Video - Immutability and Proof-of-Work - The Planetary Scale Digital Monument
This talk took place on September 13th 2016 at the Silicon Valley Bitcoin Meetup in Sunnyvale, California. In this talk, Andreas discusses the concept of immutability and the essential characteristics that arise from energy-intensive Proof-of-Work.
ANDREAS ANTONOPOULOS: Good evening, everyone. Thank you for coming. Welcome. It’s really a pleasure to be back here at Plug and Play Silicon Valley. I believe this is my fourth or fifth presentation for this particular meetup which keeps getting bigger and bigger every time. Every time I come more members. Now how many of you are as repeat (0:00:22) for this meetup?
Okay, a few people just showed up. I have some good news and some bad news. The good news is if you just showed up you’re welcome (0:00:34). The bad news is that I drew names from the RCP list to give out 10 copies of my new book, The Internet of Money (0:00:46).
MAN #1: (0:00:48)
ANDREAS ANTONOPOULOS: Oh, you brought it? Okay. (0:00:54) Refunds on returns. So, at the end of the show I’ll give out 10 copies. If you’re not particularly interested or you already have a copy just let me know and I’ll just call the next name in the lot. If you’re not here you can’t get the book so please stay until the end even if it’s very boring.
Okay. So, how many people here have Bitcoin? Fantastic. And how many people do not yet have Bitcoin? The difference is the people are too shy to raise their hands. Okay, great. The four or five people raised their hands who said they don’t yet have Bitcoin remember the faces of the people who do have Bitcoin and do not leave here tonight without getting them to give you some free Bitcoin. And if they won’t, I will. The whole point of this is to help you install a wallet, receive a small amount of Bitcoin so you can do some transactions and try it out for yourselves and it’s always fun. The first time you experience Bitcoin transaction will be memorable. All right.
The topic of today’s talk is Proof-of-Work and the Monuments of Immutability. I want to talk specifically about immutability and what that means is this new era of digital currencies, what it means to have a digital system that is unchanging. Immutability is a tricky concept first of all because it doesn’t really exist, right? Everything changes. That is nothing in nature that is forever unchangeable, the universe itself, the vacuum, particles, everything changes nothing is immutable.
So immutability is really more of a philosophical idea but we use it in practical terms. So what do we need when we say immutable in practical terms? The way I like to think of it is if you have a scale of something that’s very easy to change all the way to the hardest thing you can possibly find to change, the most unchangeable thing. The thing that is most difficult to change. Immutability is that side of the scale, right? So, for practical purposes we’ll define immutability in any sense to be the maximum of that scale of how hard it is to change something. And on January 3, 2009 that scale expanded significantly a new maximum was defined. A new maximum in terms of what it means to be immutable for a digital system. Nothing is as immutable as Bitcoin so Bitcoin defines the end of that scale at the moment and so it redefines the term immutable.
Now that has some interesting implications including that you can’t call the things to the left of that immutable; you can’t call them immutable-ish, you can’t call them kind of immutable, right? Immutable-ish is like pregnant-ish, right? It only make sense as the maximum value, not the maximum minus one. So immutable when once history defined the things below it can’t be called immutable anymore. And so why is Bitcoin immutable? What gives the Bitcoin Blockchain the characteristics of immutability?
What is it that makes it unchangeable? And the first answer that most people go for is the Blockchain. The Blockchain makes Bitcoin immutable because every block depends on its predecessor creating an unbreakable chain back to the genesis block and therefore if you change something it would be noticed therefore it’s unchangeable. And that is the wrong answer because it’s not really the Blockchain that gives Bitcoin its immutability and that’s a really important nuance to understand.
The Blockchain make sure that you can’t change something without anyone noticing and a security we called that tamper evident; meaning that if you change it it is evident. You cannot tamper it without evidence of your tamper; tamper evidence but that’s the highest standard in security what we called tamper-proof and tamper-proof is something that cannot be tampered with. Not just will be visible if it’s tampered with but cannot be tampered with, immutable.
And the characteristic that gives Bitcoin its tamper-proof capability is not the Blockchain, it’s proof-of-work. Proof-of-work is what makes Bitcoin fundamentally immutable and that is a really important concept to understand because a lot of people are throwing around words like Blockchain and claiming that these things are immutable even though they don’t have a proof-of-work consensus algorithm or any kind of consensus algorithm that gives them immutability at best they offered tamper evidence; meaning someone will notice but they are not unchangeable. This distinction is going to become historically important.
Now you may think historically important that’s a pretty heavy term. Why is it going to be historically important? Because if Bitcoin continues to work the way it’s working today we are introducing a new concept which is a form of digital history that is forever and if that history lies 10 years that’s impressive, if it lies a hundred that’s astonishing, if it lies a thousand years it becomes an enduring monument of immutability, an edifice of immutability, a system of forever history, unshakable history and that is truly a monument of our civilization and we have to consider the possibility that that will happen.
I used the word monument and I want to expand a tiny bit (0:07:53) and talk about proof-of-work. Proof-of-work was not invented by Satoshi Nakamoto. You can see evidence of proof-of-work systems throughout human civilization. There is some big pointy proof-of-work in Cairo, the pyramids. There is some big stone proof-of-work in Paris, the Cathedral of Notre-Dame. In fact, proof-of-work is something that our civilization does quite often. Let’s think about that for a second.
The pyramids served two purposes. The minor purpose is as a religious art artifact and two, for the king. But even more interesting purpose is a declaration to every civilization and every human that sees it behold this is the measure of the Egyptian civilization. This is what we can build, this is proof-of-work. You cannot build this (0:09:08) cheap, you cannot build this in a civilization that doesn’t have abundant resources. You cannot build this unless you can feed 20,000 people to not do anything but this.
You cannot build this unless you can guard it with soldiers. You cannot build this unless you commit resources for decades or centuries. This cannot be built cheap and the pyramids stand today as a testament of proof-of-work for the Egyptian civilization. And anyone without even understanding what this thing is riding up in the desert on a camel going over that hill and seeing a stone monument that’s a few hundred feet in the air looks at that and goes “Wow!” and wow is an expression of believing the proof-of-work, right? Because they immediately and intuitively understand something great built that and there is no cheap way to do it.
