Security of proof-of-work versus proof-of-stake. Proof-of-work, i.e. thermodynamic cost, is not a waste. Proof-of-stake secures transactions going forward but does not provide robust immutability. Proof-of-work relies on resources outside the network (electricity). Both systems are vulnerable to DoS attacks if you get the majority of the consensus mechanism, but getting a majority of the intrinsically-native blockchain capital (ex. through a smart contract bug) is a lot easier than getting a majority of the mining infrastructure and widely distributed sources of electricity. The security differential is worth it.
Transcript
Transcript auto-generated. May contain errors.
Good evening everyone, thank you for coming. Welcome. It's really a pleasure to be back here at Plug and Play Silicon Valley. I believe this is my fourth or fifth presentation for this particular meetup, which keeps getting bigger and bigger every time.
Every time I come, more members. How many of you RSVP'd for this meetup? A few people just showed up. I have some good news and some bad news.
Good news is, if you just showed up, you're welcome. Stay. The bad news is that I drew names from the RSVP list to give out ten copies of my new book, The Internet of Money. I'm going to have to ask for that one back.
Oh, you brought it. I thought I just showed my stuff. Refunds and returns. Refunds and returns.
At the end of the show, I will give out ten copies. If you're not particularly interested or you already have a copy, just let me know. I will just call the next name in the lot. If you're not here, you can't get the book.
Please stay until the end, even if it is very boring. How many people here have Bitcoin? How many people do not yet have Bitcoin? The difference is the people too shy to raise their hand.
Okay, great. The four or five people who raised their hand who said they don't yet have Bitcoin, remember the faces of the people who do have Bitcoin. Do not leave here tonight without getting them to give you some free Bitcoin. If they won't, I will.
The whole point of this is to help you install a wallet. Receive a small amount of Bitcoin so you can do some transactions and try it out for yourselves. It is always fun. The first time you experience a Bitcoin transaction will be memorable.
All right. The topic of today's talk is proof-of-work and the monument of immutability. I want to talk specifically about immutability. What that means is this.
The era of digital currencies. What it means to have a digital system that is unchanging. Immutability is a tricky concept. First of all, because it doesn't really exist.
Everything changes. There is no thing in nature that is forever unchangeable. The universe itself, the vacuum, particles. Everything changes.
Everything is immutable. Immutability is really more of a philosophical idea. But we use it in practical terms. What do we mean when we say immutable in practical terms?
The way I like to think of it is, if you have a scale of something that is very easy to change, all the way to the hardest thing you can possibly find to change, the most unchangeable thing, the thing that is most difficult to change. Immutability is that side of the scale. For practical purposes, we will define immutability in any sense to be the maximum of that scale of how hard it is to change something. On January 3, 2009, that scale expanded significantly.
A new maximum was defined. A new maximum in terms of what it means to be immutable for a digital system. Nothing is as immutable as Bitcoin. Bitcoin defines the end of that scale at the moment.
It redefines the term immutable. That has some interesting implications, including that you can't call the things to the left of that immutable. You can't call them immutable-ish. You can't call them kind of immutable.
Immutable-ish is like pregnant-ish. It only makes sense as the maximum value, not the maximum minus one. So immutable, once it is redefined, the things below it can't be called immutable anymore. Why is Bitcoin immutable?
What gives the Bitcoin blockchain the characteristics of immutability? What is it that makes it unchangeable? The first answer that most people go for is the blockchain. The blockchain makes Bitcoin immutable because every block depends on its predecessor, creating an unbreakable chain back to the Genesis block.
Therefore, if you change something, it would be known. If you noticed, therefore it is unchangeable. That is the wrong answer. It is not really the blockchain that gives Bitcoin its immutability.
That is a really important nuance to understand. The blockchain makes sure that you can't change something without anyone noticing. In security, we call that tamper-evident. If you change it, it is evident.
You cannot tamper it without evidence of your tampering. Tamper-evident. But there is a higher standard in security, what we call tamper-proof. Tamper-proof is something that cannot be tampered with.
Not just will be visible if it is tampered with, but cannot be tampered with, immutable. The characteristic that gives Bitcoin its tamper-proof capability is not the blockchain. It is proof-of-work. Proof-of-work is what makes Bitcoin fundamentally immutable.
That is a really important concept to understand. A lot of people are throwing around words like blockchain and claiming that these things are immutable, even though they don't have a proof-of-work consensus algorithm, or any kind of consensus algorithm that gives them immutability. At best, they offer tamper-evidence, meaning someone will notice, but they are not unchangeable. This distinction is going to become historically important.
You may think, historically important is a pretty heavy term. Why is it going to be historically important? Because if Bitcoin continues to work the way it is working today, we are introducing a new concept, which is a form of digital history that is forever. If that history lasts ten years, that is impressive.
If that history lasts ten years, that is impressive. If that history lasts a hundred, that is astonishing. If it lasts a thousand years, it becomes an enduring monument of immutability, an edifice of immutability, a system of forever history, unshakable history. That is truly a monument of our civilization.
We have to consider the possibility that that will happen. I use the word monument. I want to expand a tiny bit on that and talk about proof-of-work. Proof-of-work was not invented by Satoshi Nakamoto.
You can see evidence of proof-of-work systems throughout human civilization. There is some big pointy proof-of-work in Cairo, the pyramids. There is some big stone proof-of-work. In Paris, the Cathedral of Notre Dame.
In fact, proof-of-work is something that our civilization does quite often. Let's think about that for a second. The pyramids serve two purposes. The minor purpose is as a religious artifact, and two for the king.
But the even more interesting purpose is a declaration... To every civilization and every human that sees it, behold, this is the measure of the Egyptian civilization. This is what we can build. This is proof-of-work.
You cannot build this on the cheap. You cannot build this in a civilization that doesn't have abundant resources. You cannot build this unless you can feed 20,000 people to not do anything but this. You cannot build this unless you can guard it with soldiers.
