Coin Perspective #6 — Peter Todd

David Stancel
Coin Story
Published in
28 min readMar 18, 2020

“Proof-of-Stake doesn’t already work. It completely boils down to conventional consensus where a bunch of people is in charge.”

Peter Todd is an applied cryptographer and a long time Bitcoin developer who has been also a vocal voice within the community. We met during the Hackers Congress at Paralelni Polis and talked about his views on Bitcoin and the crypto space and how it has all evolved over time. We also talk about Peter's projects, his views on Proof-of-Stake, quantum computers and much more! You can follow Peter on Twitter and read his articles on his website.

How have your views on Bitcoin evolved and changed over the past time and for how many years have you been involved in the space?

They didn’t change that much. If you look at what I was rating at say scaling like years ago, it’s the same as what I would say today. There’s certainly some niche technical things, which my opinions have changed on, but the big picture not really.

And maybe on these technical things?

I mean, like technical stuff, I think, I believe strongly, more strongly in inflation than I did, my arguments are a little more nuanced.

Do you believe in inflation?

Yeah, it’s obvious, inflation’s a tax. And having a tax to pay for security makes a lot of sense. And the chance of it happening is basically zero. This is one of those ‘yeah, this should’ve been done, but not now’. You know, there’s a bunch of other niche things for, you know, how to go build on top of Bitcoin. I got various technical projects I worked on and exactly how I think it’s the best way to do this kind of change, but the big picture, not really.

What about stuff like the block-size debate, have your views changed there?

If anything, I think the way that’s evolved it’s kinda validated for my views of it. One of the reasons I quit the day job, if you will, and worked on Bitcoin full-time was I thought the block-size debate would become a very interesting political, technical debate. And I thought it’d be interesting to be involved in.

And that’s exactly what happened. It happened the way I kind of expected. Maybe one of the things I didn’t really expect was how the opposition there was a lot less competent than I was expecting. They didn’t play politics as well as I was expecting, they did more things wrong than I was expecting. So it was actually an easier debate or the community to go win. Because it really was the community against a handful of big companies. Ee, fortunately, won that debate.

So you kind of consider the debate to be already settled?

I mean, it was already settled, to begin with. It’s not so much of, I mean, almost saying I sort of watched these debates, it’s a bit misleading because this is no real technical debate, anyone who’s competent understands the tech behind it and you have these obvious limitations, still building, you have to do something other than just rising block sizes.

There is no technical debate there. Some people can try to claim to, but they usually have something to sell you. And what we saw is, I think, big companies who, you know, partly it was just cheaper for them to not put the money in to go innovate, I think part of it was, it rather be in control of the protocol. You know, there has to be these sort of outsiders that had to deal with a bigger community.

If you’re in position, say Coinbase back around the so-called block size debate, it’d make a lot of sense to use this as a way to go push at developers and end up having a lot of control over the evolution of Bitcoin protocol. That just didn’t happen, and their views kinda got shot down. As they should’ve been. What they were working for was crazy.

There are lots of proposed upcoming upgrades of the Bitcoin protocol — which of these do you consider to be the most useful, exciting or most important?

I mean, none of them are all that interesting to me. You know, and it’s not to say that like individually they’re not interesting, I mean, they certainly have value, they’re certainly things that’d be nice to have — but what I find most interesting is how you can go and leverage what you already have in ways that don’t require permission.

My Open Timestamps project does not need permission to exist, it needed no changes to Bitcoin, it could work on nearly any conceivable cryptocurrency system that was secure. You know, it’s downright difficult to go censor it. That’s a really interesting thing to do. It’s not so interesting that you have to go and spend ages trying to push changes through, which may never ever happen.

It may be kind of fun to — I mean the process of doing that is interesting — but the end result is not as interesting as completely bypassing that in the first place. Which is a bit ironic for me, of course, in part why I get into this, this political debate looks interesting, I mean, and my skill-set is suited for it, but, of course, at a technical level, I have to be honest with myself and say well, you’re still better off writing protocols that do not need this.

