its suite of products to a wider pool of institutional investors. To learn more visit copper.co or reach out on Twitter, @CopperHQ Aave is a decentralized, open source, and non-custodial protocol where users can deposits and borrow digital assets, and earn interest on those assets. Head over to aave.com to experience and learn more about DeFi.
Transcript
Discussion (0)
Hello and welcome back to On the Brink. Today's episode is brought to you by Copper and AVE. Let's start with Copper. It's the global provider of blockchain infrastructure solutions for institutional investors who are actively trading digital assets. Its award-winning custody application is connected to 25 of the largest exchanges in the world, ensuring safe storage and movement of assets for the biggest crypto hedge funds, market makers, family offices, and high net worth individuals. Their clear loop system,
is the first off-exchange settlement network for digital assets.
It's the safest way to trade balances in custody across multiple exchanges
without requiring on-chain settlement, on-chain movement of assets.
To learn more, visit copper.co, or reach out on Twitter at CopperHQ.
This show is also brought to you by AVEA, AVEE.
AVE is an open source and non-custodial liquidity protocol
where users can earn interest on deposits and borrow digital assets.
It's a decentralized community-governed protocol.
Learn more and more about AVE at AVE.com.
So today I'm sitting down with Nicholas Gregory, who is the CEO of Commerce Block.
Commerce Block is probably best known for their work with Mainstay, which is a Bitcoin
side chain with DGLD, the Goldback Stablecoin project, uses to anchor itself to Bitcoin.
They've recently created an implementation of state chains called Merrower.
Mercury. And what state chains is is a way to trade private keys or UTXOs to send them without
making an on-chain transaction. So you can think of state chain transactions as virtual open dimes,
effectively taking Bitcoin and turning it back into a Chomian-style cash system with specific
denominations of coins. There's a lot more to it than that. We'll get into it in the episode.
Let's dive right in.
Here's Nicholas Gregory.
Brought down by bad mortgage investments,
Lehman, which has 25,000 employees, will be liquidated.
The federal government loans American International Group,
AIG, $85 billion.
This is a different kind of market, and the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac,
the two mortgage giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more into Britain's ailing economy
with a new round of constituted easing.
You print a couple trillion dollars.
and all of a sudden people start to worry.
So out of this worry, we have something called the Bitcoin.
Well, Nicholas Gregory, you are the CEO of Commerce Block.
And we're here to talk about state chains.
Very exciting.
And your new project, Mercury.
But before that, you were telling me before we started recording
some pretty funny stuff about your history with martial arts.
So maybe just tell us a little about yourself about Commerce Block and then we can dive into that.
Yeah, so I'm British, obviously, but I did live a significant period of my time in New York
and kind of got into Bitcoin while I had a community day around 2012 and around 2015-16
founded Commerce Book.
Originally we were kind of doing OTC software for people in the crypto, in the Bitcoin in the community
and that kind of evolved to building side chains.
We built a protocol called Mainstay.
We built a side chain for gold-backed token called GTSA.
And recently we've spent the last year looking at kind of their two solutions with Bitcoin
and very much focusing on something called state chains,
which was a paper written by Ruben Sandstone a few years ago.
It's significantly different than his paper, mainly because his paper focused on things like L2,
which aren't really available yet.
We are kind of code complete, but we have a lot of UI bugs and stuff, but we're hoping to be ready for soft launch by June.
Hopefully, we have some people going to Bitcoin, Miami that maybe get, we're hoping that they'll be in a position to present it.
So that's where we are with that.
So you were telling me that you had a past career as a martial artist.
Is that correct?
Kind of.
I mean, I did teach in New York, Wing-Chung.
I don't know over the years.
I'm more of a fan.
Like I did, 2008,
had a bit of a midlife crisis
and spent a couple of month and a half
training in the Shaolin area of China,
which was great.
In the following year,
I did something similar in Thailand
in Did Pointe Thai.
Just really a hobbyist who likes kind of traveling
and training in exotic places
and being switched off from the world
and just training eight hours a day.
I don't do that as much now.
I get a bit older.
I have a little daughter as well.
But yeah.