You cannot build this unless you commit resources for decades or centuries. This cannot be built cheap. The pyramids stand today as a testament of proof-of-work for the Egyptian civilization. Anyone, without even understanding what this thing is, riding up in the desert on a camel...
riding up in the desert on a camel... going over that hill and seeing a stone monument that is a few hundred feet in the air, looks at that and goes, Wow! Wow is an expression of believing the proof-of-work. They immediately and intuitively understand something great built that.
There is no cheap way to do it. The Cathedral of Notre Dame is the same thing. Martialing thousands of stone masons over hundreds of years to build a monument to the church. A monument of religion that made people stand in such awe that they could only even give it divine origin.
They could but believe that only a religious order could do something like that. It says, Behold the church. What we can do. That kind of open expenditure of resources to make a point is proof-of-work.
We see this again and again in civilization. But until now, we've only seen it in local environments for a specific country, organization, or civilization. Bitcoin is the first. Can you guess what the Atomic Underground is?
I believe you know after all these years of talking about it. This is something you've seen, HTTPS, ATM, it iswan, That was just the também we encountered the imagery we had to share, like I've just left there from the� Tell me about our societies. a practical purpose. That practical purpose is to become a record of history forever.
To become the definitive and authoritative source that cannot be modified. The record of truth that cannot lie. Once a transaction is embedded into the Bitcoin blockchain and secured by proof-of-work, it becomes incredibly difficult to change. This is a thing that most people don't understand.
Let's break it down a tiny bit and look at some of the technicals behind it. But Andreas, what if 51% of the miners decide to change it? What if there is a consensus attack? What if a well-funded government invests heavily?
What if they invest heavily in hashing equipment in order to go back and change the blockchain? One of the interesting things you have to understand is the difference between changing the past and the future. The consensus algorithm as it is determines the future of the blockchain. If you have a majority of the hashing power on the Bitcoin blockchain, you can decide what gets...
recorded in the future. But you can't so easily change the past. The reason you can't change the past is because every node out there is going to still validate every block and is going to demand proof-of-work. That block still has to carry proof-of-work.
There is only one way that proof-of-work can be generated. You have to commit energy resources to a particular... block. When you read all of these articles in the media, they say about how wasteful Bitcoin is, because Bitcoin is created by burning energy.
They are completely missing the point. Mining doesn't work to create Bitcoin. That is not the purpose of mining. Mining is not used to create Bitcoin.
That is a side effect. The way I can prove to you it is a side effect is that one day there will be no Bitcoin, no new Bitcoin. Guess what? There will still be mining.
Even after the last Satoshi is mined, mining must continue because its purpose is not to create Bitcoin. Its purpose is to provide security. Its purpose is to provide validation. It is the purpose of mining and generating Bitcoin.
It is the side effect that serves as the mechanism of reward that creates game theory incentives to make sure that the validation is done right. Once you understand that and you realize what we are paying for is security, it changes the perspective slightly. But it is much deeper than that. A lot of different consensus algorithms have been proposed.
Proof-of-stake is one of them. Many of these algorithms use the native asset to stake into the mining algorithm, the consensus algorithm. I am going to commit x amount of my currency in validating the next block. If I fail to validate it correctly, I lose that block.
I lose that currency. If I validate it correctly, I gain a small fee. Here is the news. Proof-of-work is also proof-of-stake.
Proof-of-stake is not also proof-of-work. Let me explain that to you for a second. This is a really important point. When miners commit to a specific currency, they are not going to be able to get a profit.
They are going to be able to get a specific block. They are creating a candidate block. They are stuffing in all of your transactions into that block after carefully validating them. Then they take that block and commit to it by hashing against it, by doing the proof-of-work mining algorithm.
Essentially, what they are doing is saying, I am going to stake a thousand dollars worth of electricity, or ten thousand dollars worth of electricity, behind the security work I have done. If I haven't done it right, I lose my electricity stake. Proof-of-work is proof-of-stake. What you are staking is the energy investment committed behind the specific block that you are saying, I have validated correctly.
To prove that I have validated correctly, I am saying, I am staking an enormous amount of electricity behind that. Electricity that costs money. It is different from proof-of-stake algorithms in other digital currencies. The reason is that what you are staking is not a native asset, is not something that is intrinsic to the chain, whose value and future is determined by the chain.
What you are staking is something extrinsic to the system. You are staking energy. You are staking something that has universal value on this planet. The value of the currency tomorrow may be nothing.
In which case, the value of the stake you made is nothing. The value of the electricity today, tomorrow, and into the foreseeable future is something. That means that when you are staking electricity, you are staking something that has value throughout our planet. Proof-of-work is proof-of-work.
Proof-of-work. Proof-of-work. Proof-of-work. Proof-of-work.
Proof-of-work. Proof-of-work. Proof-of-work. Take questions in the end.
What if the miners decide to do a 51% attack to rewrite the past? Instead of starting from the current block and changing the rules to the future, they can start from a previous block and mine forward. And if they have 51%. of the hashing power, they will eventually reach the current block in the minority chain and exceed it.
They will win the race eventually. So then the question is, how long do they have to sustain it? Let's take a simple scenario. Let's say we want to go back and change history three weeks ago.
Three weeks doesn't seem like a long time. In Bitcoin, it is an eternity. Every day, 500 megawatts of electricity is used continuously to feed the mining process. It is just a ballpark figure.
It might be more, it might be less right now. Just use that as a ballpark figure. 500 megawatts in 24 hours is 12 gigawatts of electricity. 12 gigawatt hours of electricity, expended.
Per day. 12 gigawatt hours of electricity over 30 days is 360 gigawatt hours of electricity. Over 12 months, that is 3.6 terawatt hours of electricity in a year. 3.6 terawatt hours of electricity is a lot of electricity.
