LET’S TALK BITCOINEpisode 104 – Tree-chains with Peter Todd

Participants:

Adam B. Levine (AL) – HostAndreas M. Antonopoulos (AA) – Co-hostStephanie Murphy (SM) – Co-hostPeter Todd (PT) – Bitcoin core developer, Chief Scientist at Mastercoin Foundation & Dark Wallet

AL: Today is April 26th 2014 and this is Episode 104 of Let’s Talk Bitcoin.

The following is intended for informational and educational purposes only. Cryptocurrency is a new field of study. Consult your local futurist, lawyer and investment advisor before making any decisions for yourself.

My name is Adam B. Levine. I’m the editor-in-chief of the Let’s Talk Bitcoin show. Thanks to the many who gave their opinion; we won’t be changing the name. Today is Episode 104 – the completion of one year worth of shows. We’ve talked about how great we are and how much fun we’re having during previous episodes, but I do want to acknowledge both the listeners and especially those creating content, those building the platform along with me. Thank you. Today’s episode is a long one, split in two distinct parts. For the third time in LTB history, Toronto’s recent Bitcoin conference saw all three of the LTB hosts in the same room talking about Bitcoin, once again. On Episode 99, I spoke with Austin Hill and Adam Back about the idea of sidechains of Bitcoin, instead of altcoins based off of Bitcoin. This idea caught fire and as many who thought they’d made up their minds about cryptocurrency, re-evaluating our future, but not everybody is so enamored with this proposal. Peter Todd recently spoke on LTB about stealth addresses and we caught up with him again, in Toronto, to talk about tree-chains – a different way of looking at a blockchain that would also solve the mining centralization problem. You don’t want to miss this. [1:27]

But first, I’ve got a confession to make. Recently, I’ve become very interested in the possibilities presented by user-created assets built on top of Bitcoin or Ethereum or whatever blockchain you prefer. Really, at the core here, this is a conversation about bootstrapping, which is something that’s very interesting to me. Bootstrapping is the process all would be self-sustaining enterprise goes through, many unsuccessfully. There is a period of time, at the beginning of any new venture, where the sheer newness and smallness of the venture is a big, blinking, red light, warning off first potential users. After all, who wants to use a completely new unheard of or unknown service or eat at a deserted restaurant or register on a forum where nobody’s posting. It’s all a matter of comparison.

In a world where eBay dominates the person to person auction market, what reason would a buyer have to choose a brand new website with no sellers and why would sellers list, when there are no potential buyers? Bootstrapping is a chicken/egg problem. Which comes first - the valuable users or the users to generate value? Satoshi’s solution with Bitcoin was novel. Give the privilege of receiving new bitcoins to the miners, enabling the usefulness of the network. In other words, the system has these tokens, bitcoins, that must be distributed somehow and the chosen strategy, as designated in the Bitcoin specification, says that it is miners adding their hashing power to the network who add the most value to the network itself. They enable it for other users, so especially in the early days, miners were 100% critical and the system needs all it can get to protect itself from bad actors. When this process started, the bitcoins themselves were functionally worthless. Over time, as the network grew and found success, these worthless tokens became incredibly valuable. Bitcoin, of course, has some problems – the miner reward is only paid to a single miner which has led to pool centralization and some other not so great trends, but the fact remains that distributing new bitcoins by making miners compete with every other miner on the planet, has led to a wildly powerful Bitcoin network and spread the creation of an entire class of machines doing what is functionally make work. Although the power of the Bitcoin mining network dwarfs the most powerful government or commercial super computers, hashing SHA256 actually doesn’t process transactions, it’s merely the measuring stick by which all participants in the system are compared against. [3:36]

This isn’t a complaint; rather an attempt to illustrate the power of tokens released on a fixed, long term and deflationary schedule to participants adding the most value to the system. Imagine stumbling across a wishing well in a world where you only carry gold coins. Most people faced with the choice of throwing a valuable gold coin into a wet, deep hole in the ground, probably aren’t going to do it, even if it’s really magical looking with cartoon Disney birds flying around. From basically any angle you look at this, it’s a short term and long term, bad economic move. Faced with the choice, most people would walk on by because the cost of participation does not reflect the value they believe they’ll get. Imagine finding the same well with a penny dispenser next to it. Each day, it gives out 10 pennies with distribution based on how many people visit it. It’s out of the way, you’re the first to find it and can take all 10 pennies if you want. Suddenly, the value equation has changed and where before the cost far outweighed the benefit, now your cost was just showing up. Given these conditions, I’d personally feel much more comfortable using the service of a wishing well, where before, I probably never would have bothered. Over time, as other people find the well, the free pennies are split more ways until not everyone who visits each day can toss in a free coin. It’s at this point where demand outweighs the freely available supply, that a market price is required and so the market establishes one. Lacking the free tokens, would the well have grown in popularity as much, or even at all? Probably not. The value of the token is a direct reflection of how popular the service is and those who found the well early, but saved some of the coins, can even profit from their early support of these systems. [5:08]