The Cathedral of Notre-Dame is the same thing. Marshalling thousands of stone masons over hundreds of years to build a monument to the church, a monument of religion that make people stand in such awe that they could only even give it divine origin. They could but believe that only a religious order could do something like that. It says behold the church, what we can do. That kind of open expenditure resources to make a point is proof-of-work.
And we see this again and again in civilization but until now we’ve only seen it in local environments for a specific country, organization or civilization. Bitcoin is the first planetary scale digital monument of proof-of-work and to those who come later we will be able to say behold this monument of immutability built over decades. Marvel at its function as well as its applicants because it has function.
Unlike the pyramids and the cathedrals it serves a purpose, a practical purpose and that practical purpose is to become a record of history forever. To become the definitive authority (0:12:00) that cannot be modified; the record of truth that cannot lie. And once a transaction is embedded into the Blockchain, the Bitcoin Blockchain, and secured by proof-of-work it becomes incredibly difficult to change.
This is the thing that most people don’t understand. Let’s break it down to tiny bits and look at some of the techniques that define it. But Andreas, what if 51% of the miners decide to change it? What if there’s a consensus attack? What if a well-funded government invests heavily in hashing equipment in order to go back and change the Blockchain?
So, one of the interesting things you have to understand is the difference between changing the past and changing the future. The consensus algorithm (0:13:01) determines the future of the Blockchain. If you have a majority of the hashing power on the Bitcoin Blockchain you can decide what gets recorded in the future but you can’t so easily change the past. And the reason you can’t change the past is because every node out there is going to still validate every block and it’s going to demand proof-of-work. That block still has to carry proof-of-work and there is only one way that proof-of-work can be generated. You have to commit energy resources to a particular block.
When you read all of these articles in the media and they say about how wasteful Bitcoin is because Bitcoin is created by burning energy they are completely missing the point. Mining doesn’t work to create Bitcoin. That is not the purpose of mining. Mining is not used to create Bitcoin. That is a side-effect. And the way I can proof to you it’s a side-effect is that one day there will be no Bitcoin, no new Bitcoin guess what, there will still be mining. Even after the last Satoshi is mined mining continues.
It must continue because its purpose is not to create Bitcoin. Its purpose is to provide security. Its purpose is to provide validation of all of the transactions of blocks according to the consensus rules. That is the purpose of mining and generating Bitcoin is the side-effect that serves as a mechanism of reward that creates gain theory incentives to make sure that the (0:15:00) is done right. Once you understand that and you realize what we’re paying for security it changes the perspectives slightly but it’s much deeper than that.
You see a lot of different consensus algorithms have been proposed, proof-of-stake is one of them. And many of these algorithms used the native asset to stake into the mining algorithm, into the consensus algorithm. Meaning I am going to commit X amount of my currency in validating the next block and if I fail to validate it correctly I lose that currency, right? But if I validate it correctly I gain a small fee.
And here’s the news, proof-of-work is also proof-of-stake. But proof-of-stake is not also proof-of-work. Let me explain that to you for a second because this is a really important point. When miners commit to a specific block they’re creating a candidate block, they’re stuffing in all of your transactions into that block after carefully validating them and then they take that block and they commit to it by hashing against it, by doing the proof-of-work mining algorithm.
Essentially what they’re doing is they’re saying “I am going to stake a thousand dollars worth of electricity or ten thousand dollars worth of electricity behind the security work I have done and if I haven’t done it right I lose my electricity stake.” So proof-of-work is proof-of-stake because what you’re staking is the energy investment committed behind the specific block that you’re saying “I have validated it correctly and to proof that I have validated correctly I am staking an enormous amount of electricity behind that; electricity that cost money.” But it’s different from proof-of-stake algorithms in other currencies, other digital currencies and the reason is that what you’re staking is not a native asset, is not something that is intrinsic to the chain whose value and future is determined by the chain.
What you’re staking is something extrinsic to the system. You’re staking energy, you’re staking something that has universal value on this planet. The value of the currency tomorrow maybe nothing and which is the value of the stake you make is nothing. But the value of the electricity today, tomorrow and into the foreseeable future is something and that means that when you’re staking electricity you’re staking something that has value throughout our planet. Proof-of-work is a lot deeper than we initially realize.
MAN #2: I have question here.
ANDREAS ANTONOPOULOS: Let’s take questions at the end. So, what if the miners decide to do a 51% attack to rewrite the past? Instead of starting from the current block and changing the rules into the future they can start from a previous block and mine forward. And if they have 51% of the hashing power they will eventually reach the current block in the minority chain and exceed it.
They will win the race eventually. So, the question is how long do they have to sustain it? Let’s take simple scenario. Let’s say we want to go back and change history three weeks ago. Three weeks doesn’t seem like a long time. In Bitcoin it’s an eternity.
Everyday 500 megawatts of electricity are used continuously to feed the mining process, just a ballpark figure it might be more, it might be less right now, let’s use that as a ballpark figure. Five hundred megawatts in 24 hours is 12 gigawatts of electricity, 12-gigawatt hours of electricity expended per day. 12-gigawatt hours of electricity over 30 days is 360-gigawatt hours of electricity over 12 months that’s 3.6-terawatt hours of electricity in a year.
3.6-terawatt hours of electricity is a lot of electricity. But it’s only a lot of electricity if you take it all at once. If you take it on a daily basis on a 500 megawatts basis running forth it’s enough to keep the Bitcoin network secure. But here’s the thing, if you try to go change Bitcoin it starts adding up pretty fast. You go back three weeks with 51% of the hashing power how long will it take to remine the blocks of the last three weeks, anyone?
MAN #2: Six weeks.
ANDREAS ANTONOPOULOS: Six weeks, yeah? Not quite. Some interesting things happen in between. The first week of blocks will take you two week to mine and then in two weeks you’re going to have a difficulty chains which is going to drop your difficulty and then it’s going to take another two weeks to mine the next two weeks of blocks so you’re going to end up approximately a four weeks total to mine three weeks worth of blocks. Here’s the problem. The other side didn’t stop mining, right?
