Video - Ask Me Hard Questions About Bitcoin Part II

Part II of Andreas Antonopoulos Q&A with the San Francisco Bitcoin Devs meetup on May 5th, 2014. He answers all questions from simple to hard category that anyone asked in this video.


ONSCREEN TEXT: How can we improve Bitcoin security and accessibility for everyday users?

ANDREAS ANTONOPOULOS: So, I’ll get to that in just a second. I’ll give you just one example. I am (0:00:17) Bitcoin, I haven’t slept for a while since then because I spent two hours teaching how to do basic security and he doesn’t know how to use an internet web browser, definitely not Satoshi. No question about that. Never try to teach your grandma how to use a web browser you know what I’m talking about. This is someone who comes from the previous generation of computing, mainframe computing, not the internet generation; does not know any of the browser paradigms, does not know paradigm, navigation paradigms. Like for example, the things that are underlined they’re clickable. Simple things, right? So how do you teach someone like that how to do basic Bitcoin security? Very, very difficult, right?

MAN #1: Andreas, but we can use software devices.

ANDREAS ANTONOPOULOS: Okay. So, let’s talk about how we get around this. We’re basically going to see a couple of different ways we get around this. The first one is we’re going to see the implementation of Roots of Trust (0:01:19) platform modules whether those are hardware wallets or they are trusted platform module built into devices. So for example, a TPM of a laptop that stores keys runs the cryptographically secured pseudo random numbers generator and thus transaction signing elliptic curve operations write on the chip, temper-proof chip built-in. If the keys never leave that chip, that chip can be secured. So you basically have within the general purpose operation system, you have a trusted roots, the hardware devices signed which does key storage and transaction signing.

And then, you just send it to transaction and it will prompt you for a token or fingerprint swipe or something like that and when it does that it’s completely bypassing the operating system so it’s using the hardware display to overlay something. It’s taking hardware keyboard or hardware fingerprint scanner without involving the operating system at all.

An alternative is put your hardware devices like Trezor or other hardware wallets like that which basically do Bitcoin operations on the device, that screen maybe a little (0:02:30) etc. (0:02:34) devices like that hardware wallets to make Bitcoin usable by regular people.

ONSCREEN TEXT: What are the prospect for multi-sig in terms of improving security and accessibility?

ANDREAS ANTONOPOULOS: What’s really promising is the capabilities around multi-sig. So what you can do with multi-sig is you can introduce risk managements and arbitrations through the use of an additional signature. So when you hear people say that Bitcoin transactions are not reversible or that you have no recourse that’s not actually true with multi-sig. You can make transactions under Escrow that are reversible effectively and you can introduce recourse. So this is the way I try to describe it.

If you do a transaction on the PayPal system, PayPal is your arbitration provider. If something goes wrong PayPal is the recourse you have but only PayPal and only by their rules. And if you do a transaction on Visa and something goes wrong you will call Visa and they will give you recourse but only Visa on the Visa network.

So in the traditional world when you choose the payment system you choose the arbitration provider and you choose the rules of arbitration that go with that provider and you don’t have another choice.

With Bitcoin you can actually introduce arbitration providers into each transaction on a case by case basis and make your choice. Let’s say for example, you want to do a real estate transaction. You could agree with the other party to introduce arbitration provider with (0:04:06) Escrow for that transaction and you would pick someone who is a real estate expert. You would pick someone who has good reviews as an arbitration provider and then that person or institution or algorithm could provide Escrow services for you for that particular transaction.

If you’re doing a transaction that involves purchasing antiques or art you might have an arbitration provider who has experience with some of these options and art appraisal.

If you do a transaction that involves international shipping you might involve an arbitration provider that does import-export businesses, shipping and transportation insurance services.

So what that means is with multi-sig and the ability to introduce an arbitration provider of your choice you put up an entire market for arbitration providers and you can pick and choose from that market. You don’t have to pick just one, you can have multiple arbitration providers and you can have backups between them. And with that you can also have on a per transaction basis you can introduce someone to do just risk management. That’s something that Green Trust doing, that CryptoCorp is doing and a bunch of other companies are now developing around multi-sig.

