Coin Perspective — Sergio Lerner:
”The complexity of the transition to PoS was heavily underestimated by Ethereum developers”
Sergio Demian Lerner has been one of the most prolific thinkers in the cryptocurrency space. He audited the source code of Bitcoin as well as of Ethereum. In the past years, he came up with many innovative ideas that brought anonymity, scalability and more features to the open blockchains. He co-founded and is currently working on RSK — an open-source smart contract platform secured by Bitcoin. You can follow Sergio on Twitter here or read more about his ideas on his blog.
DS: You have been in the space for very long. How did you get into it?
SL: First, I was very aware of the use of cryptography for e-cash. I remember having read about it in Schneier’s “Applied Cryptography” book in my youth. In 2009 I was doing my thesis on a new Mental Poker Protocol. These are the protocols you would use to play a decentralised poker without revealing your cards or your strategy. Afterward, I created a startup to try to develop a decentralized client and incentivize the use of the protocol. Sometime around December 2010, a friend told me about Bitcoin. I only know this because I found a tweet of mine spreading the word about Bitcoin.
But then I think I looked at its source code much later when I realized that the connection between decentralized games (like Poker) and a decentralized currency was so strong. At early times (2012 or so) I even patented what we currently know as “state channels”. Obviously as soon as I realized that the potential of the technology lies on its openness, I abandoned the patent. I didn’t have any bitcoin until 2013 when I received a donation of 1 BTC (about 100 USD at that time). In fact, I never bought nor mined Bitcoin. There is much more about the story of how I became Bitcoiner on my blog.
DS: In 2014 you wrote a “wish list” that contained features that need to be fulfilled in order to achieve adoption for cryptocurrencies :
- More merchants accepting the coins (especially retail stores)
- Lower price volatility
- Faster payment confirmations
- Lower fees (more transactions per second)
- Less energy waste in mining
- More decentralized
- More private
- More features
- More extensible
How do you see the ecosystem now?
SL: I’m gratefully surprised the ecosystem has matured exactly in the directions I imagined it will! Faster payments can now be performed by RSK and Ethereum, and even faster by the Lightning Network and Lumino. More extensibility has been realized with Ethereum and RSK. Privacy has been realized by Zcash, Monero and the confidential protocols on top of RSK and Ethereum. I understand now that “wasting” energy is the cost of the creation of a valuable scarce resource, but I do still think than when coin issuance becomes irrelevant (maybe in 30 years) Bitcoin could add to its consensus algorithm to something like proof of Space-Time (as Chia does) and reduce the energy consumption.
The two areas that I think have lagged behind for worldwide adoption are the reduction in price volatility and having more merchants accepting cryptocurrency. But those are related, as merchants need a stable income to make their businesses predictable. I think stable assets over RSK, Liquid, and Ethereum could easily fill that gap, and work as facilitators for users to learn and use real decentralised and deflationary coins for the first time.
DS: Has something been achieved?
SL: I think the technical goal of privacy has been achieved (i.e. Zcash), but yet this technology has not reached smart-contract platforms, so this needs to happen.
Lower energy consumption has been achieved with the increased interest and discovery of new VDFs (verifiable delay functions) and their applications in Proof of Space-Time, and Proof of Stake. However, the security of proof of stake is yet to be proven in practice. It relies on human-related assumptions: on the number of effective stakers that will participate, the complexity of the protocols to be implemented correctly, and the honest majority assumption over time (in relation to the value of past keys).
DS: What would you write on the wish list now?
SL: I understand now the enormous importance of other non-technical factors that drive adoption, such as easy to use wallets, mobile phone integration and a permissive regulation. Also, I now believe that the world is going towards an economic crisis where Bitcoin will emerge as a hedge against failing fiat currencies.
From a technical point of view, my list would be as follows:
● A new SNARK scheme without trusted-setup which is lightweight both in proving and verification resources. The development of 2nd layer solutions that use this new SNARK both for private payments and for private smart-contract execution.
● The integration, standardization, and widespread usage of secure elements (including secure human input/output interface) in smartphones.
● The development and increased use of complementary decentralized incentivized networks, such as file sharing, anonymous messaging, secure broadcast and content provision, fair gaming, etc.
DS: Where do cryptocurrencies lag behind?
SL: I think the key management problem has not been satisfactorily solved. The average user must take too many decisions regarding how to securely store cryptocurrency, but these are decisions he cannot make without a huge background in computer security. I imagine in the near future hardware wallets that interact seamlessly with the smart-phone to do “social” and “hardware” secret sharing: the wallet is capable of storing (and tracking) key shares either sent to close friends in your social network or backed up in microSD cards.