But it is only a lot of electricity if you take it all at once. If you take it on a daily basis, on a 500 megawatt basis running forward, it is enough to keep the Bitcoin network secure. But here is the thing. If you try to change Bitcoin, it starts adding up pretty fast.
You go back three weeks with 51% of the hashing power. How long will it take to remine? How long will it take to remine? How long will it take to remine?
How long will it take to remine? How long will it take to remine? The blocks of the last three weeks? Anyone?
Six weeks? Yeah? Not quite. Some interesting things happen in between.
The first week of blocks will take you two weeks to bind. Then at two weeks, you will have a difficulty change, which will drop your difficulty. Then it will take another two weeks to bind. Then it will take another two weeks to bind.
You will end up at approximately four weeks to mine three weeks' worth of blocks. Here is the problem. The other side didn't stop mining. At 49%, how long does it take them to mine?
By the time you get to where you were, when you stopped mining the majority chain and tried to rewrite the history, they have also mined at least one percent of the block. They have at least two weeks ahead. If they got the difficulty change too, they have mined even further. Now you have to mine a bit more to overtake them.
Meanwhile, the miners who are doing this exercise are earning nothing. Presumably, they are part of the same hashing power that mined the first time around. Presumably, they already had 51% of the power... when they were mining the first time around.
Now they are trying to remine the last three weeks of blocks. They have already banked the rewards, but they have banked them on the other chain, which they are making invalid. Now they will get rewards on the new chain, but only if they give up the rewards they banked on the other chain. Effectively, they will spend three to four weeks at 500 megawatts mining for free.
Meanwhile, what happens on the other chain? On the minority chain, you are a 49% miner, and you are now mining a minority chain. It is going to be hard. The first two weeks will be slow.
You will be doing blocks every twenty minutes. But your share of the mining capacity just doubled, which means your profitability just doubled. You are getting more reward for the same amount of mining. If that chain still has...
value, you are making quite a bit of money, because you now have a bigger market share. In fact, the more people abandon the chain, the more profitable it is for the minority. All you have to do is peel off 2%. All you have to do is persuade 2% of the people who are mining for nothing, to come mine on the chain where we are mining for double rewards.
How hard is that going to be? Which means that actually, sustaining a 51% attack for four weeks is brutally hard. Now, of course, that means you would probably only do it if you had 75%, 80%. Ethereum started with 90%.
At some point, they went as low as 70% on the majority chain when they did their fork. That is a pretty big drop. So you have these economic incentives that make... it very difficult.
Now, please notice, I have been talking about three weeks. Bitcoin is seven years old. What if you wanted to change a transaction that was last year? Or a year and a half ago?
Well, now the math is really against you. Because it is going to take you almost a year to overtake that chain, during which time you have to... sustain that attack and not lose anyone from your group. Otherwise, you never overtake it, and then you make even less money.
So now you have mined it twice and gotten zero reward on both times. Right? This is the point that we really need to understand about blockchains. There is something inherently interesting...
about the fact that you can show someone a number, and they can calculate from that number, how many joules of electricity you consumed to create that number. And it is absolutely unforgeable. That number is in itself proof that you have done the work. That is an incredible artifact for a digital system.
The fact that by presenting a number to a system... that has never seen the history of the blockchain, that may have joined later, that may be seeing a false history of the blockchain, but you show it to a block that has proof in it, and you show that no, that number, and they know it is real, and they know it took that much work to produce that number. There is no way to fake it. For a digital system, that is as close to real as it gets.
This is a monument of immutability, built block by block. These blocks are now towering into the sky, 420,000 of them, containing a cumulative amount of work that is absolutely gobsmacked. It cannot be changed or forged without not only the other person knowing it has been changed, but without you actually expending the energy all over again. There is no shortcut.
That is the difference between tamper-evident and tamper-proof. You could disconnect from the blockchain today, not look at it for three years, come back three years later, and I can present you a single number and say, do you believe this is an actual block from the blockchain? I can say with complete confidence, yes. The amount of work evidenced by this block could not have been produced any other way than if during the entire time I was gone, you were expending energy at the predicted rate, and you came up with this artifact.
I only need to see the pinnacle to know that it is a real blockchain. Only the last block. One number. I know how much work has gone into it cumulatively.
It tends to have ever-increasing work. The longest difficulty chain wins. Bitcoin is not just simply a system of accounting. It is the first digital artifact that provides forever history, true digital immutability.
There is no other system that provides digital immutability at that level. It is a planetary scale, thermodynamically guaranteed, self-evident system of immutability. Planetary scale, because in order to do it, you need to marshal resources that only exist in a planetary scale effort. Thermodynamically guaranteed, because you can calculate the...
exact amount of energy it took to create it, and there is no shortcut. Information theory tells us that to flip that many bits takes this many joules, and there is no way to do it otherwise. Self-evident, because the number that is produced as proof of work tells you exactly how much work has been done cumulatively. It really is a monument.
Now, then the interesting question arises. Can we really afford this? Is this a waste of energy? There is no thing on the planet that produces a digital record that is self-evidently immutable at this scale.
Nothing. It is the only platform on which you can embed data... that will be guaranteed and mutable within a few blocks. A thousand blocks after you put data in, there is no going back.
That data is not going to change. Okay, maybe if you put it in and it is only three blocks old, maybe it can change. Six blocks old? Eh.
144? This is getting tough. And that is a day. A week old?
Done. Done. It is part of permanent history. Our ancestors said, this is as good as written in stone.
Our grandchildren will say, it is as good as written on the blockchain. Because it is the new standard of immutability and it is globally accessible. Any application can leverage that capability. Other currencies, other chains.
Smart contracts. They can all checkpoint against the Bitcoin blockchain. And as long as we continue to build the monument, their little inscription, like a piece of graffiti... etched into the base stones of the pyramids, will be there.