The idea basically is that you have a wallet and a set of addresses that are always by definition multi-sig. You put your funds in there and then every time you try to spend something it requires you two signatures; one from you and one from your risk management provider. And what your risk management provider is going to do is they’re going to look at the transaction you’re trying to sign and they’re going evaluate how risky that transaction is. They’re going to look at how big an amount it is, what percentage of your total balance is, what the destination address is, right? Whether it’s a known merchant or payment (0:06:03) like BitPay or rather to complete the unknown address or worse one that has been identified as being in phishing attempts. And then they’ll call you, they’ll text you. You’ll get a phone call that says you are trying to spend one hundred dollars to thieves are us. To approve this transaction press one. Cancel this transaction press two. And so you can easily manage that risk. So that’s something we’re going to see being developed in the Bitcoin space now.

The way to look at this is really interesting. The way to look at this is we’re reintroducing the recourse capabilities, the arbitration capabilities, the Escrow capabilities and the risk management capabilities in traditional financial services environments. Plus, we’re doing them in market based way where the choice of provider is completely independent to the payment network and can be done as negotiation at the point to the transaction creation on a per transaction basis. Custom to the type of transaction you’re trying to do from a wide open market of providers of these services and you can do it programmatically which means we’re going to have a lot more flexibility to do schemes that are less centralized, less controlled by big monopolies and more flexible to address the need. So multi-sig is huge.

Here’s the thing. Multi-sig was first introduced as a technical proposal in November of 2012. It was first introduced with the Softforce (0:07:41) in November of 2013 and that’s when transactions started to be mined that supported multi-sig and we are now four months from the moment it was introduced. Now the fact that in four months there are half a dozen companies working on this and every single major wallet is working on this is nothing short of miracles. In financial services an innovation like that would take ten years to roll through all of the infrastructure, we’re doing in four months what it would take a decade to do in financial services and you already seen providers like GreenAddress and CryptoCorp and BitGo and others do it.

Part of the reason it took so long is because if you start doing multi-sig on a large scale you can’t do it with non-deterministic addresses. It gets too complex to manage. What I mean by non-deterministic address is that means if you generate private keys through a roll of the dice by randomly generating a private key each time then keeping sync between the keys you’re generating from (0:08:56) multi-sig and the keys something else is generating from (0:08:59) multi-sig and then matching all of these keys becomes very difficult.

Multi-sig actually encourages the one address per transaction, one key pair per transaction mentality in Bitcoin. So now the number of addresses you have to manage and the number of key pairs you have to manage slows once you start doing multi-sig. And because you’re not just managing it for one signature but you’re managing it for two or different signatures so you got three times the number of addresses per transaction and you’re doing a separate one per transaction or three separate ones per transaction, there’s no way to do that with random rolls. So you see two things move in parallel; one is multi-sig and the other one is hierarchical deterministic wallets BIP 0032 tree based wallets. And what this allow you to do is from a common seed generate billions of key pairs that are all predictable and then have a specific structure within them that allows you to quickly identify which key pair is used for which transaction and regenerate that and use it to sign a transaction. So, both of those have been moving in parallel.

Hierarchical deterministic wallets are absolutely fascinating. You can do essentially a tree which has a root node and then below it 32 bits of address space on the first level, that’s four billion branches on the first level followed by four billion branches per branch on the second level followed by four billion branches on the third level. So the easiest thing you can do in a hierarchical deterministic wallet is get lost. And if you don’t know where you are on the tree there’s no way you’re going to find your way back to that. So, what’s been happening over the last four months is a really broad discussion among the makers of hardware wallets like Trezor, software wallets like MultiBit, Armory and things like that and web wallets like GreenAddress, BitGo including Blockchain and many others on how you structure the internal path of a bit-32 address so that you can predictably recreate them. So, which branch of the tree is used for private signing keys, which one is used for creating change addresses, which one is used for doing multi-sig transactions, which one is used for doing Bitcoin, which one’s used for doing (0:11:28) for example, so you can have a common seed across currencies. All of that work is now coming to fruition so you going to see a lot of things happen in the next couple of months. Pretty much every company in the space is working full-speed to do that.