Also, most wallets are still “dumb” — they cannot let you set maximum daily spends, whitelists for more streamline payments, third party authorization keys for high-valued ones or third party biometric identity verification, and covenants to deter robbery and extortion. Creating multi-signatures should be as easy as pairing devices by putting them in close proximity.
DS: You proposed a privacy-preserving cryptocurrency called AppeCoin in 2011 —to me, it resembles the Mixne of David Chaum. Was it based on it?
SL: AppeCoin is based on my prior work on verifiable secret message shuffles. I iterated many times on AppeCoin, but I never made it as efficient as today’s coin privacy protocols, so it's deprecated. It has only some minor historic value.
DS: David Chaum recently revealed his new cryptocurrency project — Elixxir — do you have any takes on it, or other privacy coins? Has your take on Zcash or Zerocoin developed over time in any direction?
SL: My first impression on Zerocoin were:
- It uses too recent cryptography it may soon be broken
- It’s very complex, so implementers may make mistakes and break it.
- The number of people in the world who can actually audit the protocol seriously is below 50. This clashes with the concept of a public blockchain, where there must be people all over the world reviewing and auditing each new release.
My mind has not changed much. In fact, there were vulnerabilities found both in theory and implementation of such protocols in the last two years. However, I now believe that Zcash-like protocols can live as second-layer smart-contracts on RSK, so people can mitigate some risks by using several different second layer solutions and keep the savings in a standard transparent account (without anonymity but only pseudonymity), until another decade passes and the cryptographic protocols are proven secure.
DS: You have also proposed DECOR++ protocol — is it being implemented somewhere?
SL: RSK implemented DECOR+ and it has worked very well.
DS: In 2015, you have also come up with a draft of cryptocurrency based on DAG (Directed Acyclic Graph). Have you developed the idea further?
SL: I developed many ideas that were turned by other people into actual successful projects. I created the first Turing complete smart-contract platform (QixCoin) a year before Ethereum. I created the first dagcoin, and just later Byteball and IOTA followed. I created MavePay, the first highly-efficient blockchain for payments (paper is on my blog) that curiously uses a hash-based quantum-resistant signature scheme.
However, I have always been a Bitcoiner, and so doing pre-mines or launching an alt-coin was something against my principles. Have those principles changed? Maybe I’m a little bit more open to analyze competing coins such as Zcash or Chia, when they have innovated seriously, but my principles have not changed much. :) I still think most of the innovations will end up being deployed as Bitcoin sidechains.
DS: Do you follow projects that implement DAGs like Hashgraph? IOTA or others? Your take on them?
SL: I was very disappointed with IOTA, both from the technical perspective and by the harsh community behind it.
DS: What are your views on the block size debate?
SL: I was involved in the block size debate since its inception. There were two opposing groups: the Chinese miners plus some big companies on one side and the majority of Core developers and community influencers on the other. It was impossible to know the opinion of the non-technical users, holders of BTC, nor it is was clear that it mattered when the debate required expert knowledge. The debate ended being more about which group controlled the platform and what Bitcoin rough consensus is about than actual the technical possibility of increasing the block size.
When Gavin Andresen proposed increasing the block size, I advised him against it, both for technical and political reasons. My reasoning was that due to the polarity between two opposed groups, a hard fork would be perceived as a defeat by one of the groups and they would never reach consensus.
Also, I thought at that time that a winning proposal would need to provide a clear benefit for both groups. Therefore, I proposed in the bitcoin-dev mailing list in 2015 to reduce the average block time to 1 minute, together with a reduction of the block size, which had the final outcome of increasing the processing capacity of the network 4-fold. The side benefit (latency reduction) would be the catalyzing factor. It could have been accepted, in another universe. But in this universe it didn’t get enough support — there were too many proposals already and that fragmentation led to a standstill.
In 2017 I proposed in the mailing list another compromise alternative called Segwit2mb. That proposal was then picked by one group and renamed Segwit2x, which ended up with the UASF threat and the Bitcoin Cash fork. I tried to be a mediator between the groups during that gestation of segwit2x, having personal meetings with the key people in the community. I failed.
My current opinion is that an increase in the block size will be required every 10 years for Bitcoin to reach mass usage, even if the Lightning Network successfully captures the market. This is because the on-chain layer needs enough capacity to close channels in masse in case of a network-wide disruption of the payment channel network, such as during a denial of service attack. However, the increase must follow advances on CPU, bandwidth and storage technologies. It should always take about the same time to synchronize the Bitcoin blockchain. Anyway, if Bitcoin does not increase its block size, Bitcoin fees will be prohibitive for the individual user and the need for RSK will be even stronger.
DS: Any take on how has the debate been conducted?