Potentially for centuries. And they can import immutability for the low, low price of a transaction fee. That, if you consider it immutability as a service, is an astonishing application. It has enormous implications for software.
It has enormous implications for the Internet of Things, for information security, for other systems of currency, for systems of record, title, registration, birth records. History can be written on the blockchain for the low price of a transaction fee. And it may well be there for a very long time. But as long as it is there, it cannot be changed.
Everyone can validate it. That is not a waste of electricity. That is the first practical application of digital immutability. And it is expensive.
But it is expensive because it is giving us something on a planetary scale. And we only need one, really. And it is probably too expensive to build two. And that just means that the network effect is even more awesome.
Because we already have one and it is doing quite well. That one can support all of the other applications. The other applications can do much more lightweight proof of stake. But if they really want immutability, not tamper-evident, tamper-proof, they need to subscribe to a service on the Bitcoin blockchain.
They need to record their data on the Bitcoin blockchain. If you are a banking consortium, and you are signing transactions in a distributed ledger of technology by taking turns, what is the cost of fabricating the past? What is the cost of rewriting history? Of saying, Wikileaks never received any of your funds, any of your donations.
We reversed all of those transactions. What is the cost of that? Promote dynamically? Nothing.
In on-chain money, it doesn't matter. We created the on-chain money. We can create more of it. As long as there is no proof of work behind it, the cost of rewriting a ledger like that is zero.
And if you can, you will. And if you can, you will be coerced to. And if you can, when you get a subpoena, you must. And so these blockchains are not immutable.
These blockchains are mutable as hell. They are fickle blockchains, to go to the other side of the scale. They are transient. They are meaningless.
They have no weight of history behind them. They are whatever the last signer says they are. They have no weight. This year, we are at war with Oceania.
Not just Oceania. Next year, we will always have been at war with East Asia. History is written by the victors. Not on the Bitcoin blockchain.
We don't do 1984 on the Bitcoin blockchain. History is written by the expenditure of real-world energy. And there is no cheap way to forge that history. Thank you.
Thank you. Frank Friedman. Frank. Thank you so much.
Nice to meet you. Ayako. Thank you so much. Nice to meet you.
Valerian. I've heard of you. You're standing behind the camera. Thank you.
Valerian's copy. Palayotis. Thank you. Thank you.
Thank you. Thank you. John Bolton. Good job.
Congratulations, John. I won your previous one, too. Oh, wow. Winner, winner, chicken dinner.
Darwin Ling. Darwin? Didn't make it tonight. Too bad.
Too bad. As you're watching this video, should have come. Alex Park. Also didn't make it.
Oh, well. Levi Stroke. Wow. Doing it well.
Ki-Woon Kang. Is that you? Is that you? Yeah.
Oh, no. Oh, no. Oh, no. Oh, no.
Oh, no. Is Ki-Woon here? Ki-Woon? No.
Ki-Woon? No. Fod-Diop? Nope.
Oh, dear. This random number generator worked really well. Avi. Oh, no.
Tring-Gwen. Oh, no. Okay. Mazomi.
I know you're here. Congratulations. Meredith Finkelstein. Meredith Finkelstein.
Meredith Finkelstein. Jake Tarnow. Jake Tarnow. Chavez.
Chavez. Will. Username Will on the meetup. Username Will on the meetup.
Robert Schwechter. Robert Schwechter. Kim. Kim.
Kim. Are you signed up as Kim on the meetup? Congratulations. Thank you.
Thank you. All right. Let's see. I think I have two more.
Two more. Colin Belton. Colin Belton. Yeah, I have a copy already.
Oh, thank you very much, Colin. Ron. Just Ron. Ron, congratulations.
Ron, congratulations. Ron, congratulations. And the last book. And the last book.
This is fun. This is fun. Jeff Flowers. Jeff Flowers.
I have a copy. I already have a copy. You already have a copy. Thank you.
Daniel Fagan. Daniel Fagan. Ryan Charles. Ryan Charles.
All right. For this book giveaway, I would like to thank Scott Robinson of Plug and Play. He's the organizer of this meeting. He made all of this possible.
And he also sponsored my expenses to come here. And I ended up not using as much of the money for the expenses. And so I used the remainder of his sponsorship money to bring these 10 books today. So please thank Scott Robinson.
He couldn't be here today. All right. Now let's do Q&A. You had a question.
So solar technology advances very well. Yes. You're able to capture a lot of sun energy with very high efficiency. So marginal cost of electricity becomes zero.
Then would the proof of work work in that case? That's a good question. Suppose that solar energy advances with its efficiency and you can capture a lot of solar energy. Would that make proof of work unworkable because the marginal cost of the solar energy is zero?
Well, yes and no. Even if you have really efficient solar energy, you have to consider three factors in that. The first one is that you pay for the solar panels. So you have capital cost.
The second is you pay for the mining equipment. And so you have more capital cost. Competition depends on mining cost. Yes, but at the same...
We have enough accumulated capital. Yes, but at the same time you're competing against people who are going to apply more and more capital. But the third one and the most important one is that presumes you have basically no opportunity cost. Meaning that there is no other use of the energy you could go to other than mining.
Meaning that either you've so far exceeded the demand for electricity that you have all of this excess capacity. The problem is at that point we've solved the energy problem of the world. And at that point if proof of work is the one thing that doesn't work, you've gone to a Star Trek universe where money doesn't exist. Right?
If you solve the fundamental issue of energy scarcity on this planet, completely solve it, for the marginal cost to go to zero you have to have zero opportunity cost. Which means that you can generate abundant energy anywhere, anytime, and always have excess capacity. You've solved much bigger problems. I hope we get there.
Then we need someone as brilliant as Satoshi Nakamoto to come up with a new proof of work algorithm. I would suggest Sudoku. It works. So Sudoku is an asymmetric algorithm.