A user-created asset, at its core, is a crypto-token that does not give new tokens to the miners, instead riding on top of a platform, like Bitcoin or Litecoin or Ethereum, where the processing of transactions is the main focus. User-created assets utilize the miners of another already secure chain and so, because security isn’t a concern, the size of these eco-

systems and the purpose of the coins can be very specific to their need, without compromising on security. While it was never very hard to fork Bitcoin or Litecoin, it is technical and while hundreds have found a dev, changed a few parameters and struck out on their own, the reality is the only people who went down this path, believed they could do what Bitcoin was already doing but better. As Bitcoin mining has become more difficult and old hardware obsoleted, miners still holding that hardware have a very real incentive to look for the next network, where their transactional mining will be more valuable due to less competition and more deflationary potential. That’s a huge thing – new crypto-tokens, whether attempting to compete with Bitcoin or riding on top of it, have much greater deflationary potential relative to the amount of time or money invested, simply because they’re so much earlier in their life cycle. User-created assets don’t want to process transactions, have miners or developers, they don’t want to have to worry about patching implementation vulnerabilities and by building on top of the already very secure Bitcoin network, they don’t have to. [6:25]

If these new tokens aren’t given to the people securing the network, they can be given to the people adding value to whatever the project is. This is called non-computational mining. Although crowd-funding services, like KickStarter, have become very popular in recent years, through the use of crypto-tokens, we can do better. KickStarter brought the ‘donate and get a reward’ model to the world’s stage, but what if you think a project is neat but don’t see the value in the reward for yourself or anyone you know? Or maybe you like the reward but don’t agree with the donation amount you want to give in order to receive it. The way things are now, if you don’t want the reward, there’s very little reason to support a project, even if it’s a good idea or you think it can succeed. Sure, you can just donate but, in practice, most people view their donation and it’s reward as a pre-order. Lock-in is another big thing in the world of crowd-funding. I’ve supported many projects with estimated deliveries of six months, only to see delay pile on delay, multiplying the wait. Sometimes, it’s OK with me, sometimes it’s not but again, the reality is I have no choice in this situation. I’m totally trapped. While refunds aren’t formally supported on crowd-funding platforms, since they’re donation based, people do occasionally give them when they feel as though they’ve failed to meet the expectations of those viewing their donations as pre-orders. This is sometimes resulted in whole projects blowing up as the founder gives money they don’t have or that’s needed to finish the project for the backers who remain patient. It’s a terrible situation for everybody. Adding a token eliminates this problem too. Think of crowd-funding a grocery store – sure, you could pre-order a pallet of canned soup, but wouldn’t it be better if you received store credit instead? While there are relatively few buyers for a pallet of soup, imagine if a token, call it store credit, was given instead? Store credit, as good or better than cash at the store in question, is much easier to find a buyer for. Just as backers can profit from a successful project, so can they escape a project they no longer want to be a part of. Of course, if that’s the general sentiment, they’ll certainly be selling these tokens at a discount to what they paid. Compared to the situation now, where the project succeeds and you get what you purchase, where the project fails and you get nothing at all, it’s better for everyone to have options. This is also non-destructive to the project, since the process doesn’t even involve the founder or their project funding. People who want to get out can make their escape via the market, without disrupting the project for everybody else. [8:31]

I’m working on a project called Tatianacoin with Tatiana Moroz. It’s one of the first, so-called, crowd-funding coins, and it’s also one of the first artist coins. Tatiana wants to raise an amount of money, let’s say $100,000 to record her new album and a tour to support it. The crowd-funding page, at first glance, looks pretty normal – funding, goals and backer rewards but rather than signing on for a $40 album and T-shirt package, the individual receives back $40 worth of Tatianacoin when the project successfully funds. Those tokens trade on a centralized and decentralized market, so from the minute the funding is over and the tokens are created, and then distributed, the market is valuing them. Because these tokens are only issued in that one batch to support Tatiana’s specific project, if the thing you can use them for is something more people when the project is finished, the album is ready to shift, the tour is starting then at the beginning, before the album exists, they should be deflationary. If they are deflationary, early supporters of the project will see the value of the tokens they received, in exchange for their donation, increase. When the rewards are ready, the number of Tatianacoin required to purchase your desired reward has gone down. [9:31]