At 49% how long is it going to take then to mine? So by the time you get to where you were when you stopped mining the majority chain and you tried to rewrite the history they’ve also mined at least two weeks ahead. If they got the difficulty chains too they’ve mined even further so now you’ve to mine a bit more to overtake them. Meanwhile, the miners who are doing this exercise are earning nothing presumably they’re part of the same hashing power that mined the first time around. Presumably they already had 51% of the power when they were mining the first time around and now that they’re trying to remine the last three weeks of blocks well, they’ve already banked the rewards but they banked them on the other chain which they’re making invalid.
So now, they’re going to get rewards on the new chain but only if they give up the rewards that they bank on the other chain which means effectively they’re going to spend three to four weeks at 500 megawatts mining for free. Meanwhile what happens on the other chain, on the minority chain? You are a 49% miner and you’re now mining a minority chain. It’s going to be hard. First two weeks it’s going to be slow you’re going to be doing blocks every 20 minutes but your share of the mining capacity just doubled which means your profitability just doubled. So, you’re getting more reward for the same amount of mining. And if that chain still has value you’re making quite a bit of money because you now have a bigger market share.
In fact the more people abandoned the chain the more profitable it is for the minority. All you have to do is peel off 2%. All you have to do is persuade 2% of the people who are mining for nothing to come mine on the chain where we’re mining for double rewards. How hard is that going to be? Which means that actually sustaining a 51% attack for four weeks is brutally hard. Now, of course, that means you probably only do it if you have 75%, 80%. Ethereum was staring with 90 at some point they went as low as 70% on the majority chain when they did their fork. That’s a pretty big drop. So, you have these economic incentives that make it very difficult.
Now please notice I’ve been talking about three weeks Bitcoin is seven years old. What if you wanted to change a transaction that was last year or a year and a half ago? Well, now the math is really against you because it’s going to take you almost a year to overtake that chain during which time you have to sustain that attack and not lose any one from your group otherwise you’ll never overtake it and then you make even less money. So, now you’ve mined it twice and got a zero reward on both times, right?
And this is the point that we really need to understand about Blockchains. There is something inherently interesting about the fact that you can show someone a number and they can calculate from that number how many joules of electricity you consumed to create that number and it is absolutely unforgeable.
That number is in itself proof that you have done the work. That is an incredible artifact for digital system. The fact that by presenting a number to a system that has never seen the history of the Blockchain that may have joined later, that may be seeing a false history of the Blockchain but you showed a block that has proof in it and you showed that noee, that number and they know it’s real and they know it took that much work to produce that number. There is no way to fake it. For a digital system that’s as close to real as it gets.
This is a monument of immutability built block by block and these blocks are now towering into the sky 420,000 of them containing accumulative amount of a work that is absolutely (0:26:12) and it cannot be changed or forged without not only the other person knowing it has been changed but without you actually expending the energy all over again. There is no shortcut and that is the difference between tamper-evident and tamper-proof.
You could disconnect from the Blockchain today not look at it for three years, come back three years later I can present you a single number and say “Do you believe this is an actual block from the Blockchain?” and you would be able to say with complete confidence “Yes.” The amount of work evidenced by this block could not have been produced any other way than if during the entire time I was gone you were expending energy at a predicated rate and you came up with this artifact.
I only need to see the pinnacle to know that it’s a real Blockchain. Only the last block, one number and I know how much work has gone into it cumulatively because it tends to have ever increasing work. The longest difficulty chain wins.
Bitcoin is not just simply a system of accounting it is the first digital artifact that provides forever history that provides true digital immutability. There is no other system that provides digital immutability at that level. It is a planetary scale thermodynamically guaranteed self-evident system of immutability.
Planetary scale because in order to do it you need to marshal resources that only exist in a planetary scale effort. Thermodynamically guaranteed because you could calculate the exact amount of energy it took to create it and there is no shortcut. Information theory tells us that to flip that many bits takes this many joules and there is no way to do it otherwise. Self-evident because the number that is produced as proof-of-work tells you exactly how much work has been done cumulatively and it really is a monument.
Now, then the interesting question arises. Can we really afford this? Is this a waste of energy? There is nothing on the planet that produces a digital record that is self-evidently immutable at this scale, nothing. It is the only platform on which you can embed data that will be guaranteed immutable within a few blocks. Thousand blocks after you put data in there is no going back.
That data is not going to change. Okay, maybe if you put in and it’s only three blocks old, maybe it can change. Six blocks old (0:29:39). 144 oh, this is getting tough and that’s a day. A week old done, done. It’s part of permanent history.
Our ancestors said this is as good as written in stone. Our grandchildren will say it is as good as written on the Blockchain because it is the new standard of immutability and it is globally accessible. Any application can leverage that capability. Other currencies, other chains, smart contracts they can all (0:30:20) against the Bitcoin Blockchain and as long as we continue to blew the monument, their little inscription like a piece of graffiti axed into the base stones of the pyramids we’ll be there potentially for centuries and they can import immutability for the local price of a transaction fee that if you consider it immutability as a service is an astonishing application.
It has enormous implications for software. It has enormous implications for the internet of things, for information security, for other systems of currency, for systems of record, title, registration, birth records. History can be written on the Blockchain for the little price of a transaction fee and it may well be there for a very long time but as long as it’s there it cannot be changed and everyone can validate it.
That is not a waste of electricity. That is the first practical application of digital immutability and it is expensive. But it’s expensive because it’s giving us something on a planetary scale and we only need one really and it’s probably too expensive to build two and that just means that the network effect is even more awesome because we already have one and it’s doing quite well. That one can support all of the other applications. The other applications could do much more light weight proof-of-stake. But if they really want immutability not tamper-evident, tamper-proof they need to subscribe to a service on the Bitcoin Blockchain. They need to record their data on the Bitcoin Blockchain.
If you were a banking consortium and you were assigning transactions in a distributed ledger technology by taking turns what is the cost of fabricating the past? What is the cost of rewriting history of saying WikiLeaks never received any of your funds, any of your donations? We’ve reversed all of those transactions. What is the cost of that? Thermodynamically, nothing.
In Altchain money, doesn’t matter we created the Altchain money, we can create more of it. As long as there is no proof-of-work behind it the cost of rewriting a ledger like that is zero. And if you can’t you will and if you can’t you’ll be coerced to and if you can’t when you get a subpoena you must. And so these Blockchains are not immutable.
