(What follows is a transcript of what I consider to be perhaps the best interview I’ve ever watched on cryptocurrencies–and I’ve watched a lot. To summarize, Amaury briefly explains at a very high level how the current financial system came about, the problems facing that system, and how crypto can potentially solve those problems. Then the interview gets more technical as they discuss the challenges of scaling a blockchain and how his eCash project is specifically tackling those issues. It’s a fairly long interview, but one that I believe is well worth your time. I wanted to transcribe it so non-English speakers could access the contents as well. Enjoy.)
Casey Muratori: Hello and welcome. I’m Casey Muratori, and I’m doing a series of cryptocurrency interviews with people who know the technical details so I can basically ask questions about exactly what they think of the technical details of it. Do they think these technical details are important? How do they affect things like whether cryptocurrency will do a lot of the things that people claim it will do, and all that good stuff. So this interview today, my guest is a Amaury Séchet. Amaury, could you give us a little bit of a sort of a reasoning why you’re into cryptocurrency, or why you started looking into this stuff or learning about this stuff, and why you agreed to talk to me today?
Amaury Séchet: So even though I’m a software engineer, I was initially interested in cryptocurrency, not for the technical aspect of it, but more for the freedom-oriented aspect of it, because I always been like interested by personal freedom and stuff like that.
And one of the big threats, generally on freedom that I’ve seen around is that you have those big companies through which all the transactions go through like Visa, Mastercard, or these kind of entities. Like 12 years ago, I did an interview with Le Monde, which is like big French newspaper. They were like about privacy and stuff like that. And people were very worried about Google and Facebook and stuff like that at the time. And they are still are now. And there are some reasons to keep an eye on it. But one of the things that I was saying at the time is that actually like payment processing was even bigger of a deal, right? Because the information that they have is literally what you value, right? Because Facebook and Google, they have what you give them, which is quite a lot, typically.
But for instance, they cannot know something that you don’t know about yourself. Whereas actually, if you wanted to know yourself better, having all the information that Visa and Mastercard have on you would be like because you’re, like I think I value this, this and that, but where am I actually spending my money? Right? And you can see like what you actually value, not what you think that you value. So those people have very interesting information about you, and they also have the capability to block transaction or stuff like that. So that happens in some cases for political activism, like we saw that for Wikileaks many years ago, for instance, where effectively a payment processor stopped processing payments to them, which actually happened to me a few times because I worked in many different countries, so I had to deal with a lot of international banking. So maybe that’s a case that is not common to everybody, but typically within the country, you have like your framework that is well established. But as soon as you start doing international banking, it tends to be very wonky. All of that combined, I was like surely we can do better.
If you want to move money from Japan to France, for instance, it takes like a week and it goes through like five different banks and you have contact at the two ends but you have no visibility on what’s happening in the middle. And quite interestingly, people at the end have no visibility either, right? So all of that were like there must be something better. And when you think about it, what it boils to is that you need some form of digital cash. Because there is a technology that we don’t have online that is cash. Right? Like it seems so stupid because we’re used to it. But if you do something for me and I pay you cash, there is no intermediary that is involved anywhere. Right? And before cryptocurrency, this just was not possible to do online and all those intermediary they bring a lot of like privacy concern, risk concerns, censorship concern, and they effectively have a pretty heavy control on your life.
So that’s the end goal.
I was in fairly early on. I learned about Bitcoin in 2010, so not the earliest, but fairly early versus most people. But at the beginning, I was like mostly on the sidelines because I followed like previous, maybe people are not so familiar with that, but there were previous attempts before Bitcoin to do digital currencies and many of them ended up pretty badly for the people who started them. Because you’re not supposed to create your own form of money, right? That is something reserved for governments and stuff like that. So depending on where you live, you’re going to run into a lot of legal trouble if you do that. And that happened to several people before, which is probably why Satoshi Nakamoto remained completely anonymous to this day, right? But like considering that, it was not like it is today where everybody is talking about Bitcoin. At the time that was very niche and like the context was that it was potentially dangerous, right? So I didn’t go super public about it at the time.
I got more involved though on the technical aspect of it around 2014, 2015, because this is when these things became big enough so that scalability was a problem. And this type of problem is much more the kind of problem that I know how to solve. Like, I’m not a cryptographer, for instance. Right? So if you ask me to roll out new cryptography like I’m not the right person to ask that. But like distributed system and scalability concern and databases and stuff like that are stuff that I’m fairly familiar with, and so those questions started arising and at this point I got involved like more on the technical front. So that’s a bit of my story with crypto. Since then I should say like since then I created BCH which was what like top four for a while. Ever since I left, it dropped to top 20. So I don’t know like if correlation is causation, but I like to think it is. Since then I created another project called eCash that as the name indicates, the goal is to create an electronic form of cash.
C: So I guess what I would say is at least broadly speaking, so that people know sort of where I’m coming from. I am 100 % on board with the that sort of goal that you stated originally, because it does seem to me like there’s a great deal of risk currently associated with money, meaning if you want to take somebody who is disfavored, or who, for whatever reason, the government or a majority of the population frowns upon the easiest place these days to attack them is actually their money supply.
Because for whatever reason, we seem to have very strong laws in a lot of at least western nations have these laws that protect other aspects of your life. But very few places in the world have any kind of strong legal protections. For your monetary well-being, oddly enough, right? Like your ability to accept payments in a modern world is strangely unprotected in most places like it doesn’t really matter where you live. It seems like it’s pretty uniformly the case that it’s just not something that you’re guaranteed as a right for whatever reason, possibly because before the advent of things like the internet, they weren’t thinking about these as being risks when countries developed their legal systems, I assume.
A: Yeah, my assumption is that like outside of the world of internet, you still have cash, right? So if nobody wants to open a bank account for you, you can still take out your bank note somewhere at your place and pay stuff with cash, right? So it’s probably still annoying. You would want to have some of those financial services, but you can get by, but as more and more stuff move online, that becomes more and more of an issue.
C: So really like I don’t have any questions around that, because I just assume that most people can probably see why there’s at least risk there. Maybe they don’t agree that that risk should be mitigated. But we’ve seen enough examples now that it seems sort of self-evident that like, if it was something that would concern you, meaning if you were concerned about the fact that people can take away other people’s ability to accept money, more or less with no real legal constraints on doing so, then there’s a reason why we might want an alternative.
So really, the questions that I want to ask are just more about how does cryptocurrency actually provide an alternative to this. And hopefully you can understand the thrust of the questioning. I’ll just start off with a sort of broad question about it, which is, in general, cryptocurrency, the design of the underlying systems. They tend to produce just generally a consensus algorithm for where the cryptocurrency went. That’s more or less all the technology actually does.
A: Yeah there is more to it, but that’s the piece that is very interesting. All of it around it is like scaffolding that makes it work.
C: Yes. And so I guess the broadest point I’d like to start out with and we can start to drill down on if there’s something that ii don’t quite follow why it would be the case. My main concern is just, why is the endgame for crypto any different than the end game for anything else? Because in general, you will always still have to take whatever that consensus is and turn it into something in the real world, and at that point why doesn’t all the same things that we see today with our current currency system also apply? The government regulation. The fact there will be large actors who control significant sectors of whatever that conversion is, the fact that people might renege on something that they agreed to do in the real world. All of these factors. I don’t quite see how the end game for crypto ends up anywhere different than the endgame for what we already have.
And if there are some actual hard technical reasons why it wouldn’t, those are the things I really want to focus on.
So does that question make sense? And can you elaborate on that a little bit?
A: Yeah, that’s a fantastic question, though maybe we want to break it down a bit. One of the things that you point out is fantastic because this is where I probably diverge from like the more mainstream part of the crypto ecosystem. Because what you describe is what I’m seeing happening with Bitcoin, for instance. Right?
C: Yes, please go. This is exactly what I was hoping to hear. Please go ahead.
A: Bitcoin has limited scalability on chain, right? And so people have been developing solutions to work around that problem where you can do stuff that are off chain. And one very interesting thing is that by doing so, they are kind of rebuilding the existing system but worse.
C: That was my exact, like, are you talking about like lightning network and things like this?
C: Yes, that was my read on it as well. Okay, great, please go into detail. This is exactly what I was hoping for. Thank you so much.
A: Yeah. So what happened like if we want to understand that, maybe we want to understand a bit how the current financial system end up being the way it is and obviously I’m going to grossly over simplify everything, but at the beginning, people use like precious metal and stuff like that to trade, because they have good monetary properties, but they are not very convenient to use on a day to day basis.
And as the scale of the trade increases, it’s also much more inconvenient, right? So if you are a sailor around the Mediterranean and you trade between, say, Egypt and Italy or something like that, you don’t want to be like carrying your gold on the ship every time you go back and forth. Right? So what happens is that at some point you are going to deposit your gold to what is effectively a bank. And then you’re going to like withdraw from the bank on the permitted basis. So that’s the first iteration of it. And the second iteration is like once your bank that have been there for while and that people trust, they can start to emit like certificates that are like this dude own that much gold.