And then when I arrive,
in New York in 2010, I wasn't really a fan of the martial art culture, kind of traditional martial arts,
very much, and bowing and wearing traditional clothes. So I kind of started a little school,
and that became kind of fairly big, became bigger once I left, which is weird, but yeah,
it still goes on. I'm not really involved in that at the moment. I kind of switched a few years ago
and focused more than Brazilian jihitsu. I kind of like the culture. I still trained that at the moment.
So is it accurate to say that you founded a fight club in New York?
That's kind of how you described it to me before.
Yeah, so the site called the Wingshun Brotherhood, which, fine enough,
a guy from your area of the world, but Boston, it was just a Boston boxer.
He went out and challenged a lot of Kung Fu guys to fights.
I randomly said, yeah, why not?
And then it was on YouTube.
And then from that, we ended up having these sparring sessions and became quite big.
And they still do it now.
So it's not fighting, but it's rather than just doing shapes, forms and avoiding, you know, contact,
it was just a bit more free-for-flow.
And bear in mind, this was in New York when UFC and then they were actually banned in New York.
So you weren't legally allowed to do that.
So I think that law changed around 2015-16.
So this is why this kind of existed.
So an underground bootleg fight club?
I wouldn't say it was underground.
I mean, you can find videos of it.
I mean, they were on the, I'd say, the north side of Central Park or a few were in Jamaica, Queens.
It was fun.
So you didn't attempt to conceal your speakeasy fight club?
Well, it was sparring, so it was technically fine.
Okay.
And you told me that there's a very interesting Bitcoin intersection here.
Tell us about that.
So one day I was in the, I trained Brazilian Jiu-Jitsu at a school in New York,
which is quite famous, Marcella Garcia's.
And one day I was in the showers, you know, with other men, as you do.
And one of the black belts there was kind of like joking about how, you know, someone
paid for him in Bitcoin and blah, blah, blah, and wasn't too happy about it.
I paid for a private class.
So I, you know, and people knew me that I was involved in Bitcoin then.
And I ended up going on to his wallet, which was literally probably a,
password like password on blockchain.com.
And it turned out there was a significant amount of Bitcoin there.
And it turns out the private student was Roger Vair himself.
So and this Black Belt was pretty happy about the outcome.
And this was in 2015, 16, so it's probably even more now.
But it seems that Mr. Vair was training quite seriously with some.
Do you know what Roger's discipline is from a martial arts perspective?
I mean, I barely
I mean, the coach was a guy
called Paul Schreider, who's quite a well-known coach.
He told me Roger came a few times
and paid for private lessons, but I think at the time
he was a brown belt.
But, you know, he said he was pretty serious,
a pretty intense
guy. Who would you back
in a BJJ fight
competition between yourself and Roger Ver?
Who would you?
I mean, Roger Verbs, very much
a high level to myself. I'm still learning
BJJ I'm still quite a few bells below.
So the most expensive BJJ lesson of all time, probably.
Definitely for sure.
Love it.
So you've had an interesting journey with Commerce Block.
I guess the unifying theme has been side chains.
I don't know if maybe side chains is the right word, but, you know, overlay networks,
which reference the underlying Bitcoin network.
They sit on top of Bitcoin,
but they give you different transactional assurances.
So maybe let's just revisit Mainstay.
Tell us a little bit about that
and the idea behind that system.
Yes, and Mainstays really,
it's kind of, I think the concept was originally designed
by Peter Todd, kind of like a single-use-sealed set.
So essentially it's a way of aggregating proofs
into a Merkel tree and then building on succinct commits
into the Bitcoin blockchain.
So unlike open timestamps, which are kind of like,
rights, but they're kind of not kind of wired together,
we would write into the Bitcoin blockchain,
kind of like, but on the previous commit.
So if you had a document, for example,
and you wanted proof of that document existing
at certain points in time, you could take a hash of that,
put that into the Merkel tree that we build.
And then we write that into the Bitcoin
blockchain but we would keep all the commitments of that document so if that document
was changed in between it wouldn't necessarily be valid and the reason we came
up with this as we were building this gold black side chain which I mentioned
but we wanted to kind of like preserve its history and keep proof of this history
so we used this kind of like mainstay concept and it's still live and it's called
mainstay.xyc we we had people at the moment that was speaking to us to do proof of
concepts. We do use it as well. We are potentially going to use it for Mercury, the state chain
that we're building. And we do have integrations with it with Dropbox, Google Drive, and one other
OD probably, I think the Microsoft plugin as well. And you know, we've had various law firms,
etc. that want to kind of do POCs on it. We're not really actively marketing it, but it still
exists and it's been well so far.