SL: You can’t expect an ordered confrontation in a decentralized community without on-chain governance. It was what it had to be. However, more user and node signaling tools would have helped the community to collect public opinions faster and in more accurate way. That would have reduced the confrontation time.
DS: What do you consider to be a more critical feature for Bitcoin — scalability or high level of fungibility?
SL: This question has many parallels with the block size debate. There are people who think that scalability is first because with hundreds of millions of users Bitcoin would be unstoppable, and then we can focus on improving fungibility. And there are people who think that fungibility is first, and if Bitcoin reaches hundreds of millions of users without being fully confidential governments will force companies and exchanges to disclose all identity information and the Cypherpunk dream will be lost forever.
My stance, which I think reality has confirmed over the last ten years, is that governments are slow to respond and we can get full confidentiality before they can oppose it (if they wanted to because I think they society would be much better with it). Therefore, I think that the strategy of scaling fast in a transparent and auditable way and bring more fungibility and privacy later is the strategy that maximizes the chances of success for Bitcoin. Also, Turing-completeness is a trojan horse: once smart-contract platforms are used by millions, it will only be a matter of storing the coins on the contracts that enable confidentiality.
DS: Which of the Bitcoin protocol upgrades that are being considered/worked on do you find most exciting or important?
SL: None of them. The marvelous thing about Bitcoin is that it doesn’t require anything else, being exciting or important, to accomplish its aim. This is something that doesn’t happen for most other cryptocurrencies, which are always waiting for the next big improvement to become magically useful to the society. Bitcoin is usefull just like it is now. Anyway, if I had to choose one it would be Schnorr signatures.
DS: What are your thoughts on the state of the Lightning Network development?
SL: I’m not following the day-to-day technical improvements of the Lightning Network. I can only say that I value the improvement process established that results in well-documented specifications and proposals.
DS: Could you sum up the current state of RSK in terms of protocol, community, bootstrapping, and applications? What are the biggest challenges ahead?
SL: IOV Labs is the main contributor to RSK’s source code. Therefore we participate in every protocol improvement discussion and we have a shared and clear vision of what RSK needs to drive adoption. From the technical perspective I believe that RSK is very far ahead in some areas (for example, the efficient data structures that are prepared to handle billions of accounts) but behind in some other (for example, the blockchain synchronization protocol). Since we know what needs to be done, the RSK core dev team is programming the missing functionality fast. Soon I expect the RSK full node to be state-of-the-art.
We also have designed and published the RSKIPs that form the basis to scale RSK to hundreds of millions of users in the following years.
The Latam RSK community is huge and vibrant, but we lack enough penetration in the US and Europe. We’ve recently opened the Innovation Studio in San Francisco and Singapore offices to improve our presence there. One of our internal challenges is bringing the best talent to our teams: IOV Labs family now has more than 75 people, mostly engineers, working on over 10 large projects. Our challenge and commitment with the global RSK community is to help it develop their solutions on top of RSK and help connect the applications with the users.
DS: Does DeFi (decentralised applications like Uniswap, 0x, MakerDAO etc.) already happen on RSK too? If not, do you expect it will in the near future?
SL: DeFI will definitely happen and RSK plays a key role. DeFI massive adoption requires a secure, scalable Smart Contracts network. That is exactly what RSK aims for: building the most secure and scalable Smart Contracts network, on Bitcoin. Several other components need to be built on top of this, and stable coins are the first. RSK has the advantage of enabling natively Bitcoin-backed stable coins, like the one “Money On Chain” project is doing. There are also other projects that are working on also bringing Ethereum stable coins to the Bitcoin ecosystem through the decentralized bridge we are building. We see DeFi projects starting to happen on RSK, and are working on providing the basis so that a full Defi ecosystem can be built on Bitcoin.
DS: Which DeFi apps you consider most impactful?
SL: We worked hard on building a technology that tackles financial inclusion on top of a censorship-resistant network. As such, I would expect that successful DeFi applications will be the ones that are open and they are oriented towards building a fairer financial system.
DS: Do you think RSK is a threat to Ethereum and might take over?
SL: It won’t be a threat for a couple of years. On the contrary, I see that the existence of RSK is a good sign for the Ethereum developers because it shows confidence in the EVM and represents an alternative platform in case Ethereum fails to deliver the PoS migration long time promised.
But I understand that in the mid to long term, if Ethereum token price keeps going down compared to Bitcoin, then confidence in Ethereum may decrease. Also, the PoS switch represents a risky cliff: if something goes really wrong, then migration to RSK can happen overnight.
DS: What are your thoughts on the development of Ethereum protocol in terms of decisions made, the transition to PoS and the pace at which it happens?