So, that was a very long answer on security and multi-sig and hierarchical wallets but things are getting a lot better.

If you look at the problems we have in Bitcoin with security there’s two ways to look at them. One is this will never work and never mainstream. And to those who think that I will tell them that in 1992 I sent e-mail using UNIX command like skills and it took two days to cross the internet. There was no way my mom was going to do that, right? But it happens. And I remember when doing a search on Archie it took all day and you couldn’t find anything on the internet and if you go back long enough you’re going to find articles in Wire Magazine that said the internet will fail because we’ll never be able to search and find that. So those who see those as problems are missing the point. The point is you take that problem and you solve it and you got a ten billion dollar industry. You got the next Google, right? You solved search. You solved e-mail, you’ve got the next e-mail.

So what we should be thinking about is if you have a problem in Bitcoin security and you solved them with hardware wallets that’s a billion dollar industry. You solved it with hierarchical deterministic wallets that’s a billion dollar industry. If you solve multi-sig that’s a billion dollar industry. If you solve Arbitrust, Escrow and risk management services in an open market and create a market placing those services, that’s a hundred billion dollar industry right there.

So there are opportunities for entrepreneurs to solve these problems now. They’re not just problems.

ONSCREEN TEXT: What are the thoughts on various layer protocols, like Mastercoin and Counterparty?

Also, do you support introducing things like P2P lending and the ability to issue securities on the Blockchain?

ANDREAS ANTONOPOULOS: That’s going to be a rather long answer too. This is one of the fundamental issues or compromises or design decisions that anyone has to make if they’re trying to develop innovation and Blockchain technologies which is you have Bitcoin Blockchain with 10 PetaHashes now, I don’t remember what it is right now. We used zero block application my company makes (0:13:52) that up but you have 10 PetaHashes say (0:13:56) on Bitcoin and then you’ve got a fraction of that on alternative (0:14:02) chase like Doge (0:14:03) whatever. If you’re building a new Blockchain technology then the fundamental problem you have is you either have to find the way to squeeze your functionality inside the Bitcoin Blockchain and take advantage of retashing power or you have to create something compelling enough to attract miners and then bootstrap your own (0:14:27) power fast enough before someone comes in with a ASIC stops on you. If you do a CPU-friendly Blockchain technology today and try to bootstrap an Altcoin on a CPU-friendly technology I’m going to go and take rent a botnet for a day with 15 million machines and I’m going to take over your Altchain in five minutes, right and you just lost your Altchain. It’s very easy to do.

If you decide that’s going to be too easy to do and you make a shot 256 friendly Altchain you’re going to boot your nice brand new baby little Altchain and I’m going to dump a terahash ASIC on you and take it home, right and now I own your Altchain that way. So you’re squeeze between two alternatives that are both which are really terrible, right? It’s very difficult to boot an Altchain now to a level with sustainable that cannot be hacked easily even by one percent level on the coalition for a couple of hackers or a couple of ASIC miners.

So this is going to be the fundamental compromise. How do you design features?

So, at the moment there are three answers to that. Answer number one is you use a layer protocol on top of Bitcoin and you take advantage of Bitcoin’s hashing power. And so, number two is you can create a compelling Altchain and you bootstrap it as fast as you can and hope that no one 51% you while you’re booting it. And answer number three is you create a touring complete platform for building chains called Ethereum and you build (0:16:06) on top of that. And the advantage of that is you get your chain implementation which you share mining with everybody else’s chain implementation. So what’s you’re doing is running a contract. I think Ethereum is actually one of the great answers. I think the overlay protocols, Mastercoin counterparty etc. are great answer. I think to build your own Altchain is going to become nonviable.

So the way to think about is this – think about the overlay protocols as http. If you want to develop new functionality on top of the internet today you do not invent a transport protocol. You write over http or TCP or you write over a peer-to-peer protocol like bit warranty. You use a fundamental building blocks and then you layer it on top of something that already works well and you take advantage of that network effect. Nobody goes out and implement a completely new transport protocol because it’s infeasible, because it cannot scale effectively. So I think we’re not going to see many Altchains coming out. We’re going to see most is layer protocols.