So to contrast something like open time stamps, you know, open time stamps basically
hashes a lot of information together for for sort of efficiency's sake and then it sort
of periodically uploads the root hash to Bitcoin and effectively proves that certain information
existed at a certain point in time without even necessarily, you know, revealing what the
information is so that at a subsequent time you can go back and reveal the existence.
Maybe it's a patent or a new idea that you wanted to, you know, demonstrate to the world
existed and Bitcoin is the clock, you know, that shows that it existed at a certain point
in time.
Whereas Mainstays a little bit different.
It proves, is it fair to say that it proves unique information existed at a certain point in
times and yes so with open time stamps obviously there's no linkage between the rights so if
if you write something into open time stamp today and then make another write tomorrow you
know there could be many kind of not mutations in between that wouldn't be reflected
I think the whole concept of mainstays that you have like one permanent proof and we do the similar
aggregation so one bitcoin transaction can have up to you know hundreds of thousands of
commitments and you're not storing the data you're kind of validating the data so you
the hash of mainstay to validate the kind of the hash yet you want to preserve but yeah so it's
kind of like you could think of it of open time stamps but kind of linked so we build on the previous
transaction each time and you know we aggregate this also it's very kind of efficient on the bitcoin
blockchain and djld actually power uh this gold-backed stablecoin um is that correct
So that's basically a side chain.
We forked the elements code base,
which is created by Blogstream,
and we made a lot of changes to that to work with a gold-backed asset.
So things like there's no transaction fees on it are paid by gold.
There's no underlying asset like BTC or Theory mind, I think.
And they run their own kind of federation.
And then we have these kind of commitments onto Mainstay that happen every hour.
And that preserves the history of that gold.
back side chains so it can't be ever changed.
The transaction history is kind of locked in on Bitcoin.
So aside from Blockstream,
you guys have been some of the most active
in terms of creating side chains on Bitcoin.
And yet, interestingly, sidechains are still not a huge part
of the Bitcoin narrative today.
Like they definitely were in sort of 2015-16.
You know, everyone was really excited by them.
Then of course, like we have other systems.
the refer into Bitcoin, you know, like block stack today, for instance. And then you've like,
quote unquote merge mine side chains like rootstock, which you're like maybe getting a little
bit of traction. But for whatever reason, like it seems like the side chain narrative has like,
you know, some of the air has gone out of that balloon. What do you ascribe that to? I mean,
you've had a front row seat to this the whole time.
Well, I think the initial promise of sidechains is that they would be kind of trustless.
But I think the original paper talked about having these kind of, well, the original paper
need required changes to the Bitcoin protocol to support these SPV proofs so that you could
support, basically gather kind of like proof of work on the side chain itself and that could
be kind of like emerged into the original Bitcoin blockchain.
That clearly didn't happen.
I think, you know, post that paper.
We obviously had the Segwit wars.
So the idea of changing anything on the Bitcoin protocol is quite, yeah,
I don't think we're going to see massive changes like that.
So the side change you see at the moment do rely on essentially a multi-sig federation.
That's essentially the way Liquid is.
I mean, I'm not familiar with Roostock.
I did look at them years ago.
I met Sergio in New York.
But they, as well, they wanted this kind of power peg, which I think uses a feather.
duration. And arguably, I mean, this might say controversial, but Ethereum is like a Bitcoin
side chain with its wrapped BTC. And I think Bitcoin has found its way into other chains by
these kind of wrapping mechanisms. Now, these wrapping mechanisms are still, I wouldn't call them
trustless. If anything, they're just a multi-sig. And, you know, I think these other side chains
may have got better, done better in terms of the tooling for developers. I mean, sidechains are quite
hard to code against you, but you're coding against Bitcoin script, which is not a nice
JavaScript light language. So that's probably a lot of it to do with it. Yeah. So it's interestingly,
speaking of Ethereum, you know, if you look at the last few months on Ethereum,
these roll-ups have been getting a lot of traction. And as far as I can tell, some of them
do rely on these SPV, like fraud-proof assumptions.
which were the ones that were rejected in the Bitcoin community when we realized, you know, when we were contemplating side chains.
