Andreas Antonopoulos: Immutability and Proof-of-Work - the planetary scale digital monument. [FULL TRANSCRIPT]
This was incredibly time intensive to transcribe. However, I felt this would be helpful for historical/reference purposes. Also, might be helpful for those who are hearing impaired, as the Youtube closed captioning is not very good. Enjoy.
Good evening everyone. Thank you for coming. Welcome.
It's really a pleasure to be back here at plug-and-play Silicon Valley. I believe this is my fourth or fifth presentation for this particular meetup, which keeps getting bigger and bigger every time.
Every time I come, more members. How many of you RSVP'd for this meetup? Ok, a few people just showed up. I have some good news and some bad news.
The good news is if you just showed up, you're welcome, stay. The bad news is that I drew names from the RSVP list, to give out ten copies of my new book "The Internet of Money". I'm going to have to ask for that one back.
Oh you brought it?! Ok. I thought it was from my stack.
** laughter **
Refunds and returns. So at the end of the show, I'll give out 10 copies. If you're not particularly interested or you already have a copy, just let me know and I'll just call the next name in the lot. If you're not here, you can't get the book so please stay until the end, even if it's very boring.
Ok so how many people here have Bitcoin? Fantastic. And how many people do not yet have Bitcoin? And the difference is the people too shy to raise their hand.
Okay great, the 4 or 5 people who raised your hands who said they do not yet have Bitcoin — remember the faces of the people who do have Bitcoin. And do not leave here tonight without getting them to give you some free Bitcoin. And if they won't, I will. The whole point of this is to help you install a wallet, receive a small amount of Bitcoin so you can do some transactions and try it out for yourselves, and it's always fun, the first time you experience a Bitcoin transaction will be memorable.
Alright. The topic of today's talk is proof-of-work and the monument of immutability. I want to talk specifically about immutability and what that means in this young era of digital currencies, what it means to have a digital system that is unchanging.
Immutability is a tricky concept. First of all because it doesn't really exist. Right? Everything changes. There is no thing in nature that is forever unchangeable — the universe itself, the vacuum, particles, everything changes, nothing is immutable.
So mutability is really more of a philosophical idea, but we use it in practical terms. So what do we mean when we say immutable in practical terms? The way I like to think of it is, if you have a scale of something that's very easy to change – all the way to the hardest thing you can possibly find to change – the most unchangeable thing, the thing that is most difficult to change. Immutability is that side of the scale.
Right, so for practical purposes we'll define the immutability in any sense to be the maximum of that scale, of how hard it is to change something. And on January 3rd 2009, that scale expanded significantly and a new maximum was defined. A new maximum in terms of what it means to be immutable for a digital system.
Nothing is as immutable as Bitcoin. So, Bitcoin defines the end of that scale at the moment. And so it redefines the term immutable. Now that has some interesting implications, including that you can't call the things to the left of that immutable. You can't call them immutable-ish. You can't call them kinda immutable. Right? Immutable-ish is like pregnant-ish.
It only makes sense as the maximum value. Not the maximum minus one. So immutable, once it's redefined, the things below it can't be called immutable anymore.
And so why is Bitcoin immutable? What gives Bitcoin blockchain the characteristics of immutability? What is it that makes it unchangeable? And the first answer that most people go for is the blockchain. The blockchain makes Bitcoin immutable because every block depends on its predecessor creating an unbreakable chain back to the Genesis block and therefore if you change something it would be noticed, therefore it's unchangeable.
And that is the wrong answer. Because it's not really the blockchain that gives Bitcoin its immutability, and that's a really important nuance to understand.
The block chain makes sure that you can't change something without anyone noticing, and in security we call that tamper evident. Meaning that if you change it, it is evident. You can not tamper it, without evidence of your tampering. Tamper evident.
But there's a higher standard security, what we call tamper-proof. And tamper-proof is something that cannot be tampered with. Not just fully visible if it's tampered with, but cannot be tempered with, immutable. And the characteristic that give Bitcoin it's tamperproof capability is not the blockchain. It's proof-of-work.
Proof-of-work is what makes Bitcoin fundamentally immutable and that is a really important concept to understand because a lot of people throwing around words like blockchain and claiming that these things are immutable, even though they don't have a proof-of-work consensus algorithm or any kind of consensus algorithm that gives them immutability.
At best, they offer tamper evidence. Meaning someone will notice, but they are not unchangeable. This distinction is going to become historically important.
Now you may think — historically important, that's a pretty heavy term. Why is it going to become historically important?
Because if Bitcoin continues to work the way it's working today, we are introducing a new concept, which is a form of digital history that is forever.
And if that history last 10 years, that's impressive. If it lasts a hundred, that's astonishing. If it lasts a thousand years, it becomes an enduring monument of immutability, an edifice of immutability, a system of forever history. Unshakable history.
And that is truly a monument of our civilization. And we have to consider the possibility that will happen.
I use the word monument and I want to expand a tiny bit on that and talk about proof-of-work. Proof-of-work was not invented by Satoshi Nakamoto. You can see evidence of proof-of-work systems throughout human civilization. There is some big pointy proof-of-work in Cairo, the pyramids.
There is some big stone proof-of-work in Paris, the Cathedral of Notre Dame. In fact, proof-of-work is something that our civilization does quite often.
Let's think about that for a second, the pyramids serve two purposes — the minor purpose is as a religious artifact, and tomb for the king, but even more interesting purpose is a declaration to every civilization and every human that sees it — behold, this is the measure of the Egyptian civilization.
This is what we can build, this is proof of work, you cannot build this on the cheap. You cannot build this in a civilization that doesn't have abundance resources. You cannot build this unless you can feed 20,000 people to not do anything but this.
