I Looked Into SegWit, and Here's What I Saw
In light of the upcoming Bitcoin fork, I finally decided to look into exactly what Segwit is, and form my opinions based on the technical and economic realities, rather than opinions and impressions I've found online. In this post, I will share what I learned.
Where I'm Coming From
But first, a little background about my history with crypto and my perspective on this debate. I first encountered Bitcoin reading an article which talked about it as a digital money, but didn't delve into the blockchain technology that powers it. I don't know when this was exactly, but I'll take a stab and say it was probably in 2011 or 2012. I got interested and mined a little with my GPU, and played around with it sending it between a couple wallets, but I didn't seriously look into the technology behind it.
Later, circa 2014, I encountered blockchain for the first time, and quickly recognized the power and potential of the technology. Blockchain represents a quantum leap in what is technically possible with software, and even at the beginning, I knew it would fundamentally change the world. This happened as I was finishing my master's degree in computer science, so I decided to pursue a profession in blockchain technology.
To understand my perspective on the Bitcoin fork, it is helpful to bear in mind that I have never been as passionate about Bitcoin as I am about blockchain, and while I love Bitcoin for what it is, I regard it as the prototype of blockchain, but not necessarily the end-all-be-all cryptocurrency.
From a technology standpoint, the Bitcoin chain is clumsy, unpredictable, and slow. To break into the blockchain space, I first worked on Bitshares, and we created a blockchain with reliably scheduled block production every five seconds (later upgraded to three seconds), capable of processing thousands of transactions per second, and requiring only one confirmation for reasonable certainty of transaction permanence under normal network conditions. Bitcoin, in contrast, produces blocks at random times, can process about seven transactions per second, and requires an unpredictable delay of a recommended six confirmations for transaction permanence. (To be fair, though, my off-the-cuff estimate is that two or three Bitcoin confirmations gives similar certainty as one Bitshares confirmation).
In my view, Bitcoin's redeeming quality is its network effect. A lot of people use it, and a lot of merchants accept it. When I say "Bitcoin" nowadays, a lot of people out there know what I'm talking about. I think we can do better than Bitcoin technologically, so for fancy features and high speed, I'd say to use a different chain. The best thing Bitcoin can do is keep working as smoothly as it's capable of, and stay simple and secure enough that just about everyone can understand and rely on it.
What's Broken in Bitcoin
Now that I've shared a little about my history in blockchains, let's talk about what the problems are with Bitcoin. The main issue is quite simply that Bitcoin's popularity is rising, and seven transactions per second simply isn't enough anymore. Some secondary issues are noncritical bugs in Bitcoin, like transaction malleability, that have already been worked around in wallets, but we'd like to solve them once and for all so wallet makers don't have to worry about them anymore.
The seven transaction limit is really due to Bitcoin's 1MB block size limit. If we get a new block (on average) every 10 minutes, that means there's 1MB = 1024*1024 = 1048576 bytes of space for transactions, which is room for around 4200 small transactions (maybe 250 bytes each), which, divided by 10 minutes = 600 seconds, gives 4200/600 = 7 transactions per second. Obviously, if Bitcoin is to scale to be a mainstream, worldwide cryptocurrency, 7 TPS is simply not enough.
Strategies for Fixing Bitcoin
As far as I am aware, the secondary issues in Bitcoin (i.e. transaction malleability) are simple and straightforward to fix, and I haven't heard of much controversy around these. The big debate is over how to increase the transaction capacity of the chain. I know of two main approaches for doing this: Segregated Witness (Segwit), and simply raising the 1MB block size limit. I will now explore each of these strategies in more detail.
What is Segwit?
Segwit is a relatively simple concept, but a massively complex technical change with an untold morass of technical, economic, and political implications. To understand segwit, we must first understand the structure of a simple Bitcoin transaction.
Every Bitcoin transaction contains inputs and outputs. The inputs specify which existing bitcoins should be moved, and the outputs specify where they should be moved to. The sum of the bitcoin in the outputs must not exceed the sum of the bitcoin in the inputs (otherwise, the transaction would be spending more bitcoin than it has!), and if the outputs add up to less than the inputs, the leftover is a fee to the miner for processing the transaction. Every output has data attached to it that specifies the rules for claiming and spending its bitcoins, and every input has data attached to it which proves that it follows the rules for the output it claims.
