Blockchain is puny, here’s the math to make it mighty

Blockchain is puny.

Yes, it’s the technology of the future, poised to radically transform the way we move money, sign contracts, keep records, and much more. But it struggles to cope with any significant volume of transactions, meaning it is far from becoming ubiquitous.

In one second, a blockchain can handle around 10 transactions, while Visa has capacity for more than 65,000 transaction messages. We often expect turbo speed from new technologies, but 12-year-old Bitcoin and 6-year-old Ethereum lag far behind older systems like Visa and SWIFT.

The reason lies right at the heart of what blockchains do. When you buy something with your Visa card, Visa is the sole entity that needs to record this. The whole point of blockchain is that it creates a “distributed ledger” that is widely shared, and by virtue of this it achieves “inclusive accountability.”

While Visa’s transactions are processed exclusively by Visa, with a blockchain, anyone and everyone with a computer and an internet connection is invited to help ensure the integrity of the whole system.

It’s a very different undertaking and one which — for now — can only be achieved on a relatively small scale. For example, if we were to increase the number of transactions on Ethereum, by tenfold, you and I would no longer be able to verify the system’s integrity. We would be back to square one: the task of tracking the system would end up being devolved to a cabal of large companies that we need to trust. This may change as technology develops, but for now blockchains limit scale in order to rise to the challenge of providing this “inclusive accountability,” which invites all of us to help ensure blockchain integrity.

But there is a way to have your crypto cake and eat it too.

Shorthand for blockchains

Imagine if we accepted, for the foreseeable future, that we can only write on a given blockchain ten times per second, but instead of writing ten single transactions, made ten additions to the blockchain, each attesting to thousands of transactions. Despite the scale-up, there would be no significant rise in the number of kilobytes being added to the chain.

In short, I’m talking about a fix that would mean the same blockchains that I brazenly called puny would suddenly become mighty.

This fix is the adoption of cryptographic proofs — a concept that captured my imagination when I was a PhD student under Professor Avi Wigderson, one of the pioneers of this area of mathematics, and when I was a postdoc under Professor Madhu Sudan, another of the founding fathers of this field. After 20 years in academia, today I am president of StarkWare (@StarkWareLtd on Twitter), a company I co-founded to move this fix from the realm of theory to reality — a reality that will scale-up blockchain to an unprecedented degree.

Currently, Bitcoin establishes integrity the way you do it with your waiter or waitress. As you sit at your table, the waiting staff present a bill with the food you ordered, taking up the role of the “prover.” You check the calculation — making you the “verifier.”

With Bitcoin, the miner of a new block is the “prover.” Every block acts as proof that the payments contained in it are valid. And the nodes, meaning the many computers which host and synchronize a copy of the entire Bitcoin blockchain, naively replay each transaction in the block to verify that it is correct.

With cryptographic proofs, instead of recording this data-heavy information to the blockchain, we write on the chain in a kind of shorthand — proofs which verify that transactions have been conducted with integrity. All the heavy computational lift, meaning the work done to obtain the proof, happens in the cloud, not the blockchain.

It is logic we’re all familiar with in other areas of life. A large company may have its flagship office in central Manhattan, but wouldn’t dream of using such prime real estate for its huge factory, where the heavy lifting takes place.

Back to blockchain. The beauty of our approach is that a mass of computation that is performed by the provers doesn’t generate any work at all, barring the need to verify one new blockchain addition, for the many nodes in the chain. For thousands of transactions to be added to the chain, only one single proving node is needed. It operates outside of the blockchain, as it processes the transactions and creates a single cryptographic proof that attests to the integrity of all of them.

This proof, along with the new state of the system, is submitted to the blockchain. Counter-intuitively, verification is exponentially faster than the naive execution, which takes place on the cloud as part of the proof-creation process.

But isn’t scaling a risky business?

Normally, when we scale, we increase risks unless we increase infrastructure for enforcement and inspection. If you triple the capacity of a sporting event without increasing policing, you have a recipe for disaster; and if an economic sphere grows quickly without regulation, problems follow. And if you increase scale by moving infrastructure offshore to an off-the-beaten-track location, all these risks are further increased.

By the same measure, in blockchain, where oversight comes from the virtue of a large network all of which verifies a “distributed ledger,” if we scale up by performing computational work off the chain, aren’t we weakening the ability of this network to ensure the integrity of transactions that are added to the chain?

Bluntly asked, how on earth can nodes, tasked with verifying transactions, attest to the integrity of many transactions they have not seen?

Our answer is to deploy mathematics that has been said to seem “magical.”

If you’ve ever been to a mirror maze, one of those beautiful structures that reflects a single sight on a seemingly-endless number of mirrors, you’ll know that if there is a pile of dirt on the floor in such a maze, you would see it reflected everywhere, thanks to the magic of Euclidean Geometry.

The magic that cryptographic proofs deploy to amplify the existence of “dirt” in a computation is different, relying on modern algebra, probability and theoretical computer science, but the effect is similar. Task a prover with generating a proof for a true statement, and the result will be clean as a whistle, whereas the smallest inaccuracy in the computation will be spread and reflected to occupy the verifier’s full field of vision.