But some of them aim to increase the privacy properties of Bitcoin at layer 1…

Yeah, sure. But I think a lot of this stuff is like, this way. Lightning is much a bigger advance than any on-chain thing that’s gonna happen in the future.

That, at least, is conceivable right now. Schnorr signatures are much less interesting than the bare minimum requirements needed to get lightning in place. You can add things that’ll make future lightning limitations a little easier, tweak them and so on. But it’s not as interesting as real fundamental changes of making lightning possible.

We solved the big problems in Bitcoin that we have a foreseeable path. We don’t have a way of scaling on-chain, nobody knows how to do that. But for the things that we do know how to do, we’ve solved most of them. It’s kind of, with all due respect to people behind Taproot, Schnorr signatures and so on, like it’s very good work, but it’s just not such a fundamental change as being able to build these complex layers I’m talking about.

So you mentioned blockchain scaling and lots of people got excited about Mimblewimble, what’s your take on that?

Well, Mimblewimble doesn’t actually scale. Because Mimblewimble — the way it’s been described mostly — a lot of people have seen the things that Mimblewimble allows you to discard all blockchain data, and compress everything into this magical state — that’s not actually true.

Every single transaction in Mimblewimble you have to save a kernel proving it to be true. So every transaction, you’ve got to save your 64 bites or 32 bites or whatever the number is. That’s not really any fundamentally different than Bitcoin. It’s smaller, but it’s not fundamentally smaller.

There’s a huge difference between 1 and 0. A very very big difference, it’s only 1, but it’s a very big difference if you’re multiplying them, you know. That’s the thing with Mimblewimble, it doesn’t actually get it to zero. It’s only once you get to zero that becomes interesting. Lightning, for certain transaction patterns, gets it to zero.

You and I can exchange money as much as we want with lightning and no one will ever know it happened. It’s exactly what you want in this system and Mimblewimble just can’t do that.

And you also pointed, the privacy of it is a bit overblown, because it depends on somehow aggregating these transactions, but the process by which this happens exposes them to data leaks in a way that lightning doesn’t.

Lightning certainly has potential man-in-the-middle attacks, you know, people recording lightning transactions going through their network, but that’s a fundamental privacy problem, nothing can ever avoid that. You’re always gonna have that potential issue.

You mentioned Lightning Network a couple of times, so what are your views on the development of the Lightning Network?

I certainly have a lot of criticisms of it, but I want to preface it by saying I don’t know of any team that’s done a better job. Not even close. It’s light and day when you look at Dash and that sort of community — doing genuine scaling that actually works and what other people in the crypto space are doing.

There’s really no comparison. And now, what I do think, there are issues with Lightning, certainly — Lightning has attacks that Bitcoin doesn’t.

We may find that some much more aggressive, very decentralized ways of running lightning don’t work in practice and that upper level, parts of it at least, would need to be more centralized. But to me, it’s not really a big deal.

As long as the base layer is decentralized, you go swap out the layers above. Let’s put it this way: it didn’t matter that much that the Silk Road was centralized, because 10 different things could pop-up later.

So obviously, you are focused largely on Bitcoin. Is there any other project, initiatives, or technologies in the crypto space that you find interesting? Maybe those that are implemented in some altcoins?

You know, from a technical point of view, like Liquid is interesting, Monero is interesting, which uses very similar tech. Zcash is kind of interesting, but Liquid and Monero seem to be run by reasonably honest people who describe what they’re doing honestly. Zcash is just frustrating because they’ve lied so much about what their tech actually does.

I’ve read your blog post about the Zcash ceremony a long time ago and recently I revisited the article and it was all crossed out, so what has changed?

Well, they lied about it. It wasn’t really multi-party computation. And the reason why it wasn’t was because we were all running the same software and no one had any real way to audit it.

It’s sort of a funny thing because I think the charitable thing you kinda save up some of that is, the argument would be: oh but no, no, it’s unreasonable to expect you to be able to audit this. But if it’s unreasonable then don’t say it’s multi-party computation. Just admit, yeah, we tried to do this, this part we succeeded in, here are our fundamental problems we that we need to go fix before we can genuinely say it was.

