This is epicenter episode 171 with guest vitalik boot Aaron. this episode of epicenter is brought to you by the Merkel week, a blockchain conference training, seminar and hackathon taking Us in Paris from March 9th to 12th. Learn from leading experts and get certified on Building Block Chain, applications designed to enhance organizational. Governance get your tickets at Merkel week.com and use the promo code epicenter to get 30% off early bird tickets.
And by Jax, Jax is a user-friendly wallet that works across. All your devices and handles both Bitcoin and either go to ja double x dot IO and embrace the future of cryptocurrency wallets. Hello, and welcome to acne Center the show, which talks about Technologies, projects and startups, driving decentralization. And the global blockchain Revolution. My name is Fran, Fabian, Kahn, and I met Roy baby ever. We are glad to welcome Vitali
twittering back to the show. We'll talk about the do folk Casper sharding, interoperability ZK, Schnapps and the application space of blocks, in technology with him generally, we have our guests, you know, introduce themselves. Yes. But I think with Alec, doesn't need an introduction in our space, so I'll probably just dispense with that formality and perhaps we could just jump in and talk about the video for. So the attack and the resulting
folk of the etherium system. So from the outside like we have all seen what happened and I thought it would be a good opportunity to know what was it like what were those what was that month like to be in your A shoes with Alex. So maybe if you could tell us your version of The Story. So 2016 June 17th at 3 p.m. local time I was in Shanghai and
it was just another normal day. I was visiting China, it's liking to a few of our local partners and at one point I got a message on. Yes, I believe Skype in one of our kind of semi-public. Scott, you escape get her channels. That just said, hey, you know, someone should check this out. It looks like the balance of the Dao is decreasing. So someone should check this out and I immediately went and checked it out and the balance said it was her 9.5 million ether and he immediately got
concerned. They started working at a definitely seems like ether is getting drained fairly quickly. So like a sent off a message to some other people from our team and over the course of about 15 minutes like help Christian Kristoff, Anna and a couple other people. What in like tried to see what was happening and it's fairly quickly became clear that likes. Yes, this was very very bad.
And at that point the A fairly large number of people, like in the etherium foundation, eith course salak kind of came fairly rapidly started and of talking to each other and trying to figure out kind of what was going on. What was there any way to try to stop the situation? Like, is there anything that could be done? What was happening? What would the consequences be on? And just like, get an idea of
everything in general. So we had about two or three hours of worth of here, early, frantic calls and Skype discussions at the end of that week. That first blog post came out, where we basically a said, what had happened, we suggested the soft pork and hard Fork strategy then after that we go developers started going on, going off to actually implement the soft board and I was kind of trying to be online and like trying to be as helpful as as much as I
could. But like even still there is quite a lot of and there are limits to what I could you personally because I was first of all like I'm not actually one of the go developers and I don't have too much experience with either the language or the clients so that like, I've made a few one line patches, but I'm not the sort of person who Look, actually be able to be the right one to practically implements likes in actual software patch. So you know again Jeff and his
team. We're working very hard on that for several days. You know, I think it was the basic kind of scaffolding was done in about one or two but no, as usually spent quite a bit of extra time, test going over it and testing it and making sure everything works well and that
was in parallel. And we were trying to kind of get an idea of what the community thought that we should do. And I remember there were at least initially some informal kind of poles that were happening on Reddit, the results will pull that was happening in the Chinese community. And you know being in China myself I yeah quite a bit ended up kind of passing messages back and forth between like the various different like the On reach out and read it and so forth.
And, like, on both sides, it seems fairly clear that there was, at least initially, something like, 80, 80 to 85 percent support for the sophomoric and about 64, the hard work. So, you know, we basically took that as, you know, we have a mandate from the community to definitely try a kind of any non hard for krauts to resolving this issue. Operation if at all possible. So we get wrote up the code for the soft work, after about a
week, pushed it out. And then at the same time, there is a lot of other efforts that were happening with the developers that were trying to go into like, inspects the geocode. See if there is like some way of counter-attacking try and like, figure out all this other like strategies, we can use to pull the attacker down can you? And of drain, the the child's yo-yo. Can the attacker drain the child?
Zo that your dreams and so forth and the what we figured out basically, as that you could potentially have this game but and if you have the soft work, then you could prevent the attacker from retaliating and so you could win, but without the soft work, it was purely. Uncool like fear League kind of
Unclear of especially initially. And like, it seemed like it might be possible to just keep the money frozen forever, or it might be. There's always the risk that like, someone will discover even more bugs inside of it. And, you know, I mean, Green's here, it's basically stronger started recommending against trying to kind of play those kinds of complex games and he's through started pushing for just, you know, doing a hard fork and getting it getting it over. With then the post came out.
But basically said, you know, the soft pork was kind of deems to be unsafe and at that point, the soft work effort was abandoned. It's in parallel. I know the there was that one Chinese team that was working on building carbon vote and pushing it out. And carbon vote, I believe, started running out like roughly around the same time as the, the soft work mode.
Or the soft work attempt failed and that was about two weeks in, and after the software failed, or still about three weeks left, before us to do the hard work, and sort of within that time people were scrambling to try to figure out the hard work, specification plan, the hard work figure.
Like figure out what the consensus tests are figure out, what else would need to be tested and do some extra Network test because you know, just Because of the possibility of about this one, this work would go less smoothly than something like the translation for from Frontier to Homestead. If then, you know, the votes started coming in on carbon vote. And I remember on Reddit, it seems kind of very chaotic and least for myself personally.