And then instead of trading the gold, you can trade those certificates instead. And so the person that has the certificates at the end can redeem the gold eventually. That works great except you have horrible liquidity problems when you do that, right? Because there is not like the right amount of gold in whatever banks and then you like effectively abstracted one level, but the banks have the problem that you were having before, right? They need to transport the gold around and all of that.
And so that’s somewhat more efficient, but that’s not that much more efficient. That’s more practical for the people trading, but the overall system is still pretty inefficient. And so this is when people start to go fractional. And this is probably one of the points where I diverge from most of the crypto ecosystem, because I think that going fractional, to some extent, is more or less necessary for the efficiency of the system, right? Because otherwise you have liquidity issue.
C: Could you just for the folks who are listening to this who maybe haven’t thought about this stuff very much or haven’t read about it, can you just explain the concept of fractional just like because it’s pretty fundamental to not only crypto, but general finance.
A: Yeah, so the bank have a certain amount of gold and emit certificates for it. And when the bank goes fractional, effectively it’s when they emit more certificates than they actually have gold in their vault. And because not everybody is redeeming the certificates at the same time it actually works. Granted, the bank needs to calculate like what is the risk and all of that. There is like all kind of financial questions that are on that. But going fractional to some extent actually helps liquidity, right? Because if the gold is in one bank and you need it in another bank, then because not everybody is going to redeem, you can start emitting more at the other bank. And in the background, transfer the gold whenever, right? And at some point, you kind of have to go fractional because if you’re not going fractional as a bank and your competitor are doing it, then you’re going to have liquidity problem, and they don’t, right? So everybody is going to go to your competition. So at some point, it’s just more efficient to do it, and you cannot really work against that.
C: So that’s actually a really good point. I never quite thought about that aspect of like fractional reserve banking. Once somebody starts doing fractional reserve banking, pretty much everyone has to do fractional reserve banking because otherwise, they will just get outcompeted because they can leverage the fact that there’s a certain default rate on risk they will just be able to offer better services, effectively. Is that a fair statement?
A: Yeah. And the tradeoff that they are making is that maybe the bank go bust, and then some of those certificates cannot be redeemed, right? That’s the counterparty risk. And a lot of the people in the crypto space they’re like fractional reserve is completely evil, and we need to ban it completely. But yeah, if this was done transparently that would probably be better, right? So you probably would have some banks that be like we don’t do any fractional stuff. That means that some of those services that we serve you, may take longer or whatever, but you know that whatever happens, if we go bust, we still have the money to pay everybody, right?
Maybe there are other banks that are like, we can deposit your money right away and stuff like that, because it’s a bit of a segue but think about it, actually a credit card transaction, for instance, takes 2 to 3 months to settle typically, so if you didn’t have fractional banking, when you pay with your credit card the merchant could just have the money like 3 months later, not before then, right? This is the kind of problem that you would have. So there is actually a huge value like being able to pay by credit card and have the merchant at the other end receive the money like maybe the next day or fairly quickly. So there is a certain amount of risk, right, but at some point probably there is too much risk and people wouldn’t want to do it. So maybe doing it transparently would be a better way to do it right now. I don’t think.
C: Sorry to derail that there, but I think that was great because it’s just something that’s important to understand. So please, you had gotten up to fractional reserve banking and like the history of banking. Go from there.
A: So obviously it works better, but there are several risks associated with that. The bank can go bust. Also, one bank can just go crazy and start emitting like a crazy amount of currency. So right now all the banks are usually there is a central bank in the country that limit the various bank’s ability to do that or control it in some way. Obviously, the details of that are going to depend on which country and which currency, but there is a variation of that pretty much everywhere now. But still, it happens on a regular basis that the central bank just goes like completely mad. And those problems, they are not theoretical, like maybe people in the west, like in the US or in France, or what not, they are not so used to that, but just this week, for instance, all the banks closed in Lebanon. And I’m not sure what the situation is right now, if they reopened or not, but like just imagine the total mess that this creates, right? And this is what happens when there is what is called the bank run. It’s like when too many people try to redeem the money from the bank that is fractional, right? And so the bank doesn’t have the reserve to redeem everybody and when that happened, then there’s no money, right? There is, no money to go around.
C: I mean that sort of thing has happened almost everywhere we’ve had banks. That’s why we have FDIC insurance really in the US for example is because we have we had bank runs, right? That’s just something that happens. When if the populace’s faith in the banking system, either locally or widespread, is shaken at some point, people will want to get their money out because they’re afraid, they don’t want to be the last person right, to try that?
A: That is the problem, right? When that’s happening, then the incentive is for everybody is to do it as soon as possible.
C: And they’re not wrong because usually a lot of times this fear is well justified, but of course the fear itself actually also produces the problem. So it is a really severe issue with that.
A: It happened in Cyprus in 2012. It happened in Lebanon last week. It happens in many places. Actually the average lifespan of this type of system is 27 years. So the US dollar is like way past due a major problem, but it’s not completely random as well, right? Like it’s the average, right? So the one that are better managed, are going to last longer, but still that’s a remarkably short time. Right?
So anyway, the root cause as to why this happened, is because the technology that assume hard monetary property, meaning like they are scarce and fungible and what not, are different from the technology that are convenient medium of exchange. Right? So you end up having this impedance mismatch, and you have like all the system that we have is actually at its core made to like patch over the impedance mismatch between the two.
Okay? So right, because you cannot do that with gold, like this kind of problem cannot happen with gold. It’s just not convenient to use gold, right? Like you would go to the shop and they’re like this is like 0.3 gram of gold and then like, what do you do? Like you chip off a bit? That would be like completely impractical and how do you do it online? It’s even more impossible.
C: So to bring this back to the original question. How does cryptocurrency avoid exactly the same fate? Because again, like my biggest concern when I look at the underlying technology in general versus the claims that people make about the benefits to it, a lot of what I’m missing is I don’t see how it doesn’t have all the same eventual problems assuming that you’re able to get to the point where it can actually handle significant amounts of the world’s economic activity. I’m not seeing the explanation of why you don’t have the exact same problems with it. And so far, your explanation seems to support that.
A: I think you’re right. So I think you’re right. I think the condition under which you don’t have the same problem is if you have a system that is large enough so that that impedance mismatch effectively doesn’t exist, or is greatly reduced.
C: Okay, so maybe let’s go down that route then. So what are the differences with, and for talking about this go ahead and either pick a cryptocurrency or imagine the cryptocurrency that you would want. So you don’t have to talk about specifically Ethereum or specifically Bitcoin if you don’t think they actually satisfy the properties that you need.
But assuming an optimally designed cryptocurrency with technology that we have and know how to do, can you sort of talk about why there wouldn’t be the same kind of impedance mismatch?
A: Because granted that like the major technical hurdle here is scaling, but if you can scale something big enough so that it can do transaction per second (tps) that are comparable to stuff like Visa or Mastercard or Alipay, Alipay is actually bigger than Visa or Mastercard, but if you can reach tps that are in the same ballpark as those entities, then you effectively don’t need the intermediaries anymore. And that doesn’t mean that they are going to disappear, like maybe they are going to stay around. But if they stay around, then they have to provide value. They cannot stay around, because there is just something that is not working properly with the system. And right now the thing that is not working properly with the system is that I cannot transact conveniently with hard money, right? So cryptocurrency have hard money properties like hard-caps and stuff like that. They’re relatively fungible and everything.
And even if it sounds like something like Bitcoin is not fungible enough, then like there is Zcash and Monero and what not that are even more fungible. The question is, is what we have right now is fungible enough for that to happen? But we know that if not, we have the technology to make it more fungible exists, so that’s not the major question.
So those stuff already after hare money property. If you can make them as well a good medium of exchange at scale, then you don’t need this whole I’m going to hold the hard money for you and start emitting certificates and trading the certificate instead of the money and going fractional. Like this whole chain doesn’t have a reason to exist anymore.
C: So I guess the question, though, would then be to drill down on that, technologically speaking, how would we end up with a system that … So I guess I might ask a question here because it sounds like so far you haven’t really said much about the decentralization aspect of things, but I’m assuming that it’s implicit in what you’re talking about, because you started from a place of sort of assuming that censorship resistance was important, because we both talked about the idea that people can have their money supply, their ability to set payments taken away, and that’s probably a bad thing. If it’s too easy to do, right? Maybe in certain select circumstances, if the government goes through a lot of hoops, maybe you want to be able to do it if it’s like some really bad situation. But in the general…
A: Ummm I don’t even think that is the case that much.