That would be an honest statement to make. But they didn’t. Instead, they went and did the security theater thing and mislead the public. The simple reality is, while I participated in that ceremony, I can’t tell you whether or not I actually managed to, first of all, delete the keys, but even more fundamentally even generate random keys in the first place.

And again, this is one of the sorts of marketing things, where — you just need the one honest person who destroys the key. It doesn’t matter how honest I am, what matters is how honest my computer is. How honest the whole setup is, how honest the software is.

I can’t say any of that. And no one is in a position to say that. That’s such a fundamental thing. And I think they understood this and I think they knowingly lied to the public. It’s not on the same scale of lies as a straight-up scam that intentionally takes in money and does nothing with it, but they knew better and we have to set higher standards on that. Especially for people who should be setting the right standards.

Peter Todd at the Hackers Congress
Peter at the Hackers Congress at Paralelni Polis

What are your thoughts and views on the development of Ethereum? And maybe their transition to PoS?

I mean, Ethereum was just this whole set of bad incentives. I think that the whole side of things, in general, has this issue where people can make a lot of money with tokens. And your entire technical architecture gets warped by that bad incentive. The majority, if not the vast majority of these token things are scams. And they’re sort of very special type of scam, in that they’re kinda doing things that are sort of real, but they know they’re never going to really work. They know it’s never going to make sense.

Some examples?

Well, I think, an average ERC-20 token I think is a great example of this. ERC-20 is sort of the standard for ICOs. That’s sort of what it has become. The whole idea of an ICO is that it’s a coin offering for a coin that’s built into a protocol.

The very idea you can have a standard for a coin, for a protocol, makes no sense. Because if they’re actually part of the protocol, it is integrated into the consensus of the protocol, then how the hell you’re going to have a standard, they’re all going to be different.

The very nature of ERC-20 shows how dishonest this whole thing is. Now, the irony is, the less legal version of this, where we’re not pushing these sort of utility tokens, we’re just saying straight up these are illegal securities, that is much more honest, that is much more ethical.

Because even though maybe less legal, at least you’re telling your customers what they’re actually getting. Bitfinex is an example of this. Like, for my understanding, this whole token they had after the hack a while back, was super sketchy legally, it probably broke the law.

It was far more ethical than most of the Ethereum stuff, even if they may have technically met their requirement. Because with Bitfinex you knew what you were getting. You were getting a promise backed up by very little to get payed back. And from what I hear, they were able to go pay them back. Kind of like any other stock, but with less regulation.

And the alternative there was bankruptcy. It’s sketchy in many ways, but somehow it’s more ethical. It’s a really bizarre situation to have. And the other part of it, which really bothers me with Ethereum is, you get all academics getting all sucked into this, and what I think has happened is, so much of the funding for this, academia, comes from these scams. Scams and semi-scams.

And it really warps academia by having research done on things which don’t really work, creating incentives to not question the things that don’t really work, creating incentives to question things that do work, but don’t make people money. It’s just worked on so many levels.

And I think it just lowers ethical standards for everything and in my consultant business I’ve run into this many times, where I’ve had clients describing to me their interactions with academics, they were looking for, hiring, doing research partnerships and this kind of stuff and very frequently when they hear back from them, I realize that these academics were lying to my clients.

And a big way this happens is they’ll mislead the client on what the trust is in their system. Because most of the stuff you can trade trust for scalability as in, you add more trust, you can scale more.

So a very common form of lies is to say that you have a system which scales but isn’t trusted. And that’s a really big issue. Because the moment you start doing that, all of your solutions look really good compared to the things that actually work, like Bitcoin. And you’re just not being honest.

And it happens over and over again and I think it happens because you attract a crowd like Ethereum, which lowers the standards, and when you lower the standards, no one else is gonna call you out. When no one else is gonna call you out, you are forced to do what everyone else is doing, if you even want to stay in the field. It’s just this corrosive thing that infects the whole system.