You cannot build this unless you can guard it with soldiers. You cannot build this unless you commit resources for decades or centuries. This cannot be built cheap, and the pyramid stand today as a testimate of proof-of-work for the Egyptian civilization.
And anyone, without even understanding what this thing is, riding up in the desert on a camel, going over that hill and seeing a stone monument that's a few hundred feet in the air — looks at that goes — wow!
And wow is an expression of believing the proof of work. Right? Because they immediately and intuitively understands something great built that, and there is no cheap way to do it.
The Cathedral of Notre Dame is the same thing. Marshalling thousands of stonemasons over hundreds of years to build a monument, to the church, a monument of religion. That made people stand in such awe, that they could only even give it divine origin, they could but believe only a religious order to do something like that.
It says behold the church, what we can do. That kind of open expenditure of resources to make a point, is proof-of-work. And we see this again and again in civilization.
But until now we've only seen it in local environments for a specific country, organization, or civilization.
Bitcoin is the first planetary scale, digital monuments of proof-of-work. And to those come later, we will be able to say behold this monument of immutability built over decades. Marvel at its function as well as its elegance.
Because it has function unlike the pyramids and the cathedrals, it serves a purpose, a practical purpose. And that practical purpose is to become a record of history, forever. To become the definitive and authoritative source that cannot be modified. The record of truth that can not lie.
And once a transaction is embedded into the blockchain, the Bitcoin blockchain, and secured by proof-of-work, it becomes incredibly difficult to change.
This is a thing that most people don't understand. So let's break it down a tiny bit, and look at some of the technicals behind it.
But Andreas, what if 51-percent of the miners decide to change it? What if there's a consensus attack? What if well-funded government invests heavily in hashing equipment, in order to go back and change the blockchain?
So one of the interesting things you have to understand is, the difference between changing the past and changing the future.
The consensus algorithm as is it is, determines the future of the blockchain. If you have a majority of the hashing power on the Bitcoin blockchain you can decide what gets recorded in the future.
But you can't so easily change the past. And the reason you can't change the past, is because every node out there is going to still validate every block and is going to demand proof of work. That block still has to carry proof of work and there is only one way that proof of work can be generated — you have to commit energy resources to a particular block.
When you read all these articles in the media and they say about how wasteful Bitcoin is, because Bitcoin is created by burning energy.
They are completely missing the point. Mining doesn't work to create Bitcoin. That is not the purpose of mining. Mining is not used to create Bitcoin. That is the side effect.
And the way I can prove to you it's a side effect is that one day there will be no Bitcoin. No new Bitcoin. Guess what?
There will still be mining, even after the last satoshi is mined, mining continues, it must continue. Because its purpose is not to create Bitcoin. Its purpose is to provide security. Its purpose is to provide validation of all of the transactions and blocks according to the consensus rules. That is the purpose of mining.
And generating Bitcoin is the side effect that serves as the mechanism of reward that creates game theory incentives to make sure that the validation is done right.
Once you understand that and you realize what we're paying for is security, it changes the perspective slightly. But it's much deeper than that, you see, a lot of different consensus algorithms have been proposed. Proof-of-stake is one of them, and many of these algorithms use the native asset to stake into the mining algorithm, into the consensus algorithm.
Meaning, I'm going to commit X amount of my currency in validating the next block, and if I fail to validate it correctly i lose that currency. Right? But if I validated correctly I gained a small feat. And here's the news, proof-of-work is also proof-of-stake, but proof-of-stake is not also proof-of-work. Let me explain that to you for a second because this is a really important point.
When miners commit to a specific block, they're creating a candidate block, they're stuffing in all of your transactions into that block after carefully validating them and then they take that block and they commit to it. By hashing against it, by doing the proof-of-work mining algorithm.
Essentially what they're doing is they're saying I'm going to stake a thousand dollars worth of electricity, or ten thousands of dollars worth of electricity behind the security work I have done. And if I haven't done it right, I lose my electricity stake.
So proof-of-work is proof-of-stake, because what you're staking is the energy investment committed behind the specific block that you're saying I have validated correctly, and to prove that I have validated correctly, I am staking an enormous amount of electricity behind that. Electricity that costs money.
But it's different from proof-of-stake algorithms in other currencies, other digital currencies. And the reason is, is what you're staking is not a native asset, is not something that is intrinsic to the chain, who's value and future is determined by the chain. What you're staking is something extrinsic to the system. You're staking energy, you're staking something that has universal value on this planet.
The value of the currency tomorrow maybe nothing, in which case the value of the stake you made is nothing. But the value of the electricity today, tomorrow, and into the foreseeable future is something. And that means that when you're staking electricity, you're staking something that has value throughout our planet.
Proof-of-work is a lot deeper than we initially realize.
Audience Member: I have a question here.
Let's take questions at the end.
So what if the miners decide to do a 51-percent attack to rewrite the past? Instead of starting from the current block and changing the rules into the future, they can start from a previous block and mine forward. And if they have 51-percent of the hashing power, they will eventually reach the current block, in the minority chain, and exceeded it. They will win the race, eventually.
So then the question is – how long do they have to sustain it?
Let's take a simple scenario. Let's say we want to go back and change history three weeks ago. Three weeks doesn't seem like a long time in Bitcoin. It's an eternity. Everyday, 500 megawatts of electricity are used continuously to feed the mining process.
It's just a ballpark figure, it might be more, it might be less right now. Just use that as a ballpark figure. 500 megawatts in 24 hours is 12 gigawatts of electricity. 1200 gigawatt hours of electricity, expended, per day.
12 gigawatt hours of electricity over 30 days, is 360 gigawatt hours of electricity. Over 12 months that’s 3.6 terawatt hours of electricity, in a year. 3.6 terawatt hours of electricity is a lot of electricity. But it's only a lot of electricity if you take it all at once. If you take it on a daily basis, on the 500 megawatt basis, running forward, it's enough to keep the Bitcoin network secure.