Segwit names these attached pieces of data "Witness Data," and asserts that this data is not important for determining how many bitcoins belong to each address, but only for determining whether a transaction is authorized to claim certain bitcoins or not. Segwit creates a new storage space in Bitcoin's blocks, which is not subject to the 1MB size limit (but instead has its own 0.7MB limit) and moves the Witness Data to this new storage space. This frees up some room in the 1MB space for more transactions, which can store their Witness Data in the new storage space.
In practice, this should increase the blockchain's transaction capacity, but by how much is a complicated topic, due to segwit's new "data weight" requirements and fee structures. I won't get into this, but many argue that it is naively optimistic to assume segwit will yield a significant transaction capacity increase at all, especially in the short term.
What about Just Raising the Limit?
Raising the block size limit is a trivial change to the Bitcoin code, it's been done before, and its only real effect is to increase the rate at which the blockchain history grows, because it's processing more transactions in the same amount of time. The complaint against raising this limit is that if the chain history grows too fast, it may price out some users from running Bitcoin nodes because they can't afford the disk space to store this history, and full Bitcoin nodes must keep the entire blockchain history.
The main questions to be answered when adjusting Bitcoin's max block size limit are (1) what to set the limit to, or (2) how to calculate the limit. In the case of (1), we just change the number from 1MB to something else, and the question is what. Larger numbers mean more transactions, which means more people can use it, but at the cost of a faster-growing history. Bitcoin Cash proposes to set this limit to 8MB and remove segwit. Note that with 8MB blocks, we wouldn't necessarily see blocks this big immediately as (a), there might not be enough transactions to use that space, and (b), miners could easily and safely set lower limits for their own blocks if they felt 8MB is too high for now.
In the case of (2), we abandon the notion of a single max block size limit for everyone, and come up with some new plan for setting it. Bitcoin Unlimited proposes to let each miner decide this limit for himself in his own blocks, and take the risk that if he sets his limit too high, other miners may reject his block for being too big, but if he sets his limit too low, he gives up the fees from the transactions that wouldn't fit in his block.
Other Concerns and Controversy
I mentioned earlier that Segwit has a lot of technical, economic, and political implications around it. I will now elucidate on some of these concerns. I note that the proposals to raise the block size limit have little or no implications other than the fact that processing more transactions requires more storage space and network bandwidth (although I have heard this increase in bandwidth could cause trouble for nodes/miners behind the Great Firewall of China, I have not researched this and do not know if it's true).
One of the most troubling aspects of segwit is the fact that, from its inception, it has been promoted primarily by use of censorship, deception, bullying, inciting fear and divisions, and other such chicanery that has absolutely no place in an open source project. I emphasize that this is not mere conjecture -- the use of censorship on the main Bitcoin discussion channels such as the /r/Bitcoin subreddit and bitcointalk.org to suppress all discussion of problems or disadvantages of segwit is well documented [1, 2], while these same discussion channels allow overt bullying of any users who question segwit.
Segwit proponents have repeatedly used divide-and-conquer strategies to attempt to play one demographic of Bitcoin users (i.e. users, miners, exchanges, merchants...) against another, attempting to scare both sides into embracing segwit as a security blanket. For example, segwit is frequently pushed by people making wild and unfounded conjectures about retroactive forks and replay attacks stealing users' money, and advising users to contact merchants to demand segwit support to avoid this possibility. Cooler heads will note that people will usually see any significant chain reorganization coming, and any serious attempt to fork the chain will include replay attack preventions (i.e., Bitcoin Cash).
Even without knowing anything about segwit, I can say with certainty that no good idea is ever promoted using censorship or divide-and-conquer strategies. Good ideas promote themselves, and all effort can simply be spent helping people understand them. There is little documentation which thoroughly describes segwit, even though it is a massive and complex technical change that completely rewrites the way bitcoin blocks and transactions are constructed and validated. The bulk of information available about segwit promotes it based on predicted benefits, and when it comes to the justification for these predictions, typically cites some vague hand-wavey excuse about it being complicated, but the experts have figured it out. Criticisms and discussion of the implications of segwit are extremely difficult to find, which I can only assume is due to censorship, since when I did find them, they were grave issues which are not adequately answered.