So what do you make of that?
I mean, is it like risky to pare down, you know, the trustlessness required to use these things?
Or is it just a matter of while they're experimenting and, you know, maybe it's worth experimenting with side chains like that?
I think it's just different culture.
Ethereum tends to go with things, take the risk.
They're a bit more centralized.
They can make changes if things go wrong.
And, you know, I think, again, I think the Bitcoin culture changed a lot after Segwit 2X,
where it's become a lot more hardened.
There's a lot more adversity when it comes to changing it.
I mean, if you look at Tap root, that's arguably not a big change,
but there's been quite hard debate about changing that.
And maybe that's one of Bitcoin's strengths.
I mean, you know, I'm someone who holds Bitcoin.
If Bitcoin ends up, if the layers on top of Bitcoin end up out of blockchain
and Bitcoin becomes its hardened layer, which is somewhat ossified.
I don't necessarily see it as a negative thing.
It's just, it's evolved in a way that, yeah, it's just evolved in that way.
I mean, we're still quite away from having a solidity type JavaScript language
working on top of Bitcoin.
It may make sense to never even have that.
So, Nick, you're a bitcoiner.
you're a long-time bit coiner but you're also you know i'd say like pretty open-minded would you say that
there are actual technological learnings to be taken from specifically ethereum or or did we know
everything that there was to know about blockchains you know uh in 2012 from bitcoin talk discussions
like have we learned anything new from watching ethereum's experience in the last five years
Well, I wouldn't call myself a Bitcoin Max list by any means of that concept.
But I think the Ethereum did a great job of creating a kind of like a developer community.
And I don't know if it was good marketing or was it the tooling like Metapart Mask and Infura,
but they obviously found something.
And prior to Ethereum, there were things like Counterparty.
I tried to get involved in to Counterparty.
There were coloured coins.
But there were never, I mean, coloured coins was I.
I was a fan of that, but there was never consistent spec, and there was never consistent tooling.
And I think, you know, Ethereum came with this kind of marketing machine,
and they were able to get developers en masse, which, you know, how many real Bitcoin developers
are there in the world?
10, 50, somewhere in that between.
It's probably a thousand Ethereum guys.
And that's kind of where they've had success.
but it may not end up being to the detriment of Bitcoin.
I think Bitcoin's projection has done perfectly fine,
and they've brought in people that would probably never have been Bitcoin developers
in the first place anyway, so it's not necessarily a negative.
In terms of technology, I don't think it's really added anything to Bitcoin,
but I think other blockchains have.
I mean, I'm a fan of Manero.
I wouldn't want to see Manero try privacy in Bitcoin
because that would potentially hinder the 21stons.
million but I think product blockchains like that have added and you know
I've shown us things that we potentially haven't seen and there's others you know
I think I've told you I'm a fan of de-cred as well but I think that there is a lot
of that as well yeah so the recurring theme here is is privacy obviously and this
is a good segue into our next topic here state chain so maybe before that let's do a
quick preamble on the privacy tools available
on Bitcoin today. So there's like a couple, I guess, big classes of privacy tools, you know,
systems to acquire transactional privacy. Do you want to just give us like a very quick
rundown of them and sort of how effective they are and like what the the constraints are on those
systems? Yeah. So I mean the first real type of privacy is people using either a centralized
mixer or something like BISC, which is a kind of like non-custodial exchange,
with a centralized mixer, you are losing, you know, essentially a custody of your funds.
And they are somewhat illegal. So you're essentially sending your Bitcoin onto a website.
The Bitcoin is held by a server and you just hope that a different type of Bitcoin comes out.
Very easy to use.
From everything I've read, majority of privacy is actually done on
decentralized mixers. I think one of them recently got top-tick down
the scale called Bitcoin fog or something. Yeah, I saw that. But they are
custodial, comes with a lot of risk, but they have huge volumes because they
have they they solve the ease of use. Then you have a lot of people that
simply go into BISC and maybe swap into Monaro, do some transactions,
Minero come back out. Kind of that's a bit clunky to use, a lot of work. And then
you have the kind of coin joins processes. You have things like joiners,
market, which I think was the original one.