But here's the thing — if you try to go change Bitcoin, it starts adding up pretty fast. You go back three weeks, with 51-percent of the hashing power, how long will it take to re-mine the blocks of the last three weeks? Anyone?
Audience Member: Six weeks.
Six weeks. Yeah? Not quite.
Some interesting things happen inbetween, the first week of blocks will take you two weeks to mine, and then at two weeks you're going to have a difficulty change which is going to drop your difficulty, and then it's going to take another two weeks to mine the next two weeks of blocks. So you're going to end up approximately at four weeks total, to mine three weeks worth of blocks.
Here's the problem. The other side didn't stop mining. Right? At forty-nine percent, how long does it take them to mine? So by the time you get to where you were when you stopped mining the majority chain, and you try to rewrite history... they've also mined at least two weeks ahead. If they got the difficulty change too, they've mined even further.
So now you have to mine a bit more, to overtake them. Meanwhile, the miners who are doing this exercise are earning nothing. Presumably, they're part of the same hashing power that mined the first time around. Presumably they already had 51 percent of the power when they were mining the first time around, and now that they're trying to re-mine the last three weeks of blocks... well they've already banked the rewards. But they've banked them on the other chain.
Which they're making invalid. So now they're going to get rewards on the new chain, but only if they give up the rewards they banked on the other chain. Which means effectively they're going to spend three to four weeks, at 500 megawatts mining for free.
Meanwhile what happens in the other chain? On the minority chain? Your 49-percent minor, and you're now mining a minority chain. It's going to be hard. First two weeks is going to be slow, you're going to be doing blocks every 20 minutes. But, your share of the mining capacity just doubled, which means your profitability just doubled. So you're getting more reward, for the same amount of mining. And if that chain still has value, you're making quite a bit of money.
Because you now have a bigger market share. In fact, the more people abandon the chain, the more profitable it is for the minority. And all you have to do is peel off two percent. All you have to do is persuade two percent, of the people who are mining for nothing, to come mine on the chain where we're mining for double rewards.
How hard is that going to be? Which means that actually sustaining a 51-percent attack, for four weeks, is brutally hard. Now of course that means you probably only do it if you had 75%, 80%. Ethereum's starting with 90, at some point they went as low as 70% on the majority chain, when they did their fork. That's a pretty big drop.
So you have these economic incentives that make it very difficult. Now please notice, I've been talking about three weeks. Bitcoin is seven years old. What if you wanted to change a transaction that was last year, or a year and a half ago? Well, now the math is really against you — because it's going to take you almost a year to overtake that chain. During which time you have to sustain that attack and not lose anyone from your group. Otherwise, you never overtake it, and then you make even less money.
So now you've mined it twice, and got a zero reward on both times. Right? And this is the point that we really need to understand about blockchains — there is something inherently interesting, about the fact that you can show someone a number, and they can calculate from that number, how many joules of electricity you consumed to create that number. And it is absolutely unforgeable. That number is in itself proof that you have done the work.
That is an incredible artifact for a digital system. The fact that by presenting a number, to a system that has never seen the history of the blockchain, that may have joined later, that maybe seeing a false history of the blockchain, but you show it a block that has proof in it, and you show that node that number and
they know it's real.
And they know it took that much work to produce that number. There is no way to fake it. For additional system, that's as close to real as it gets. This is a monument of immutability, built block-by-block, and these blocks about towering into the sky. 420,000 of them containing a cumulative amount of work that is absolutely gobsmacking.
And it cannot be changed or forged without... not only the other person knowing it has been changed, but without you actually expending the energy all over again. There is no shortcut. And that is the difference between tamper evident and tamper proof.
You could disconnect from the blockchain today, not look at it for three years, come back three years later... I can present you a single number and say do you believe this is the actual block from the block chain?
And you would be able to say with complete confidence — yes. The amount of work evidenced by this block, could not have been produced any other way than, if during the entire time I was gone, you were expending energy at the predicted rate, and you came up with this artifact. I only need to see the pinnacle to know that it's a real blockchain.
Only the last block, one number, and I know how much work has gone into it cumulatively. Because it tends to have ever increasing work. The longest difficulty chain wins. Bitcoin is not just simply in a system of accounting; it is the first digital artifact that provides forever history. That provides true digital immutability. There is no other system that provides digital immutability of that level.
It is a planetary scale, thermodynamically guaranteed, self-evident system of immutability.
Planetary scale, because in order to do it, you need to marshal resources that all the exist in a planetary scale effort.
Thermodynamically guaranteed, because you can calculate the exact amount of energy it took to create it, and there is no shortcut. Information theory tells us that to flip that many bits takes this many joules, and there is no way to do it otherwise.
Self-evident because the number that is produced as proof-of-work tells you exactly how much work has been done cumulatively. And it really is a monument. Now, then the interesting question arises – can we really afford this?
Is this a waste of energy? There is no thing on the planet that produces a digital record that is self-evidently immutable at this scale. Nothing. It is the only platform on which you can embed data, that will be guaranteed a immutable within a few blocks. Thousand blocks after you put data in, there is no going back. That data is not going to change.
Ok maybe if you put it in, and it's only three blocks old, maybe you can change. Six blocks old... eeeeeh. 144... I dunno. This is getting tough. And that's a day. A week old... done. Done. It's part of permanent history.
Our ancestors said "this is as good as written in stone". Our grandchildren will say "It is as good as written on the blockchain". Because it is the new standard of immutability and it is globally accessible.
Any application can leverage that capability. Other currencies, other chains, smart contracts. They can all check point against the Bitcoin blockchain. And as long as we continue to build the monument, their little inscription, like a piece of graffiti etched into the base stones of the pyramids – will be there. Potentially for centuries, and they can import immutability for the low low price of a transaction fee.