Really, what we’re doing here is creating an eco-system where people who support Tatiana’s music or activism or her other projects, can invest in her early, give her the resources to make a bigger impact than she would be able to do, lacking that support. Those supporters then profit from her successes, more people discover her work and also want to support her. A smaller eco-system, like Tatianacoin, is valuable because it’s a partnership between the funded project and the backers supporting it, where everybody gets what they want and backers aren’t trapped by a failing project but rather spiralling up a successful funding and effective use of those funds leads to a higher profile and successful project. After the first success, Tatiana can use the same coin to fundraise for her next project, except instead of tokens being created and distributed at the original fixed rate, they’re created at whatever the current market rate is. When the money supply expands, it’s being backed up by real value moving into the eco-system. Instead of deluding earlier donors, each new token coming in reinforces that the current market rate is the correct one because people are paying real money for it right now. When Oculus Rift, the prototype virtual reality headgear was funded on KickStarter, they received millions of dollars worth of support to develop a very speculative project. Not too long ago, they were purchased by Facebook for $2bn worth of cash and stock and the backers who put their collective millions that brought the project to that point, they got developer kits as promised and that’s about it. My background is heavy in videogames so Oculus was always one of those projects that was interesting to me but I didn’t want a developer kit so I didn’t support it. If a token solution had been in place, not only would I have supported it but the purchase, by Facebook, would have skyrocketed the value of that token that everybody had bought. This would have happened at no cost to the Oculus Rift team, simply because the project has so many more eyeballs swivelling to look at what has become a very high profile project indeed. I’d love to tell you how Permacredits, the local cryptocurrency for the global permaculture movement were getting ready to launch soon but it’s basically just this same type of idea applied to real estate and the scale’s about 10x or 20x as large as a Tatianacoin. [11:25]

Once again, tokens go to whomever is adding the most value to the network so in the example so far, that’s people who donate funds which make the project happen. It’s fairly

simple. On the other hand, there are many situations where the activity adding value is actually non-monetary in nature. Imagine a jobs board, like Coinality.com – people looking for workers go there to post, people looking for work go there to post but the thing that really adds value are successful, happy matches over the medium to long term between those two types of users. We could create a new token called Jobscoin which is distributed at a daily fixed rate to successful, happy matches that then has a check in feature six months later for a second round of it. If only one person successfully confirms they got the job and the employer successfully confirms that not only do they have the job but the fit is good, the two parties split the new tokens distributed that day. If there are a 100 such matches in a day, it’s split 100 ways. Again, the thing that we never want is complete inactivity. Services that have no users are useless services and inactivity broadcasts that fact, making the situation worse. Those tokens can be used for a variety of things, such as voting up or featuring positions of a chosen job posting your resume. By not fixing prices and letting users simply bid against each other for positional advantage, as the service becomes more popular, so will the competition become more fierce which means that those wanting prominence, it’ll be very important to acquire the coin, probably through the market and probably from people who’ve acquired less coin and would rather sell them than use them. It’s a good interview with Peter Todd today, so I’m not going to take up too much more of your time but I would like to talk really briefly about LTB coin. [12:56]

Letstalkbitcoin.com is a content network. We create original journalism and entertainment so there are three ways that individuals can add value to our system. The most valuable way is to create good, engaging content that meets our rather high quality standards and release it on our platform. Content creators receive the largest share of new LTBcoin distributed weekly, based on two sets of criteria. The first is proof of quality – when you release a new piece and it meets LTB’s rather strict publishing protocol, you get a share of the week’s new tokens. If there’s one piece of content released, you get all of it. If there are 100 pieces of content released, and you all have the same point value – a 600 word blogpost is worth less than a hour long produced video show, for example – then they split the week’s allocation. Next is proof of value – this is a composite metric that will grow over time as we figure out what works, but basically, it’s a combination of revenue generated and reach. This is a second round of compensation that takes place about a month after the piece has been released. This distribution is weighted to encourage people to create content that the audience finds valuable or that sponsors want to support. Engagement with the audience adds the next largest amount of value, and so we reward our favorite behaviors with new tokens - proof of commenting, proof of tipping and proof of sharing. Each day, the amount of tips, the number of comments weighted by community votes and how much impact and individual sharing had, are tallied up and compared against all other participants in those individual programs on that specific day. Those individuals then receive their share of the new token based on their contribution. [14:19]