Mm, mm, you know, I was surprised actually didn't receive any like, like serious death threats. I mean, I received a bunch of a lot of messages from trolls, and I still do, but like, nothing on the order of, you know, of like, actually, the threatening to kill me which is I guess kind of a nice Silver Lining then, you know, eventually the carbon vote
showed that result of about EDU. Five percent in favor of the fork and like that's a result that I kind of accepted because it also seems to roughly line up with like a lot of the other polls that were happening at the time. So like I saw mining pools were around like 75 percent in favor. I saw support for the hard Fork increased after the soft work failed and so like I knew that the a strong majeste wrong, super majority of the care of the community.
It was definitely in favor. In favor of it, going ahead and we three days before the deadline, so three days before the attack or would be able to make their next move together to navigate. Get the money out, we release the code. And people, I installed the code and I remember when the hard work was just about to take place, we were all in Cornell at a, a worksheet Workshop that we were organizing together with ice.
Three and the a fusee cash, people were present and at like 9, 20 am 40 minutes before the first day of the workshop that will block one point, nine two million hits and everything seems to kind of go through smoothly. So that was the first part and then obviously three days later, the whole like the whole kind of Classics inside of the situation started to kind of take hold and it things kind of Continued
going from there for a while. So looking back on that original problem is one of the original thing was very, you know, this Unstoppable, World computer, you know, no censorship, no immutable. You know, there were so some of the core Promises of ethereum and, you know, looking back on that today we have him classic, we have it here, IAM, I have heard many people say this is, you know, irreparably damaged tissue. Substantially damaged the theorem. I'm not sure if I agree with
that personally but I'm curious. What is your point of view you feel like this is done lasting damage to whom? Do you feel like it was mostly just a valuable learning experience and if you're a fine or how do you how do you look
back on that event? I am first of all I think a theory I'm is definitely fine and I think like outside of she really kind of small group of people that are like really Lee strongly into the sort of Purity morality of, you know, if it stains once, then, it's gone forever. I think, like, most people are even people who disagreed with
the decision enormous. And many of them are kind of fine with it. And I think I like over time, they're starting to see that, you know, they, if you are young Kind of governance as a stabilizing more and more and that the project is continuing to move forward. But in terms of kind of what's extreme consequences, I think there's quite a bit of good and there's quite a bit of bad so I want to say yeah I like on the good side. I think the hack ended up doing wonders for the progress of
safe. Smart contract program. After that after that happens, I guess I noticed that, you know, within the next two months, there were at least five teams that showed up that we're all trying out various different approaches that improving smart contract programming safety. Whether it's better language is whether it's better development environments, whether its formal verification, you know?
It's it really was this kind of big huge sign to the academic Community. The basically said look this problem is real and you know, there's money at stake and This e is a place where you can contribute, you know, with the knowledge that you have been figuring out over the last 30
years, right here, right now. And I think that's something that's getting that's gotten quite a few people excited and on the negative side there was obviously a bunch of PR Fallout and I think obviously on net - but I think the great majority of the negativity is that your beauty to the hack itself and look and not necessarily any of the decisions that followed it. So, I swing at the time, even when it was quite controversial, you know, was this a good thing was, is a bad thing.
You know, some people were saying I did sort of Damages, this immutability idea and stuff, but I think if one took a step back, and if I'm, if one isn't so deep in this whole crypto community and looks at this, then it was very clear to me that the fork was The choice that would be looked at more positively than just letting the theft proceed, right? Because otherwise, it would have been a huge thing.
Like another man cocks 150 million stolen like this is much more like, okay, Community rallies together on this theft and that kind of sounds like a good story, right? If you sort of a man outside, I'm like, okay, maybe it's not so secure. But you know, at least even in the sea centralized Network, they can come together and do something about something like that.
If you believe in like certain kinds of Of kind of Applied, social Chaos Theory, as, you know, always some kind of modern sort of philosophers trying to explain things like the financial crisis do then you would say that, you know, a major crisis is in any ecosystem is inevitable.
And, you know, you also say that, you know, the facts that our major crisis happened at a time when the community was well coordinated enough to basically undo about like 85% of the theft, is that like, actually a really Only lucky an amazing thing and you know realistically that's not an opportunity that we're likely to have quite so easily in the future.
Let's take a short break to talk about the Merkel week of blockchain training seminar conference and hackathon taking place here in Paris for March 9. To 12. The Merkel week is organized by Eureka certification and it's event that is designed to help entrepreneurs developers and decision-makers gain practical experience using blockchain Technologies to build distributed governance in the organization's. So it's a four-day event. And it's broken up into two parts.
First March 9th, there's a full day training, Are featuring an impressive list of speakers including Gavin would William McGregor. And Peter Todd. You get the full list of speakers over at Merkel week.com. And as an attendee you'll get to participate in training courses and demonstrations for Bitcoin and aetherium. And these are designed to help you build and test, blockchain applications meant to enhance. Operational efficiency in your businesses and organizations.
Then over the weekend for March, 10 to 12, you can put All that knowledge to practical, use by participating in the hackathon. And here, you're going to get the work with other developers designers and entrepreneurs and you're going to come together and you're going to work on real I've Bitcoin and aetherium applications under the clothes mentorship of those leading experts. And by the way, there's a 10,000 Euro prize for the top three teams in the hackathon.
So come join us come spend the weekend here in Paris for the Merkel week from March 9 to 12. I remember all you listeners in UK, that's all We a two-hour trip on the Eurostar so don't miss out. So get your tickets over at Merkel week.com and be sure to use the promo code epicenter at the top of the checkout page for 30% off your early bird tickets. And that offer is valid until March 3rd. So we'd like to thank the Merkel week and Eureka certification
for their support of a cetera. Taylor bhakti topic of deos for the time, being only to pick it up later towards the end of the show on the do4 was perhaps. Not intended for the what you are intending for is a folk to move with helium from proof of work today to proof of stake. So, let's kind of move into a discussion on, why, why? That's the plan, right? So recently, you publish this article, which was called which outlined your proof of stake design philosophy, right?