On a more technical note, regarding the transition of Ethereum to pure PoS — do you think it will work?

Proof-of-Stake doesn’t already work. PoS completely boils down to conventional consensus where a bunch of people is in charge. Proof-of-Work is this beautiful thing where it’s independent of the system. Proof-of-Stake is a consensus within the system.

And again, I think it’s getting pushed by bad incentive, where people pushing on it understand that technology doesn’t really work properly, it doesn’t scale like they claim it does, if anything, it certainly scales for the worst, because you need more information to determine what the next step of the consensus is.

Like with Bitcoin. Under a reduced security model, I can independently verify Bitcoin headers, by just adding Proof-of-Work. That’s a trivial computation to make and it’s very reliable. Now, it didn’t tell you if the chain is valid, but again this is a reduced security model and it’s an easy thing to do. In PoS you can’t do that. Because with PoS you only know what a valid block is if you know what the previous valid blocks are. Because you gonna be able to track the movement of coins. Yet, these people claim over and over again — “no, the PoS scales.”

I’m sorry, it doesn’t. You’re just not talking reality here. And I think — why they’re pushing this — is because it’s good marketing. You kind of play up the environmental benefits and stuff, which a lot of them don’t really care about.

And also, if you hold a bunch of coins from, say, big pre-mine, like in the Ethereum case, well how are you going to make more money with it? You rest control away from miners and send the money back to you.

Vitalik has been almost open about this, arguing we should go pay developers, you know, pour money into the development. It’s his buddies that are trying to push PoS — of course, they’re making this argument. They have incredible incentives to mislead the public about how insecure their systems are.

Do you think they intentionally mislead the public?

Yeah. I think they know what they’re doing. I mean, my bias tends to be to assume people are at least competent. And if you assume they are reasonably competent, which was my impression talking to them, you have all these explanations that they know they’re lying. It’s a very ugly thing.

What about RSK? Are you excited about the development of RSK?

No. It’s a technology, they just lifted the parts of Ethereum that don’t work very well and this imperative model for smart contracts. People are unable to read write contracts that work reliably. Look at the famous multi-sig bug where Parity themselves lost millions of dollars.

When they wrote the scripting system. Gavin Wood, one of the early Ethereum developers, he personally lost like a million bucks or something. You want to double-check the numbers, but understandingly, he personally lost a ton of money on this. And he built all this. You know, if even he can’t get this right, it’s just not a good model.

But it is a good model if you want to suck people into a system. You know, who wanna track armies of JavaScript developers who don’t realize how insecure their system is. Whereas I would say, a user-friendly system in security context is ironically one that doesn’t make it easy.

Open Timestamps is a good example. Specifically the binary parsing. Way back, in 2012 or so, I made the first or second version and used JSON. It was all well, it was JSON, it’s easy to read, easy to parse, but then I realized, this isn’t actually easy to use.

Because if I write an implementation of it and then you try to write an implementation, there’s a pretty good chance your implementation was gonna do something different than mine. And in a consensus system that’s deadly. In a security system that’s deadly. Because now you accept input that should’ve been rejected. You might produce output that I would, I will reject. What you actually want in this system, where it either doesn’t work at all because you haven’t gotten it right, or it works and it works perfectly.

These systems are actually really user friendly. Because what’s friendly to the user is that they won’t let them screw up. Systems that only look user friendly often will be easy to use, but very dangerous. That’s not actually user friendly, because it exposes your users to far more harm.

Anyway, do you think that RSK might be a threat to Ethereum?

I think RSK, like the main guy behind it, Sergio Lerner, he’s done dishonest stuff before. He tried to go push the ASIC Boost stuff. He tried to get it changed to Bitcoin protocol, which would make it easier to go mining with ASIC Boost. And he didn’t disclose the fact he had the patent on this at all at the time. That is so dishonest to do. Incredibly dishonest. He’s just not an ethical person. And I don’t trust his intentions at all.