It’s easy to imagine on a slow day, sending a tiny tip to a content creator might actually make a profit from the new tokens that are awarded, simply because on that day, that small tip was the big spender. The value for LTBcoin comes from our sponsorships and advertising. Once we start this program, if you want to sponsor a show on the LTB network, advertise with a banner, whatever, you’ll need to bid in it on LTBcoin, in our auctions. This sounds like a barrier to entry, I mean who would bother, but our problem has never been

demand from advertisers, rather it’s our ability to follow up with them because we don’t employ sales people and I spend most of my time making content and talking with people. Rather than auction specific sponsorships that are locked and non-transferable, LTB will be publishing our sponsor standards and selling at auction for LTBcoin what we’re calling, Sponsor tokens. These Sponsor tokens use the same wallet as Bitcoin and LTBcoin and once purchased from LTB, can be traded or sold for any cryptocurrency to any group or individual who would find it more valuable than the value that original person paid in LTBcoin. This means that while I only have to worry about maximizing our LTBcoin sales by attracting more interested people, these people don’t have to be sponsors. They can be profit seeking individuals who jump through our specific hoops to acquire LTBcoin, acquire these Sponsor tokens and then sell it to someone who values it for profit. Over time, frequent sponsors will probably find it more valuable to simply be in the deflationary LTBcoin eco-system and deal with us directly because it’s cheaper to cut out the middle man but that’s going to take a while. In the interim, there is this opportunity for people to act as our sales reps and to profit from it. This solves both our short term and our long term problem, without requiring me to become a sales person or to pick someone who’s going to be a great individual sales person. [16:01]

One of the most common reactions I get to talking about user-created assets is the thought that they won’t be big enough and that the eco-system will be much smaller than Bitcoin. This is actually very true and I think it’s good. Small things are specific and small things are powerful and powerful, under-appreciated small things have the most potential to become very big things, once the base of the community and evangelism is established. User-created assets allow you to align the incentives of all participants in the system with the success of whatever your specific project is because the success of your project is their financial gain. What I’d like you to take away from this is that any problem that you had in the past that involved trying to motivate people to get on the same page as you and to see the value in what you’re doing, I really would encourage you to take a look at the problem through the lens of user-created assets and incentivizing behavior with tokens, because I think that many of these bootstrapping problems have been fundamentally solved now. We now have a good template by following the lessons of Bitcoin to bootstrap anything and to take any idea... I mean, the idea still has to be good, it still has to be enough that people want to participate and see the potential in it, but there’s a way now for people to be invested in what you’re doing, whether it be through monetary means or not, that I think is really going to change how these projects get implemented and what is possible and what is not. Take the logic of cryptocurrency and the logic of user-created assets and see if it changes your situation now and then, make it happen. I look forward to another very full year of cryptocurrency and Bitcoin with everybody. Thanks for listening. [17:38]

____________________________________________

ADVERT:

KryptoKit is the world’s first Chrome browser Bitcoin wallet. It’s the easiest, fastest Bitcoin wallet payment system with a simple one click install, it takes just seconds to get your wallet

set up and because KryptoKit finds the address and payment for you, there’s no more fussing around or tab switching. KryptoKit is more than just a wallet. It comes with a pre-loaded PGP encrypted social network, newsfeeds from Reddit and Google and up to date charts from exchanges. Finally, KryptoKit directory allows you to make two click payments with any of the BitPay merchants. Once you install KryptoKit, you won’t need anything else. For more information, or to download KryptoKit, visit www.KryptoKit.com. [18:26]

ADVERT:

Hey folks. Adam B. Levine here with an experimental sponsor today – a hiring one. David Johnston said it best – anything that can be decentralized, will be decentralized. Reverse Dealer is that idea applied to buying and selling of cars. At Reverse Dealer, the people are the dealership and the whole point is to save everybody money. The founder writes ‘We are the exact opposite of a traditional dealer. We are the change we want to see in the world and we are currently hiring.’ They’re looking for one skilled developer, a social marketing expert and they’re interested in speaking with additional investors as well. Interested? Send an email to ReverseDealer@gmail.com. [19:03]

_____________________________________________

AL: We’re here again at the Toronto after party, so to speak, in Stephanie’s room. (Laughter) [19:10]

SM: It’s where everyone wants to be. (Laughter)

AL: The day after the Toronto Bitcoin conference and sitting down with us now, we have, of course again, Andreas Antonopoulos and Stephanie Murphy. [19:19]

SM: Hello. [19:19]

AA: Hi. [19:20]

AL: We are joined today by Peter Todd. He’s the chief scientist of the Mastercoin Foundation and a myriad of other projects too. [19:27]