C: So maybe you don’t even go that far. But I mean just mean, in general, I would think in a lot of cases, we’ve seen evidence that it’s way too easy for them to do it right now. It’s too trivial.
A: And not even just for the government, like way often the banks just decide like if you are like a profile that is somewhat suspect and what not they were just going to say, no, we don’t want to open a bank account for you, provide you with those services.
C: And not even necessarily for ethical reasons, it might just simply be because they think you’re too high of a risk and they don’t want to deal with you, right?
So there’s any number of reasons they might just say no, we don’t want to.
A: I can be open about that, like personally ever since I’m involved in crypto, several banks have refused to provide services to me. Thankfully not all of them, so I can still like live normally, but like I’ve not done anything illegal, I’ve not been condemned or any of that, right?
But they just decide, okay, this guy is linked to crypto. We don’t really know much about it. We don’t really care. We just don’t want to get there. And they say, no, that’s it.
C: So bringing you back to the technical aspect, uh so. Let’s try to zero in on this part of it, because this is the part that I don’t quite see. So how will, like what is the technology that you think, and technology is probably a dumb term? Let’s that that that sounds like something that like Wired magazine says. So what specific algorithm qualities or what specific things that you’ve seen do you think will allow cryptocurrency, some cryptocurrency, whether it exists today or not, to be able to provide both the benefits of hard money that you’re talking about, which is that we know exactly how much is in circulation and who controls it.
What will provide that and high transaction throughput? Because so far that’s been something that is unclear. I haven’t really seen a lot of people claim to be able to do that in a way that I felt was convincing.
A: Yeah, I don’t know, because when you look at the number, those tps they are pretty big, but are not that big, right? Like Visa is like a few thousand tps per second. Right? So that’s a big number, but that’s not an unbelievable number. Like you can probably do that with a rack of machines with decent software. It’s not unbelievable. And if the cost to pay to be a part of that system, like not an actor that just look at it, but like a participant actor, is a rack of machine somewhere, and with that you can process the economy worldwide, that sounds like a reasonable enough trade off to me.
So there are different technology right now in the space, some of them scale better than other, but actually you take some model of the coin skill pretty well. It has fairly nice properties. So like, I don’t know how much we want to drill into this, right, but at the core of Bitcoin there is what is called the UTXO (unspent transaction output) set. So it’s effectively like a key value pair database, where the key is a hash that identify the entry. And the value is going to be like an amount of money, and a script, or like the condition under which you can redeem that money. Right? So it’s effectively the balance sheet of the whole system with identifier and how much money. Most of the script are going to be you need to provide the signature with the following public key to spend those coins, right? Like that’s what 80% or maybe even 90% of what the scripts are, but you can do like more fancy stuff.
Anyway, one cool stuff is that contrary to an account based system, like with a bank or with Ethereum, those UTXO they are not like an account, right? So when you spend your UTXO, you make a transaction and each transaction has input and output, all the input are going to be all the UTXO that you spend. And the UTXO are gone.
And then you have a set of output, which is where you send the money that were in those UTXO previously, right? So you destroy and you create UTXOs, so you never modified them. So from a database perspective and also distributed system perspective, there is a lot of simplification that happens there. And for the rest of it, like it’s a key value store, so you can shard from that ID to that ID goes in that database, from that ID to that ID, it goes in that other database. So that is not that difficult to scale. Now, there is one thing that is more difficult to scale and that is the consensus algorithm itself. And there is also another aspect that is more social, right?
So in Bitcoin, there is a structure of we don’t change anything, right? Because you don’t change anything, you cannot change stuff in a way that scales better, which is interesting, right? Because you have this system that technically scales fairly well. But culturally, the people in that ecosystem don’t want to. And Ethereum is the exact reverse, because it’s an account system, and you have global state in it that each transaction can interact with. It’s way more difficult to scale. Because one other aspect of the UTXO set is that because you destroy them and you create them, you never mutated them, there is no ordering question about this whole system, right? Whereas Ethereum has global state, which is useful when you want to write more fancy smart contract, but it’s a nightmare to scale. Because now, everything is mutable, and so everything needs to be ordered. And it’s very difficult to prove because it’s code. You need to prove that different piece of code actually cannot interact with each other and like proving that is pretty much as difficult as running them sequentially.
C: It’s sort of like a multithreading programming problem at that point, because if you assume that a piece of Ethereum code can access the information about any particular account, then that basically creates a race condition with any other piece of Ethereum code that does that.
Now you are in a scalability problem that is exactly like trying to scale any hard distribution distributed computing problem, whereas you don’t have this with Bitcoin.
A: The properties of it makes the problem much simpler. But the Ethereum community is working very hard on scaling stuff. So that’s a bit of a weird cultural artifact there that I think is worth noting. But if you start from something that looks like Bitcoin, that means you are going to have less smart contract capabilities, but you’re going to have much better scalability properties, then in term of database and all of that, it’s not that big of a deal if you consider that you are ready to have a rack of machines or what not. The consensus algorithm is a bit more of a problem for reason that are not of use. But the way Bitcoin works is that every 10 minutes on average, someone produces a block.
And in the block, there is a list of transaction that are considered to be confirmed by the system. And this is necessary because I can make a transaction that send you money. I can make a transaction that send someone else money. And those transactions are going to propagate on the network, not to everybody at the same time. And so some people may see the transaction where I send you money first. And some people may see the other transaction first, and one of the two is going to confirm and not the other, right? If the system is built properly. It turns out that this is actually an impossible problem mathematically speaking. There is a proof that is from ‘75 about that. So that predates Bitcoin by quite a bit and where Bitcoins and other cryptocurrency system work around it is that they make it exponentially less and less likely that the ambiguity remains, which practically speaking works, but like mathematically speaking is still not solved.
C: Are you basically talking about the two generals problem? Or are you talking about something else?
A: Yeah it’s the two general’s problem. So a there’s a proof of 75. I don’t have the name of the paper in mind right now, which is a bit unfortunate. But there is a proof that effective like simplify the problem to its most basic tenet. So you have like a set of participants that don’t trust each other that need to agree on the bullion. Like is it a 0 or a 1, right? Like this is the most basic version of that problem. And they are able to demonstrate that it’s not possible if the set of participants is open and they don’t trust each other. So that’s a bit of a problem, but you work around it by making it exponentially unlikely that it happens.
And the way Bitcoin does that is that you produce a block, and still you can have two blocks that are produced at the same time, right? But then on top of each another block is going to produce, and the likelihood that you have to chains that continue that way is vanishingly small past a few blocks, except if the block propagation start to get close to the interval between the blocks.
On Bitcoin, the parameter is that there is 10 minutes and average between the blocks. But if propagating a block takes 10 minutes or even more, then there is no convergence possible of the network. It’s not going to make a nice chain of block, it’s going to make like a tree where everybody goes in some direction. So you need to be able to produce the blocks and propagate them in a time that is negligible compared to the interval between blocks. Right? Because it’s very easy to see why if you are 10 minutes and above, it doesn’t converge at all, it doesn’t work anymore, but you actually start having problem before that. First, before that, like the probability doesn’t decrease quite as fast, which cause confirmation time to take forever. But even before that, you have a fairness problem in the block producers that cause the system to centralize, right?
So what happens is that if you’re a miner and you produce a block. And by the way, for that to make sense, people need to understand when you produce a block, you get a reward for that.
C: That’s actually why they call it mining is because producing a block that, like for people who aren’t super familiar with how these systems work, I guess we should just mention when you produce one of these blocks, effectively, and underlying all this also, in case people don’t already know, there’s never a problem because everything is cryptographically signed by the person spending the money. The question is never whether somebody actually authorized the transfer. That’s pretty much guaranteed unless you break the cryptographic signature. The only reason for any of this stuff is that the person who does rightfully hold the money might try to sign it to two people at the same time effectively. It’s called the double spend problem, and that’s this entire thing is just for that. If you didn’t have to solve that problem, you’d never have a problem because any transaction that showed up would be valid, because it’s cryptographically signed by the person. And until they get hacked, you don’t have it. So there’s other problems you can talk about, there’s social problems like keys getting stolen and that sort of stuff. But from the perspective of system design, obviously, like, did the person mean to make the transaction is basically a solved problem. Thanks to the fact that no one’s broken cryptography yet. Maybe quantum computers throws a wrench in that if we have them someday, whatever, but for the time being it works.
So in this particular case, there’s two things that happen every time that a cryptocurrency block is produced. One is that you’re trying to put all of the transactions that we’re now going to consider to actually say happened. The other one is that we’re going to give you a reward for doing that. And that’s the mining part, which is some new cryptocurrency you can spend.
By the way, none of this actually means that the block is even accepted because obviously the miner could put a bunch of fraudulent crap in there like transactions that are invalid. And the cryptographic signature on each of the transactions when you broadcast the block. It’s the responsibility of the other nodes in the network to look and go that signature doesn’t match. This is a fraudulent block and we’re not going to accept it. So sorry, I realize we never said that.