And in that article, you you laid out for basically the grounds for, at least, Attempting the move to proof of stake. So can you explain why why you want to take such a transition in our Network that is live and has over a billion dollars in value. Sure. So I would say, proof of stake has a couple of major advantages.
So the one that people bring up a lot, is that it really reduces one of the biggest weaknesses of proof of work which is the very large and going to be any fishing, say, Hardware costs 10 electricity consumption. So if you look at something like the Bitcoin Network like it burns hundreds of millions of dollars a year in Capital depreciation costs, the electricity costs, and maintenance costs, all to maintain this network, and the computations that these miners
are doing. But they're basically just kind of pointless busy work right there, just problems that are created for the sake of being hard. And, you know, it's like it's not really providing any kind of any kind of extra value to society. It's basically just doing this sort of busy work for the purpose of Proving to the Bitcoin Network that the mind the mind are capable of doing the basic work exists and isn't like some kind of some kind of civil attacker.
And I mean personally, I've never really been comfortable with like that aspect of either etherium or Bitcoin, and I've been always kind of interested in seeing, you know, are there Solutions, are there ways to kind of reduce the inefficient energy consumption and back in 2013, I was really interested in various things like proof of storage useful proof-of-work, Which is the idea of coming up with a proof of work algorithm that simultaneous, we does various forms of scientific
computation. What you could imagine a proof-of-work that like simultaneously does some kind of machine learning or you know protein folding or whatever like their ideas around, like proof of Excellence which involves like coming up with proofs of humans trying to solve like mathematical problems or other things. They're difficult for humans to solve. And like their various other ideas.
And eventually it kind of came to realize a proof of stake is just like the simplest and most visible one. So that's one argument. And I mean, it's also important to note that the are this kind of argument of avoiding waste actually has two sides to it, right. One of them is just a via kind of social arguments that wasting electricity is bad wrecking, the environment as bad and so forth.
And I mean On the environmental side and probably say that the in external environmental costs of Hardware in manufacturing or from something that's under appreciated and maybe even worse than the external cost of the electricity consumption. But the second side of the coin is that if you're not extending as many resources on consensus algorithm, then that means that the protocol does not have the issue as many other coins.
And that means that the the end of cryptocurrency and a blockchain protocol can be more deflationary, right? And like in general people kind of like that or oh yeah. Like there is there's definitely a trade-off because I might you know, if you don't have any block rewards at least in the
context of proof of work. Then you know, you don't have enough security to run the watching but at the same time like if you can come up with a way to have higher levels of security and and not increase issuance, then that's something that most people are willing to take. So that's one side, the other side which is also interesting is that my opinion is that proof of stake. Blockchains actually are more secure against kind of like very
large and serious attackers. And the argument that I raised here is that with proof-of-work like okay you know you there is some cost to producing more a sex than the rest of the network combined and you using those a six to pull off a 51% attack. Back, right? And that cost is like somewhere
around 200 million dollars. Now, the problem is that There is, if you can do that then for a fairly small additional increments and cost you can do what I call a spawn camping attack, which is basically an attack where you attach a 51% attack the watch in the soon as it starts recovering, you 51% attack it again and then you 51% attack it again and so forth. And the end result is that you basically destroy all the trust
in the system. Now generally, when you bring this up to, you know, people like Bitcoin chords A, they say oval, if that starts happening, then, you know, we can just hard work to a new kind of proof of work, and we can basically make all those Asics useless but the problem is that, okay, let's say I'm an attacker who hasn't but 250 million dollars or whatever enough resources to spawn Camp Bitcoin wants.
Well once you move away from a 6 and then on to general purpose, Hardware, then I can probably spend another like hundred million dollars. Like it's going to be a less than 250 be. Because the hardware accumulation is going to start from scratch but let's say I'll probably people into spending over a hundred million dollars the 51% attack and spawn Camp Bitcoin again.
Now the problem is though is that the second time around you can't hard for a different proof of work algorithm anymore because the second time around everyone is mining with general purpose, hardware. And so if you do another more hard for Works than like, this spawn camping attack is going to be able to continue. So the conclusion of this I
think we is that realistically. There actually is a finite cost that a well resources accurate can pay to essentially kill off a proof-of-work box unit for good rate. And in my opinion this is actually quite unsettling, right? And my opinion is that one of the really nice things about the kind of cypherpunks spirit in general, is that it focuses on this idea of attack. Defense asymmetry in cryptography, right?
So if you look at it and systems you know the world in general right now, the cost of attack is generally much lower than the cost of Defense right? Building a building cost, five million dollars, making an idea to blow it up.
My pasta no less than 50,000 and like Most kind of adversarial environments in the world are actually operating this way but with a few exceptions and one of the major exceptions actually is cryptography, you know, like one of the really nice things about cryptography is that I personally Dan Stein messages with a public key and I can do this at a very low cost. You know there's a signature costs like 0.0001 cents worth of
electricity to produce. But the cost of actually cracking that signature is so large that, you know, not even a major national governments and even a chance of doing it and like, that's something that's like extremely powerful and but, you know, that kind of Sucker Punch Spirit. If you look at the proof of work that sets the systems, it doesn't carry over like at all right?
So the cost of attacking a proof-of-work watch in is always necessarily going to be A less than the cost of Defending it and like, it can't be more. And the reason basically is that, you know, if you want a 51% attack of watch in, then that means they have to have spent more on Hardware plus electricity than everyone else combined. But then, you know, oh, wait, that already means that if you can spend more money attacking than the network has spent defending, then you can win and 30s.