And a bit on RSK being federated side chain right now, but it’ll be merge-mined in the future and so on. You know, Blockstream Liquid, they initially thought they could do merge mining and other people pointed out security problems with that. And to their credit though, yeah, you’re right, this doesn’t work, we’ll just have to change your plans. RSK isn’t going to do that. They don’t care.

What was the reason why merge mining doesn’t work?

Well because merge mining changes miner incentives. It’s effectively an increase in block size.

Can you elaborate on that?

What merge mining means is for you to make the same money as me, if we’re both miners, you now have to process more data. If you want to be on the same footing as me, that’s an increase in block size. There’s no getting around that.

People would love to get around that because they’d love to do magical improvements, but you just can’t do it. And unfortunately, this is something, where what should’ve happened is for this stuff to get hashed out, people say yeah, alright, we can’t do this, this is not going to work, we’re not going to try it.

But the way it stands right now, the projects that are trying to do this are effectively an attack on the system. It’s just an attack, I don’t really quite know how to prevent. It’s actually a much harder thing to do that. I mean, I can out-compete them, because there are better ways to do what RSK does. But as a Bitcoin user, you don’t directly have a way of stopping RSK. So that’s unfortunate.

As you’ve said, lots of blockchain projects try to get the security through merge mining, do you think its a bad idea?

Yeah, that’s a bad idea. And if anything, often it gets you very bad security, because it opens you to attack. The marginal costs to attack someone with merge mining is in a lot of cases zero.

There also things like delayed Proof of Work, which is used in Veriblock, and which is also an attempt to increase the security of other chains. Your thoughts on it?

Veriblock is sort of Proof of Publication thing, where you’re publishing something in the Bitcoin chain.

Yeah, it's proof of publishing some data on the Bitcoin blockchain.

Yeah, they call it Proof of Proof, kind of a weird term, but If I remember correctly, and again, I could be misremembering this, when I looked at it, their block looked more complex than it needed to be but did look like it was fundamentally secure. But it’s not merge mining at all.

Yeah, it’s not. Could it be perceived as an alternative?

It’s radically different. I mean, I proposed something along those lines years ago. And I still stand behind that design — like, it will work. But there are even better ways to do a lot of this stuff. I’ve got a project — Proof Marshal that I have, and it’s a library to help you do all these better ways, but Proof Marshal isn’t going to make anyone a ton of money. The purpose of Proof Marshals is to let people do things, leveraging consensus in ways that don’t need coins. So, right there you don’t have an easy way to monetize the project there.

Ok, back to the Bitcoin core protocol. Which of the two — privacy or scaling — do you consider to be more crucial for the development of Bitcoin for the future?

I mean, the thing is, what do you want to use Bitcoin for? If you want to make payments, why don’t you just use Visa?

Maybe from a development standpoint, what should be energy more focused on?

You know, scaling is a harder problem than privacy in many ways. On the other hand, scaling is fundamentally also privacy. Because you can’t scale and keep things decentralized without adding privacy. Because the only way you can go scale winds up being by having less data be public. Assuming you are doing true scaling, not just tweaking parameters and stuff.

You know, like doing minor chain improvements. Lightning scales because it has better privacy. Because every time I send you something on Lightning, other people, the rest of the world doesn’t learn about it. That’s why Lightning scales. You don’t get that without accidentally adding privacy.

There’s an example — PayPal. Against many threat models, it has much better privacy than a Bitcoin transaction. If I send you money on PayPal, a bunch of Iranian hackers doesn’t learn about it. Or a bunch of European hackers.

Lots of people in the crypto space are really excited now about DeFi and the decentralized finance ecosystem. What are your thoughts on using that? Do you find it potentially impactful?

I think a lot of the DeFi stuff doesn’t look like it’s going to work. Like you look at the crazy high-interest rates, you’re getting some of these sorts of lending things or whatnot — this stuff looks like it’s going to go blow up. In various ways.