PT: Yeah, chief scientist at Dark Wallet now too. [19:29]

AL: Chief scientist at Dark Wallet too and you’re a Bitcoin core developer. [19:32]

PT: People call me that, I guess. [19:34]

AL: Have you submitted changes to the core that have been included in shaping code? [19:38]

PT: I guess that means I am. [19:39]

AL: Well, I guess that means you are. (Laughter) We’ve just had this conversation with Amir. (Laughter) On Episode 99, I had a conversation with Austin Hill and Adam Back talking about a proposal they’re calling sidechains, which is this idea that you can have alternative Bitcoin blockchains that don’t have their own tokens on it, don’t have their own bitcoins on it, so they’re not like an altcoin necessarily, but they can have other characteristics, such as a shorter block time, or larger block sizes and so do some of the things that conventional altcoins have done. The difference is that you can then move a token from the Bitcoin blockchain at a 1:1 peg ratio onto these other blockchains where it might be more useful to you at that particular point of time. This has been received by the Bitcoin community, broadly speaking, with kind of mixed response. Nobody really knows how to think of this and people who are very supportive of altcoins are concerned that there is something going on here. You and I had an interesting conversation, where you basically told me that we were completely wrong about this and actually, this is a terrible thing. Can you kind of summarize... did I do a good job of summarizing this in your eyes. Please correct me? [20:47]

PT: Maybe a little too harsh on terrible. [20:49]

AL: OK. [20:50]

PT: I’ll go start by saying I think the basic ideas behind it, the basic push behind it, I think (??) you want to be able to give people options. You want to have more than just Bitcoin and completely separate systems, but where I don’t like it is that there’s this idea of using it with merge mining. The thing with merge mining is it lets a consensus system, like Bitcoin, say that OK... or actually I should say a better example is Namecoin, says – OK, rather than a Namecoin block being valid because of someone doing a bunch of useless work, the hashing power associated with it, we’ll reuse the work of a different blockchain. In some ways, this sounds pretty good. I mean, we can go secure Bitcoin and we can secure Namecoin at the same time. [21:44]

AA: Namecoin is one of the altchains that is merge mined, more than self-mined or solo-mined. [21:51]

PT: Absolutely. [21:51]

AL: Can we talk about merge mining real quick? Can you just recap that for the listeners? [21:54]

PT: Yeah. Namecoin was your first example of it. Namecoin is a DNS alternative; it’s supposed to be a decentralized domain name system and it’s not directly a financial system in itself. You can still buy and sell Namecoins but they’re really meant to (??) domain names. The issue there is – How are you going to keep it secure? Initially, Namecoin was just a separate chain, just like Bitcoin is its own thing, but the people behind it came up with the idea of – Why don’t we go secure both at the same time? We’ll use the same hashing power that keeps Bitcoin secure to help to keep Namecoin secure, which basically means

that if I’m trying to mine Bitcoin blocks, I can, through the special protocol called merge mining, simultaneously mine Namecoin blocks, at the same time. [22:43]

AA: But you get the reward in Bitcoin which is your incentive, whereas if you were mining Namecoin, there would be no reward. [22:49]

PT: Actually, you get the reward in both chains. [22:51]

AA: OK. [22:51]

PT: Yeah, that’s your incentive to go to the trouble of doing this in the first place. [22:54]

SM: There’s even an incentive for just straight up Bitcoin miners to do merge mining instead because then they get more coins. [23:01]

PT: Absolutely. Right now, I think the number works out to be Namecoin is roughly say ¾ of the Bitcoin hashing power. [23:09]

AA: So this is going with Namecoin? [23:12]

PT: Yes, yes, so ¾ of Bitcoin hashing power is also mining Namecoin. [23:16]

SM: Wow! That’s very interesting because without merged mining, it would probably be a tiny, tiny fraction of that. [23:24]

PT: Yeah, absolutely. [23:25]

AL: Isn’t that good for Namecoin? [23:28]

PT: Namecoin happens to have ¾ of the hashing power for it. It can’t be attacked. [23:33]

AA: Right. What’s the downside? Let me take it from a different perspective. You’re a miner and you have a choice of either mining straight up Bitcoin or merge mining Bitcoin and Namecoin, at the same time, or perhaps merge mining Bitcoin, Namecoin and a bunch of other SHA256 proof of work... [23:50]

SM: Can you pick like that or, if you do merge mining are you mining every coin that allows it? [23:54]

PT: The protocol most implementations merge mining use allows is... allows for an unlimited number of chains to be mined at once. [24:02]