Can't say I know much.
And then you have Wasabi and Samurai.
And they basically both act as coordinators who basically,
you kind of notify them that you have X amount of Bitcoin.
And they coordinate the generation of a script,
which all members of that join basically publish the Bitcoin blockchain.
And that kind of mixes your outputs.
So, and you know, they have, I mean,
there's obviously if you follow Twitter and, sorry, Twitter,
If you follow Samurai and Wasabi, they have different philosophies on how they do that.
They don't necessarily like each other.
But they're essentially building this kind of coin joint where they're non-custodial, they create a coordination service, all your Bitcoin go in, an output is done and your Bitcoin is mixed.
And the challenge with that is they are detectable by exchanges.
So you occasionally might see something where finance don't take an output because it came from a coin joint.
So with that approach, you are creating a kind of a two-tier type of Bitcoin.
You have clean Bitcoin, which comes from lovely clean exchanges like Coinbase and Cracken.
And then you have this dirty Bitcoin.
And that's the issue kind of with CoinJoin at the moment.
Yeah, it's odd that, I mean, I guess that's the nature of Bitcoin.
Obviously, you can look back in the history of some Bitcoin sort of being deposited on an exchange.
And it's very easy to see that historically there has been a coin join associated.
with that Bitcoin, I don't see anything, you know, morally reprehensible about doing a coin join.
It's basically the same thing as taking a bar of gold and melting it down, mixing it with another bar of gold, and then, you know, getting some new bars of gold out of that.
You're just mixing up the atoms.
Yeah, and if we're going to create a circular economy with Bitcoin, I don't think it's feasible that when,
wherever I spend my Bitcoin, the recipient of my Bitcoin knows my history.
Right.
And that's probably why most people use these things.
It's funny that we apply the standard of traceability to Bitcoin.
It's considered normal when I got right here my wallet.
I did a analog physical token, aka cash, where there's no transactional history associated with it whatsoever.
there's no metadata
there's no way to tell
with the last 10 transactions where
with this dollar bill it could have been for super
illegal stuff and I would never know
the 7-11
where I'm going to go spend this by sugar-free
red bowl is never going to let know
you know so we
have a completely disparate standard
for physical
If you were to
if you were to send me money via PayPal
be pretty hard for me to know what you're doing on your PayPal
account. Things like
PayPal, pretty good privacy.
Why would you, as the recipient of my transaction, even want to know or believe that I had a duty
to inform you about my prior 10 transactions?
That is not the way we reason about cash in society.
That's like a completely blown up standard of like, of surveillance.
And it's, and like, you know, if you actually think about it, the cash is not doing anything
illegal. If someone, you know, 10 transactions prior to me with a $100 bill is using that cash to buy
coke or something, how does that reflect on me? Like, that's not my, that says nothing about my
behavior. That's just, you know, so the cash isn't criminal. It's the criminal activity, which is
criminal, you know. And somehow we've entered this new regime where now the cash itself is
being sanctioned. And so if you have your coin join in your Bitcoin history, now the Bitcoin
somehow is tainted, which is definitely not the way that we actually think about cash, which always,
it's kind of a crazy thing that the goalposts have shifted so much. So that's coin join.
Do you, coin join you say is like slightly less popular than centralized metrics, but it's still
quite popular actually, right? Like it's something a lot of people do.
Yeah, absolutely. I mean, I don't know the exact volumes, but they're pretty huge.
Both Forsalvi and Samurai, they publish their transactions. They're considerable.
Yeah, but it's also kind of easy to trip up, right? Like there's a bunch of trap doors and ways to make mistakes with coin joins, so that it's not effective.
Is that not that I'm, you know, fudding coin join, but that's kind of my understanding is there's a few ways to obviate the usefulness of that procedure?
Yeah, I mean, people can dedos the anonymity set.
I mean, if the majority of those coins are coming from a nefarious actor or a state agency,
if the animosity set is the majority of that person, they could probably decompose that coin join.
I mean, I think that's some of the debate that's happened between Osapian samurai.
Privacy is not a switch.