Think we can spend much less because like a large portion of those electricity costs have already been spent and you don't and you're never going to see them again. So the nice thing about proof of stake is that I feel like it actually does come close to replicating this kind of cypherpunk spirit because you instead of having this kind of Spawn camping, vulnerability, you know. Sure. Someone could get 51% attack approved steak watching. Okay, fine.
Now one of the key property is that we're trying to design into Casper. Is this idea of what I call auditable, Byzantine fault tolerance which actually does go a bit beyond visited faults. Or it's because auditable. This is your fault tolerance. Doesn't just say, you know, if the network broke, that means that more than one-third of the nodes are Byzantine. It actually means if the network breaks then more than one-third of the nodes are Byzantine and,
you know, who to blame, right? So you have cryptographic proof that you can use in order to show that, you know, oh, you know these know these validators are the ones that were responsible for the 51% attack. And when you can do is you can just like coordinate a Work on the community level and you can just like to continue the chain and those validators can get their deposits destroyed and you can you just keep going from
there, right? So the cost of the attacker would be something like you know a hundred million dollars worth of ether of all these deposits that got Burns but the cost of the network would basically just be oh hey it's just an unexpected, hard work like it would maybe be two or three times as bad as what would happen if we're what It's back in November, when we have that, I can set this failure between gas and Purity but like it's not that much worse, right?
Like okay. You know, people would know what happened, people know what to expect, you know the watch had would need to continue these values. We get slashed and life goes on and sure the attacker can keep on attacking yet again and again. But you know, the attacker would have to buy another 10 million ether and keep on doing this each and every time, right?
So The equation is a really tilted in favor of the defender here and like I would even say one of the other nice properties of this kind of approach is that because such a system would be able to just like honey badger recover from 51% attack.
So. Well, I would argue that a 51% attack would actually increase the value of the underlying cryptocurrency it because people would realize, oh wait, you know, the it's there was an attacker in this and some A bunch of ether got burned and so the rest of it is going to be worth more, right? So because of that, I think like the process of even trying to buy up enough ether to pull the attack off, would end up going to ironically enough increasing
the price. So like a kind of conjecture is that people would realize this and I basically no one would even try like doing at least that kind of attack Vector at all. And people would focus their energies on relatively a attack vectors like finding software bugs in operating systems that let them like hack into people's computers or you know, whatever else people can do now. So, like, that's the general thing that we're trying to go
towards. I mean, there's also obviously a lot of kind of specific things that we wanted to do so But one of the things that we've been doing a lot in the last probably four months is we've been making a really serious effort at trying to understand kind of abstractly incentive compatibility in the context of a crib. So we can all make protocols. So just thinking, like a very abstract sense, you know, how given any protocol that of, how would you think about figuring out?
How to incentivize for the participants and the thing that we realized is that we, we came up with a method or a combination of a couple of methodology is right, where, like, one of them, is this notion of auditable, fault, tolerance, where you would try to create systems where if the system breaks and you absolutely know who's at fault and you know that they unambiguous. We did stuff like that. Then you can just destroy their entire deposit, right?
Because, you know, you can eat, you know, that they did something bad, and you can finalize them. If and if you're going to penalize them, you might as well. All penalize them, by all the way to answer the max. Now, that's one side of it. It ends design, it gets us algorithms that have this inaudible bft property is something that's fairly
important. Now, Another interesting situation that we came up with is what if you have a situation where the, some valid data, or some participants, in a consensus protocol, cause the consensus protocol, it's either, fail, where have reduced performance but you don't know exactly which one. Let's say that you can nail it down till one of two. Then the approach that we ended up two diverging on is in that case, you penalize both, right?
So if you can nail it down to one of n, you No eyes all out of them. Now, the reason why this is nice is because like first of all, it achieves this nice incentive compatibility property. And it also has the really good side benefit of being a very effective fixed or or mitigation against things like selfish minding, right? Because like basically if you can show that if you follow this methodology, then any deviation from optimal, protocol Behavior, ER and by also protocol Behavior.
Like, imagine like something like the Bitcoin area theory on blockchain. You know, miners just for always creating blocks one right on top of the previous brightest. Hablo previous, no sales, no uncle is just like a straight chain, like you can show that if you fold this methodology and when you design your incentives, then any deviation from optimal Behavior will not be profitable to anyone in like your will lead to anyone who might be out false move.
Move easing money, right? And so you know, if you follow this approach, Then all these kind of large classes of attacks become something that you don't really have to worry about anymore. And this is a methodology that you could apply to proof of work. You could apply to, perhaps take like good applying water contexts. This is the methodology of incentive compatibility, you're referring to, but I mean, inside that compatibility is like a generic game theoretic term.
That just basically means, you know, the mechanism in encourages validators or what participants to act in ways that are that. Kind of promotes the goal that you will that you wants to have but this is our methodology at trying to achieve incentive compatibility.
So this is obviously super exciting and I made much agree that proof-of-work security model is kind of flawed and if you think in the longer term, it's really unclear how Bitcoin is going to be secure with it yesterday or we recorded an episode with about, you know, Bitcoin fee market and unlimited and how that's going to work. But I think what's clear their right is that it's unclear how that's going to work.
But what's the timeline here when We actually expect Casper to be implemented and what do you see as some of the risks? I'm guessing right now. I like it. Like, it's hard to tell, but like start of next year, seems like possible. Like, in general, the kind of pipeline that we have to go through a rate is step one finalize. The algorithm step to make a test Network and simultaneously. Do a bunch of like academic a
verification. And auditing of the algorithm step 3. And once we're happy with it, It implemented across all seven of the clients, then, probably run another test that for, with it for like three or four months and then finally release, right? So, at each of those stages is something that takes time could potentially have delays has its own issues. Just as, you know, we went, it went through when we're launching Frontier back in 2015, and each one of those stages has like some risks to it.