These Blockchains are mutable as hell. They are fickle Blockchains to go to the other side of the scale. They’re transient, they’re meaningless. They have no weight of history behind them. They are whatever the last signer says they are. They have no weight. This year we’re (0:33:44). Next year we will always have been at war with this East Asia.
History is written by the victors. Not on the Bitcoin Blockchain. We don’t do 1984 on the Bitcoin Blockchain. History is written by the expenditure of real world energy and there is no cheap way to forge that history. Thank you.
MAN #3: Suppose –
ANDREAS ANTONOPOULOS: One second.
MAN #3: Okay.
ANDREAS ANTONOPOULOS: Fund first and then you can leave. Lawrence (0:34:36).
LAWRENCE (): Yes.
ANDREAS ANTONOPOULOS: Thank you so much for coming.
LAWRENCE (): Thank you.
ANDREAS ANTONOPOULOS: Sorry, I’m holding to many things. Frank Friedman.
FRANK FRIEDMAN: Here.
ANDREAS ANTONOPOULOS: Right. Thank you so much. Nice to meet you.
FRANK FRIEDMAN: Thank you.
ANDREAS ANTONOPOULOS: Ayako. Thank you so much. Nice to meet you. Valerian (0:35:06). I’ve heard of you. You’re standing behind the camera.
VALERIAN: (0:35:10) I’ll come and get that.
ANDREAS ANTONOPOULOS: Thank you. Valerian’s copy. (0:35:16)
MAN 4#: (Speaking foreign language)
ANDREAS ANTONOPOULOS: (Speaking foreign language). John Bolton. Congratulations.
JOHN BOLTON: I want your previous book too.
ANDREAS ANTONOPOULOS: Oh, wow! Winner winner, chicken dinner. Darwin Ling. Darwin? Didn’t make it tonight. Hmm. As you’re watching this video (0:35:51). Alex Park. Also didn’t make it. Oh, wow!. Levi Strobbe.
ANDREAS ANTONOPOULOS: Kim Won Kang (0:36:06).
MAN 5#: (0:36:08)
ANDREAS ANTONOPOULOS: Is that you?
MAN 5#: No.
ANDREAS ANTONOPOULOS: Oh, no. Is Kim Won here? Kim Won? Nope? (0:36:33). Nope? Oh dear, this random number generate don’t work (0:36:39).Avi. Trinh Nguyen (0:36:46) Okay. (0:36:50) I know you’re here. Congratulations. Meredith Finkelstein. Jack Targo (0:37:05). Chabas. Will. Username Will on the meetup. Robert (0:37:19). Kim. You signed up as Kim on the meetup? Congratulations. Thank you. All right. Let’s see, I have two more. Two more. Running on names fast. (0:37:41). Colin Belton.
COLIN BELTON: Yeah, I have a copy already.
ANDREAS ANTONOPOULOS: Oh, thank you very much, Colin. Ron. Just Ron. Ron congratulations. And the last book. This is for Jeff Flowers.
JEFF FLOWERS: I have a copy. I already have a copy.
ANDREAS ANTONOPOULOS: You already have a copy. Thank you. Daniel Fagin. (0:38:22).
MAN 6#: Oh, thank you so much.
ANDREAS ANTONOPOULOS: All right. For this book give away I would like to thank Scott Robinson of Plug and Play. He’s the organizer of this meeting, he made all of this possible and he also sponsored my expenses to come here and I ended up not using as much of the money for the expenses and so I used the remainder of his sponsorship money to bring these ten books today. So, please thank Scott Robinson. He couldn’t be here today (0:38:58). All right, now let’s do Q&A. You have a question.
MAN #2: Yes. So suppose the solar technology advances very well –
ANDREAS ANTONOPOULOS: Yes.
MAN #2: – it will capture a lot of same energy with very high efficiency so marginal cost (0:39:16) zero then would the proof-of-work more in that case suppose the marginal cost also –
ANDREAS ANTONOPOULOS: That’s a good question. Suppose that solar energy advances with its efficiency and captured a lot of the solar energy would that make proof-of-work unworkable because the marginal cost of the solar energy is zero? Well, yes and no; mostly no. Even if you have really efficient solar energy you have to consider three factors in that. The first one is that you pay for the solar panels so you have capital cost, right? The second is you pay for the mining equipment and so you have more capital costs, right?
MAN #2: Competition (0:39:58) the marginal cost.
ANDREAS ANTONOPOULOS: Yes, but at the –
MAN #2: Yeah, (0:40:01) calculate capital.
ANDREAS ANTONOPOULOS: Yes, but at the same time you’re competing those people who are going to apply more and more capital. But the third one and the most important one is that presumes you have basically no opportunity cost. Meaning that there is no other use of the energy could go to other than mining; meaning that either you so far exceeded the demand for electricity that you have all of this access capacity.
MAN #2: That’s what – that’s what (0:40:27)
ANDREAS ANTONOPOULOS: Right. The problem is at that point we’ve solved the energy problem of the world and at that point if proof-of-work is the one thing that doesn’t work you’ve gone to a star trek universe where money doesn’t exist, right? If you solve the fundamental issue of energy scarcity on this planet, completely solve it for the marginal cost to go to zero you have to have zero opportunity cost which means that you can generate abundant energy anywhere, anytime and always have access capacity. You solved much bigger problems I hope we get there. Then we need someone as brilliant as Satoshi Nakamoto to come up with a new proof-of-work algorithm.
I would suggest Sudoku it works. So, Sudoku is an asymmetric algorithm. Meaning that if you make the Sudoku puzzle bigger it still can be verified relatively quickly as to whether it’s correct. If you make it billions and billions and billions of times bigger then it gets really, really hard and you could make it to – so that you only have to do it on paper with pens so with human beings. So that would be a proof-of – well, literally proof-of-work algorithm just like the slaves of Egypt who built the pyramids. So Sudoku (0:41:57). Okay, enough of that. Yes?
MAN 7#: (0:42:04) have the technology and so –
ANDREAS ANTONOPOULOS: Well, it equalizes everybody so that’s about access to miners, access to internet capacity, access to storage to put the Blockchain on they still cost.