One obvious issue with segwit is the question as to whether it actually solves any problems we have. Sure, it fixes transaction malleability, but that's easy anyways, and it's not an issue that's seriously bothering anyone right now. The issues that are bothering people are high fees and long confirmation times, and no one can provide a simple, clear argument that segwit will reduce fees or confirmation times, because segwit makes the transaction capacity of blocks complex and variable, and the best anyone can say is that segwit will probably increase capacity a little bit, eventually, assuming everyone starts using segwit transactions.
Another issue is that segwit messes around with the fees, creating different transaction classes with different fee levels, which will have unknown economic consequences. I would say this is still being debated, but all the debate is censored. There are some who think the fees are set up the way they are to subsidize Lightning Networks, which probably will solve the scaling issues, but not without trade-offs of their own, and Lightning Networks really have nothing to do with segwit anyways. LN could be implemented without it, and although some small modifications would still be needed, it wouldn't be anything as massive or complex as segwit.
But one of the biggest issues I have with segwit is the way it's implemented. Segwit starts off by assuming that hard-forking Bitcoin is impossible. The claim is just that it's "too hard" or "impractical," but these claims aren't generally backed up. Segwit therefore bends over backwards to implement itself as a soft-fork, which means that old bitcoin wallets will still work, but won't understand the new features. But the astute reader will recall that segwit fundamentally alters the structure of blocks and transactions -- so how can this possibly be done as a soft-fork?
The answer is that segwit uses what is, in my professional opinion, an unthinkably nasty hack: according to the Bitcoin protocol, all segwit transactions can be spent by anybody with no proof of authorization. That means that literally anyone can make a transaction that spends the bitcoins in a segwit address. The "witness data" (which is the rules for who's allowed to claim the outputs, and the proof that the rules were followed on the inputs that claim the outputs) is moved out of the main block and replaced with a simple "anyone can spend me, there are no rules and no proofs," and it's up to miners to know what the rules really are, ignore the "anyone can spend me" instruction, and instead apply the rules from the witness data.
There are two major implications to this hack. The first is that segwit is a one-way ticket: once it starts, it can never be removed because to remove the (insanely complicated) segwit rules that say "Ignore what the transaction says and look at the witness data instead" would leave only the "anyone can spend me without any authorization" rule on all segwit balances. Thus anyone could steal all the coins in segwit balances. To remove segwit, it would either be necessary to keep the (insanely complicated) rules in play, but disallow new transactions to use them, or convince all Bitcoin users to first move their bitcoins to a non-segwit balance. The first isn't really removing segwit, since its rules would still be in use, and the second is simply not going to happen since segwit proponents will lie and censor (just like they're doing now to promote segwit) to scare people away from leaving it behind.
The second implication is even more chilling: for the first time, the Bitcoin protocol will have official support for theft of bitcoins. See, the formal rules of bitcoin will be "anyone can spend these coins without authorization," but the segwit rules will say otherwise. This means that anyone who can get a majority of miners to agree to look the other way (i.e. ignore the segwit rules) can send a transaction that spends those bitcoins without authorization, and it will be valid by protocol. At present, if the majority of miners attempted to do this, their blocks would be invalid (and ignored by the network) because they violate the Bitcoin protocol, but with segwit, the Bitcoin protocol will only understand "anyone can spend these coins" so as long as the miners agree to ignore the segwit rules, the transaction will pass checks. Obviously this means that the miners could collude to steal everyone's segwit balances, but more likely, a government could force mining organizations to allow their transactions to steal bitcoins, reverse transactions, or whatever else. Whereas previously this meddling would've been extremely noisy, causing a hard fork (which would have likely been ignored). With segwit, however, theft by miner collusion is a first class feature.
Taking a Step Back
Now I'd like to set aside all of the details above, and simply ask: what is good about Bitcoin? In my view, the best things about Bitcoin are its simplicity, it's security, and it's mind share. Bitcoin is the first blockchain, and it's probably the simplest as well. This elegant simplicity makes it easy to understand, which in turn makes it easy to trust. It's also the best known and most widely used cryptocurrency in existence.
Segregated witness is systematically destroying everything good and worthwhile about Bitcoin: segwit is inelegant and complicated; it creates two parallel sets of rules for evaluating transactions, but ignores one of them. Segwit breaks Bitcoin's security by empowering miners and anyone who can coerce them to steal balances. And segwit is breaking the Bitcoin ecosystem up, causing people to fork the blockchain just to avoid using it, and destroying the mind share, confidence, and name recognition in Bitcoin.