I feel like right now, we're getting close to the points where the Research and like algorithm specification stage is coming close to resolution. Now, I mean, I know you had Rick on your show and like a, you know, that was definitely a great episode and he talks a lot about some other fancy Casper future. So like, like subjective consensus and various other things that he involved were
thinking about. So one of the challenges is going to be as that we're going to have to come up with a red wine. We're basically say this is the Set of features that we're happy with for now. And, you know, some of us are going to focus on getting this into aetherium and like making sure that the real men look alive Network can benefit from it as soon as possible, you know, obviously subject like safety, constraints, and so forth. And at the same time, Continue
your research on that. If can we improve Casper and we make it have more and more of these nice properties over time and there was are two tracks that I've been the kind of starting to happen in parallel already but and you know like specks or definitely probably going to continue happening.
So look in general I think book or research especially in the longer term is really kind of multi-threaded where you know you have like something myself researching some aspects of Casper. One side of Library, researching some aspects of Casper and Hillside, then some research on shorting happening, then some research on protocol
economically, it's events. Some, you know, things like are making correct incentives for managing contracts storage size in general, kind of state size, account creation account, salvation from privacy and 0 0 at all, which proofs and like, all those other issues. So, what all of those are things that were kind of thinking about the same time, I mean Two of them. I think have from the risk that adds up being a much harder problem than we thought on the.
Once we get to Testing and I think it's definitely going to be a challenge to actually develop the test Network like a run and make sure that it does everything to our satisfaction look that's all General more of a kind of software development and engineering challenge and then implementing it across all seven clients like running the tests and so forth. That's another set of challenges. May look once said the yeah we're confident about the
algorithm itself. None of the rest is like house. That much fundamental uncertainty in it, it's basically just this kind of Fairly long and kind of and kind of incremental SWOG that might take less time. It might take more time. Today's magic worth is steak, that's es ta ke it over to. Let's talk with one.com to sign in enter the magic word and claim your part of the listener reward. One of the terms that one hears their to Casper is this idea of consensus by back, right?
So this is generally like the way I tend to think is once you have a system where you can define a set of public Keys as validators of sums, some form, a lot of systems end up taking the approach that they go to traditional Byzantine fault all this literature, right? Like you have consensus algorithms like packed, Tickle Byzantine fault tolerance. And the families are derived from there.
And so, once you have validators defined, you can use all of these traditional algorithms to implement consensus, but with Caspar one hears of this, I new idea which is score, which is consensus by bet. And what we'd like to know is what is consensus by bet? And is this a point of focus for
you right now? so, the general idea behind consensus by bat is basically that you can think of validator signatures as being commitments that say I am willing to get some reward in chin, hit a history that has property X where a property X might say, you know, it contains some particular block or you could say in some particular State Route in exchange for I undergoing some penalty, in all chains that do not contain X and the theory, basically, it Is
that you can be kind of both mimic proof of work and including resolving proof of work. Still think it's take issues and potentially go even further by basically having a consensus algorithm that consists of that would deter is having the opportunity to make these kinds
of bets great. And like in the original formulation you can think of a bed is basically saying plus X in Chains where that contain what's a sub State Route s. - why in chains that do not contain that state bird and you can think of validators as having the ability to make these bets at different odds, where you can think of the odds, as being, like the ratio between the X to the Y. So, for example, if x is 1 and Y is a penalty of star minus 1, then it would make sense to make that bet.
If you think that as has at least a 50% chance of being in the history that ends up winning, but if you get a bet that's that's so has no X being Plus. For an SBA -16. Then that would only make sense when you think there's an 80% chance. And so the idea is that you would give the voters the opportunity to make these bets and They would start making those bets now initially, you know, there might be a fork, there might be, or there might be like a choice, you know?
Do you chew a state, where else would you stay true tea? Initially, that would do this would be fairly confusing but only make 50, 50 beds, in One Direction or the other. But eventually once it becomes clear, which one's winning validators, will be able to make Bets with progressively higher and higher odds on one of them and eventually they'd be willing to make about some Maximum odds that basically say, In exchange for a medium reward in history. Containing as I am willing to
lose all my money. And all history is that do not contain X. So, they just like fully commit their money to this particular chain. And that's when, you know, that that particular hit a chain or a up to that particular checkpoint is kind of quote finalized, so that was the original idea. Now, we have been recently D emphasizing that and for a couple of reasons. I mean, one of them is that That people in general, are not comfortable with where he's not fully comfortable with taking
all of this. Kind of risk that. Oh, you know what? If something really, really unexpected happens and what if I made some bets that were 99.9 percent confidence but it turns out I was wrong and now I suddenly lose a bunch of money. So you know, it does, impose extra risks on validators and engine validators would have to be compensated for those risks. So that was one concern.
The other concern is that one of the property is that we're trying to keep in our Is this notion of balancing the griefing Factor? So what I mean by that is that puts the the way the griefing factor is basically like a coefficient that says you know, how easy is it to bullish? So we attack other validators in the system. So if the greed factor is 5 then what that means is that there exists ways for malicious actress, the spends $1 in order to make some some with Target Lewis, five dollars.