It's a bit of work.
There's no perfect privacy.
So I think it's always going to be a lot of work in that sense.
And if the CIA or FinCN or whatever is like 49 outputs in a 50 output coin join and you're the last one,
then you're not getting any privacy from that.
Yeah.
But that would be the same with Manero.
I mean, I think Minero forces you to do 11 mixes.
If 10 of those kind of those kind of block, you know, minors.
are always the NSA's transactions, they can narrow it down pretty easy.
That's right. That's right. And the other thing is, of course, fees. Like coin joins, repeated
rounds of coin joins can get expensive, right? Correct. Yeah. So I think both of them.
What about coin swap? Is that different?
Yes, a coin swap essentially swaps your coins. So in our case,
maybe it helps if I talk about the way state chains works but with state chains we
essentially are finding we found a layer two way of transferring private keys
UXTOs so by applying coin swats we're essentially putting all our private keys into
a jar you know shaking it a few times pulling them out because this is somewhat off
chain there's no cost and also there's no kind of on-chain kind of printing
because you're essentially just swapping a UXTO.
Now obviously there's pluses there in that you can swap as many times you want.
There's not an on chain cost.
But if say one of the coins coming in were tainted and say we had a swap,
you swapped with 20 people, potentially one of those 20 could end up with the dirty coin.
Whereas if it was a coin join of 20, essentially that taint goes across all the 20 members.
but we still think there's positives there
because if you were the unlucky person
to end up with the tainted coin,
we do kind of commitments into the Bitcoin
blockchain using that kind of sparse Merkel tree
which is what we mentioned with Mainstay.
So if you were the unlucky person
that went to say your exchange and they said,
look, you have a dirty coin now,
you could prove that you did a coin swap on Mercury
or with us.
So you could say why,
this coin may have been used for terrorist financing
but I did do a coin swap.
It's proven in the Bitcoin blockchain.
So I'm not doing, yeah, that state is not valid.
And then you'd only have a one in 20 chance of that happening anyway.
So we hope that would kind of solve that.
This is pretty fascinating.
So we're decoupling the ownership of Bitcoin from the blockchain record itself,
from the public, private key.
public private key relationship to that bitcoin yeah so the way to think of state chains is like
virtual open dimes yeah i mean open dimes essentially just private keys and that's what they are so
when people use the wallet they get what we call a state coin address they send their bitcoin
onto it and then now they can move around these private keys so obviously there's a lot of funky
cryptography going behind there's a lot of engineering that's happened to make that work but essentially
that's what we have.
We're moving around UXTOs.
So there's limitations there, as you can imagine,
if I have 0.75 Bitcoin on my
state coin, I can only send you 0.75.
Yeah.
We can't break that up.
Okay, so you're actually transforming Bitcoin
back into a charmian cash-like system.
Is that right?
With bills?
Yeah.
With specific denominations.
So this is Bitcoin.
Funny enough, people ask us,
why did we build this in the first place?
It wasn't with privacy in mind.
I've told, you know, I was working with a few institutions
that were looking at discrete log contracts,
which, you know, there's something nice about those
because it's kind of like a trustless way to get into a contract,
like a kind of a financial bet.
But one of the issues with discrete log contracts is they're very capital inefficient.
If me and you were to bet on the Bitcoin price next week,
we both have to have our funds locked in until next week.
with state chains you in theory could novate your contract or your side of the bet so that's when
we started kind of looking deep into state chains and then you know it's like one of this it's like
you go down the rabbit hole you think oh this is pretty cool tech and we were at the time you know
I think at the time the coin swap paper came out or I think somebody did some noise about coin swap we
thought well maybe this is a better way of doing privacy or a different way of doing privacy and that's how
it kind of happened so
I like the open dime analogy because I love open dimes. I'm like one of the world's biggest
consumers of open dimes, I think. That's an exaggeration, but I do love them. I gave one to Lex Friedman
on his podcast. He seemed to like it. They're really great for gifts because the whole point is.