That if you consider it, immutability as a service is an astonishing application. It has enormous implications for software, it has enormous implications for the internet things, for information security, for other systems of currency, for systems of record... title, registration, birth records.
History can be written on the blockchain for the little price of a transaction fee, and it may well be there for a very long time. But as long as it is there, it cannot be changed and everyone can validate it. That is not a waste of electricity. That is the first practical application of digital immutability and it is expensive, but it's expensive because it's giving us something on a planetary scale. And we only need one, really, and it's probably too expensive to build two.
And that just means that the network effect is even more awesome. Because we already have one and it's doing quite well. That one can support all of the other applications. The other applications can do much more lightweight proof-of-stake. But if they really want immutability, not tamper evident... tamper proof. They need to subscribe to a service on the Bitcoin blockchain.
They need to record their data on the Bitcoin blockchain. If you're a banking consortium, and you are signing transactions in a distributed ledger technology by taking turns, what is the cost of fabricating the past? What is the cost of rewriting history? Of saying WikiLeaks never received any of your funds? Any of your donations? We reversed all of those transactions. What is the cost of that? Thermodynamically? Nothing.
In on-chain money? Doesn't matter. We created the on-chain money, we can create more of it. As long as there is no proof-of-work behind it, the cost of re-writing a ledger like that is zero.
And if you can, you will. And if you can, you'll be coerced to. And if you can, when you get a subpoena, you must. And so these blockchains are not immutable. These block chains are mutable as hell. They're fickle blockchains.
To go to the other side of the scale... they're transient, they're meaningless. They have no weight of history behind them. They are whatever the last signer says they are. They have no weight. This year, we're at war with Oceania. Next year, we will always have been at war with East Asia. History is written by the victors. Not the Bitcoin blockchain.
We don't do 1984 on the Bitcoin blockchain. History is written by the expenditure of real-world energy and there is no cheap way to forge that history.
Audience Member: Suppose...
One Second. Fun First
** Hands out books to audience members **
Alright for this book giveaway, I would like to thank Scott Robinson of Plug and Play. He's the organizer of this meeting. He made all of this possible and he also sponsored my expenses to come here, and i ended up not using as much of the money for the expenses and so I use the remainder of his sponsorship money to bring these ten books today, so please thank Scott Robinson he couldn't be here today.
Alright, now let's take Q and A.
You have a question.
Audience Member: Yes, so suppose solar technology advances very well, we're able to capture a lot of the suns energy with very high efficiency. Imagine the cost becomes zero. Then would the proof of work, work in that case.
That's a good question. Suppose that solar energy advances with it's efficiency and we can capture a lot of solar energy – would that make proof-of-work unworkable? Because the marginal cost of the solar energy is zero.
Well yes and no. Mostly no. Even if you have really efficient solar energy, you have to consider three factors in that.
The first one, is that you pay for the solar panels. So you have capital costs right?
The second is you pay for the mining equipment and so you have more capital costs right?
Audience Member: Competition depends on indecipherable cost... what if I apply more capital?
Yes, but at the same time you're competing against people who are going to apply more and more capital. But the third one, and the most important one – is that presumes you have, basically no opportunity cost.
Meaning that there is no other use of the energy could go to other than mining. Meaning that you've either you so far exceeded the demand for electricity that you have all of this excess capacity...
The problem is at that point we've solved the energy problem of the world. And at that point, if proof-of-work is the one thing that doesn't work, you've gone to a Star Trek universe where money doesn't exist. Right?
** laughter **
If you solve the fundamental issue of energy scarcity on this planet. Um, completely solve it for the marginal cost to go to zero, you have to have zero opportunity costs.
Which means that you can generate abundant energy anywhere, anytime, and always have excess capacity… uh you, you've solved much bigger problems. I hope we get there.
Ummm, then we need someone as brilliant as Satoshi Nakamoto to come up with a new proof-of-work algorithm. Umm, I would suggest sudoku.
** laughter **
It works. So sudoku, is a asymmetrical algorithm. Meaning that if you make the sudoku puzzle bigger it can still be verified relatively quickly as to whether it's correct. If you make it billions and billions and billions of times bigger.. umm, then it gets really really hard, and you could make it to so that you only have to do it on paper with pencil with human beings.
** laughter **
So that would be a.. well literally proof-of-work algorithm just like the slaves of Egypt who built the pyramids. Solve sudoku harder!
** pretends to crack whip **
** laughter **
Ok, enough of that.
Audience Member: Another problem with what you're saying is that the other parties who have the same technology..
Well it equalizes everybody so then it's about access to miners, access to internet, capacity access, access to storage to put the blockchain on, there's still costs.
Audience Member: And secondly you're still limited by the amount of radiation you’ll receive which is 2000 watts per square meter which is the maximum energy you can get ... You’re limited by 2000 watts per square meter which is the maximum energy you can get on.. the surface!
Which means.. MINING… IN.. SPACE!
** laughter **
Actually that's not a joke. There are many reasons why mining in space could become a very interesting possibility. Solar panels, no atmosphere, no obscuring anything. Yeah. All right.
Audience Member: So you said that, um, proof-of-work is not a waste. Um. Because it's so secure, and that's the only blockchain that gives that, but if proof-of-stake is let's say not as secure, but nearly as secure, secure enough, is that not far superior? And is that the case, like I mean Ethereum says they will move to proof-of-stake in the future. I wonder whether they have yet. I don't know if it exists a proof-of-stake system that really works.. umm..
Ok, so, so let me paraphrase a bit. So if I say proof-of-work is not a waste, what if proof-of-stake achieves a fair approximation of the level of security without that cost. Would it not then eclipse proof-of-work?
And the difference, and I think that's what I was trying to emphasize today is that you can use it to make sure that the security of the transactions going forward is correct.