MAN 7#: And secondly, the (0:42:18)
ANDREAS ANTONOPOULOS: You’re limited by 2000 watts per square meter which is the maximum energy you can get on the surface which means mining in space.
MAN 7#: Space (0:42:38)
ANDREAS ANTONOPOULOS: Actually that’s not a joke. There are many reasons why mining in space could become a very interesting possibility. Solar panels, no atmosphere, no (0:42:51) anything. Yeah, all right. Yes?
MAN 8#: So you said that proof-of-work is not a waste –
ANDREAS ANTONOPOULOS: Yes.
MAN 8#: – because it’s so secure and then that’s the only Blockchain that gives that. But if proof-of-stake is let’s say not as secure but nearly as secure, secure enough is that not far superior and is that the case like, I mean Ethereum says they will move to proof-of-stake in the future I want to know whether (0:43:20) yet –
ANDREAS ANTONOPOULOS: Yes.
MAN 8#: – and I don’t know if there exist a proof-of-stake (0:43:27) works –
ANDREAS ANTONOPOULOS: Okay, so let me paraphrase a bit. So, if I say proof-of-work is not a waste what if proof-of-stake achieves a fair approximation in the level of security without that cost. Would it then not eclipse proof-of-work? The difference and I think that’s what I was trying to emphasize today is that you could use it to make sure that the security of the transaction is going forward is correct but proof-of-stake cannot give you robust immutability.
And the reason it cannot give you robust immutability is because what you are staking is the currency that’s one the network and if you have control of the network, right, you can issue more of that, you can do many things to violate the loss that you suffered whereas if you burned electricity outside the network you can’t get that back by rewriting the Blockchain.
MAN 8#: But you said not similar cost. Proof-of-stake I have to have let’s say 51% of the market capitalization so that’s pretty much I have to buy up most of the coins and then if I really take the system the market capitalization goes to zero I lose all that money. For Bitcoin if I want to invest so much capital and so much energy that I can probably stop the network and then destroy the market capitalization as well as this 51% I could not change (0:44:55) but I could probably –
ANDREAS ANTONOPOULOS: You could change the future but not the past not effectively.
MAN 8#: Yes, to a whole.
ANDREAS ANTONOPOULOS: You could do development service yes, both systems are susceptible to development service if you get the majority of the consensus mechanism. I would argue that getting the majority of the capital is a lot easier than getting the majority of the manufacturing facility and sources of electricity that are widely distributed and controlling those than getting the majority of the capital. In fact theoretically you might find I don’t know – just say random thing a bug in a smart contract still just to say a random number 14% of all of the currency in circulation and if you have a proof-of-stake system yeah, you’re 46% from your goal.
Sorry, 36% from your goal. So, that’s the problem. The problem of using something that is intrinsically native to the Blockchain is that I cannot simply steal the mining equipment that is out there, right? It’s tangible so, and I can’t simply access these enormous amounts of energy overnight. This take a long time to marshal this energy contracts which makes it more robust to that kind of interference.
How much more is that security differential worth it I don’t know. I don’t know if that is enough. I think it is. I think this is a unique platform with a unique set of application characteristics immutability as a service that is not only worse than the exact amount of electricity which will create a monument to immutability. Now, that means that proof-of-stake is also good and they can both co-exist in the market where they compete for resources for slightly different applications. There will applications that require robust (0:46:44) immutability guaranteed by thermodynamic cost.
And there will be applications that don’t need that and those applications may not need the proof-of-work algorithm. I think there are plenty of applications that do need that. And now that we have that we’re going to invent a lot more applications that need that that we didn’t know about before and I think that’s where it gets really interesting. What can you do when you have an immutable historical record that you couldn’t do before or have a thought of doing before that you can now? Yes?
MAN 9#: Can immutability be transferred as proof-of-payment?
ANDREAS ANTONOPOULOS: The immutability can really be transferred to any external system because any system can simply encode a digital fingerprint and embedded in the Blockchain by paying the fee. There’s a function for it called OP_RETURN that simply creates digital fingerprint and timestamps into the Blockchain.
So, that means that other things can anchor themselves and checkpoint themselves in different blocks leaving little trails behind and you can say at that time this was the fingerprint that was embedded and that is guaranteed because it can’t change.
MAN 9#: Proof-of-payment has become part of Blockchain?
ANDREAS ANTONOPOULOS: Proof-of-payment could be part of another Blockchain. I’m not sure what you mean by proof-of-payment exactly. Is this another consensus algorithm? Or is this proof that you paid the transaction fee?
MAN 9#: Proof that I paid the transaction fee.
ANDREAS ANTONOPOULOS: That’s part of the consensus algorithm. If everything combine then you pay sufficient transaction fee which may have been zero at the time but mostly it wasn’t. So you have to still follow the rules to get into the line that puts you on the Blockchain. You have to create properly formed transactions, pay sufficient fee and validate properly, propagate those across the network and then you have the chance of getting into the block. Yes?
MAN 10#: And what do you think of proof-of-capacity like in Burstcoin?
ANDREAS ANTONOPOULOS: Proof-of-capacity is interesting and I think there are a couple of interesting different approaches to this. I’m not familiar with Burtcoin. I know there are some things that are for example, disk intensive so that for example you have to proof-of-storage I guess you might call it.
There are various forms of proof-of-resource like use different tangible resources so memory footprint, you can create a consensus algorithm that in order to validate and to proof you have to produce randomly selected data elements from an enormous data corpus which maybe terabytes in size. And the only way to have that is either to store that enormous corpus or to buy this specific data element from someone who does store that data corpus. You could do things with bandwidth and other resources perhaps. I’m interested in seeing all of those.
MAN 10#: That’s proof-of-work initially to create the (0:49:50)
ANDREAS ANTONOPOULOS: And most of those are hybrid proof-of-work systems.
MAN 10#: That because you have to be in the list (0:49:58)
ANDREAS ANTONOPOULOS: Yes.
MAN 10#: And then you use the data.
ANDREAS ANTONOPOULOS: So it many cases these algorithms are hybrid algorithms and we’re going to see a lot more come out. Yes?
MAN 11#: If the Bitcoin Blockchain was up against hypothetically well-funded say, government or like some consortium whose objective wasn’t necessarily to get like to get benefit, financial benefit from it but actually inhibit its existence or whatever would that be a concern?