SL: I generally participate and help with the improvement of the Ethereum platform. For example, I participated in the design of EtHash, also the CREATE2 opcode was changed according to a proposal of mine, and other Ethereum proposals directly link to RSK proposals. Therefore, I think that overall the Ethereum improvement process is open and works well.
The complexity of the transition to PoS is something that was heavily underestimated by Ethereum developers. This has left a bitter taste in many developers and end-users who bought the “World Computer” concept. I don’t know who came up with that marketing motto, but for me it’s clearly misleading.
DS: Do you see some other serious competition for Ethereum in the realm of smart contract platforms?
SL: Apart from RSK, I like AION. They have made a great job by creating a Java bytecode-based VM. Many of the Ethereum precompiled contracts could have been written in the AVM by end-users with excellent performance. The problem is that currently there are not enough users for so many smart-contract platforms, as it’s still a niche. In IOV Labs we are working with real people that can benefit from this technology. But maybe because it’s still a niche that RSK has enormous potential: it doesn’t need to succeed today, because it doesn’t have a native token that needs to be pumped. It’s strategically positioned as Bitcoin’s smart contract platform of the future, and because Bitcoin is headed to become a recognized store-of-value, as long as it remains with Bitcoin it can slowly capture market share until it becomes the most used. This is an endurance race, and sustainability is key.
DS: What other projects in the space do you find interesting?
SL: There are too many. Some projects that come to my mind: CodaProtocol, Zcash. NOCUST, Aztec, zExe, Zether, Lelantus. New Blockchains platforms soon to be launched that I will monitor closely are Ava and Chia.
DS: A lot of projects try to secure their chains via merge mining, but there are also alternatives like Veriblock's Proof-of-Proof. Could you compare the two options? What are the pros and cons?
SL: I don’t have enough knowledge of Veriblock to accurately compare it with merge-mining. The first time I read about Veriblock I felt excited but the paper lacked some important formal proofs.
DS: You seem to have good intuition in what is the next big thing in the blockchain world — you worked on the first anon coins, smart contract platform, and proposed coins using DAG — so what is the next big thing in crypto?
SL: In the last years there have been huge improvements in zk-SNARKs, both in the removal of the trusted setup and the reduction of the proving time, therefore I expect new 2nd layer scalability solutions supporting privacy-preserving operations, essentially based on commit-chain protocols. It will be something like the combination of Zcash with NOCUST. And the next big thing is fully off-chain and private smart-contract execution using zero-knowledge proofs. This can really scale RSK to billions of users.
Also, I’m excited about new consensus protocols, such as Chia’s proof of space-time and Ava’s Avalanche.
DS: Which other use cases, apart from crypto, do you consider a good fit for blockchain?
SL: I have always supported the thesis that blockchains are good for DeFi: financial operations and financial inclusion, and any other type of tokenized asset. Sorry, I’m not a DAO proponent nor I think a smart-contract platform can become the “World Computer” without the use of off-chain execution through SNARKs.
DS: Where do you see the things going in the next 5–10 years? What will be the role of Bitcoin?
SL: As I said before, Bitcoin is headed to become a world reserve currency. If it can capture a percentage of gold reserves without huge negative spikes in price, then that will reinforce its position, creating positive feedback. As I mentioned in a recent science fiction story that I wrote: Bitcoin is an anomaly in the world’s history. We’re living in a unique moment of time that might never come back. First, enjoy it! Second, you must defend Bitcoin. Even if there could be better technologies, we must cross the upcoming chasm. It will be attacked by government prohibition, defamation from banking sectors, competition from global corporations, from speculators that lost early investing opportunities, people disappointment by hard-to-use technology, and more. We must resist, learn, improve and keep showing the world how a new trust-minimized financial system can look like. We must keep improving Bitcoin and sidechains. The debacle of the current financial system will do the rest.
Now a prediction (everyone likes futurology): in 10–15 years, having acquired 50% of the gold market cap, Bitcoin will finally change its consensus protocol to reduce the incidence of its PoW component by mixing Proof-of-Space-Time and Proof of Stake components. It will be a huge worldwide event, with parties and joy everywhere, and it will be coincidental with my fifty birthday, really, the same day. I will be double happy.
DS: How will be blockchain utilized by then?
SL: Bitcoin and RSK will be used by hundreds of millions of users. It won’t be a problem when new scaling techniques are deployed over Bitcoin sidechains. There will be only two or maybe three sidechains: one will be used heavily for gaming and gambling. Another, for commerce and payments.
DS: What about security tokens?
SL: Yes, sure. It will be another revolution.
DS: Thank you!
Explore more interviews and educational resources on cryptocurrencies at coinstory.tech