But proof-of-stake cannot give you robust immutability. And the reason it cannot give you robust immutability is because what you are staking is the currency that's on the network, and if you have control over the network, right?
You can issue more of that, you can do many things to violate the loss that you suffered. Whereas, if you burnt electricity outside the network you can't get that back by rewriting the blockchain.
Audience Member: But is that not a similar cost? Proof-of-stake I have to have, let's say, 51 percent of the market capitalization. So that's pretty much, I have to buy up most of the coins and then if I really take the system, the market capitilization goes to zero. I lose all of that money. Umm, for Bitcoin if I were to invest so much capital and so much energy that I can, umm, I could probably stop the network and then destroy the market capitalization as well with 51-percent. I could not change back time, but I could...
You can change the future but not the past. Not effectively. You could do denial of service. Yes, both systems are susceptible to denial of service, if you get a majority of the consensus, mechanism.
I would argue that getting a majority of the capital is a lot easier than getting a majority of the manufacturing facility and sources of electricity that are widely distributed and controlling those, um, than getting a majority of the capital.
In fact, theoretically you might find, I don't know, just to say a random thing.. a bug in a smart contract, and steal.. just to say a random number, 14 percent of all of the currency in circulation and if you had a proof-of-stake system, ehh, you're 46 percent from your goal.
Sorry, 36 percent from your goal. So that's the problem, the problem of using something that is intrinsically native to the blockchain is that I cannot simply steal the mining equipment that is out there, right?
It's tangible. So, and I can't simply access these enormous amounts of energy overnight. These take a long time to marshal these energy contracts. Which makes it more robust to that kind of interference. How much more? Is that security differential worth it?
I don't know. I don't know if that is enough. I think it is, I think this is a unique platform with a unique set of application characteristics and immutability is a service that is not only worth spending that amount of electricity, but which will create a monument to immutability. Now – that means that proof-of-stake is also good. And they can both coexist in the market where they compete for resources for slightly different applications.
There will be applications that require robust historical immutability guaranteed by the thermodynamic cost. And there will be applications that don't need that, and those applications may not need a proof-of-work algorithm. I think there are plenty of applications that do need that.
And now that we have that, we're going to invent a lot more applications that need that. That we didn't know about before and I think that's where it gets really interesting.
What can you do when you have an immutable historical record that you couldn't do before, haven't thought of doing before, that you can now.
Audience Member: Can the immutability be transferred to proof of payment?
The immutability can really be transferred to any external system because any system can simply encode, a digital fingerprint and embedded it in the blockchain by paying the fee. There's a function for it called OP return that simply creates a digital fingerprint and time stamps it in the blockchain.
So that means other things can anchor themselves, and checkpoint themselves at different blocks, leaving little trails behind and you can say — at that time, this was the fingerprint that was embedded and that is guaranteed because it can't change.
Audience Member: So proof of payment has become part of the blockchain?
Proof of payment could be part of another block chain.
I'm not sure what you mean by proof of payment exactly. Is this another consensus algorithm? Or is this proof that you paid the transaction fee?
Audience Member: Proof that I paid the transaction fee.
That's part of the consensus algorithm, if your thing got mined then you paid a sufficient transaction fee. Which may have been zero at the time, but most likely wasn't.
So you still have to follow the rules to get into the line, that puts you on the blockchain. You have to create properly formed transactions, pay a sufficient fee, and validate properly, propagate those across the network and then you have a good chance of getting into the block.
Audience Member: What do you think of proof of capacity? Like in Burstcoin.
Proof of capacity is interesting, and I think there's a couple of interesting, um, different approaches to this – I'm not familiar with Burstcoin. I know there are some things that are for example, disk intensive. So that, for example, you have to… proof of storage I guess you might call it.
There's various forms of proof of resource that use different tangible resources. So, memory footprint. You can create a consensus algorithm that, in order to validate and to prove – you have to produce randomly selected data elements from an enormous data corpus.
Which maybe terabytes in size and the only way to have that is either to store that enormous corpus or to buy the specific data elements from someone who does store that data corpus. Um, you could do things with bandwidth and other resources perhaps. I'm interested in seeing all of those.
Audience Member: There's proof-of-work initially to create the size capacity...
And most of those are hybrid proof-of-work systems.
Audience Member: Yah, because you have to fill the disks, with proof-of-work. And then you use the data.
Yes, so in many cases these algorithms are hybrid algorithms and we're going to see a lot more come out.
Audience Member: If the Bitcoin blockchain was up against, hypothetically a well funded, say government or like some consortium who's objective wasn't necessary to get, like, to get benefit.. financial benefit from it, but actually inhibit its existence or for whatever, would that be a concern?
I would argue that is already happening. I mean, you know, little old Bitcoin is currently poking the hundred trillion dollar banking industry going "hey". But we want that. So, yes, well funded opponents – the best-funded opponents we have. laughs
The greatest. Um, so if they used some kind of internal consensus attack to attack Bitcoin, and to thwart its ability to develop new blocks, essentially a denial of service attack. That would be a very interesting scenario.
First of all, it would be noticed, pretty quickly. And secondly, it would immediately lead to creating countermeasures. Um, and when a something attacks you and you develop countermeasures – that's a form of immunity. And through immunity, you have a form of evolution which means Bitcoin will evolve resistance to that kind of attack.
And then it will get attacked again, and we'll evolve resistance to that kind of attack, and it is being attacked today. And it is evolving resistance. Not to those kinds of attacks yet. But when they come, it will evolve resistance to those too.
Why? Because it is a massively decentralized system with a lot of independent actors who are guiding its evolution towards protecting the system against these kinds of attacks. So it's going to evolve much faster than a biological system. And it's going to evolve immunity – meaning, that what the well funded opponent is actually doing, is training Bitcoin on how to win.