ANDREAS ANTONOPOULOS: I would argue that that is already happening. I mean, you know, little Bitcoin is currently poking the hundred trillion dollar banking industry going “Hey, we want that.” So yes, well-funded opponents, the best funded opponents we have them, the greatest. So, if they use some kind of internal consensus attack to attack Bitcoin and to thwart its ability to develop new blocks essentially (0:51:04) that would be a very interesting scenario.
First of all it would be noticed pretty quickly and secondly would immediately lead to creating counter-measures and when something attacks you and you developed counter-measures that’s a form of immunity. And through immunity you have a form of evolution which means that Bitcoin will evolve resistance to that kind of attack and then it will get attacked again and evolve resistance to that kind of attack and it is being attacked today and it is evolving resistance.
Not to those kinds of attacks yet but when they come it will evolve resistance to those too. Why? Because it is a massively decentralized system with a lot of independent actors who are guiding its evolution towards protecting the system against these kinds of attacks.
So, it’s going to evolve much faster than a biological system and it’s going to evolve immunity. Meaning that what the well-funded opponent is actually doing is training Bitcoin on how to win, right? They’re inoculating it against those attacks and whatever doesn’t kill it only makes it stronger. So that’s not the way you want to go after a decentralized system. I don’t know that are (0:52:24) ways to go after decentralized system but I know that one will backfire badly. Yes?
MAN 12#: Yeah. Thank you for coming, Andreas.
ANDREAS ANTONOPOULOS: Thank you.
MAN 12#: Like when you’re talking about like the other four billion and request of exchanges in your opinion what is the best practice to exchange (0:52:45) I’m interested and I love Bitcoin but I’m not comfortable with this central bank of Bitcoin that we called exchanges.
ANDREAS ANTONOPOULOS: Yeah. So, this question is about supporting the other four billion or the other six billion Bitcoin (0:53:00) account and what is the issue is exchanges are very centralized, they’re custodial which means they hold Bitcoin for people and that represents a significant risk for Bitcoin users, not Bitcoin itself but certainly users who can lose their money. We don’t have too many perfect solutions right now.
There are a few small scale decentralized systems Bits Wear (0:53:27) for example is one. It’s still (0:53:29), it’s still very small scale. There are some more decentralized systems local Bitcoins, right, which allow you to do person-to-person cash transactions. And the one thing that cash has that’s similar to Bitcoin is that it can be verified upon presentation. It doesn’t depend on any counter-party. You hold it, you own it, right?
So, exchanging cash for Bitcoin is the most secure way to get Bitcoin. But actually the best way to get Bitcoin is not to buy. The best way to get Bitcoin is to earn it by the expenditure of your labor. So dedicate your labor to Bitcoin and you achieve two goals at the same time. One, you’re earning Bitcoin from the people who can pay you in Bitcoin and two, you have removed your labor from the machinery of the state which was using your labor to build bombs (0:54:21). That’s my personal philosophy. So, two birds one stone. I’ve been on the good side, about the bad side. Yes?
MAN 13#: Can you give us an update on the alternative currencies, two that I remember in particular got a lot of attention (0:54:38) and I kind of lost track of them.
ANDREAS ANTONOPOULOS: An update on alternative currencies – oh, this is a minefield for me. It’s fantastic. If I say a name I’m a shell (0:54:51), if I don’t say a name I’m a Bitcoin shell (0:54:54), either way I’m going to get threatened on Twitter. Go! All right. Ripple is still out there and it’s being used – I think a lot of the banking consortiums are kind of interested in Bitcoin because it’s a more centralized, more controlled version of Ripple. So, Ripple’s still there, (0:55:13) Light Queen is still, I don’t know, third, fourth by market capitalization, I think probably fourth now that Ethereum Classic has climbed so it’s there. It’s definitely there.
There is a few other interesting ones that are doing a variety of things and I get a lot of (0:55:31) when I mention them and I get a lot of (0:55:32) when I don’t mention them. Ethereum which is the second market capitalization system out there which isn’t really a currency, it’s a system of programmable smart contracts that are very flexible, I am extremely interested in that as with Bitcoin I don’t see it as investment and you shouldn’t play around with high-risk assets like that because you will get burned unless you’re very experienced.
There are a couple others which are really interesting. Dash, again I’m not recommending for investments just giving you some information. Dash is a system that has a very interesting decentralized governance model and an interesting privacy model. Monero which is a descendant of the CryptoNote system and Monero is a very high-privacy system. And recently emerged in the space is Zerocash which is a currency built on zero-knowledge proofs to provide extremely robust cryptographically secured anonymity.
And all of these kind of float around in constellation around Bitcoin and they’re all interchangeable for Bitcoin. One of the things that’s happened in the currency market, in the digital currency market that is really interesting, I have no (0:56:55) involvement in this I’m just interested as a user, is ShapeShift. ShapeShift (0:57:02) a website that allows you to do kind of instantaneous exchanges between currency pairs without even setting up an account. You just say I want to change this to this and this is okay.
Whatever you send here will get exchanged and go there. So you set up a little pipe and you say “I want to exchange Bitcoin to Fedcoin” and so then it says “Okay, give me your Fedcoin address.” You put it in and it say “Give me an address for the refund if your Bitcoin have something goes wrong” you put it in and this okay. Here is the Bitcoin address if you send Bitcoin to this we will send you the equivalent amount of Fedcoin to your address. Quick, easy, you can swap between two currencies.
Interestingly enough what that means is that you can treat all of these currencies as liquid and fungible to each other. You can basically get in and out of any of those including Bitcoin and go back and forth very easily just for a single purchase and some website include ShapeShifter so that you can pay in any of a hundred different say currencies and it was just converted into say Bitcoin in the back for your payment. That’s interesting it’s opened up a lot more possibility, make a lot easier for more of these alternative currencies to experiment and develop features and maybe some of them will be (0:58:23) successful. Let’s hope.
I am not a Bitcoin maximalist. I don’t believe that Bitcoin should be the only chain or will be the only chain that exists. I think it will probably be the dominant chain in a power (0:58:35) distribution. It will have 60% to 80% of the market share and then it will be long tailed with 10,000 currencies behind it of different uses and different values and I like many of them. Okay, cue the Twitter threads. Let’s go. Next. Yes?