A: No, you’re correct. So it’s going to be difficult for people to follow, like I’m kind of assuming knowledge in what I’m saying.
C: And I don’t know how much people do or don’t know when they tune in. So just quick one there. And if you don’t understand, there’s plenty of resources to read about, but that’s basically what we’re talking about.
So anyway, continue the from the mining part.
A: Yeah, so exactly. So when a miner produce a block, they have to block right away, right? They just produced it. So they can start mining on top of it right away. Yes. Whereas other miners, they’re going to have to wait for the block to propagate to them before they can mine on top of it. Right? What’s going to happen quite often is that first the header is going to come to them, and then the content of the block, right? Because the header is only 80 bytes, at least on Bitcoin, but it’s generally very small. Anyway. So it arrived very, very quickly, but then you need to download the whole transaction pack, right? And verify them all as you mentioned.
So what’s going to happen is that the other miner they lag behind. Right? Because they need to wait for the block to arrive to them so that they can stop mining on top of it, right? So they have some time where they are mining on top of a previous block that is not worth mining on top of anymore. And so what happens is that the person that produced a block as a small advantage over everybody else, that advantage depends on the ratio of the block propagation over the interval between blocks.
C: I think I had never thought about till you just said it, because I don’t work on these systems, so I’ve never had to really consider attacks. Do some miners attempt to slow down their transmission of the contents of blocks for that very purpose, or not really, because game theory wise, I want someone else to produce something on my block first to avoid someone else from sneaking a block in in the meantime or like how to.
But presumably there’s a little bit of lag you would want to insert for optimal game theory, which is like, I got the hash first, so on average, the amount of time till the next hash hits is this much so I should delay the blocks. Do you see what I’m saying?
A: Yeah, this is an excellent question. And actually, this is a very good question. The second most quoted paper after the Bitcoin white paper in the cryptocurrency space is about that. So it’s a paper called selfish mining.
C: I can put links in the description to if you want to just send these to me, I can pace them in so that the viewers can click on the link when they watch this on YouTube or whatever.
A: Yeah, so I can’t remember the full name of the paper, but the idea that you describe is called selfish mining. And there is a paper that described that and that is like the second most famous paper in the space. Where there is a whole strategy of like, do you want to withhold your block, or do you want to publish it? And actually you can increase your profitability by screwing with the system a bit. Now, I just have it there. It’s called, “Majority is not enough. Bitcoin mining is vulnerable” and they describe a strategy called selfish mining in it.
C: Which isn’t really a problem because you would assume that everyone just applies whatever the selfish mining algorithm is and we’re back to normal, but it was interesting.
A: Well, no, because it’s not symmetrical, right? Like the person that produced a block has an advantage, and they’re going to start producing more blocks, which gives them even more of an advantage. Right? So there is a runaway situation where the whole system collapses to one actor producing everything. And this is the problem. And this is why you want to have your propagation time to be very small compared to your interval between blocks. Because if you don’t have the case effectively, like economically, your system has to collapse to one block producer. And intuitively, you would understand that, right? Because if the system was completely fair, meaning like you have that much percent of the hashing power you get that much percent of the block, then you wouldn’t have 51 % attack, right? Because what happened is that if you have more than 50 % of the hash power, you can just not mine on anybody else’s block, only yours, and your stuff is going to grow faster than everybody else. The actual curve is something that goes to 100 % when someone owns 50 % of the hash. Right? So clearly, it’s not linear here. But the mathematics are not that complicated, but they are not that obvious as well like anything related to probability and game theory and all of that can be extremely counter intuitive. So even though the math is not that difficult, like putting the equation in the right way and solving them in the right way is important to understand. But there’s a nonlinearity there. And for the whole stuff to work you need this propagation time to be very small, which obviously, like this whole discussion started with scalability. Right?
So obviously, you have a problem with scalability here, because the bigger your block, the longer the propagation time, obviously. So what are you going to do, right? That’s where you have I think an actual interesting problem. And there are a few areas of exploration.
C: Just one second before you go there. I also kind of want to point out here, just to see if you agree with me on this is the difference as you were stating between the time it takes to propagate a block versus the time that we expect new blocks to be produced, the time that it takes, and that second one has to be significantly larger, because, like you said, as they approach a similar amount of time that this kind of consensus algorithm falls apart.
Now, maybe there’s a different kind of consensus algorithm we can consider. But at least if you’re talking about this sort of one, that block, that total time that it takes to produce a new block, one of the critical things, too, is that not only is one block production typically necessary in order for a transaction to clear, because we need the transaction to go into one block first before there’s any chance a transaction can clear.
But actually, in most of these systems, you typically have to have at least some tie breaking rule, and or some kind of other rules at play, which mean that usually, most people, if you really want to clear a transaction, will have to wait to see, not only that it was in one block, but that in at least one more block at a minimum, got added to the chain.
So that it’s very clear that it got recorded.
A: Yeah, because there can be tie break between transactions, but there can be tie breaks between blocks and between blocks on top of blocks and so on. So it just gets exponentially less likely that it happens, but it can always happen, right? So you need to wait a number of confirmations that is in line with the degree of confidence that you want to have.
C: So the only reason I bring that up is because when you’re starting to talk about scalability, there’s two things that actually need to be taken into consideration with scalability. One is the transactions per second, but that’s a throughput number. The other is the latency. In general, right? You don’t want to sit around telling people that in order to this, this brand, new financial system that we’re creating is everyone has to wait 6 hours before they know if a credit card transaction cleared.
So if you’re talking about cutting out middlemen. So we’re not going to be having this intermediary who helps grease the wheels so that, yes it takes 6 hours to clear, but I clear it right away because I’ve got money that’ll back it or whatever.
We’re actually then talking about the total amount of time it takes to produce at least two blocks, possibly more in order to actually clear a transaction.
We’re actually talking about like at least two x that time probably at the best possible case, is that a fair statement you should say?
A: Yes, actually, and I would go further. I think those two are at their core the same problem.
So it’s linked to the entropy of the system, which means, so you have different nodes and different network participants.
And they have a view of the word that is slowly drifting apart, right? And you need to have operation that happens once in a while that’s going to regroup them. This like spreading apart of like the view of the system that they have is what I call the entropy in that context. And what you want from your consensus algorithm, if you want it to be scalable, you wanted to keep the entropy small at all time as much as possible, which means fast confirmation time as well. Right? So deep down that’s actually the same problem. And that’s actually the problem that we are attacking with eCash as well. So effectively the conclusion that we come to…
So let me describe like an alternative stuff that is promising first, because I don’t want to present my stuff as if it’s the only stuff, even though I think this is the one that has the most potential.
Another way of going at it is going through zero knowledge. Right? And some people are working on that, like Coda, for instance, where they don’t send you the content of the block, they send you the header, and they send you a cryptographic proof that the computation has been made on the header, while on the content of the block, and has been verified. And you can check that proof fairly easily. It’s based on Zk snark. I don’t know if you familiar with that cryptography.
Well, so Zk snark is effectively a way to generate proof that you run some computation and that you ended up with some result. Right? That’s not intuitive that you could do that, but you can actually do that. And so the tradeoff that you’re making there is that doing the computation is now horrendously expensive, right? Because before, when you would add two number, now you have to compute the cryptographic proof that you added those two numbers, right? So you need to do elliptical math where you would just be doing an addition before. So suddenly doing the computation become horrendously expensive. But then you can send that proof to everybody. And everybody can verify the proof fairly cheaply in milliseconds and be convinced that yes you did the computation and everything checks out.
So that’s one way that people are exploring to solve that problem.
C: And just to be clear, the way that improves this is just because that way, we don’t, presumably you will still have to send the block, but people can start working on new blocks before they’ve received the old block at that point. Is that generally, I mean why does this actually improve anything?
A: Yes and no. First, yes people can start working on top of the previous block right away. But the way that system is built is that you don’t need to send the content of the block. People that are going to send the transaction are going to attach with the transaction the information, like a proof to the transaction as well that the money was in the block and has not been spent.
C: So basically, what you’re saying there is that if you design a system that goes with that kind of signature scheme, what you are going to be doing is counting on the actual person who initiates each individual transfer to attach all the states necessary to process that transfer with the transfer, so that you didn’t actually need to know what happened in the previous block. All you need to know is that somebody properly recorded the previous block so that you know this transaction isn’t fraudulent.
A: And they don’t need to record the whole block. They need to record only the stuff that is related to them. Right? So the trade off that you’re making with that is that a lot of computation becomes horrendously expensive for the person making them. Right? So if you want to make a transaction yourself, it’s going to be very expensive, though, it’s very cheap for everybody else. So maybe that’s a trade off that’s worth it. But also, if you look at Bitcoin, for instance, if you have your key, you’re safe, right? You can take a new computer that has never seen your wallet whatsoever. You enter your key in it, the wallet can scan the blockchain and retrieve everything, right? On those system, you’re screwed, right? Because the blockchain is completely opaque.