I kind of don’t pay too much attention to some of that, because it’s not really relevant to anything I work on and it doesn’t really matter to me that it’ll blow up and people will probably lose money there, they opted into it, you know, if I was interested in that stuff, yeah, I could have more stuff to say about it, but I kinda shy away from it, because it looks so sketchy.

Do you find potentially interesting at least things like algorithmically controlled stablecoins — like Dai?

Oh yeah. I mean, those are like perfect examples where it doesn’t look like those systems are stable. They’re sketchy things, often they have central points of failure in reality, a lot of these things have work holes hidden in design that, if they fail, the whole thing blows up.

I don’t know of many examples that make a lot of sense. And the stuff I do know that makes sense tend to be really boring things like, you know, Tether and Coinbase's USDC, which have simple models, but after all with these things, if you need to go move US dollars around, a lot of use-cases for this doesn’t really matter that much — to have trustworthy issuers. Because your exposure to risk is low. You kind of only need to own USDC briefly to send it to you, so the probability of them failing while I own it is low.

You know, Coinbase I may not trust at all, but it is necessarily a big enough risk to worry about it, in comparison to these other systems, which may have actually higher risks of failing.

What’s your stance on crypto regulations, do you see it as something kinda helpful, maybe to have some sort of “good” regulations to foster the cryptocurrency adoption in general, or not really?

I don’t think it’s likely, I think the aim of some of these authorities, has nothing to do with what’s good for the public. It’s to ultimately make their bureaucracy bigger.

So much AML and KYC stuff, it’s more aimed at adding a ton of regulation, adding a ton of useless jobs, it harms the public, it makes the security worsen, you have much less financial privacy, which is existential harm.

There are certain things, wherein theory, where things could be better, but most of the stuff I think is covered by standard fraud laws. And I suspect things like, say, FTC regulation, are more likely to cause harm by legitimizing things that aren’t.

But if I remember correctly, and correct me if I’m wrong, for example, I think it was Bryan Bishop who was also sending letters to SEC to get developers involved more when crafting crypto regulations — do you agree with this kind of a stance?

It’s not to say, you know, that I sort of stand with Bryan on this, but I wouldn’t go and say that he’s for it or against it so much. There are certainly things where they could use a better understanding, and I think that comes down to this issue where a lot of the regulations would be counterproductive because they’d be pushed by scammers with money.

I mean, the worst scams are those that are legal. And that’s one of your big risks there. And also when you legitimize things that aren’t good for consumers, that can be worse than having easily visible scams going around. Because at least when you lose money on those, you were very well informed that you could’ve lost money. Like utility tokens, I think it’s a good example of this. So many of these efforts to legalize utility tokens, create frameworks for them, are very bad for consumers. Because none of these utility tokens make any sense.

Would you call yourself a Cryptoanarchist?

My political views before I went into this space were fairly authoritarian, but this sort of authoritarian where it’s like, I believe the government is necessary and I believe the government is terrifying. So I want to ensure that we have the right society, so that people can go fight back against government even though I believe in it. Because you need those mechanisms to keep the center under control.

And unfortunately, what happens with a lot of governments is, the evolution of bureaucracy, what it comes down to, is to find ways to remove control of making the bureaucracy bigger. You look at the Snowden leaks. I think a good description of them is, what we learned is that at every single level, the level below is lying to level higher about what they’re actually doing.

You know, the head of the NSA was lying to congress about what they were actually doing. The guys underneath them were lying to him of what they were actually doing. And at every level, what they’re actually doing is more and more invasive. You do this to make your organization bigger. It doesn’t even need to start that way, but that’s what naturally will happen. It’s evolution. And you have to have really strong methods to fight back against that.

I already asked you which other projects in the field you find interesting, but I am curious in particular of Elixir, from David Chaum, and your view on it?

I don’t really know much about it. I know who David Chaum is, but the history of academic cryptographers, we all know, in this space has been a little dubious.