MAN 14#: You’re talking about the incentive for the network and I was just wondering do you feel like when the Blockchain (0:59:05) goes down to zero do you think that people will still mine in the same level and will this be the same as Visa transactions and then we don’t have –
ANDREAS ANTONOPOULOS: So, the question was based on the incentive that exist in the network what happens when reward for seigniorage for a generation of new coins drops to zero the only reward is this – will, miners keep mining and will the network fees be reasonable? First of all just to give you some perspective this happens gradually between now and 2141. By that time people on Mars will have to decide if they want to go into mining with their solar panels. So, who knows.
I hesitate to make predictions for Bitcoin three months out, you asked me to make some 136 years out so I’ll try. The important thing to realize is this happens very, very gradually and it happens in an environment where the reliance on seigniorage drops while presumably the number of transactions and activity rises which means the transaction fees rise. And what you should do if you’re opening a graph is you should do kind of a curve X, right?
So, fees go up, reward goes down. And fees go up not because fees are getting more expensive but because you have more and more transactions, paying more or less the same fee or less. So if you imagine a block today which has twelve and a half Bitcoins in it and once they – tenth of a Bitcoin in fees so it’s a 120:1 ratio in favor of the seigniorage fees. Now let’s construct a block in 2141, what’s the minimum reward?
One Satoshi, right? Okay. Now let’s say this block has 10,000 transactions, just pulled the number out of my head probably have more but let’s say 10,000 transactions and what’s the minimum fee they can pay? One Satoshi, right? So if you just have the minimum issuance and the minimum fees you have 10,000 Satoshis in fees and one Satoshi in seigniorage so that the ratio of seigniorage to fees went from 120:1 to 1:10,000 and this didn’t happen overnight, this happen over 140 years in a gradual curve.
Somewhere in there is the crossover point, that crossover point is the day it’s 1:1 where now miners know that for the future they’re going to focus more on fees and that happens way before you get to 2141. So, I’m not worried because it’s not going to be a surprise. This is the same kind of question that happened with the (1:01:56). Well, what happen with the (1:01:58) well, kind of we see this coming four years in advance, everyone’s prepared for it.
This is part of living in a deterministic currency is we don’t have to wait until the Friday spokesperson from the federal reserve open – convene meeting to come out and tell us what our (1:02:20) is. Mining doesn’t stop. Well, would this be the same as Visa? If they are we have failed badly because quite honestly the fees already for many transactions, most transactions they’re about like $5.00 are lower than Visa and we’re getting better at optimization.
If we’re introducing (1:02:46) like Lightning Network and other layer two technologies we increased the block size and do all of the other optimization and scaling things we can do Visa. We can do much more than Visa and we can do it cheaper. So, I don’t think we’re going to have any problem. The capacity issue for Bitcoin will be a problem all the time but it will be a problem that we will manage in a way that is not fatal and gradually make it better and better. So, failing to scale gradually for 25 years, that’s the goal. Yes?
MAN 15#: (1:03:24) currencies have more (1:03:26) which reflected time value of money (1:03:28) how about Bitcoin and other cryptocurrencies, are you aware of (1:03:36) type market for Bitcoin and other branches?
ANDREAS ANTONOPOULOS: Yes. I mean there are (1:03:41) markets for Bitcoin. You don’t see them that often simply because a lot of these markets were over-the-counter. But if you’re in the mining industry and you’re going to have (1:03:50) of Bitcoin but you don’t know what’s its value it’s going to be you have Bitcoin now, you may want to have various contracts, future (1:03:58) contracts to protect yourself against volatility and out of these future contracts what emerges is various forms of interest payments. Yes?
MAN 15#: That would be a market with reference to some other currencies (1:04:10) I just mean within Bitcoin itself, Bitcoin now versus Bitcoin –
ANDREAS ANTONOPOULOS: (1:04:14) actually some investment funds that invest – funds that are in Bitcoin into companies directly in Bitcoin and presumably generate returns in Bitcoin, this investment (1:04:25) pay some kind of rate return and therefore that is represented (1:04:30). Future value of money doesn’t change if you change the currency, it still exists as an economic concept, nothing changes.
What we don’t have yet is the mechanism to carefully and quickly discover the correct market price for the future value of money in this economy yet. You’ll see that mature. I mean if you’re (1:04:48) the beginning the Bitcoin we didn’t have a market mechanism to discover what the price of Bitcoin was. How much you want for two pizzas? I don’t know, 10,000 Bitcoin each. Sure. That was March 2010, I think. Yes, who else? Yes?
MAN 16#: So, I know you want to predict things of the future but if you fast forward say five years or so what do you think we’re going to be building, on what application we’ll be building on Bitcoin as compare to something like Ethereum.
ANDREAS ANTONOPOULOS: Yeah, that’s impossible to answer. So I can’t even answer that a year out. If I fast forward five years my voice will sound very funny but other than that I can’t tell you anything else. What applications will we build on top of Bitcoin, what applications we will build on top of Ethereum, my general attitude is this – the designers of these systems do not get to decide what niche their system will fit in.
They may have an idea about where they want it to fit in but (1:05:56) the market decides what applications are best suited for each one of these system and it may be very different from what the designers had in mind. The designers of the internet were creating a network to survive a strategic nuclear attack against key routing elements in the network and to maintain connectivity of military sites.
Cat videos was not part of the brief and yet here we are. One billion instantly accessible index cat videos with artificial intelligence software that can identify which ones are cat videos. So, what they’re building for, what it ended up being not exactly a match. I predict that we will be building cat applications on Bitcoin. Just human nature, right?
MAN 17#: What do you think about (1:06:51) Bitcoin interfaces with the rest of the financial network specifically in the form of ETFs and the things like that. Right now there’s one ETF out there, it was predicted to be more (1:07:01) a significant premium (1:07:03) but more ETF aren’t coming into existence with Bitcoin.
ANDREAS ANTONOPOULOS: Yes. So what’s happening with the interface between Bitcoin and the traditional financial system and why are there not more ETFs? There’s only one at the moment it has come into existence I’m assuming you mean GBTC and it’s trading at a significant premium and what happens, why haven’t there be more?