Yeah. I mean, they're good for gifts if the recipient of your gift is incredibly paranoid and doesn't
trust you the gift giver which is like kind of like well if they don't trust you and you're giving
someone a present like you've probably kind of a weird relationship with them in the first place
because I guess you could always just give someone a paper wallet and you know they trust that you
haven't retained the the private key but yeah so for those who aren't aware open dimes are a physical
bearer instrument. You put some Bitcoin, you load it on, and you can obviously transfer the USB
stick any number of times in Meetspace in the analog world. And they can only be redeemed once,
and you have to kind of like break it to get the bitcoins out. And so what you're saying is
your state chain system is similar to this. You load up some Bitcoin into state chains, and then you
can transfer that claim on that Bitcoin an arbitrary number of times off chain and then ultimately
you know you can redeem it on chain is that right yeah I mean there are limitations there so
we use something I mean you can't send it an unlimited amount of times we have this kind of
lock time where we decrement so at some point because we wanted to make this non-custodial
So, you know, when you do a trend, when you do have this, when you create this state coin, you have like a backout transaction.
So if anything was to happen to the server, you would still be able to broadcast your transaction back onto the Bitcoin blockchain.
So that's where we say, you know, I don't want to get into that if I'll be truly non-custodial.
But we're definitely not censorship resistance.
If we were to be shut down, you couldn't move those state coins anymore.
But if we were to be shut down, you'd be able to pull them out.
with a backup transaction.
But every time a backup transaction is generated,
we kind of like call this incrementing lock time.
We basically, there's a period where that backout transaction can work, say six months,
that kind of gets decremented each time.
And that's to save us.
This is to protect like previous owners being able to steal your funds.
Yeah, there's a period of time where previous owner couldn't take your funds.
And then after a certain period of time, a previous owner could, in theory,
seize your funds, but you could stop that with a kind of like a watchtower,
approach similar to lightning.
But we don't think that's a great UI experience.
So we're basically going to suggest that people work within this period of time.
And then once that period of time, there's exercise you either go back to the Bitcoin network
to basically or you pull out and don't rely on watches.
So it's not unlimited.
And the anonymity set is everybody that has contributed coins,
to the state chain
for that duration
Yeah, so we
I mean people can
create state chains
can create state coins
of the any domination
they prefer
We would obviously have a coin swap protocol
Which suggests
0.1 Bitcoin 1 Bitcoin
0.001 Bitcoin
similar to what you see of coin joins
And they
You know we would coordinate people
To meet other people willing to swap
And then there would be some sort of
kind of mixing process and that's blinded so you would would would you want people to do a coin
join on the way into a state chain is that the idea um there's no reason why they could but they
they could if they we don't force them into it we expect most people just to come in a naked bitcoin
or a naked uxto and then basically do a few swaps and then pull out and how do you guarantee you know
the transmission of the UTXO or private key, you know, without obviously doing an on-change
transaction. How does that actually mechanically work?
So when you create a state coin address where we use something called two-party ECDSA,
which essentially we have a key share and yourself would have a key share. So it's basically,
are you familiar with MPC? It's using kind of MPC type protocol. So essentially there's two keys for this
one key itself. And you as the owner of your state coin, you need to cooperate with us to move that
key. And on the back end, we do have a key server that's kind of doing that for us. So it's approving
the transaction. And it's every time you move around, we generate a new key share. And you kind of
have to trust us to delete the keys. So, you know, there is an element of trust there with us.
we are using Intel SGX to prove we've deleted the key.
But I would like to say that, you know, it's not a core part of our protocol.
It's kind of like a nice to have to show that we're behaving honestly.
Because even if we didn't delete the keys, in theory, a previous owner could cooperate with us.
So we use Intel SGX to prove that we actually did delete the key.
That makes sense.
So there's definitely some key trust assumptions that you've laid out.
a few of them. There's some key trust assumptions in this process. Do you, and I feel that you're
being pretty transparent about them. Do you feel that users will, you know, find this compelling
given, you know, the existence of some of these, these sort of trust caveats?
Potentially, because I think initial users probably won't use it that much to move around
UXTOs, they're probably going to come in, do a few swaps and then come out.
So those key issues, and pun intended, aren't really an issue for the short-term user
because, you know, they're kind of protected in that sense.
Long-term, potentially, but then again, we are publishing our data.
We are using a secure enclave and then DELSJX to prove we've deleted.
And even so, we can never steal the funds.