Meaning that if you make the Sudoku puzzle bigger, it still can be verified relatively quickly as to whether it's correct. If you make it billions and billions and billions of times bigger then it gets really really hard and you could make it so that you only have to do it on paper with pencil with human beings. So that would be a proof of work, literally proof of work algorithm just like the slaves of Egypt who built the pyramids. Solve Sudoku harder.
Okay. Enough of that. Yes? Another problem with what you're saying is that the other party will have the same technology.
Well it equalizes everybody so then it's about access to miners, access to internet capacity, access to storage to put the blockchain on. There's still costs. And secondly, you're still limited by the amount of solar radiation received which is 2,000 watts per square meter so that's the maximum energy you can actually use. You're limited by 2,000 watts per square meter which is the maximum energy you can get on the surface.
Which means mining in space! Space! Space cash. Actually that's not a joke.
There are many reasons why mining in space could become a very interesting possibility. Solar panels, no atmosphere, no obscuring anything. Yeah. Alright.
Yes? So you said that proof of work is not a waste. Yes. Because it's so secure.
And that's the only blockchain that gives that. But if proof of stake is let's say not as secure but nearly as secure secure enough is that not far superior? And is that the case? Like I mean, Ethereum says they will move to proof of stake in the future.
I wonder why they don't have yet. Yes. I don't know if there exists a proof of stake system that really works. Okay.
So let me paraphrase a bit. So if I say proof of work is not a waste what if proof of stake achieves a fair profit or a good approximation of the level of security without that cost? Would it then not eclipse proof of work? And the difference, and I think that's what I was trying to emphasize today is that you can use it to make sure that the security of the transactions going forward is correct.
But proof of stake cannot give you robust immutability. And the reason it cannot give you robust immutability is because what you are staking is the currency that's on the network and if you have control of the network you can issue more of that, and do many things to violate the loss that you suffered. Whereas if you burnt electricity outside the network you can't get that back by rewriting the blockchain. But is that not a similar cost?
Proof of stake, I have to have let's say 51% of the market capitalization. So that's pretty much I have to buy up most of the coins and then if I really take the system, the market capitalization to zero, I lose all of that money. For bitcoin if I would invest so much capital and so much energy that I can I could probably stop the network and destroy the market capitalization as well with 51%. I could not change back in time but I could probably You could change the future but not the past.
Not effectively. You could do denial of service, yes. Both systems are susceptible to denial of service if you get the majority of the consensus mechanism. I would argue that getting a majority of the capital is a lot easier than getting a majority of the manufacturing facility and sources of electricity that are widely distributed and controlling those than getting a majority of the capital.
In fact, theoretically you might find I don't know, just to say a random thing, a bug in a smart contract and steal just to say a random number, 14% of all of the currency in circulation and if you had a proof of stake system, you're 46% from your goal. Sorry, 36% from your goal. So, um That's the problem. The problem of using something that is intrinsically native to the blockchain is that I cannot simply steal the mining equipment that is out there.
It's tangible. And I can't simply access these enormous amounts of energy overnight. These take a long time to marshal these energy contracts which makes it more robust. How much more is that security differential worth it?
I don't know. I don't know if that is enough. I think it is. I think this is a unique platform with a unique set of application characteristics, immutability as a service that is not only worth spending that amount of electricity but which will create a monument to immutability.
Now, that means that proof of stake is also good. And they can both coexist in the market where they compete for resources for slightly different applications. There will be applications that require robust historical immutability guaranteed by thermodynamic cost. And there will be applications that don't need that.
And those applications may not need the proof of work algorithm. I think there are plenty of applications that do need that. And now that we have that, we're going to invent a lot more applications that need that that we didn't know about before. And I think that's where it gets really interesting.
What can you do when you have an immutable historical record that you couldn't do before, haven't thought of doing before, that you can now? Yes? Can the immutability be transferred to proof of payment? The immutability can really be transferred to any external system because any system can simply encode a digital fingerprint and embed it in the blockchain by paying the fee.
There's a function for it called opertern that simply creates digital fingerprint and timestamps it in the blockchain. So that means that other things can anchor themselves and checkpoint themselves in different blocks, leaving little trails behind and you can say, at that time this was the fingerprint that was embedded and that is guaranteed because it can't change. But proof of payment has become part of the blockchain? Proof of payment could be part of another blockchain.
I'm not sure what you mean by proof of payment exactly. So, is this another consensus algorithm? Or is this proof that you paid the transaction fee? Proof that I paid the transaction fee.
That's part of the consensus algorithm. If your thing got mined, then you paid sufficient transaction fee, which may have been zero at the time, but most likely wasn't. So you have to still follow the rules to get into the line that puts you on the blockchain. You have to create properly formed transactions, pay sufficient fee and validate properly, propagate those across the network and then you have to create a new transaction.
So you have a good chance of getting into the block. Yes? What do you think of proof of capacity like in Burstcoin? Proof of capacity is interesting.
And I think there is a couple of interesting different approaches to this. I'm not familiar with Burstcoin. I know there are some things that are, for example, disk intensive. So that, for example, you have to proof of storage, you have to proof of storage and you have to proof of storage I guess you might call it.
There are various forms of proof of resource that use different tangible resources. So, memory footprint. You can create a consensus algorithm that in order to validate and to prove, you have to produce randomly selected data elements from an enormous data corpus which may be terabytes in size. And the only way to have that is either to store that enormous corpus or to buy the specific data elements from someone who does not store that data corpus.
You could do things with bandwidth and other resources perhaps. I'm interested in seeing all of those. There is proof of work initially to create the file. And most of those are hybrid proof of work systems.
Yeah, because you have to build the disk first with proof of work and then you use the data. Yes. So in many cases these algorithms are hybrid algorithms. And we're going to see a lot more come out.