Right? They're inoculating it against those attacks, and whatever doesn't kill it only makes it stronger.
So that's not the way you want to go after a decentralized system. Um, I don't know that there are any good ways to go after a decentralized system.
But I know that, that one will backfire badly.
Audience Member: Yeah. Thank you for coming Andreas. I like when you're talking about, like, the other four billion and I have a question about the exchanges. In your opinion what is the best practice to people's exchanges in modern world, and uh, I mean personally I love Bitcoin but I'm not comfortable with this central bank of Bitcoins that we call exchanges.
Yeah. Um, so this question is about, uh, supporting the other four billion or the other six billion – depending on how you count. Um, and what is the issue is – exchanges are very centralized, they're custodial, which means they hold Bitcoin for people. And that represents a significant risk for Bitcoin users, not Bitcoin itself. But certainly Bitcoin users who can lose their money.
Um, we don't have too many perfect solutions right now. There are a few small-scale decentralized systems – um, Bitsquare for example is one. It's still in beta, it's still very small scale.
There are some more decentralized systems – Local Bitcoins, right? Which allow you to do person-to-person cash transactions, and the one thing that cash has that's similar to Bitcoin is that it can be verified upon presentation.
It doesn't depend on any counterparty. You hold it, you own it. Right? So exchanging cash for Bitcoin is the most secure way to get Bitcoin. But, actually the best way to get Bitcoin is not to buy it. The best way to get Bitcoin, is to earn it. By the expenditure of your labor, so dedicate your labor to Bitcoin and you achieve two goals at the same time.
One, you're earning Bitcoin from the people who can pay you in Bitcoin. And two, you have removed your labor from the machinery of the state, which was using your labor to build bombs.
That's my personal philosophy. So two birds, one stone.
** laughter **
I'm in on the good side, I'm out of the bad side.
Audience Member: Can you give us an update on the alternative currencies — two that I remember in particular that got a lot of attention, Litecoin and Ripple coin. I kind of lost track of them.
Um, an update on alternative currencies — oh, this is a mine field for me.
** laughter **
This is fantastic. Um, If I say a name – I'm a shill. If I don't say a name, I'm a Bitcoin shill. Either way I'm gonna get threatened on Twitter. Go..
Alright, um, Ripple is still out there, it's being used. I think a lot of the banking consortiums got kind of interested in it because it's a more centralized, more controlled version of Ripple. Um. So Ripple's still there.
Litecoin is still.. I dunno.. third, fourth by market capitalization. I think probably fourth now that Ethereum Classic has climbed. Um, so it's there, it's definitely there.
There's a few other interesting ones, that are doing a variety of things and I get a lot of slack when I mention them, a lot of slack when I don't mention them.
Ethereum. Um, Which is the second market capitalization system out there. Which isn't really a currency, it's a system of programmable smart contracts, that are very flexible. I'm extremely interested in that. As with Bitcoin, I don't see it as an investment. And you shouldn't play around with high risk assets like that because you will get burned. Unless you are very experienced.
There's a couple of others which are really interesting.
Dash. Again I'm not recommending for investments. Just giving you some information. Uh, Dash is a system that has a very interesting decentralized governance model, and an interesting privacy model.
Monero. Which is a descendant of the crypto node system and Monero is a very high privacy system.
And recently emerged in the space is Zero Cash. Which is a currency built on zero-knowledge proofs. To provide extremely robust cryptographically secure anonymity.
Um, and all of these kind of float around in the constellation around Bitcoin and they're all interchangeable for Bitcoin.
One of the things that's happened in the currency markets in the digital currency markets that is really interesting, I have no fiduciary involvement in this – I'm just interested as a user, is Shapeshift.
Shapeshift.io is a website that allows you to do, um, kind of instantaneous exchanges between currency pairs without even setting up an account, you just say I want to change this to this this, and it says ok whatever you send here, will get exchanged and go there.
So you setup a little pipe, and say I want to exchange, um, Bitcoin to Fedcoin. And... why not. And so, then it says ok give me your Fedcoin address, and you put in, it says give me and address for the refund of your Bitcoin if something goes wrong. You put it in, and it says ok here's a Bitcoin address, if you send Bitcoins to this we'll send the equivalent amount of Fedcoin to your address.
Quick. Easy. You can swap between two currencies.
Interestingly enough, what that means is that you can treat all of these currencies a liquid and fungible to each other. You can basically get in and out of any of them, including Bitcoin.
And go back and forth very easily, just for a single purchase. And some websites include Shapeshift, so that you can pay in any of say, a hundred different currencies.
And it will just convert it into say Bitcoin in the back, um, for your payment. So that's interesting, that's opened up a lot more possibility, makes it a lot easier for more of these alternative currencies to experiment and develop features and maybe some of them will be wildly successful.
I'm not a Bitcoin maximalist. I don't believe that Bitcoin should be the only chain, or will be the only chain that exists. I think it will probably be the dominant chain. In a powerful distribution, it will have sixty to eighty percent of the market share and then they'll be a long tail with 10,000 currencies behind it, of different uses and different values, and I like many of them.
Cue the Twitter threats.
Audience Member: *You were talking about, the incentives for the work, and I was just wondering – do you feel like when the blockchain reward goes down to zero, do you think that people will still buy in at the same level, and will the fees be the same as a Visa transaction? And then we don't have... inaudible *
So the question was, based on the incentives that exist in the network, what happens when the reward for seniorage, for generating new coins, drops to zero and the only reward is fees. Will miners keep mining and, um, will the network fees be reasonable.
First of all, just to give you some perspective, this happens gradually between now and the year 2141. By that time, people on Mars will have to decide if they want to go into mining with their solar panels. Um, so who knows?