Well, it’s because Bitcoin is sufficiently alien that it can’t be swallowed by the traditional financial system. They really have no idea how to handle it. It doesn’t conform to any of the expectations. The entire financial system is an edifice of counteracting controls, counter-parties, risk management layers and checks and balances all of which assume custody and oversight and control of which Bitcoin expresses none. So how do you take something that is this alien and put it in this type of environment?
This is exactly like casting – it’s the early of 1900s and the automobile is out why are not more pony express routes being replaced by automobiles? There’s no (1:08:33) and they’ve built a series of stations that have lots of hay which can’t be used for the automobile. So everything they have doesn’t work with what is new and that is basically the issue. Bitcoin is quite capable of having an ETF. ETFs are quite incapable of encompassing Bitcoin into the current regulatory system at the moment. They’re finding it very difficult to swallow and that is a feature, not a bug. I hope they (1:09:06). All right, next question. Let’s take maybe two more. Yes?
MAN 18#: Can I get one spare book and can I get a picture?
ANDREAS ANTONOPOULOS: Yeah, I’ll be happy to do pictures afterwards. All the books are gone, they were given out by random pick from the RCP list. I apologize. The book is available on Amazon.com as paperback on Kindle as e-reader but also on Kindle Unlimited for free on Kindle Lending Library if you’re a member of Prime for free on OpenBazaar for Bitcoin and you can buy it for Bitcoin using purse dot (1:09:40) currently available about 40 countries. Thank you. Okay, two more. Who has (1:09:51) question? Let’s try you.
MAN 19#: You mentioned layer technology. You said Bitcoin was layer one, you mentioned layer two might be Lightning Network.
ANDREAS ANTONOPOULOS: Yes.
MAN 19#: (1:10:01)
ANDREAS ANTONOPOULOS: No. To repeat the question, I mentioned layer technology so Bitcoin is layer one or layer zero, (1:10:12) Wiki it’s layer zero and layer one is Lightning Network, what’s layer two? Have I thought about other layers? It’s really difficult to see how the layers evolve and what the interface is between the layers are and which functions end up in which layers and keep in mind there will be more than one stack.
Above IP there were multiple transmission controls stacks including the (1:10:39) layer and the low IP there are multiple stacks underneath that most people never see. So, software define networking and before that fiber networks etc. etc. So, it’s impossible to know exactly how it’s going to play out.
What I can tell you is the protocols are not built monolithically, we’re not going to do everything in a single layer. That doesn’t make sense from an architectural perspective, that doesn’t mean we don’t scale Bitcoin. We will scale Bitcoin but we will scale it to the layers above its scale even further not because we want to do everything in a single layer. It doesn’t make sense to do everything in a single layer. It doesn’t work. Yes, last question.
MAN 20#: Okay, last question. Okay.
ANDREAS ANTONOPOULOS: Make it good.
MAN 20#: (1:11:28) let me see how I’m going to phrase this. I love the core team they seem to be really gung-ho on (1:11:37) with the off-chain scaling solution. This – prioritizing that first, so let’s (1:11:44) recently that say we should not change Bitcoins until it accommodate more users and that’s when I think that they were talking about, you know, IRC.
So, they were going like the (1:11:57) they were often criticized notably like – by other people like (1:12:04) of the risk they (1:12:07) with a more complicated solution. Now, so how do you compare that well, let’s say (1:12:12) proposal of, you know, taking the hardware approach and help (1:12:19)
ANDREAS ANTONOPOULOS: I mean this would take an hour to answer and more importantly I don’t think (1:12:27) matters at all to any of the parties involved (1:12:31). This debate about big blocks and small blocks and we scale Bitcoin first of all I don’t think (1:12:40) to say the core is focused on not scaling the core layer, as you said it’s a prioritization issue which one gets prioritized first.
Now, I have a nuance opinion on this which pisses off everybody because if you have a nuance opinion then you’re sitting on the fence and both side can throw eggs at you for not taking a side and I’m not going to take a side because I think that both sides have merits and really the question is a matter of prioritization and sequencing and conservatism versus a more aggressive approach to scaling. From time to time my opinion has changed as I’ve seen new data. More recently, two days after the Ethereum fork I thought “Wow, that went extremely well a clear 95.5% (1:13:37) technologically executed beautifully, this is going to put a marked pressure on core to come up with a similar solution for Bitcoin” I was wrong.
I was very wrong because a week later, actually two weeks later we discovered that even though technologically the fork worked politically it failed and something you ended up with a 70-30 split and that was a disaster because there was not enough provision in the software to deal with replay attacks and cost a lot (1:14:07) some money.
I think there’s some people from Coinbase in here who may have, you know, suffered some losses because of that, because of the replay attacks I know other exchanges did too, right? I heard that other exchanges did. So now, after that my opinion was revised, you know, and I think in Bitcoin politically a hardfork is a hell of a lot more difficult and will cost a deeper schism. So, I don’t think it’s as easy as one team is right the other team is wrong, I think we’re going to have to let this roadmap play out and for the time being it seems that the majority of the participants in the system are continuing to put their trust in core as always core continues to deliver their roadmap to a certain approximation.
I’m not worried because I think in the long-term what we’re going to do is we’re going to scale in the second layer and we’re going to scale the core layer when the block size increase and we’re going to do network optimizations NNN. The scaling options are not either or they’re NNN and you just have to decide which comes first. I think a lot of this drama is unnecessary and honestly in terms of segregated witness softfork versus hardfork I think softfork is a better way to go. I do. I think we’re going to get cleaner and quicker than a hardfork.
I think a hardfork given the current political situation in Bitcoin is way too dangerous even if it was for something that I would agree (1:15:41) which I don’t think you need to get an agreement. So, that’s probably a very nuance answer about a very nuance question and I’m sorry if I can’t give you more of a direct answer. I don’t think there is a simple black and white answer to that problem. All right, thank you all for coming.
Thank you to our host Plug and Play. I am going to hang out here, chat with everyone (1:16:12) pizza so I don’t expect everybody to stay for very long. If you want your book signed I’ll be happy to do that over the next 10 minutes. If you want to take photographs I would like to do that after I’ve done the book signing and thank you so much for coming tonight. Thank you.
(END OF AUDIO)