Yes. If the Bitcoin blockchain was up against hypothetically a well-funded, say, government or some consortium whose objective wasn't necessarily to get financial benefit from it but to actually inhibit its existence or for whatever, would that be a concern? I would argue that that is already happening. I mean, you know, little Bitcoin is currently poking the hundred trillion dollar banking industry going, hey, we want that.
So yes, well-funded opponents, the best funded opponents. We have them. The greatest. So if they used some kind of internal consensus attack to attack Bitcoin and to thwart its ability to develop new blocks, essentially a denial of service attack, that would be a very interesting scenario.
First of all, it would be noticed pretty quickly. And second, it would immediately lead to creating countermeasures. And when something attacks you and you develop countermeasures, that's a form of immunity. And through immunity, you have a form of evolution which means that Bitcoin will evolve resistance to that kind of attack.
And then it will get attacked again and it will evolve resistance to that kind of attack. And it is being attacked today. And it is evolving resistance. Not to those kinds of attacks yet, but when they come, it will evolve resistance to those too.
Why? Because it is a massively decentralized system with a lot of independent actors who are guiding its evolution towards protecting the system against these kinds of attacks. So it's going to evolve much faster than a biological system. And it's going to evolve immunity.
Meaning that what the well-funded opponent is actually doing is training Bitcoin on how to win. Right? They're inoculating it against those attacks. And whatever doesn't kill it only makes it stronger.
So that's not the way you want to go after a decentralized system. I don't know that there are any good ways to go after a decentralized system, but I know that one will backfire badly. Yes? Thank you for coming, Andreas.
You were talking about the other 4 billion and I have a question about exchanges. In your opinion, what is the best practice to build exchanges in the knowledge-based world? I mean, personally, I love Bitcoin, but I'm not comfortable with this central bank of Bitcoins that we call exchanges. Yeah.
So this question is about supporting the other 4 billion or the other 6 billion, depending on how you count. And what is the issue is exchanges are very centralized. There are custodial, which means they hold Bitcoin for people, and that represents a significant risk for Bitcoin users, not Bitcoin itself, but certainly Bitcoin users who can lose their money. We don't have too many perfect solutions right now.
There are a few small-scale decentralized systems. BitSquare, for example, is one. It's still in beta. It's still very small-scale.
There are some more decentralized systems, local Bitcoins, right, which allow you to do person-to-person cash transactions. And the one thing that cash has that's similar to Bitcoin is that it can be verified upon presentation. It doesn't depend on any counterparty. You hold it, you own it, right?
So exchanging cash for Bitcoin is the most secure way to get Bitcoin. But actually, the best way to get Bitcoin is not to buy it. The best way to get Bitcoin is to earn it by the expenditure of your labor. So dedicate your labor to Bitcoin and you achieve two goals at the same time.
One, you're earning Bitcoin from the people who can pay you in Bitcoin. And two, you have removed your labor from the machinery of the state, which was using your labor to build bombs. That's my personal philosophy. So two birds, one stone.
I'm in on the good side. I'm out on the bad side. Yes? Can you give us an update on the alternative currencies?
Two that I remember in particular that got a lot of attention. Like Bitcoin and Ripple coin. An update on alternative currencies. Oh, this is a minefield for me.
This is fantastic. If I say a name, I'm a shill. If I don't say a name, I'm a Bitcoin shill. Either way, I'm going to get threatened on Twitter.
Go! Ripple is still out there. It's being used. I think a lot of the banking consortiums are kind of interested in Bitcoin because it's a more centralized, more controlled version of Ripple.
So Ripple is still there. Litecoin is still third, fourth by market capitalization. I think probably fourth now that Ethereum Classic has climbed. So it's there.
It's definitely there. There's a few other interesting ones that are doing a variety of things. And I get a lot of slack when I mention them. I get a lot of slack when I don't mention them.
Ethereum, which is the second market capitalization system out there, which isn't really a currency. It's a system of programmable smart contracts that are very flexible. I'm extremely interested in that. As with Bitcoin, I don't see it as an investment.
You shouldn't play around with high-risk assets like that because you will get burned unless you're very experienced. There's a couple of others which are really interesting. Dash. Again, I'm not recommending for investments.
Just giving you some information. Dash is a system that has a very interesting decentralized governance model and an interesting privacy model. Monero, which is a descendant of the crypto node system. And Monero is a very high privacy system.
And recently it emerged in the space is Zerocash, which is a currency built on zero-knowledge proofs to provide extremely robust cryptographically secure anonymity. All of these kind of float around in a constellation around Bitcoin. They're all interchangeable for Bitcoin. One of the things that's happened in the currency markets, in the digital currency markets, that is really interesting.
I have no fiduciary involvement in this. I'm just interested as a user. Shapeshift. Shapeshift.io is a website that allows you to do instantaneous exchange between currency pairs without even setting up an account.
You just say, I want to change this to this. And it says, okay, whatever you send here will get exchanged and go there. So you set up a little pipe and you say, I want to exchange Bitcoin to Fedcoin. And so then it says, okay, give me your Fedcoin address.
You put it in. So you give me an address for the refunds of your Bitcoin if something goes wrong. You put it in. And it says, okay, here's a Bitcoin address.
If you send the equivalent amount of Fedcoin to your address. Quick, easy, you can swap between two currencies. Interestingly enough, what that means is that you can treat all of these currencies as liquid and fungible to each other. You can basically get in and out of any of them.
Including Bitcoin. And go back and forth very easily just for a single purchase. And some websites include Shapeshift so that you can pay in any of a hundred different, say, currencies. And it will just convert it into, say, Bitcoin in the back for your payment.
So that's interesting. It's opened up a lot more possibility. It makes it a lot easier for more of these alternative currencies to experiment and develop features. And maybe some of them will be wildly successful.
Let's hope. I'm not a Bitcoin maximalist. I don't believe that Bitcoin should be the only chain or will be the only chain that exists. I think it will probably be the dominant chain in a parallel distribution.