Like, I hesitate to make predictions for Bitcoin three months out, you're asking me to make some 136 years out, so I'll try…
Um, the important thing to realize is this happens very very gradually. And it happens in an environment where the reliance on seniorage drops. While presumably the number of transactions and activity rises, which means the transaction fees rise.
And what it should do if you look at in a graph is it should do kind of a curve X, right? So fees go up, reward goes down, and fees go up not because fees are getting more expensive but because you have more and more transactions, paying more or less the same fees, or less.
So if you imagine a block today, which has 12 and a half Bitcoins in it, and let's say 1/10 of a Bitcoin in fees. So it's a hundred twenty to one ratio in favor of the seniorage fees.
Now let's construct a block in 2141 — what's the minimum reward?
One satoshi. Right?
Ok, now let's say this block has 10,000 transactions. Just pulled the number out of my head. Probably have more, but let's say 10,000 transactions.
What's the minimum fee they can pay? One satoshi. Right?
So if you just have the minimum issuance, and the minimum fees you'd have 10,000 satoshis in fees and one satoshi in seniorage. So now the ratio of seniorage to fees went from 120:1 to 1:10,000
And this didn't happen overnight. This happened over a hundred forty years, in a gradual curve. Somewhere in there, there's a crossover point. That crossover point is the day it's one to one.
Where now miners know that for the future they're going to focus more on fees. And that happens way before you get to 2141. So I'm not worried, because it's not going to be a surprise.
This is the same kind of question that happened with the halving. What will happen when the halving happens?
Well we kinda, we see this coming four years in advance. Everyone is prepared for it. This is part of living in the deterministic currency is we don't have to wait until the, Friday, spokesperson from the Federal Reserve open commitee meeting to come out and tell us what our interest rate is.
Mining doesn't stop. Will the fees be the same as Visa? If they are, we have failed. Badly.
Because quite honestly, the fees already for many transactions, most transactions, uh, they're above like five dollars… are lower than Visa.
And we're getting better at optimization. If we introducing things like lightning network, another layer to technologies, if we increase the block size and do all the other optimization and scaling things.. We can do Visa. We can do much more than Visa and we can do it cheaper.
So I don't think we're going to have any problems. There is the capacity issue for Bitcoin, will be a problem all the time, but will be a problem that we will manage in a way that is not fatal, and gradually make it better and better. So failing to scale gracefully for 25 years, that's the goal.
Audience Member: Fiat currencies have markets which reflect the time value of money, uh, interest rates, interest rate markets. How about Bitcoin and other cryptocurrencies, are you aware of interest rate type markets for Bitcoin and other currencies?
Yes. I mean there are interest rate markets for Bitcoin. You don't see them that often simply because a lot of these markets are over-the-counter, uh, but if you're in the mining industry and you're going to have a steady stream of Bitcoin, that you don't know what its value is going to be, and you have Bitcoin now. You may want to have various contracts, futures contracts to protect yourself against volatility. And out of these futures contracts, what emerges is – various forms of interest payments.
Audience Member: That would be a market in reference to some other currency and, I just mean within the Bitcoin itself. Bitcoin now... versus...
Well there are actually some investment funds that invest funds that are in Bitcoin into companies directly in Bitcoin and presumably generate returns in Bitcoin.
These investment vehicles pay some kind of rate of return, and therefor those represent interest rates. Future value of money doesn't change if you change the currency. It still exists as an economic concept. Nothing changes. What we don't have yet is the mechanism to carefully and quickly discover the correct market price for the future value of money in this economy… yet.
You'll see that mature.
I mean if you remember, in the beginning of Bitcoin we didn't have a market mechanism to discover what the price of Bitcoin was.
How much do you want for two pizzas?
I don't know. 10,000 Bitcoin each? Sure.
That was March 2010. I think.
Yes. Who else?
Audience Member: So I know you don't want to predict things in the future, but, the.. if you fast forward say 5 years or so, what do you think we're going to building on? What applications will we be building on Bitcoin as compared to something like Ethereum.
Yah, that's impossible to answer. So I can't even answer that a year out. If I fast forward five years, my voice will sound very funny, um, but other than that I can't tell you anything else.
What applications will we build on top of Bitcoin? What applications will we build on top of Ethereum?
My general attitude is this – the designers of these systems do not get to decide what niche their system will fit in. They may have an idea about where they want it to fit in but inevitably the market decides what applications are best suited for each one of these systems. And it may be very different from what the designers had in mind.
The designers of the internet were creating a network to survive a strategic nuclear attack against key routing elements in the network and to maintain connectivity of military sites. Cat videos was not part of the brief.
And yet here we are. 1,000,000,000 instantly accessible indexed cat videos with artificial intelligent software that can identify which ones are cat videos.
So – what they built it for… what it ended up being. Not exactly a match.
I predict that we will be building cat… applications on Bitcoin.
** Laughter **
Just human nature, right?
Audience Member: What do you think about where Bitcoin interfaces with the rest of the Financial Networks, specifically in the form of ETFs and things like that, right now there's one ETF out there. It was ridiculously more, it's trading at a significant premium but more ETFs aren’t coming into existence with Bitcoin.
Yes, so what's happening with the interface between Bitcoin and the traditional financial system and why are there not more ETFs, there's only one at the moment that has come into existence. I'm assuming you mean GBTC, and um, and it's trading at a significant premium and what happens, why haven't there been more?
Well, it's because Bitcoin is sufficiently alien. That it can't be swallowed by the traditional financial system. They really have no idea how to handle it. It doesn't conform to any of the expectations.
The entire financial system is an edifice of counteracting controls, counterparties, risk management layers, and checks and balances – all of which assume custody and oversight and control. Of which Bitcoin expresses none, so how do you take something that is this alien and put it in this type of environment.