We could potentially cooperate with a previous user.
that everyone would know that that would have happened because of the way the protocol works.
So we'd essentially have to shut down.
Well, we'd essentially be shut down at that point.
Is there an element of you as in Commerce Block, you know, the maintainer or the coordinator in this system?
Is there an element of a data honeypot?
Like, do you have data on users that a third party would try and acquire?
No.
We publish everything everywhere.
and it's open. So they would have that data anyway.
And we obviously we expect users to come in by a tour, but there's nothing that is not public anyway.
It's kind of designed that way.
So do you see this is basically a competitor and a different approach to, you know, the wasabi
samurai of the world or kind of a completely new system that, you know, the dominant usage initially
will be for privacy?
I think it's another layer two solution,
whereas privacy will be one of its features.
You could argue and say that liquid from Boxstream is that.
I mean, they certainly support confidential transactions.
I don't think many people use it from that,
but that's more do I see it?
I mean, I think I mentioned it to you previously.
People are talking about, you know,
commingling state chains with lightning channels as well,
because these are essentially private keys that we're sending around.
There's nothing to say.
suggest these private keys wouldn't be lightning channels.
So, I mean, this could be an early implementation of channel factories, for example,
which was kind of proposed.
But no, I see it as a layer two solution.
It's, yeah, it has some tradeoffs.
It's not censorship resistance.
But it is non-custodial in our view.
And it kind of maybe fits in between lightning and Bitcoin in that sense.
So maybe it's a layer 1.5 or something.
Yeah, because there's an obvious scalability point to be made here.
you know, what you're enabling is the off-chain transfer of ownership of Bitcoins effectively.
And, you know, that's a clear scalability when, I mean, I guess it's not an unlimited scalability gain,
but it's really material, and especially as it pertains to lightning, where you've got all these loop-in
and rebalancing transactions that you have to do.
I think it pairs nicely with lightning
because the more on-chain transactions
you have to do with lightning,
the kind of like more inefficient it gets
and the more the fee burden
starts to reduce the usefulness of the system.
So it seems to pair well with it.
Yeah, and that's certainly,
when we've had very high level,
back of the,
I wouldn't say whiteboard sessions
because we work remote with COVID,
but we've had some very high-level thoughts
about how it could integrate with lightning.
On paper it looks easy, but then you can imagine moving a lightning channel around preserving all the backup states of the lightning channel.
It is messy, but I think it's where we're going to need to post going line.
So what is your kind of zooming out a little bit?
What are your thoughts on the state of scalability for Bitcoin?
I mean, obviously, we talked about a whole bunch of different solutions and approaches here today.
I mean, how optimistic do you feel about it?
Do you feeling good about the Bitcoin kind of scalability prospects?
Well, I think the market is saying, yes, we're clearly in the ball run,
and the transaction fees are still somewhat manageable.
And, you know, lightning's been slow to develop, but it's definitely picking up steam.
And I think that, you know, I think as transaction fees go higher,
things like liquid would probably see more attention.
So will lightning, you know, I think we're, we hopefully want to be part of that as well.
So I think it's positive.
I mean, let's be honest, a lot of people are going to have Bitcoin and probably keep it on a somewhat centralized platform.
So for the non-custodial people, I think that there are options now, which there probably wasn't a few years ago.
So what's the timeline for the state chain's rollout?
Where are you in the process?
Yes, I said we're in test.
I mean, we're kind of, I'd say we're code complete, but, you know, lots of UI bugs still.
we're hoping to have a soft launch
to show at a Bitcoin Miami
we have someone there that's
going to present it hopefully at Bitcoin
a bit desk not myself
no one from
you know it's still hard to travel but we'll have someone
in Miami that we present it and
we hope to have some sort of soft launch to kind of show it
but you know the wallet works
you can play with it it's
a bit buggy but it's there the concepts
of working which is you know kind of
exciting for us it's been a long journey
but you know everything was
built from the ground up. This is what was kind of very interesting about this.
It's not known built state chain before. So it was new. So it's been quite exciting.
Yeah, it is very exciting to track. Obviously, I've been following your work for a long time,
including Mainstay. Nick, thanks so much for coming on. I'm very much looking forward to seeing
the launch of state chains. Thanks for having us.