It will have 60 to 80% of the market share and then there will be a long tail with 10,000 currencies behind it of different uses and different values. And I like many of them. Okay. Cue the Twitter threats.
Next. Yes. We're talking about the incentives for the work. I was just wondering, do you feel like when the blockchain goes down to zero, do you think that people will still mine at the same level and will the fees be the same as the Visa transaction and then we don't have the Visa?
So the question was based on the incentives that exist in the network, what happens when the reward for seniorage, for generation of new coins, drops to zero and the only reward is fees, will miners keep mining and will the network fees be reasonable? First of all, just to give you some perspective, this happens gradually between now and 2141. By that time, people on Mars will have to decide if they want to go into mining with their solar panels. So who knows?
I hesitate to make predictions for Bitcoin three months out. You're asking me to make some 136 years out, so I'll try. The important thing to realize is this happens very, very gradually and it happens in an environment where the reliance on seniorage drops while presumably the number of transactions and activity rises, which means the transaction fees rise. What it should do if you look at it in a graph is it should do kind of a curved X.
So fees go up, reward goes down. And fees go up not because fees are getting more expensive, but because you have more and more transactions paying more or less the same fee or less. So if you imagine a block today which has 12.5 bitcoins in it and let's say a tenth of a bitcoin in fees. So it's a 120 to 1 ratio in favor of the seniorage fees.
Now let's construct a block in 2141. What's the minimum reward? One satoshi. Right?
Okay. Now let's say this block has 10,000 transactions. Just pull the number out. Probably have more, but let's say 10,000 transactions.
What's the minimum fee they can pay? One satoshi. Right? So if you just had the minimum issuance and the minimum fees you'd have 10,000 satoshis in fees and one satoshi in seniorage.
So now the ratio of seniorage to fees went from 120 to 1 to 1 to 10,000. And this didn't happen overnight. This happened over 140 years in a gradual curve. Somewhere there there's a crossover point.
That crossover point is the day it's 1 to 1. Where now miners know that for the future they're going to focus more on fees. And that happens way before you get to 2141. So I'm not worried because it's not going to be a surprise.
This is the same kind of question that happened with the halving. What will happen when the halving happens? Well we've been kind of, we see this coming four years in advance. Everyone's prepared for it.
This is part of living in a deterministic currency is we don't have to wait until the Friday spokesperson from the Federal Reserve open committee meeting to come out and tell us what our interest rate is. Mining doesn't stop. Will the fees be the same as Visa? If they are we have failed.
Badly. Because quite honestly the fees already for many transactions, most transactions that are above like $5 are lower than Visa. And we're getting better at optimization. If we introduce things like Lightning Network and other layer 2 technologies, if we increase the block size and do all of the other optimization and scaling things, we can do Visa.
We can do much more than Visa and we can do it cheaper. So I don't think we're going to have any problem. There's the capacity issue for Bitcoin will be a problem. All of the time.
But it will be a problem that we will manage in a way that is not fatal and gradually make it better and better. So failing to scale gracefully for 25 years. That's the goal. Yes.
All right. Fiat currencies have markets which reflect the time value of money interest rates, interest rate markets. How about Bitcoin and other cryptocurrencies? Are you aware of interest rate markets for Bitcoin and other currencies?
Yes. I mean there are interest rate markets for Bitcoin. You don't see them that often simply because a lot of these markets are over the counter. But if you're in the mining industry and you're going to have a steady stream of Bitcoin but you don't know what its value is going to be and you have Bitcoin now, you may want to have various contracts, futures contracts to protect yourself against volatility.
And out of these futures contracts, what emerges is various forms of interest payments. That would be a market in reference to some other currency. I just mean within Bitcoin itself. Bitcoin now versus Bitcoin.
Well there are actually some investment funds that invest funds that are in Bitcoin into companies directly in Bitcoin and presumably generate returns in Bitcoin. These investment vehicles pay some kind of rate of return and therefore those represent interest rates. Future value of money doesn't change if you change the currency. It still exists as an economic concept.
Nothing changes. What we don't have yet is the mechanism to carefully and quickly discover the correct market price for the future value of money in this economy. Yet. You'll see that mature.
I mean if you remember in the beginning of Bitcoin we didn't have a market mechanism to discover what the price of Bitcoin was. How much do you want for two pizzas? I don't know. 10,000 Bitcoin each?
Sure. That was March 2010. I think. Yes.
Who else? Yes. So I know you don't want to predict things in the future but the if you fast forward say five years or so what do you think we're going to be building on what applications will we be building on Bitcoin as compared to something like Ethereum? That's impossible to answer.
I can't even answer that a year out. If I fast forward five years my voice will sound very funny. But other than that I can't tell you anything else. What applications will we build on top of Bitcoin?
What applications will we build on top of Ethereum? My general attitude is this. The designers of these systems do not get to decide what niche their system will fit in. They may have an idea about where they want it to fit in but inevitably the market decides what applications are best suited for each one of these systems and it may be very different from what the designers had in mind.
The designers of the internet were creating a network to survive a strategic nuclear attack against key routing elements in the network and to maintain connectivity of military sites. Cat videos was not part of the brief and yet here we are. One billion instantly accessible indexed cat videos with artificial intelligence software that can identify which ones are cat videos. So what they built it for, what it ended up being, not exactly a match.
I predict that we will be building cat applications on Bitcoin. Just human nature. What do you think about where Bitcoin interfaces with the rest of the financial network? Specifically in the form of ETFs and things like that.
Right now there is one ETF out there that was predicted to be more in creating a significant premium meaning but more ETFs aren't coming into existence with it. Yes. So what's happening with the interface between Bitcoin and the traditional financial system and why are there not more ETFs? There is only one at the moment that has come into existence.
I assume you mean GBTC. And it is trading at a significant premium and what happens? Why haven't there been more? Well, it's because Bitcoin is sufficiently alien that it can't be swallowed by the traditional financial system.