AA: You choose that as the miner; you pick how many chains and what chains? Do they all have to be the same proof of work algorithm? [24:07]

PT: Yes. [24:07]

AA: Right, so if you’re doing SHA256 mining, you can merge mine any altcoins that use SHA256 as a proof of work. [24:14]

PT: SHA256 merge mining. [24:16]

AL: Isn’t it really all (??) [24:16]

AA: That use SHA256 merge mining. [24:18]

PT: Yeah. [24:19]

AA: OK but then is there a disadvantage to doing merge mining across multiple coins versus doing straight up Bitcoin mining? Do you lose something in the competition for Bitcoin reward? [24:29]

PT: You don’t, however you do have to run a Namecoin full node and a devcoin full node, I think, IXcoin is another example. [24:41]

AL: For each of these that you add on as another chain that you’re merge mining, it actually does require additional infrastructure? [24:47]

PT: Yep, absolutely. [24:48]

AA: Mostly storage which isn’t too expensive to run. The actual mining difficulty which chews up a lot electricity, which is your main cost as a miner, that doesn’t change? [24:57]

PT: For now. For now it is. [24:58]

SM: What is it if you’re part of a mining pool, that’s pretty much irrelevant, right? [25:02]

PT: Absolutely. [25:03]

SM: There is a popular mining pool, CEX.io which almost got to a huge scary percentage of the Bitcoin network, at one point. That just does merge mining for you. It doesn’t even ask. [25:13]

PT: Here’s a real question. Me personally, I have some Bitcoin mining equipment, not much but I run it at home and I go use P2Pool to mine. [25:25]

AA: Can you describe P2Pool – that’s a completely decentralized peer to peer mining pool without a pool operator, right? [25:32]

PT: I think you just described it. (Laughter) Of course, I had to go set up a full Bitcoin node to do that. Now, the Namecoin reward is pretty small and I’ve never bothered setting up a Namecoin node. It’s just – why would I do it? [25:47]

AL: Even though the mining part is literally zero difference to what you’re already doing, the barrier to entry is having to bother to set up this full node. [25:57]

PT: Yeah. [25:57]

AA: And maintain it and mostly that has some costs. You’ve got to upgrade the software every time it gets a maintenance release and stay up to date otherwise you might get hacked or all kinds of things like that. [26:06]

PT: It’s overhead. Yeah. [26:07]

SM: So then do you have unclaimed block rewards from the Namecoin mining? [26:12]

AL: It doesn’t work like that does it? [26:14]

PT: It’s not unclaimed, it’s more that I could have gone and did it at the same time but since I didn’t, there just is no reward that I can get. [26;22]

AA: There are opportunity costs, if anything – if you didn’t take advantage of the opportunity to merge mine Namecoin, so you’re just mining Bitcoins. [26:32]

SM: Doesn’t each block have a block reward? Let’s say, for purposes of discussion, that you were solo mining and you found a Namecoin block but you were doing P2Pool and you didn’t set up a Namecoin node, what would happen to the block reward? [26:49]

PT: Oh well, that’s it. If I don’t set up this merge mining protocol, I do not find Namecoin blocks. [26:55]

AL: Because he’s not mining Namecoin. [26:56]

PT: Yeah. [26:57]

AA: You have to set up a node. [26:59]

AL: It uses the same work.... [27:02]

SM: Oh, oh, oh, so you’re not mining it unless you set up a node, I gotcha. [27:03]

AL: Exactly, but you have to set up... again, when I was thinking about sidechains, it sort of occurred to me that if this is something that can easily be merge mined, then you could have thousands of these, but it sounds like you’re saying that, in practice, that’s not really something that’s going to happen. Individual miners might pick a few but there’s actually a maintenance cost per sidechain they have to mine. [27:21]

PT: Absolutely. To put it in concrete numbers, last I checked, the Namecoin block reward in terms of value, it’s about 2-3% that of the Bitcoin block reward. Now, if I’m a miner earning

$100 a month on my little setup, I can justify the cost of setting up a Bitcoin node, that’s not so bad, but can I justify the cost of also setting up a Namecoin node? No. [27:46]

AA: I’m assuming there are other overheads too. One of the things that is an overhead for miners, or anyone running a full node, is keeping the mempool and the unspent transaction pool which is a load. For those who don’t understand what that is, that would require you to have RAM on your system and RAM is obviously much more expensive than permanent storage. If you were running a full Namecoin node, you’d also have to have the memory pool which means more RAM for that. [28:18]