This is exactly like asking… it's the early nineteen hundreds and the automobile is out – why are not more pony express routes being replaced by automobiles? There's no roads, and they've built a series of stations that have lots of hay, which can't be used for the automobile. So everything they have doesn't work with what is new.
And that is basically the issue. Bitcoin is quite capable of having an ETF. ETFs are quite incapable of encompassing Bitcoin into the current regulatory system at the moment. They're finding it very difficult to swallow, and that is a feature, not a bug.
I hope they choke on it.
** laughter **
Alright. Next question. Maybe 2 more. Yes.
Audience Member: Yes, can I get one of the spare books, and can I get a picture?
** laughter **
Uh, I'll be happy to do pictures afterwards. All the books are gone, given out by random, um, picked from the RSVP list. I apologize. The book is available on Amazon.com as paperback, on Kindle as ereader. But also on Kindle Unlimited for free on Kindle Lending Library if you're a member of Prime, for free. On Openbazaar for Bitcoin. And you can buy it for Bitcoin using Purse.io
And it is currently available in about 40 countries. Thank you.
Ok. 2 more. Who hasn't asked a question? Let's try you.
Audience Member: You mentioned layer technologies, that Bitcoin was layer 1 and you mentioned layer 2 might be lighting network. Have you though about further...
Um, No. To repeat the question – I mentioned layer technology, so Bitcoin is layer 1 or layer 0.. we're geeks, it's layer 0. And layer 1 is lightning network, what is layer 2? Have I thought about other layers?
Um, it's really difficult to see how the layers evolve, and what the interfaces between the layers are, and which functions end up in which layers.
And keep in mind, there will be more than one stack. Above IP, there were multiple transmission controlled stacks including the OSI layer and the below IP there are multiple stacks underneath, that most people never see.
So software-defined networking, and before that fiber networks, etc. etc.
So it's impossible to know exactly how it's going to play out. What I can tell you is, the protocols are not built monolithically. We're not going to do everything in a single layer, that doesn't make sense from an architectural perspective.
That doesn't mean we don't scale Bitcoin. We will scale Bitcoin. But we will scale it so that the layers above it, scale even further. Not because we want to do everything in a single layer, it doesn't make sense to do everything the single. It doesn't work.
Yes. Last question. Ok. Make it good.
Audience Member: Let me see how I'm going to phrase this.. um.. a lot of the core team, they're, they seem to be really gung-ho on going with the off chain scaling solution, at least prioritizing that first, uh, so much so that I have a quote here on reddit, uh recently that said "We should not change Bitcoin to accommodate more users". And that's one of the things that they were talking about on IRC, so, uh, as a, so they were going with like soft forking, rather than going to the hard-working and, they were also criticized notably, like by other people... like Jeff Garzick of the risks that are inherent by going with the more complicated solution. Now, so how you can compare to let's say um, Tom Zanders Flexcap proposal of, you know, taking a hard fork approach and how um, how might core's roadmap be wrong.
I mean this would take an hour to answer, and more importantly, I don't think my opinion matters, at all, to any of the parties involved, nor should it.
Um, this debate about big blocks and small blocks and how we scale Bitcoin. First of all I don't think it's accurate to say that core is focused on not scaling the core layer, uh, it's as you said it's a prioritization issue on which one gets prioritize first.
Now, I have, uh, I have a nuanced opinion on this. Which pisses off everybody because if you're, if you have a nuanced opinion, then you're sitting on the fence and both sides can throw eggs at you, uh, for not taking a side.
I'm not going to take a side, because I think that both sides have merits, and really the question is a matter of prioritization and sequencing and conservatism, versus a more aggressive approach to scaling.
From time to time my opinion has changed, as I've seen new data. More recently, um, two days after the Ethereum fork, I thought whoa that went extremely well, a clear 95% split. Technologically executed beautifully. This is going to put a lot of pressure on core to come up with a similar solution for a Bitcoin.
I was wrong. I was very wrong. Because a week later, actually two weeks later we discovered that even though technologically the fork worked.
Politically it failed, and suddenly you ended up with a 70/30 split and that was a disaster because there was not enough provision in the software to deal with replay attacks, it costs a lot of exchanges some money.
I think there's some people from Coinbase in here, who may have you know suffered some losses because of that, because of the replay attacks.
I know other exchanges did too, or I heard that other exchanges did. So now, after that, my opinion was revised. You know and I think in Bitcoin, politically a hard fork is a helluva lot more difficult and will cause a deeper schism.
So I don't think it's as easy as, one team is right, the other team is wrong. I think we're going to have to let this roadmap play out, and for the time being it seems that the majority of the participants in the system are continuing to put their trust in core as long as core continues to deliver on their roadmap to a certain approximation.
I'm not worried because I think in the long term what we're going to do, is we're going to scale in a second layer, and we're going to scale the core layer with a block size increase, and we're going to do network optimizations and and and... the scaling options are not either/or, they're and-and-and, and you just have to decide which comes first.
I think a lot of this drama is unnecessary, and honestly in terms of segregated witness, soft fork versus hard fork – I think soft fork is a better way to go. I do. I think we're going to get it cleaner and quicker than a hard fork.
I think a hard fork, given the current political situation in Bitcoin is way too dangerous. Even if it was for something that everybody agreed on like SegWit.
Which I don't think you'd even get that agreement. So that's probably a very nuanced answer, about a very nuanced question and I'm sorry if I didn’t give you more of a direct answer. I don't think there is a simple black-and-white answer to that problem.
Alright. Thank you all for coming. Thank you to our host Plug and Play.
I'm going to hang out here, uh, chat with everyone. Unfortunately, we're out of pizza. I don't expect everybody to stay for very long, if you want your book signed I'll be happy to do that over the next 10 minutes. If you want to take photographs, I would like to do that after our book signing and thank you so much for coming tonight.