No verifier could review details of all of the thousands of transactions that are being added to the blockchain via a single proof. But thanks to the maze of mirrors math-based amplification carried out by the prover, the verifier can attest with near-certainty that all transactions were carried out with integrity, by taking a random sample of the proof, at an essentially fixed computational cost.

Nobody can cheat the system, or to be precise, you have a better chance of becoming a serial lottery jackpot winner. It’s a brave new world in this respect. In a non-blockchain reality, you need to trust the party that does the proving, like Visa or your bank. Not so here.

Theory to practice

For three decades, starting in 1985, the cryptographic proofs that are making all this possible won many academic awards but were impractical, as computers bigger than the universe would have been needed to generate proofs for real-life scenarios.

The potential of these proofs caught my imagination at a young age, and for much of the last 20 years, my research collaborations focussed on reducing computational cost and size of proofs, and making them practical. For much of time, my work was very theoretical, via new algorithms, protocols and mathematical theorems, then through academic grade code. But as it progressed, it became clear that practical applications were around the corner, and I am developing these at StarkWare.

It has been humbling to see theoretical constructions of cryptographic proof systems that I helped to develop start to be used on blockchain. What defines the particular family of proof systems I co-invented, called STARK, is a combination of several properties, most importantly:

1. Scalability — the S in STARK — which means that proofs are as efficient to generate as running the Fast Fourier Transform (FFT) and exponentially more efficient to verify

2. Transparency — the T in STARK — which means that no trust from the protocol administrators and participants is assumed

3. Security — the protocols require minimal cryptographic assumptions, making them future proof and resilient to attacks by quantum computers

Now, every day I witness the ideas that my PhD supervisor and his peers spoke about in the 80s coming into real world use via our own proof system. It is exhilarating. We recently processed 600,000 transactions with a single proof, a feat that just a couple of years ago would have seemed impossible.

Based on STARKs, we are building StarkNet, an open network that will allow scaling up capacity for all blockchain developers who use Ethereum. The alpha version is live today and it allows anyone to deploy any smart contract they wish, for example, an automated system that splits royalties between co-creators of a song. In short, every day we are already taking new steps to illustrate the potential of the network.

In one of the most exciting implementations of blockchain technology, we are changing the face of non-fungible tokens.

Known as NFTs, they are units of data stored on the blockchain which prove that a digital asset is unique — the digital equivalent of an original piece of art, or a limited-edition print. They have received enormous media coverage, as NFTs for digital artwork have sold for huge sums. But rolling out NFTs for wider use has been difficult, due to the scalability problem.

Minting an NFT directly on the Ethereum blockchain costs $40. But we have begun doing so using STARK proofs, in partnership with the gaming company Immutable, and have brought the cost down to a fraction of a penny, helping to push this technology towards the mainstream from the realm of novelty.

All of the 600,000 transactions in our record-breaking proof mentioned above were NFT transactions. And deploying our advances in NFTs, within three days Immutable recently managed to mint some 3.5 million NFTs for its popular Gods Unchained game. Without our STARK-based scalability solution, this would have been impossible — Ethereum simply wouldn’t have the bandwidth — and the very notion of minting tokens for the game would have been dismissed as the cost would have been prohibitive.

This remarkable achievement indicates that even the very aspect of blockchain use that was seen until recently as little more than a novelty — NFTs — is ripe for scale-up. So while I stand by what I said, that blockchain is puny, the disruptive technology exists that will allow this to change, very quickly.

***

The cryptographic proof technology that I live and breathe doesn’t just have the ability to change blockchain; it has the ability to change how the world interacts.

The institution of reliable record-keeping is one of the most important steps humanity has taken. The Romans famously wrote tax records, public decrees, and many other documents on papyrus, vellum, and parchment. But until very recently, the integrity of documents relied on trust — on the notion that at least one party is entirely trustable.

The land registry that confirms you own your home is a testament to human civilization. But if it is accidentally deleted or maliciously changed, you could end up on the streets.

The land registry, a modern version of an ancient innovation, is one such “trusted party” that keeps the world as we know it running. Others that are important today include banks and credit rating agencies.

Blockchain has allowed us to get a glimpse of how things may look if such trusted parties play less of a role. It has brought about a change — but on a very small scale.

At the end of many a long day, spent working with my colleagues on the technical minutiae needed to address the issue of blockchain scalability, I zoom out and allow myself to think broadly about what all of this may mean.

What may our lives look like with vast systems that allow us to verify, and feel secure, but with the need to neither rely on third parties, nor make trust assumptions about people we deal with?

Will it throw up ethical and legal challenges, like any advance? Certainly. But I believe it will have benefits that we are only just starting to grasp. The prospect is novel, interesting and exciting.

Bio: Dr. Eli Ben-Sasson (@EliBenSasson on Twitter) is Co-founder and President of StarkWare. He has been researching cryptographic proofs since he received his PhD from the Hebrew University in 2001. Dr. Ben-Sasson is a co-inventor of the STARK, FRI, and Zerocash protocols and a Founding Scientist of Zcash. He held research positions at the Institute for Advanced Study at Princeton, Harvard and MIT, and most recently, was a Professor of Computer Science at Technion.