For instance — Adi Shamir — I got a reply back from him for an email years ago and I think that’s a good example, he’s a really famous guy, did really sketchy stuff with Bitcoin that looked like it was bullshit papers for grant money. This was ages ago, this was if I remember correctly some analysis of like what Satoshi’s coins might be, I think. And the analysis, which is really flawed, it didn’t make any sense.

I remember Sergio Lerner was doing a similar analyses as well.

Yeah, he’s done some of that as well. And again, there are aspects of this that I looked into in detail and were kinda flawed, but that one’s a bit ugly because there were some serious privacy issues there. Because to refute his analysis, you wind up having to give away who really owns these coins.

And I think that’s part of why people are agreeing to much about it, because as analysis, there are aspects of it that don’t make very much sense but to refute it, you wind up putting people at huge risk. Because, you say, yeah, this person might have private keys to millions of dollars. There are many people who could have mined early. That’s an ugly thing.

Regarding Blockchain in general, I know from your tweets that you often criticized when people want to use blockchain for this or that, are there any use-cases, other than cryptocurrencies, that seem fit for Blockchain?

I mean, blockchain is a chain of blocks. Like any time you have a database, I think adding blockchain to it makes sense. Even just for internal auditing. Even for a modern file system. Modern file systems end up looking kinda like a blockchain in that you have a root hash and you can go drill down to everything under it. That’s ultimately like what blockchains are for. The structure isn’t like that linear chain of blocks, but the principles are similar.

You know, Git is very very close to being a blockchain, we just don’t use Git in a linear way. But the fundamentals of why Git has hashes, is the same reason why Bitcoin does.

And this stuff is a really boring simple crypto that makes a lot of sense to me in many cases, again I think like, why academia doesn’t talk about this too much is academia just isn’t interested. It’s too simple to get grant money for. It’s too simple to write papers about it, it doesn’t fit in their models,

And at the same time, for certain parts of it, like consensus research, it has completely overturned tons of their work by basically saying “no-no, this is silly, we don’t need any of this”. We’ll do something dead simple instead.

That’s not how you make friends with academia. You make friends with them by doing something even more complex with even more fancy math. And if it’s not needed, it doesn’t really go anywhere. I think it’s a very powerful security tool, but it’s powerful in that it’s easy. We just need better software to let people actually use that.

I noticed also that you tweeted a lot about Google’s breakthrough in quantum computing, can you tell what are your takes on that?

It just says it doesn’t have enough qubits to be anywhere near relevance and no one has demonstrated that it can actually scale. It’s a genuine, fundamentally unknown question whether quantum computers scale. Nobody knows this. Nobody has any evidence that they do. Nobody has any solid proof that they don’t.

There are suggestions that they don’t, because of the amount of money you need to spend to, it seems to go up exponentially, it’s just too early to really know. And assuming they worked, it’s certainly true that they would break most of the cryptography as we know it, but there are also ways to go and fix that.

Because there is cryptography that’s quantum-resistant. You know, hash functions themselves have very good quantum security. So parts of Bitcoin you’d have to go swap out. Like your true worst-case scenario where we know in one year, your true worst-case scenario is quantum computer magically appears now.

The more realistic one is that we’d know in one year, alright, here’s a deadline to get quantum resistance. You’d probably have to do something like confiscating a lot of coins and in a sense, they become unspendable to avoid a huge pile of stolen coins getting spent. And these things are solvable. This isn’t a fundamental threat that makes this stuff impossible.

Now, what would make it impossible is say, if we found out all cryptography didn’t work. And that it was fundamentally impossible to crypt or sign. That doesn’t look very likely. And maybe a good way to kinda describe why this looks like a complete certain chaos, we fundamentally know that chaotic things exist. And things like hash functions or all cryptography, and again, this is really hand-wavy kind of explanation, but it is sort of chaotic, in the sense of small change in input is a very big change in output.

Nobody has any reason to think that chaotic physical systems can be predicted in exactly what state they will end up in, without just having to do the simulation. So that is a strong sign that things like crypto are possible. And maybe they’ll all get overturned, but I don’t think there’s a reason they will, and unless that happens we fundamentally can have Bitcoin.