And the second stuff is that you have to trust the cryptography, which seems to be okay, right? But the problem is, if the cryptography is broken, it’s not a given that you’re going to know it.
Because if I find a way to break the cryptography and I don’t disclose to anyone, I can probably create money out of thin air, right?
C: Because no one’s really checking it, okay.
A: So that’s the tradeoff that you’re making. And some people are working in that direction. I mentioned Coda. There are a few other stuff, but that’s one that’s one direction people are exploring. The direction that we are exploring is leveraging another consensus algorithm that is called Avalanche. There is also another cryptocurrency that is called Avax that leverage that as well.
This is a consensus algorithm that is fundamentally different from the Nakamoto style consensus.
C: Yeah. Do you want to go into a little bit detail there?
A: Yeah so I don’t know how deep we want to go because it’s like fairly technical, but effectively, the basic idea behind it is that you’re going to have nodes that talk to each other, right? So say you receive a transaction. You want to know if it’s good or not, right? If everybody accepts it or not. So like a good set of the participant, you’re going to choose a few of them randomly say, eight or ten or something like that. And you’re going to ask those ten. And you’re going to be like, do you think this transaction is good or not? And maybe like ten of them to say yes, then you increase your confidence score that this is yes, right? If ten of them say no, then you increase your confidence score that this is no. And you have your own position as well. Right?
So, yeah, like I took a shortcut there that I shouldn’t have taken.
C: Just for the record, most people who watch my channel are very technical. So you can be as technical as you want. The only thing that you can’t really assume is that they know the cryptocurrency, because they’re probably watching this because they haven’t really looked into cryptocurrency. But if you explain something technical, they will like to hear the actual explanation, not the Wired magazine explanation.
A: Okay. So the idea is you have the transaction and you have your opinion if it’s good or not, right? And you have a confidence score in your decision, right? So maybe I received a transaction, I think it’s okay. And at the beginning my confidence is very low. So I’m going to ask like 10 other nodes on the network and be like, do you think this transaction is okay? And let’s assume that I think it’s okay. So if those ten guys that tell me it’s good, or maybe like 8 out of 10, there is some tradeoff there, but if most of them say good, then I increase my confidence score.
If most of them say, no, this transaction is not good, then I reverse my position. I say, no, I think it’s not good. And I reset my confidence score to zero. And if I get like a mixed response, then I just like discard that round and I try again.
And now all the nodes are doing that as well.
C: Sorry, just to clarify there, when you say and try again, I assume you are trying to do the same transaction, but you’ve picked a different set of servers to ask, or what does try again mean?
A: Yeah, I’m going to select a new random set of say ten nodes. Obviously like all those parameters, you can change them, and you get different tradeoffs between how fast those things converge and how fault tolerant you want to be and all of that.
Like those parameters, they can be tuned. But let’s say ten. So you ask ten, and either way no matter what the result is, either you flip your position or you increase your confidence, or it’s just inconclusive, you do it again. You select another random set of nodes, and you ask them the same question, and you do it again and again and again.
And at some point your confidence is going to be very high. And at that point, you say, like that confidence is at the level that I think the network has converged and everybody is okay. And it’s quite remarkable that this system converge very, very quickly with very, very good properties. I don’t know if some of you guys played Age of Empires. So in Age of Empires, there is one unit that is a priest. And the priest doesn’t really do anything other than pray. And when he prays next to another unit, it eventually converts the other units to his side. And so one thing that people have been trying for fun is like, what do you do if you make like two army of like 100 priests and then you smash them against each other and this is effectively what this protocol is doing.
Because every time you say, hey I think this transaction is correct, and if people ask you, eventually you’re going to convince some of them. Even when the things start at 50/50, because you have random sampling, there is some noise that is going on there, right? So it’s going to flip one side or the other, and once it starts flipping one side, it goes exponential, right? Because the more nodes that think it’s valid or not valid, then the more rounds are going to be conclusive toward that response and that the more nodes are going to be convinced and you have like a snowball effect.
C: Can I just ask a clarifying question here? Because, I apologize, I didn’t know about this scheme, so I haven’t read about it beforehand. Just to clarify what is meant by asking if a transaction is good. Is the idea that this underlying system would generally have all of those nodes are sort of keeping track of something similar to what’s in Bitcoin, meaning a signature chain for a particular piece of cryptocurrency, and then when we see a new transaction, we go, is that a proper append to this chain, or is it like basically a double spend? Or are we talking about storing something else? Because obviously, the consensus algorithm can be separated from these, but I’m curious just t, understand the whole package. That was question number one. I have one other question just to put them both in there because I think you can handle both at the same time.
The second question is, I didn’t hear in there how the network actually advances. Once I determine that people do think a transaction is okay, do I broadcast that fact, or do I wait for people to ask me for it to propagate? Does that make sense?
A: Yes. I’m going to answer the second one before the first one, because it’s easier in that order.
So what’s going to happen is that once you reach a certain confidence score, meaning you have done like a certain amount of rounds where everybody agrees with you all the time, right? You sample random people, you can be confident that either everybody has already finalized to that result, or the people that haven’t, they are going to finalize toward that result. And you can put a probability number on that dependent on your parameters. So the math is in the paper. And you can choose that parameter to be like completely absurd, right? Like you can choose 99.9999999%.
C: Okay, I’m sorry, so let me just see, so is it also implicit, though, because I didn’t realize this part of it. From what you’re saying, I’m just guessing. So is this system also like Bitcoin in that when someone wants to make a transaction, they broadcast it to all the nodes?
A: Oh yes.
C: Okay that was the part I was missing.
A: So actually this system is a consensus algorithm, right? So you can build on top of all kinds of weird chains. And this is what actually the Avax guy they are doing. They have a chain that works with an EVM so that works like Ethereum, like they have all kind of different changes that do all kinds of different things. What we do is a bit different because we have a chain that is extremely close to how Bitcoin works. The base chain is extremely close to how Bitcoin works, and we use that on top of it. So in our case, everything that you know about Bitcoin still applies, and actually, you can connect to our network without knowing anything about Avalanche, and then you get none of the benefit of it, right? But you can still understand what the chain looks like and parse the transaction and understand meaning and all of that. That’s one of the design decisions we made, because there is a lot of software there that is already made for Bitcoin and all that software can work on our stuff. And that’s one reason.
The second reason is Bitcoin has a property, the consensus algorithm of Bitcoin a property that Avalanches doesn’t have. And that I think is important. It’s that Avalanche is a live process. When you’re part of it, you participate, you get to the result with everybody. Great. What happens if I’m a new node and I connect to the network? Then I’m going to ask people, and they’re going to tell me something. But is it the real deal like anyone can come up with anything and give it to me? And I have no way to verify any of it, right? Because at some point like, one of the state of the system is who are the different nodes that I should query, right? I have no way to bootstrap myself into that system, except like getting the information from somewhere that I trust.
Whereas with Bitcoin, you have this blockchain that is like an objective artifact that I can go through. Get to the end of it, know what the set of node is and start going from there. So this is this is why we are not ditching the whole stuff, because it has properties that the new stuff doesn’t have, but the new stuff has also practical properties.
First, it’s in asynchronous, right? So I can finalize a transaction or another at different times, they don’t need to wait on each other anymore. And so from a scalability standpoint, that’s very, very good. Because the blocks they kind of like create a bottleneck effect, like where you do nothing for 10 minutes, and then boom, you do a ton of work, and then you do nothing again. Right? So that spreads the load over time.
The second one is that it’s actually quick to come to a result, like, typically, it takes less than 2 seconds with nodes scattered over the world. Obviously, this is not a guarantee, but you get less than that 2 seconds like 99% of the time or something like that. It’s very quick. It’s probably like quick enough for like our target was 3 seconds, less than, 3 seconds so this is good for us. And why we went there? Well, it’s from the statistics for payment processors. So what happened is that payment processor obviously have done a lot of research about that. And what they conclude is that when the payment take more than 3 seconds, people are like a bit irritated by it. It’s like bad user experience. When it’s less than 3 seconds they are okay with it, they kind of expect it to take that long, right?
But after 3 seconds, they start to be irritated. And after 5 seconds, they think that it is broken, at least for a while, right? Like is it working? Okay, right? But there is that moment where you’re like, is it broken or what, right? And it happens about 5 seconds. So we were like, we want something that is as fast as possible, but really like our target is less than three seconds and with the technology we get less than 2 second most of the time. So that’s pretty good. Yeah and so what happens when you have that is that over the 10 minutes in between blocks, the node run that thing, and so when the time from the block arrives, they kind of all agree on what is in the block. Like there is just like the fuzzy edges of the past 2 second when the blocks come that you don’t know about, right?