They really have no idea how to handle it. It doesn't conform to any of the expectations. The entire financial system is an antiface of counteracting controls, counterparties, risk management layers, and checks and balances. All of which assume custody and oversight and control.
Of which Bitcoin expresses none. So how do you take something that is this alien and put it in this type of environment? This is exactly like asking it's the early 1900s and the automobile is out. Why are not more pony express routes being replaced by automobiles?
There's no roads. And they've built a series of stations that have lots of hay which can't be used for the automobile. So everything they have doesn't work with what is new. And that is basically the issue.
Bitcoin is quite capable of having an ETF. ETFs are quite incapable of encompassing Bitcoin into the current regulatory system at the moment. They're finding it very difficult to swallow. And that is a feature, not a bug.
I hope they choke on it. Alright, next question. Let's take maybe two more. Yes?
Can I get one of the spare books and can I get a picture? I'll be happy to do pictures afterwards. All the books have gone though. We're given out by random pick from the RSVP list.
I apologize. The book is available on Amazon.com as paperback. Kindle as e-reader. But also on Kindle Unlimited for free.
On Kindle Lending Library if you remember Prime for free. And on the RSR for Bitcoin. And you can buy it for Bitcoin using per-stallt.io. And it's currently available in about 40 countries.
Thank you. Okay, two more. Who hasn't asked a question? Let's try again.
You mentioned layered technologies. If Bitcoin was layer one, you mentioned layer two might be with Lightning Network. Have you thought about further... No.
I mentioned layer technologies. So if Bitcoin is layer one or layer zero, and layer one is Lightning Network, what's layer two? Have I thought about other layers? It's really difficult to see how the layers evolve and what the interfaces between the layers are and which functions end up in which layers.
And keep in mind, there will be more than one stack. Above IP, there were multiple transmission controls including the OSI layer. And below IP, there are multiple stacks underneath that most people never see. So software-defined networking, and before that fiber networks, etc.
So it's impossible to know exactly how it's going to play out. What I can tell you is the protocols are not built monolithically. We're not going to do everything in a single layer. That doesn't make sense from an architecture perspective.
That doesn't mean we don't scale Bitcoin. We will scale Bitcoin, but we will scale it so that the layers above it scale even further. Not because we want to do everything in a single layer. It doesn't make sense to do everything in a single layer.
It doesn't work. Yes? Last question. Make it good.
Let me see how I'm going to phrase this. A lot of the core team, they seem to be really gung-ho on the off-chain scaling solution. At least prioritizing that first. So much so that I have a quote here on Reddit recently that said, we should not change Bitcoin to accommodate more users.
And that's one of the things that they were talking about in the IRC. So they were going with the SegWit soft working rather than let's say going with the hard working. And they were also criticized notably by other people like Jeff Garzik of the risks that are inherent in Bitcoin. And they were also criticized by the more complicated solution.
So how can you compare this with, let's say, Tom Zander's FlexCap proposal of taking the hard work approach and how might Core's roadmap be wrong? I mean this would take an hour to answer and more importantly I don't think my opinion matters at all to any of the parties involved. Nor should it. This debate about big blocks and small blocks and how we scale Bitcoin.
First of all, I don't think it's accurate to say that Core is focused on not scaling the Core layer. As you said, it's a prioritization issue. Which one gets prioritized first? Now, I have I have a nuanced opinion on this which pisses off everybody.
Because if you're if you have a nuanced opinion then you're sitting on the fence and both sides are going to look at you for not taking a side. And I'm not going to take a side because I think that both sides have merits. And really the question is a matter of prioritization and sequencing and conservatism versus a more aggressive approach to scaling. From time to time my opinion has changed as I've seen new data.
More recently, two days after the Ethereum fork, I thought whoa, that went extremely well. A clear 95.5% split, technologically executed beautifully. This is going to put a lot of pressure on Core to come up with a similar solution for Bitcoin. I was wrong.
I was very wrong. Because a week later actually two weeks later we discovered that even though technologically the fork worked politically it failed. And suddenly you ended up with a 70-30 split. And that was a disaster because there was not enough provision in the software to deal with replay attacks.
It cost a lot of money. I think there are some people from Coinbase in here who may have suffered some losses because of that. Because of the replay attacks. I know other exchanges did too.
Or I heard that other exchanges did. So, now, after that my opinion was revised. And I think in Bitcoin, politically a hard fork is a hell of a lot more difficult. And will cause a deeper schism.
So I don't think it's as easy as one team is right, the other team is wrong. I think we're going to have to let this roadmap play out. And for the time being it seems that the majority of the participants in the system are continuing to put their trust in Core as long as Core continues to deliver on their roadmap to a certain approximation. I'm not worried because I think in the long term what we're going to do is we're going to scale in the second layer and we're going to scale the core layer with the block size increase.
And we're going to do network optimizations and and and. The scaling options are not either or, they're and and and. And you just have to decide which comes first. I think a lot of this drama is unnecessary and honestly in terms of segregated witness, soft fork versus hard fork I think soft fork is a better way to go.
I do. I think we're going to get it cleaner and quicker than a hard fork. I think a hard fork, given the current political situation of Bitcoin is way too dangerous. Even if it was for something that everybody agreed on like SegWit, which I don't think you would need to get that agreement.
So that's probably a very nuanced answer about a very nuanced question and I'm sorry if I didn't give you more of a direct answer. I don't think there is a simple black and white answer to that problem. Alright, thank you all for coming. Thank you to our host from Plug and Play.
I'm going to hang out here, chat with everyone. Unfortunately we're out of pizza so I don't expect everybody to stay for very long. If you want your book signed, I'll be happy to do that over the next ten minutes. If you want to take photographs, I would like to do that after I've done the book signing.
Thank you so much for coming tonight. Thank you.