Here’s the other thing to think about. Are people are worried about what happens with Bitcoin and (0:17:27) groups that are powerful can come together and alter the course of Bitcoin and turned it into some kind of PayPal-like version, introduce features nobody wants and subvert the protocol, right? Hijack the core Bitcoin protocols (0:17:46). I don’t worry about that. I worry about the exact opposite which is if you look at the Bitcoin consensus mechanism today in order to achieve consensus for (0:17:57) you need to get massive support from the miners, both independent miners and mining (0:18:06). But that’s not enough. You also need to get support from merchant processing gateways because if they’re not processing the merchant transactions on the new fork and they stay on the old fork then even if the miners move their mining empty blocks. You also need to get the support of the web wallet companies like Blockchain and the exchanges and brokers like Coinbase and Bitstamp because if you don’t once again the miners all moved and now they’re mining empty blocks and you have to get the support of the users and you have to get the support of the hardware manufacturers that are coming along like Trezor and others who are making hardware implementations to the core protocol.

So, in order to actually do a hard fork in Bitcoin we’ve gone from persuading the miners to persuading five constituencies that all have power of consensus and if you know anything about democracy you’ll know that it’s going to become very, very difficult to achieve consensus on that scale on major changes. So what I anticipate we’re going to see over the next year or two years is gradually the rate at which major changes, the protocol in Bitcoin can happen will slow down until within a couple of years the core Bitcoin functionality will freeze and we will not be able to make any more changes. This is exactly what happened to IPv4. It got to a point where enough hardware was implementing IPv4 and distributed in millions of routers and millions of (0:19:45) devices and millions of custom devices that were connected to the network that implemented the IP stack that you could not rule out new versions of the protocol. And as a result even IPv6 is also possible to deploy (0:20:00) taken 16 years and (0:20:03) to include your patches through IPv4 like Net Insider (0:20:06) and things like that because we can’t get to the next version.

Essentially the protocol ossify, right. They got big enough, good enough, early enough and then it stopped evolving. You cannot introduce more evolution because there’s too much embedded hardware and too much network effect. That’s going to happen to Bitcoin in the next two years of (0:20:28). The core Bitcoin protocol is going to stabilize in whatever state it is whether we like it or not, whether it’s ready or not and then we won’t be able to make any major changes. I think we need to get some of the anonymity issues done right before that, some of the fungibility and scalability issues done before then because we will not have a chance after this.

In the next two years we will have the protocol for Bitcoin that will be with us for the next three or four decades. So, think about that for a second. That’s a much bigger risk than someone hijacking the protocol rather the fact that we won’t be able to change it. So what happens then? Exactly what happened with IP. Most of the innovation moves to layers of above the core protocol. The core protocol stabilizes and freezes into a (0:21:22) supports the basic functions like TCP/IP has and then you have a layer protocol on top just like http which opens the door for introducing layers of innovation above the core protocol. So, counterparty in Mastercoin serve the purpose of http and they allow us to move the innovation up one layer, freeze the basic address and transport layer in Bitcoin. The core transaction fungibility layer freeze that and then move the innovation up one layer they way you can have a lot more flexibility until eventually that layer freezes too. Http is basically frozen on the internet too, more or less and increasingly (0:22:07) it’s getting difficult to operate, right? And this is a history of computer science. This is a history of computer science since the beginning as layers get abstracted and you build things above them the interfaces that point down make it very difficult to change the layers underneath because they affect too many things on the northbound side and so those layers freeze and you build another layer on top. We’re going to see that evolution happening in Bitcoin. So I expect to develop into Ethereum as a platform that’s a bit more flexible working in parallel with Bitcoin as a currency as well as the secondary layer counterparty Mastercoin or whatever comes next will give us the way to develop all the innovation we need because Altchains on their own cannot stand. You need a very compelling reason to mine an Altchain.

Written by Andreas M. Antonopoulos on June 4, 2014.