PT: What it gets down to is like, suppose it took me an hour to go set up Namecoin and the only cost incurred was my time. I might go bill $100/hr to a client so let’s say it’s $100 cost, well, that $100 cost, over the next, say, 12 months, I’m going to earn something like, I don’t know say, 12 times maybe $5/month. I’m not going to make that back; I’m not even going to bother. Will I make it back in Bitcoin? Sure. OK. Now, let’s go do 1000 sidechains. Well, there is no incentive for me, as a small miner, to mine all these little chains. [28:52]

SM: With any kind of mining, the value or the price of the coin is always a wild card, right? For instance, if you set up to mine Namecoin with merge mining and then suddenly there’s a rally in Namecoin a few months from now and you’ve been holding Namecoin, then it would be worth it. You just don’t know that in advance. [29:11]

PT: Oh, sure. [29:12]

AA: Then you’re not a miner, you’re a speculator. You might as well buy Namecoin, in that case and it might be faster. If you were going to spend an hour of your time, earn $100 from your client, use five of those dollars to buy Namecoin and you’ve got the same advantage. [29:24]

SM: Sure, OK. I see that, yeah. [29:25]

PT: In the big issues that well... if mining these sidechains does have a positive return and say there are 1000 of them and they all earn, for me with my amount of hashing power, $1 each, I still can’t, for me as a small miner, justify installing all the sidechains. The network (??) is still not positive but if I mine at say BTC (??) 25% of the whole hashing power, yeah I’ll go make a lot more money. I’m going to go move to bigger pools so I can take this overhead cost, which is fixed, to mine at all and spread it out a whole lot of people with hashing power. [30:04]

AL: Interesting. In a mining pool – you only have to run one full node per pool as opposed to for individual miners where they have all the same cost of being a pool, basically... that’s very interesting. [30:16]

AA: Or a P2Pool where it’s like solo mining only pooled. You still have to run the full node. [30:21]

AL: Right. [30:21]

PT: Yeah. [30:22]

SM: It’s like an economy of scale. [30:24]

AA: Which then leads to centralization so merge mining creates an impetus for centralization because you’d rather go to a pool that does all of the overhead for you. [30:33]

PT: That’s absolutely true. [30:35]

AA: Wow! That’s very interesting. [30:37]

AL: OK, so what else about these things. [30:40]

AA: How does this connect to sidechains and some of the other technologies that have been proposed? [30:44]

PT: That idea with sidechains is you have a separate blockchain that is somehow being kept secure and you create a protocol by which you can go securely move value between one chain and another. By securely, what I mean is on the Bitcoin side of things, you go provide Bitcoin with a proof that some amount of hashing power claimed that that transaction happened, to go move value back and the same way as the other way. Now, Bitcoin’s quite secure so moving value to the sidechain, from a sidechains point of view that’s certainly secure, although you do have the problem that when you’re moving value back, it’s not feasible to necessarily provide a full proof that in the entire history of this blockchain these coins were moved around according to the rules and eventually ended up being moved back to Bitcoin. What you’ll actually do, and what’s being proposed, is provide what’s called a SPV proof or Merkle path and... [31:55]

AA: This is Simple Payment Verification... [31:58]

PT: Exactly. [31:58]

AA: ... is the same protocol used for lightweight clients, so instead of carrying the full node verification of every block back to the genesis block, instead what you’re doing is simply providing a path that shows sufficient confirmation within the other blockchain, the other sidechain. [32:13]

PT: That’s absolutely true. I mean, explaining SPV a bit, it’s important to remember that I have an Android phone, I have an SPV wallet and its only security is that it knows that the longest blockchain claimed that some coins were given to me. It does not check where the coins came from; it does no verification at all. It just assumes that whoever is mining the longest chain is honest. [32:42]

AL: Isn’t that the assumption of the Bitcoin network? [32:45]

PT: No. If you run a full node, your node checks every single block and if they try to lie to you, from your point of view, they’re just not mining Bitcoin. [32:55]

AA: It’s important to understand this. This is critical. This is the difference between height and depth in blockchain. When you’re running a full node, let’s say we’re currently mining block 290,000, right? Your node is checking the height of that blockchain, the block that’s in there and it’s transactions and is validating, from that height of 290,000 blocks, all the way down to the genesis block and linking the entire chain and making sure that every component of it is part of a valid transaction. When you’re doing Simple Payment Verification, you’re looking at it from a different perspective. You’re saying – How deep in the blockchain, from the longest path, is my block. You’re saying right now, this is what we call confirmations, you’re saying – Well, since that thing was given to me in a transaction, ten other blocks have been piled on top and I’m relatively certain that ten blocks of weight above it, or height above it, which is really how deep it is embedded in the longest chain, that gives me some level of certainty that all the miners who looked at this and layered ten blocks above, that’s the trust I have. I have ten blocks deep of trust, instead of having 290,000 blocks high of trust. That’s a very different proposal. [34:17]