But everything else you agree about. And even like, if the block doesn’t correspond to that, you can ditch it, right? Because everybody is going to agree on like 99% of what the block is going to look like. If those 99% are not what you expect, you can just orphan the block, like just not accept it. And so when you do it that way, you avoid that problem of doing nothing, and then doing a ton of work as fast as possible, because that time needs to be very short, because it needs to be negligible versus 10 minutes, and then going back to doing pretty much nothing for 10 minutes. So that gives you tremendous scalability properties. And that also gives you very fast confirmation time. Because at the core, the two of them are the same problem. The two of them are like the consensus algorithm taking forever to make a decision. That’s where it comes from.
C: So I guess that this is somewhat surprising to hear in a way, because one of the things, I mean maybe this is something that is just a bad artifact of the way crypto is typically discussed and how it’s usually synonymous with blockchain. In other words, the idea that there has to be a series of blocks that are chained together as the important part of the underlying system.
A: Strange isn’t it? Because one of the things that I’ve been saying is that blockchain is probably the least interesting part, because we’ve been having those since way before Bitcoin.
And I’m sure like all of you guys are using one almost every day, like if you use mercurial or git, then you use a blockchain, there is nothing special or magical about it. This is not something that is newer with crypto or anything. Yeah, so really, that’s not the interesting part. As you mentioned, the interesting part is like how do you solve double spend problem.
C: It’s interesting to hear this, because in general, I would say what you described as a consensus algorithm, when I first sort of like heard about these things, I don’t know how many years ago it was. My first thought was that sounds like a stupid solution to this problem. Why wouldn’t you just use a standard consensus algorithm such as the one you just described? Meaning why wouldn’t I just use something where I simply ask peers and we come to a consensus using a Paxos like scheme, because it’s unclear to me why spending a lot of time solving a hash problem improves anything, especially when you start going, which you immediately heard, like soon after Bitcoin, that the main problem was transaction latency or throughput. I’m like, yeah because it’s designed to be slow.
So I guess what I would ask, first of all, so I probably don’t have that many questions for you about that, because that’s how I think I would have proceeded is to try to find a system like the one you described.
A: So may I interrupt you because I think there are very interesting stuff in what you said. And maybe the implication of some of those are not that obvious. So first, the Avalanche paper it’s from 2018, right? So that’s something that is very, very new. And so there is something that is fundamentally different with traditional older, let’s say, maybe like classical consensus algorithms like Paxos. The main difference that Nakamoto consensus and Avalanche are going to have with Paxos is that for stuff like Paxos, you kind of need to know who the set of participants is. It also scales not very well in the number of participants.
C: Well, because it’s an actual consensus algorithm, not a like eventual consensus algorithm or a statistical one, so it has worse properties because it’s trying to do something…
A: Yeah, but here is the deal. Like Paxos would be very good if you wanted to make some kind of alliance between, say Paypal, and Mastercard, and Visa, and Alipay, or something like that, right? Because all those guys they know each other, the set of participants is known, and you can set up the system and that would work tremendously well. But there is an assumption here that doesn’t work for crypto, for crypto you want the set of participants to be like anybody, right? And Paxos doesn’t provide you that. And where Avalanche actually is kind of a breakthrough is that it takes something that looks like Paxos, but instead of being an actual consensus algorithm that’s going to come with an answer, yes or no, it allows the same probabilistic property that you get with Bitcoin, which allows you to have an open set of participants rather than a closed set of participant like you would have with Paxos.
It also allows you to be more scalable, right? Because I think Paxos is n squared in the number of participants, which is a bit of a problem. This is n log n in the number of participants, so you can get to humongous number of participants without degrading the performance of the system.
C: Yeah, effectively like from what you described, and obviously I’ll go read up more about it, but it’s basically like statistical Paxos. So it’s like, look, we don’t need a hard answer. And if we give up the fact that we’re not going to really know exactly the answer, we can just be reasonably sure of the answers to our own statistical needs.
Then, hey, now we don’t have to do the full problem, right? It’s the randomized, I mean lot of times you see n squared problems solved with a randomized algorithm that gets you to n log n. This is something we do in geometry, people do all of the place. This sounds like that, basically, if that’s a fair description.
A: I think that’s a fair description. A statistical Paxos, obviously there are a bit more details, right? But if you want to think of it that way, that’s an excellent way to go at it.
C: So that’s great to hear. Like I’m thumbs up to hear that, because I’m like that’s what I kind of thought would be the right kind of answer. But I didn’t know if anyone was actually doing it.
A: So the thing is, it’s remarkably difficult. Like it’s one of those stuff like once you read the Avalanche paper, it’s actually remarkably simple. It’s the kind of paper like once you read it, you’re like oh, how come nobody thought about that before, right? Like it’s obvious once you read it, but actually I can tell you for a fact we were working on that problem when the paper came out, and we had a solution that was fairly similar, though it was worse in pretty much every way. So the idea was similar. The idea was to also use random sampling, but where we went wrong is that the Avalanche guys were like we’re going to random sample everything and not give a shit. Like if we need to do something, we just random sample. We went into, if we do things that way, then in some condition, we need to do random sampling, so we worked out the condition in which you needed to do the random sampling. It turned out to add a lot of complexity, and the property was no better than then what is in there, right?
And instead of adding all that complexity, asking yourself in what case you need to do random sampling, you just do random sampling all the time. Once you read the paper, you’re like what kind of idiots we were, but that’s that’s how it happened.
C: So in some sense, too, another positive thing that comes to mind about that to me.
And again, I’m just assuming that this basically does what I had hoped, because like I said, this was sort of in my head one of my main complaints about everything I had heard about crypto was that I’m like, the answer seems to be what you were just describing as the answer, I’m like if you just want distributed transaction processing, what you want is a consensus algorithm that converges to the correct set of transactions, and this seems like a really bad one, right? Like I don’t have any real complaints about Bitcoin from the standpoint of it solving the problem. It does solve the problem. It just seems to be a very bad solution to it, which was usually my complaint.
A: But it has this archival property that I think is nice and quite important for something that is monetary. So the way we think about it is that I don’t know if you have bought a house or like something very expensive, that has a formal process.
C: But just to be clear, when I say bad, I mean the consensus algorithm, proof of work. I was like proof of work seems like a very bad solution to this problem. I’m pretty sure that’s not the way you want to go forward with it, especially when people start talking about like oh there’s so many things we can do with blockchain. They’re usually talking about that, and I’m like, that just sounds like using a bad solution and propagating that bad solution. I’m like, if what you need is distributed consensus, I pretty much can guarantee you this will not be the one that you want. So it’s nice to hear about more, but anyway, sorry, continue.
A: Sure, but up to 3 years ago, this was actually the only solution, and variations of it, right? Like this whole stuff that we’re talking about right now is really out there only three years. So that’s that’s something I think we’re going to see a lot more of. But so I was saying like when you buy your house, so you discuss with the people selling the house and you agree on the price, and whatever, right? And you do all the stuff and it’s fast and all of that, right?
And then you go to a notary and you go through some kind of formal process that is annoying that takes much longer. Everything that you have in that process, actually, you already agreed upon beforehand. And the reason you have that process is because you want to have a record of who owns what house, right? And you want to be able to verify, like, if 5 years later, someone has a question about it, you want to be okay, like this guy bought the house at that point in time.
And the notary aspect of it is not done well by stuff like Avalanche, right? So this is why we use effectively Avalanche to make the decision, but we still keep the blockchain so that someone can disconnect from the system, come back later, or just a new participant come in the system and look at what the state of the word is and have a record of that.
C: How would that work though? Just because you brought it up, this isn’t really a question I would really have. Because I’m not sure to me, it would matter that much, but because you brought up that aspect of it. If the basic idea is, I have all the nodes in the system that are currently working with an Avalanche consensus model. But under the hood, I would like them to store complete transaction histories. Presumably, that would imply that those complete transaction histories do not look similar, because I only know which transactions other people I asked said were okay, so I know they’re valid transactions. But I may not put them in the block in the same order. I may fill up different blocks with them, potentially, unless you’re also somehow validating the block.
Do you understand what I’m asking there? I’m not sure I understand how the blockchain is maintained inside an avalanche system, because you’re only asking about whether you should put transactions in blocks, but not what order they went in or how, or which block even.
A: Yeah so one of the things that we change versus Bitcoin is that there is a canonical ordering in the block, so all those questions, they just go right out the window. If you know the set of transaction in the block, you know the block.
C: But I don’t know which block, like what if I fill my block up and say, now this block is done. Is it just that there’s no such thing as a block that’s done because if later transactions turn out they would have sorted into that block.
A: No, there’s an actual block that look like a Bitcoin block.