If the griefing factor is will say One half. Then that means that the malicious actors would have spent $2 to make the honest Acuras, don't lose $1. And what I realized is that if you assume an attacker that controls the majority of the steak, then the griefing facts are on this kind of system could in some models. Potentially be ends up being very high. Basically because look at these. Yeah, evaluators would story kind of expanding, pushing out to infinity or pushing out
there. Outs to toward kind of in an infinite odds on one side and then you would suddenly come kind of with overwhelming odds. And how to flip the bed though, the winning? Kind of state over to some other answer and then all of a sudden it looks like there's consensus happening around the other answer but then there's people that made all their bets in the original Direction and they all
end up losing a bunch of money. So what for several reasons we ended up be emphasizing that approach? And the approach that we're thinking of right now actually, is one that is much closer to a traditional Byzantine fault or we could set this algorithms except that with a few different kind of changes to the algorithms that a few changes to the security model. It's the one of the changes to
the security model. For example, is that we don't just care about fault tolerance, we care, but auditable, fault tolerance, mean. There's also like a slightly different definition of liveness. There's also a few other small changes but That's roughly the approach that we're looking at. So that's very interesting that you're looking now. More towards traditional Byzantine fault tolerance literature in order to finalize
a consensus algorithm. I thought one other difference that, that struck me as, as unique in in Casper, is that in, in much of the traditional Byzantine fault, tolerance, literature, pbft. Those systems prioritize consistency over T. So what that means is in case there in case, there's a network partition. For example, let's say the communication with China is broken of China and the West is broken off, then if it's Bitcoin blocks will keep on producing on the western side and the Chinese
side. So that is a system that prioritizes availability over consistency. System is still available but you have two different blockchains now and then traditional Byzantine photons to deter many consensus algorithms are It is consistency or availability, which means no new blocks, will be produced. So the system grinds to a halt but the blockchain doesn't Fork now now with his Casper. What I keep hearing is that you want to prioritize, availability over consistency, and you like,
walk us through, why? You are making that choice. And what part of traditional literature, fits that kind of description. Sure, so and The main reason I'd say why we care about availability is because I mean, first of all in a public blog shared context, like one-third of our data is just dropping off line. At the same time, is a very real possibility, like for the petitions could happen. No words could just get lazy.
I've lots of things could happen and saying that, if that happens to the network, just like, halts is unacceptable. So, people were just really wants to have this property that of like maintaining what proof of work. Work has where, you know, as long as there are at least some know. It's that wants to keep the chain going to chain keeps going.
Now, then, of course, there's a question of like, how does that and kind of mesh together with traditional bft algorithms which are SEC consistency, favoring, and There's kind of two general approaches that kind of combining the two. So in general, I would describe Casper as being an availability, favoring algorithm. That also tells you how much consistency you have, right? So, the, your kind of nice thing of about that definition, is that in some sense?
You do have fun of as much of both, as you can get, you know, a for as much of both as you know, the algorithm things like this year, be Theory. Allow you to have, but and the way that this ends up working, is that well? So once again, one of two approaches where one of them is that you have some basic algorithm that is availability
favoring. So, for example, if you look at like, a lot of the older proof of stake algorithms, that would rely on this notion of what proof of work style, validators making blocks on top of each other. That looks at is availability, paper great look. That keeps going even if there's only 1% of the nodes that are offline, But it doesn't have any notion of finality and then basically would take this available with you bring back bone and you would kind of layer a consistency.
Favoring finality layer on top of it and the idea would be that if you have more than two thirds of nodes that are online then, but both things would work and, you know, you would have your availability would have your consistency. Now if more than a third of nodes drop-off line, then the consistency favoring finality, layer would just stop finalizing. You know, what? We repeatedly try and try and try again. It would fail every time, but the availability, favoring chain
will keep on going. And what this means is that the chain keeps going but clients on the that like users, that use the chain and even applications or even smart contracts that are sitting on the Chain, would all be aware of the fact that they were sitting on a chain, which, suddenly has lower your aunties of security at least passed some particular points and there would be able to, like, make choose to make their own judgments about what? How the With that.
So basically look, individual applications will also be able to choose what their own trade offs between consistency and availability are now, the second approach, it has similar properties but instead of having two separate mechanisms, it has one mechanism. And in that one mechanism, you would have what's called a subjective finality threshold.
So, for subjective find out a threshold basically means that Instead of having a fixed work hard in protocol threshold of like, for example, it you need to have two thirds of all nodes. Sign up for pair in. Order for anyone to start signing, I commit, you would try it. So I can make all of those things endogenous, or you'll make all those things. Just like be choices that get
made by validators. We get made by users and so individual users would pick kind of like how many prepares their Satisfied by how many commits to Bye-bye. And the idea here would be that if let's say all of a sudden 40% of those drop off line and if there is common knowledge of this, or if there's a proximate called the knowledge of this, then the chain can actually keep finalizing things.
In the sense that You have this guarantee that says that as long as the forty percent that are offline actually are offline, then you know people can lower their finality thresholds and within that context, you can finalize things. So we have a guarantee that says you know either things like the chain keeps on going, it consistently asked before that sounds really, really cool know that you have kind of both of
those advantages. Write that on the one hand applications know what's Going on, and they can be risk assessments made and you know exchanges. No. Okay, we have to be careful. We have to wait, we have to wait for extra confirmation, etc, etc. But at the same time, the chain keeps going even when there's petitions, even when there's all kinds of issues, I think that really kind of combines The Best of Both Worlds. So, I'm really excited to hear that. That's possible.
And that's the direction that you guys are taking here. Let's take a short way to talk about Jax. Jax is a multi coin wallet created by the people at the central. Now, in the past, if you had a whole bunch of cryptocurrencies, it was a pain to handle them. You either had to leave them on an exchange, which is insecure or you had to have all these different wallets which was a
hassle. Fortunately now with checks those medieval days of darkness misery and suffering are over Jack supports multiple cryptocurrencies and new ones are being added. But it's not just storing cryptocurrencies. You can do with Jax while you can also exchange directly from with inside the wallet, thanks to their shape-shift integration. And since there's only one seed Jack's makes it super easy to back up and sink to your other devices.