What is it that you are currently educating yourself in? What is the last interesting thing that caught your attention that you really try to dig deeper into? In terms of technological concepts?

It has actually really been Rust, because I got really big projects I gotta do. You know, really understand the Rust language ecosystem and thought process, but that’s not really an interesting answer but there you go, that’s the truth.

I have a big project I’m working on for Proof Marshal and I gotta understand a ton of details around this and some bits around ergonomic APIs and so on. It’s not like my answer is like I need a tour in quantum physics. It’s kinda a very sort of boring, I needed that very sort of specific thing.

Yeah and I’m interested in Proof Marshall — do you have a website already for that?

I mean, if you look around Github, you’ll find it. I had to go put up some code recently. I am actually working on searching for better ways to build data structures that leverage consensus.

And the fundamental idea there is that for many types of proving systems, the way I prove something it’s true to you is that I can run the same validation function that I know you’ll run on the data I have, figure out what data was necessary to run that function, and then just give you that data. And it’s a very simple system because what you do and what I do is identical.

Finally, we talked about different kinds of data structures — what are your thoughts on DAGs, like they’re now becoming more popular in the crypto space.

I mean, I haven’t seen any reason why they’re any better than Bitcoin stuff. Like they still don’t scale. I mean, Ethereum’s uncle model as an example, is flawed. And there’s no clear ways to make these things, fundamentally better.

Now, you can make certain trade-offs with Merkel trees and get as much scaling as you want, like my most recent blog post, I write of how in a model where you’re trusted with respect censorship resistance but trustless with respect to validity, you can just do arbitrary numbers of transactions per second and the sky’s the limit. It’s log2(n) scaling.

I can prove to you in a system that does like a billion transactions per second, that something was valid. With a couple of megabytes of data, per year for that asset. It’s not hard, it’s just a different model. And in comparison to like DAGs, the irony is, it’s a much simpler system.

It does something very simple, has one trade-off and that’s that. But no one is going to write an interesting research paper on that, from I can see. Maybe write a sort of am application paper, to show how we actually use this, but the tech is not that interesting.

I believe I’ve seen also people like Aviv Zohar from The Hebrew University Israel, proposing even DAG-based consensus to be mixed into the Bitcoin protocol?

I haven’t seen that one, but I mean, the proposal’s along the lines I’ve seen, they’re all tweaks, but they don’t fundamentally change things. You can’t get away from the fact that you need all the transaction data to know if a transaction is valid the way we define a valid transaction in Bitcoin.

You know, if you have that trust model and you have that definition of what validity is, you’re gonna need all the data. No amount of screwing around with DAGs or this stuff is gonna change that, so the difference between what they can get with a bit of efficiency improvement to what exists now, isn’t really relevant.

The last question, a little bit of a prediction, where do you see the role of Bitcoin protocol in our society 10 years from now?

Probably continuing through the wide competition to conventional trusted systems. Like you look at how you’ve got rumblings of the US government saying they need to go launch digital currency, because of competition. That kind of thing is a very good thing because it forces other entities to be more reasonable.

On the other hand, it could go the other way, and we could see much more fascism. Look at Hong Kong, how they’re trying to ban face masks and make it possible to see these people’s bank accounts at will. That is a very scary thing.

The UK wants to go and hold open-source developers accountable for ruinous AML/KYC stuff. Or Australia passed laws where they can get people to backdoor stuff at will. And they can’t even tell their employees about it. There’s a lot of people that are going to want power, so we’ll have to see how that stuff goes, but hopefully, we’ll be able to push back enough, that this stuff can continue to exist.

Thank you, Peter!

Coin Story brings you in-depth interviews with the brightest minds in the crypto space. If you like this interview, be sure to check out our past ones too, and Sign up to not miss out on the future ones, and to get a regular digest of news and trends in the crypto world. Explore more interviews and educational resources on cryptocurrencies at coinstory.tech

--

--

David Stancel
Coin Story

Researching Cryptocurrencies since 2012 @CoinStory