C: Just so let me try to explain my question then, more specifically. So I am implementing a node that is trying to keep a Bitcoin like blockchain. And I’m using avalanche for consensus.
What I know is, I know the set of transactions that are approved. That’s generally what I know, right? Because I’m getting transactions from people who are just spamming them at me. And I have no idea if they’re correct. And then I’m taking those transactions and saying, all right, I’m going to start asking counter parties in the system.
A: First, you’re going to validate them, right? Because if they are invalid, like the signature doesn’t check or whatever you ditch them. You don’t ever run the consensus algorithm on them.
C: Alright sorry when I say spamming, I mean I don’t know if they’re double spends or not. I can trivially reject ones that are like not cryptographically signed, but for all the ones that are cryptographically signed, they might just be people trying to cheat. So now I got to figure out put them in there. I shouldn’t say counter parties because that’s a financial term. I ask other nodes, validators in the network. I say, like, what do you think about these? I get all the ones where I reach a certain confidence level, and I start to put them in the block, and I sort them by some thing, because you said there’s canonical order, I put them in the canonical order, I put them in the block. Now I get a new transaction in and wait, that transaction really should have gone in this block, because it would have sorted ahead of the one that I did put as the last one in that block. So now that block is no longer really finalized. Did I correctly describe a thing that could happen first before I get to my question?
A: As time goes, everybody like fill the block effectively, right? And at some point, the miner is going to find the actual block. And the actual block is going to look very closely to what everybody think that the block is going to look like. You know what I mean? It’s not going to be exactly the same, but it’s going to be very close.
C: So wait you’re still running proof of work underneath? So you’re doing Avalanche for early consensus.
A: We call it pre-consensus, because if you do just Avalanche, you cannot have a new node connect to the network and know what the consensus is.
C: But why couldn’t it just do the exact same algorithm?
A: Because it doesn’t know the set of participants.
C: Well, it needs to know the set of participants to ask for the chain.
A: Well, except it needs to find one honest participant and then it can have the chain.
C: But if it finds one honest participant couldn’t that participant just be honest about the set of nodes in the network instead of the chain.
A: But you don’t know.
C: You don’t know what?
A: Because you can measure the weight of the chain. This is something that is objective that cannot be faked.
C: For someone who’s just joining the network?
A: Yeah, I can see like this chain, and that other chain, like this one has more proof of work on it than the other.
C: So you’re talking to multiple people and asking them multiple…
A: This is what happened when you connect to the network, there are different methods that the node used to bootstrap itself. Typically, there are DNS seeders, so that are going to be like nodes that are connected to the DNS address, and you hit that DNS and you get like a set of peers. There is like a set of peers that is built into the node, and then once you connect to various people, you ask them for more nodes, and you try to connect to more and more people that way.
What happens, and this is something that is actually coming to all the proof of stake systems, because the system is self-referential, you can be provided with two chains and they are equally as good. And you have no way to know which one is the chain that everybody agrees on. And on those two chains, the set of validators are going to be different, so you have no way to run any kind of consensus algorithm between the two to know which is the right one.
So if you’re a new node to the network, you connect to me, I can tell you this is the state of the system and I happen to own like all the money in the world. Right? And you’re going to connect to someone else and they’re going to tell you something else, right? Probably the honest truth that the money is spread out between different participants, right? And you have no way, obviously, this is current culture, also, here you’d have an heuristic to know that maybe I’m trying to screw with you, but in the absolute, you have no way to know which one is correct, because all those validator in my view of the world have no money, right? They are not like valid participants to the network.
C: So I guess not to belabor this point too much, but that’s sort of what I do in technical interviews. I guess a lot of people just like to kind of move through them quickly, but I like to go like, wait, no, I’m not sure.
Because like I said, I’m interested in this kind of algorithm, because it’s the kind of algorithm, the avalanche part is the kind of algorithm that I actually was thinking is sort of the way that this kind of should be going. I just want to understand why it would still require Bitcoin underneath. So I want to separate two things so we can talk about them very clearly. One is, how do I know whom I should contact? Right? Like I should be sending messages to whom, right? That’s a list of IP addresses or something like this, that at startup, I need to at least get some, because if I don’t have anybody to talk to, I can’t even start the process, right? So that’s one problem. And then a secondary problem is basically startup.
So once I have some set of nodes, I can talk to, how do I get myself into a state where I can actively participate in the network since in order to do that, I need to be able to have some understanding of what would make a valid transaction and what wouldn’t from the point of double spending? And with no history I can’t really do that.
So would you agree that those two problems are sort of separate problems, they are related, but they’re two different problems that I have on startup.
A: Yes, but I think you like there is one aspect of the problem where you need to discover the peers that is important that I think you skipped a bit over.
It’s like in practice, it’s very easy for someone to spin out like a gazillion nodes, right? And you cannot really trust that the nodes that you’re connecting to are going to be honest in any kind of way with you, right? Because in practice it is, but it is because you don’t assume that it is. If you start assuming that it is, then everybody is going to start a bazillion nodes to screw with you. Right? And so the main difference is that if you are in a world where you only have Avalanche, you are kind of pre assuming that you have a certain amount of honest nodes in your connection, right? Like you would need that to bootstrap yourself, whereas when you are in a model like Bitcoin, you need to have one honest node. If you can find one honest node, you’re good. You’re going to find the reality of the situation.
C: But why would that be? Because if I have a Bitcoin block chain, there’s nothing when I just connect to a network. If you say that you only need one honest node. Suppose the set of IPs that I have to work with includes one honest node, and a few dishonest nodes or something like that. Each one of those nodes can send me a completely different blockchain. How would I have any idea which blockchain was the real block chain?
A: Because you can compare the proof of work that is contained in each chain and see which one has more.
C: That doesn’t mean it’s the real one. I could have just been falsifying the block chain the entire time by having some computers that do proof of work on a fake blockchain.
And then all I do is send that one out instead of the other one.
A: Yes. But when you do that, you get a fake reward, right? So you’re throwing a lot of cash out the window.
C: So the idea is just like the proof of work is just increasing the cost of producing a fake blockchain, so we assume that people would…
A: Yeah, but in practice, it’s increasing the cost to some extent that it’s actually like pretty, like not only is it very unlikely that someone do it, but it’s not something that you pay, and then you have your attack, right? Like this is a cost that you need to incur on an ongoing basis. Right? So maybe someone is going to be able to do that at one point in time, but they are not going to be able to maintain that forever. The assumption like we choose the parameter in our system in various ways, and what we assume is that someone is not going to do that for more than a few weeks.
C: And so is the assumption then to with something like avalanche, that when you ask one of the peers in the network to validate a transaction, like when you’re asking you receive the transaction, you want to know if it’s a double spend or not, you’re asking around saying, is a this a double spend to increase your confidence, is the assumption that each one of those messages that you send to check about the double spend is also asking for some kind of confirmation that it involves the fact that that actor was not a fake node as well? Like, how does that part work? Because if the idea is that everyone can spin up these nodes, how is that part being handled? Because so you see what I’m asking?
A: Absolutely. I was actually starting to infer from your question that you wanted to go there, because I realized that it was not explained at all, because it’s actually not explained at all in the Avalanche paper. It’s assumed that you use an external mechanism to do that, but you need some form of what we call Sybil resistance.
Right? So it comes from a Sybil attack. In security, a Sybil attack is when an actor pretend to be like many different actors to do something. Right? So for instance, if you were just to connect to a random node, as I explained, without any kind of Sybil resistance mechanism, someone can start a million nodes, right? And then statistically speaking, you’re only going to connect to that guy, right? And effectively, that guy owns the network. But it’s not that expensive with like vps or whatever to just like have like a bazillion nodes, or bot nets, or whatever. Yeah so you need a form of sybil resistance. Typically, it’s going to take the form of proof of work or proof of stake, or proof of something, right? Like, because now you want twice as many nodes, so you need like twice as many proof of whatever.
So, like this is an interesting stuff, because Nakamoto consensus doesn’t imply proof of work, like proof of work is the Sybil resistance mechanism in Bitcoin, effectively, right? And you could do one with like proof of whatever else. And actually, people have made all kinds of system with proof of all kind of different stuff. And the reason you need a proof of something is because you don’t want to ever have a Sybil attack on your network. The way both the Avax guys and we are doing is by using proof of stake, meaning that you need to prove that you own some coins to be able to be considered like a node that you can poll. And actually, like the probability is not completely random. As I explained, it’s actually weighted by stake. If you have twice as many coins as I have, you are twice as likely to be chosen randomly. If that makes sense.
C: It does make sense. So you’ve gotta just, effectively, if you imagine picking a number between zero and one to determine which peer you’re going to go to, each person gets their percentage of the outstanding coins worth of range in this distribution, and so I look up who that would be and that’s who I pick.
A: Actually, the algorithm is not exactly like that, but fairly close to that.