Jack's works with Windows. Mac OS, Linux, Android iOS. And has browser extensions for Firefox and chrome. So, go to Jack's dot IO. That's j. A double x dot IO to download the wallet and get started today. We'd like to thank Jacks for the support of epicenter. Let's move on to another topic that we wanted to cover. So you wrote a really nice short
paper 30-page paper. Something for R3 about the chain interoperability and I'll change the interoperability of ink is a topic that's become much more present. Much More Much More tension on that and we have a whole bunch of projects in this space. I mean, there's of course people with intellectual that has been working on this area.
For a long time. There is also some more novel proposals like the polka dot proposal by the East core team and and then also the one I am partially involved in which is a cosmos Cosmos proposal so the whole bunch of different ones. So would you mind is running as to just what are the main challenges and approaches to making blockchains really interoperable? So that One, can move value. See mostly around build applications.
That may be involve components that live on different blockchains Sure. So in general there in as I described in the paper, there's several kind of major ways that you can achieve interoperability and there's several major categories of things that you can use interoperability for. And so you can think of those look there's also different ways
of making the categorization. So there are some of the kind of more computer science, theoretically, or correlation, which is about what kinds of relationships between events on chain and events on chain bg1. To create. And then there is the more kind of application layer. One of you know what, exactly even using this for. So then there's the kind of various different Technologies, right? So first, they talk about notary schemes, which are basically kind of multisig federation's
and that's the trust model. That's very simple to understand, you know, if you trust the majority of people to the Federation, then you can kind of trust that Federation to say what happened here. What happened here? If something happens here do something there. If something happens to your do. I think here.
Then the second model is described as this concept of hash walking which is a generalization of the tier known protocol from minnow the Bitcoin kind of forums back in 2012 and 2013. And the idea behind hash walking is basically use this kind of scheme where you make an event a or you make an advance on chain a and Advantage can be both be dependent on someone revealing. Secret number that has some
particular hash. And the idea is that if the number gets revealed then, you know, either party would be able to paste the number in and make things happen on both chains. And if that number doesn't get revealed, then no, neither of those things can happen and if you try to make the event happen on one side of the shade, then the process of doing that reveals the secret number and so the other party can take the secret number and kind of transplanted into a transaction
on the other chain. So it's this fairly kind of simple technique. And it can do quite a lot, so we can do cross Gene exchanges for example, but it does have one major limitation. And the way I describe the limitation is that it can't do what it can do, what I call cross dependency, but it can't do what I call causation, right?
So across dependency basically says, you make an advantage and a and interventions can be both be dependent on some other event C. And this case C is like revealing the revealing some secret number. But what they can't do is make an advance on chain, a generally caused an event on chain being read. So for example, in particular, if there's an event function, e that's not caused by individual, it's possibly smart contracts.
Then you know, smart contracts, can't keep secrets and so this protocol, can't grow even work at all. Great. So in those cases, you have to move Beyond hash walking into other constructions. And like, the third me major category of technology that I talked about is relays And you know we've already have BTC relay for about a year which is basically a Bitcoin light client that lives inside of your theory on blockchain.
So if the aureum contracts can verify Bitcoin transactions and they can do things conditional on bitcoin transactions taking place and this allows for this other kind of kind of causal interoperability between the Bitcoin blockchain. And if you're in blockchain where events on the Bitcoin blockchain can directly trigger events on the ethereum blockchain. So I talk Out of all three of
those Technologies and out. They talking about like what you can do with causality, and what you can do is cross dependency. So for example, with cross dependency, you can do cross Gene exchange but you can't move assets across chains. So if you can't do the equivalent of a side chain but with causality you can basically do everything. And you know, I talked about side chains, I would I talk about kind of fed coin is like in private chain contacts.
I talked about making a contracts or smart contracts in one chain that are connected to Assets in another chain, and various other use cases. What, if one of the things you were writing about in there, an observation you made in your paper that I thought was very interesting was your point that, you know, as soon as you start moving assets between Kane's, there's always a little bit of a, you know, a little bit of a
risk there, right? So there might be some attack vectors or something can be suppressed.
One chain DDOS or, you know, maybe just one chain gets 51% attack, so there's all kinds of things and so in a way that the security of those assets can get, you know, a little bit weekend and maybe it's not as strong on the Chain where they move through as opposed to unchain where they originated on. So what I'm curious about is what kind of if you look really far in the future and if you think of thousands and thousands of assets issued on blockchains and they're being kind of seamless.
Exchange between all kinds of assets. Do you see you think those will be issued in lots of different chains that tend to be controlled by maybe the parties responsible for that asset? What do you think that this this issue of moving assets and around?
Chains is big enough that there will be a strong incentive to, you know, issue maybe many of them on some chains and Central change that Maybe have a lot of security and then moving others or maybe alter those chains on the third chains, but that there's a sort of an effect that we have acids and acid issuance and management. Concentrate on a few chains. Do you think we will see that? I think I and first of all, you have to distinguish between different types of assets.
So, for example, you have issuer back to assets, so that you have kind of pure cryptographic assets like Bitcoin and ether, and one of the things with issue are back to assets, is that there is an issuer. And if there's an incentive into it than the issuer can just issue the many different versions of the asset on just about every channel they care to
support right? Like you can issue you know the gold back tokens on a fury Aman. Counterparty on Ripple on NXT on bitshares and like on any system that supports people being able to issue tokens at the same time and realistically, you might as well do that for any system where you know the potential revenue is for the issuer are greater than the costs of like basically doing the integration and teaching, their customer support staff how to handle that particular chain.