C: So okay, I guess one problem with that is it does start to make this more complicated. And what do you think…
A: Wait, I think this is why the problem that I was trying to explain before, becomes more clear now, because now, if I start serving you a different state of the world, the state of acceptable validators is going to be different as well. Right?
So you have no way to knowing which one is correct, right? Because proof of stake is in inherently self-referential, you use data from within the system to do your Sybil resistance. Whereas proof of work is not self-referntial. It uses information that comes from outside of the system. And this is where the difference is.
C: So I guess, okay. So I guess what I would say is I’m half in and I’m half out then, because the fact that it still needs to maintain the proof of work underlying blockchain does still seem like there’s fat to squeeze out of the system here.
A: Yeah, and I have good news for you, hit me. I have good news for you because you run Avalanche, 51% attack are like almost impossible to run.
C: Because it’s a probabilistic 50% which is different, I suppose. Because what they’re thinking is moving. So you’d have to have 50% of everyone’s probabilistic selection, which is like basically impossible, right? That’s like 100% in some sense.
A: I don’t think so, but I’m not sure I understood what you’re getting at, so maybe.
C: Because I am taking a random sample of the people who I’m going to ask, the chance that I end up with over 50% of the people I ask saying something, actually is much harder to do if all the nodes are randomly picking.
A: Yeah yeah yeah. So you would have to not only have more than 50% of the hash rate, but you also would have to have like more than 50% of the validators, effectively, or convince more than 50%, which ends up being much more difficult to do. And plus, if you do that, you are going to make everybody filthy rich in the process. So please attack the system that way, please, because you’re going to have to buy all the stake, right? So you’re going to shoot the price to the moon. So actually, if someone tried to attack the system that way, I’m not even sure that people are going to be that desperate about it.
C: When you try to actually go to cash it out, it might be a problem. But yeah, okay, so I guess this has been really good because it’s been interesting hearing about that stuff.
A: Wait, to make sure that we conclude that that point, because 51% attack is so much harder to do, the whole system can get by with an amount of work put into it that is way below what it is for Bitcoin for instance..
C: So the proof of work amount can be turned down, basically like it can be easier hashes is what you’re saying.
A: Yeah you don’t need the same level of hash to have a comparable level of security. Like you could get by with level of hash that are way lower. And actually our system is way less valuable than Bitcoin itself. It uses the same proof of work, right? If the Bitcoin miners wanted to mess with our chain, they could, except that they can’t, right? Because their block is going to get orphaned if they do that because of Avalanche. So we can get by with a fraction of the proof of work that Bitcoin is using and still have a comparable level of finality. Actually, the finality is much faster.
C: Okay, so I think I’ve got basically the model that you’re talking about here, although I’ll probably want to read up more about it afterwards, just to like get it clear. But so let’s step back just for the conclusion of the interview, which has gone for a long time and I don’t want to keep you for an infinite amount of time. I just want to go over a couple things then here. So first of all, if we now step back and say, in practice, what does this actually get us right? If we switch to a model like this for doing finance, what does this actually get us? I’d like to talk a little bit about that first. Because I also want to validate that part.
Now. The reason I’m less interested in validating that part is because at least like it sounds like to me, from talking about kind of like the way you’re working on it, I don’t see any particular reason why we shouldn’t have something like a decentralized currency of this nature, in general, right?
The lofty claims aside, getting a good technology for distributed consensus about transactions, I’m into. Like it’s just a technical problem that’s good to solve, because we know we need to do it, and having a good underlying system would be good. There’s nothing great about Mastercard’s system or anything like that, where I’m like they solved the problem so well why bother, right? So I’m into that solution. I’m not sure based on your description, it doesn’t quite get as far as what I would want, but at least it’s like, okay, there are people who are working towards getting something more sane as the underlying model than the original Bitcoin model, which I never thought was really all that good. So there’s that.
But now let’s step back and say, okay so suppose you keep going down this route, and you get to something where maybe you even figure out a way to get rid of the proof of work thing altogether and just like we’ve got this nice distributed consensus protocol, we’ve got the probabilities under control it, statistically convergence pretty well. Everyone’s happy with it, it’s working. What do we actually get from this? Because it’s one thing to say we should just do that because it’s good to just have this system. And we know we need it. So we might as well have a good one that was engineered well and engineered with the use cases in mind that exist today, rather than the use cases that existed in 1970 or whatever, which is more like what we’re using in banking today.
What do we actually get, though? Because there’s also the question of, did we actually get anything from that extra, which is not to say we shouldn’t do it. It’s just to say, what actual benefits do we think we might get to sort out the lofty claims from things that might actually be real benefits that someone like me who wants to ask hard questions about it might agree we’ll actually get, as opposed to the things that are like it will just be utopia and everyone will have all the money, and it’s great.
A: We get NFTs out of it! No, more seriously, I think I think we get digital cash out of it. I think that’s really like the most important stuff. And I think cash is something that we take for granted, but it’s going away. And it’s something that without that technology, we have no way of doing in an electronic form, and I think this is a pretty big deal. I think this is probably a bigger deal than most people think. Because if cash goes away, 100% of your money is dependent on someone else being okay with you spending it. And the consequences of that are like pretty staggering potentially. And actually they are in some country. It’s almost, I don’t want to say perfect because it’s very bad for those people, but it’s very interesting what happened in Lebanon last week. Because it’s not something that we planned, because we discussed talking together like before that, so the timing is like almost spooky, but last week, most of the banks in Lebanon closed, right? And people literally have like, even if they have money in their bank, they cannot spend it. Like that means they cannot buy food and what not. That’s that’s a really, really bad situation to be in. And I want people to think about that. Like, what would you do if your credit card doesn’t work and you cannot go to your bank tomorrow.
Like I have forty euros in cash right now, right? About that, right? So I’m going to last for a few days if I’m careful, but then after that, what do I do, right? And all of that depends on someone else being happy with you doing the right thing. So those people, like once cash is gone, which it with more and more stuff moving electronically, it looks like it is those people are going to have a leverage on your life. Like you think the state and the police and the military have leverage on your life? Look at the people that control your money instead of you.
C: So I guess that is something I’d love to get into if you don’t mind spending a few more minutes on it. So I want to really try to drill down to will something like a distributed consensus system actually solve that problem? Or does it just appear to solve that problem though? Because at the end of the day, we still have the situation where there are governments, there are police, there are laws. Cash has a certain property, which is that you don’t actually have to do anything visible to any third party to use it. I can literally go to a grocery store, hand them the ten dollar bill, and they accept it. And almost nobody can actually see that transaction. But anything that happens in digital currency is visible to everybody.
So the question is, what is the likelihood, or what are the technology requirements that you think will be in place to prevent the same sorts of things from happening with digital cash, because they’re not 1 to 1 equivalent. And there’s crucial things there that need to kind of be addressed. Does that question makes sense?
A: Yes the thing is to answer that properly we would probably need like another full hour.
C: Should we do another one? Someday? We can do it now, but if you’re tired, if you want to take a break, we can just do it some other time.
A: Right now it’s not ideal because it’s starting to be late here, but if you want to do another one later on, I’d be up for it.
C: Alright maybe let’s do that then. Do you want to make it a two partner?
Well, I think we’ve covered all the there is, a bunch of good tech stuff in there. So let’s just call that one done. And we’ll try to schedule another one where we can talk about will digital cash work or won’t it? And if it will or won’t, what are the technological like bullet points, basically, that will determine that outcome? Cause that would be great.
A: That sounds good. If you want to go there, I think there are a few, but I think most of them are actually not that technical. As far as I can see the majority of that, there are technical solution, they are complicated. This is why I was saying like we probably need like another hours or two to get into those, I think that the technical solution are okay. I think that like the major hurdles are going to be stuff like volatility, for instance.
C: Okay, let’s do another one if you don’t mind then because I would like to get into those and that’s sort of the other half of the question, right? Is like, can this be made to work efficiently? It’s like, what are the things are going that we kind of talked about that? And then the other one is does it matter at the end of the day if we have it or not?
So I guess what I would say is this has been great. Thanks so much for talking with me, and I would like to do another one. So we’ll try to get that on the schedule. Can you give people your handle like what you are on Twitter, how to look you up? And also you mentioned the fact that you’re working on a particular crypto currency, so which one that is and how to find it and all that stuff for people watching at home.
A: Yeah, so I’m Amaury Sechet. I go by deadalnix on pretty much every platform. Twitter or my github is going to be the same or like whatever.
Now I’ve been working first on Bitcoin Cash, which probably most people know because it’s everywhere now. So I launched that project. I worked on it for many years. Now I’m working on eCash. To find out about that just e.cash is going to be the place.
That’s pretty much it. All right.
C: Alright, well thanks so much for talking to me today.
A: Thank you.
C: Have a good one.
(Click here for Part 2.)