So that's Something that I think issue is different. We are going to do well in the case of cryptographic assets, obviously you can't do that and I think there are going to be some situations where like, you don't want every a cryptographic asset issuer to actually be in the business of, you know, keeping track of and supporting all these chains necessarily. And I think especially for smaller chains, the approach of like using sidechain like techniques where you actually do
have a portable. All assets and you can kind of move them from chain 8, H, and B. And then back to channei, you know, I expect that to be a paradigm that does end up having to ask some marriage. Although, in general, I think there are going to be a lawyer, like, large categories of assets. That just have one home chain. Get you some, that one home chain and no one really tries transplanting them anywhere. Okay. And so we just did an episode
about the cosmos as well. And you know, at the architecture of Cosmos is that there's kind of just hop, which is connected through Essentially side chains to all kinds of other chains. So do you think that's a model that will see traction? That makes sense. So you think it will be more about having maybe bilateral connections between all kinds of different chains and not having this you know, almost Central Hub or sort of a decentralized
help I guess in the middle. So I think one very specific area where a kind of decentralized crushing solution is really needed it. And is really going to have a lot of value is specifically exchange between Christian assets, right? So I don't even I don't mean proper of portability I specifically me and like trading a for be like were either for Dogecoin or whatever. The reason basically is that, you know, right now, we have centralized exchanges for that. Centralized exchange is get
hacked easily. They have Feed The Fairly High fees, they have all sorts of annoyances to them, and it would be really nice if we could just like, have a teaspoon, Joy solution, right? I think that's something that's could be potentially very promising. If done well, and I mean, I don't expect there to be one solution, there's a roll of all there, I expect people to try coming up with various different solutions, and look, some of them taking off in some contexts.
I mean, to some extent, there are network effect here because, you know, if you have one system, then it's much easier to connect you more blockchains that one system than it is to make an entirely new system from scratch. But at the same time, you know, you have have things like the DC. Real way that can just focus on one Lincoln do it well. So now I think we'll see some of
both. Cool. So I yeah the internet of blockchains is going to be like I think one of the one of the big themes in the future and remains to be seen how exactly it plays out, whether it's a hub and spoke model or chains, interacting directly with PT C. BT, Lea, moving on from that topic, I'd like to jump to the theme of applications. Now I think I think a few months back you wrote a Blog article in which You laid out.
Your view on what applications are going to put things blockchain technology is going to be good for, right? And you had this idea of that box in technology will be, won't have very large killer apps, but will enable a long tail of small applications. So I would like to revisit that idea and perhaps have it. Have you explained that idea in
your own words first? I'll just quickly answer So in first, it's important to note that the reason why a theory of exists in the first place and why I started working on it is because I realized that there is such a large number of different watchin applications. That you can't just create abortion protocol just for every single one of them and like, you can't join like explicit. We target applications one by one and try and like, Target a feature for each one.
The only way that you could really Target, the generality is by taking The, if you're am approaching just creating a programming language, right? So, I would say, the idea for a theorem even by itself started with this kind of vision of a very diverse array of watching applications. That are all kind of Fairly again, individually individually, perhaps not significant enough to be worth their own watching but collectively very important.
So, yes, started realizing that, you know, there's All these different kinds of applications and after I say, if you're in luck of the theorem project. So I kind of became public and as people started discovering more and more things you could do with it, that opinion that I had just kind of kept on growing and at some point I realized that, you know, people ask me, what is the killer app for Theory? I would just realize there aren't really any good
candidates. And then, you know, if I started asking way the question of weight, but if there aren't any killer apps, then, you know, Mm, If You're a worthless and that in and then I realized that, you know, oh wait, you know it's like the ideas that it's theorem brings in or and the implementation of its ideas is valuable but the value doesn't come from any one single application. The value comes from all the output gatien's put together and
the interactions between them. And so you know it's about the facts that you can have digital assets on the blockchain and And you can have your company shares be on the blockchain. And once you have a digital also on the blockchain and you have competition shows on the blockchain, then all of a sudden, it becomes trivial to do.
Let's say that Equity crowdfunding, but I just like doing a smart contract that automatically issued shares in exchange for digital, like, let's say, digits, gold or like some, what you are still watching, based US dollars, or whatever. And, you know, if you look at identity Matrix Management on the watching, and if you look at certificate revocation, And on the board or and on ethereum and like all these different use cases you start realizing that like all of them really do serious.
We complement each other and look the killer app and subsets is this kind of combines vision of like all these things working together that like some of us call Web 3.0. Yeah I would agree with that. Maybe with the one in addition to that money and and the sort of digital gold and electronic Cash, maybe kind of a killer up on its own, even if out those other things. Although of course, those are the things also enhanced the utility and power of that.
We do you see that the same way? I'd agree. I mean, I think the the addition of the economical are to the kinds of the set of things that you could do in a decentralized way, as a very important and fundamental Well, the italic we are kind of at the at the time limit and we had a lot of other stuff we wanted to talk about actually want to talk about charting and we want to talk about CK snarks and how those
are coming to a theorem. So we won't have to time this time but hopefully we can we can have it on again soon to do that. I also hope that the recording worked out well because there was a little bit of connectivity issues, but hopefully with the local recording, it should be fine. So thanks. So much metallic for coming on and thanks so much for listeners for tuning in once again. So a person is part of a so pick on network. You can this show?
And all the shows on, let's talk be kind of calm and if you want to support show, you can do that by leaving us iTunes review, that helps you people find the show in this very much, appreciate it. So thanks so much and we look forward to being back next week.