AL: OK. If I am running a Satoshi client on my computer and I’ve downloaded the blockchain, am I running a full node, even though I’m not mining? [34:25]

PT: Absolutely you are. [34:26]

AA: Yes. [34:26]

AL: OK, great. Terrific. [34:27]

AA: You essentially have 290,000 blocks worth of trust in that chain. [34:34]

AL: This is a light client problem. [34:35]

AA: Exactly, exactly but now that applies to the mining of sidechains. [34:39]

SM: Fewer and fewer people are running full nodes. Isn’t that right? [34:44]

PT: Absolutely. [34:44]

AA: We’ve seen a precipitous decline, in fact, in the last three months. I don’t mind but I run a full node on a couple of cloud computers just to contribute to the verification of the network. That’s the kind of thing that you would do as a volunteer. Very few people will do that. [35:02]

PT: It’s important to note that when you say you’re contributing to the verification of the network, that’s kind of a bit of a misnomer in many ways because it’s not like you finding that something is wrong, actually automatically gets to the network. [35:14]

AA: No. [35:15]

PT: Your node just rejects that block and says – I don’t know what the hell they’re doing but... [35:18]

AA: Right. [35:19]

PT: That’s true. [35:20]

AA: You need mining in order to do that. [35:22]

PT: Yeah. Other technologies maybe possible in the future where your node might, say, produce a compact machine readable proof but they don’t exist yet. Also, they’ve got their own problems, not least of all, what if some fraud goes unnoticed for a week, someone produces a proof finally and – Oh shoot. Now what do we do? [35:42]

AA: Yeah, you can’t unroll everything that’s happened in that week easily, without disrupting a lot of other transactions that depend on it. [35:49]

PT: That’s absolutely true. [35:50]

AA: Right, so you’re saying that when you move something from a sidechain back into the main Bitcoin blockchain, the problem is that that move requires a proof of hashing power to verify the transactions that happen in the sidechain. [36:06]

PT: Yeah. [36:06]

AA: There isn’t the depth of hashing power in some of these sidechains and you’re only providing a simple proof that’s based on depth, instead of height. [36:17]

PT: Here’s a very concrete, pragmatic example. Let’s pose for a moment that someone decided to implement Zerocoin as a sidechain. The way that would work is the Zerocoin protocol would be merge mined with some percentage of the hashing power. For the sake of argument, we’ll say 50%, so it is secure but BTC Guild and maybe one other big pool gets hacked and for the next three hours, they end up producing some invalid Zerocoin blocks. Invalid Zerocoin blocks claim that all these zerocoins were spent and moved back to the main Bitcoin chain. All these bitcoins that are just held in stasis, waiting for bitcoins to be moved back from the sidechain, now they’re released off into Bitcoin again. When this gets noticed, and the Zerocoin chain gets properly rewritten, there are no more Bitcoins so they can’t withdraw the money anyway. That one event, a hack of just a few hours, has permanently destroyed all of the bitcoins associated with this sidechain. [37:26]

AL: It’s able to recover the bitcoins, even though it’s invalid work... [37:32]

PT: Yes. [37:32]

AL: ...because there is an incentive... [37:36]

AA: Sidechains expose you, potentially, to an attack on the weakest chain in the link of sidechains, that is accepted in Bitcoin because if you can attack the smaller hashing power, that is part of the merge mining for that sidechain and then export the effects of that attack into the larger Bitcoin, you’ve essentially achieved an attack with a lot less hashing power than would be required to attack Bitcoin full on. [38:09]

PT: To be clear, this isn’t an attack on Bitcoin. If you hold bitcoins, your money isn’t getting inflated, you’re not losing any but I’m saying... [38:18]

AA: No, but it’s an attack on money transferred from the sidechain. [38:20]

PT: Money goes to the sidechain, but it’s held in stasis until there is a proof that the money should then come back from it. It moves to the chain, where say Zerocoin transactions can happen and then it would go move back, based on SPV level proof that the Zerocoin chain now says money can move back. [38:42]

AL: Bitcoin transactions are irreversible, so once it’s been done, all you need to do is just even... so it might not even take hours, it would just take as long as it takes to get them to release and then you’re... [38:51]

PT: Yeah, yeah. [38:52]

AA: Doesn’t that introduce a problem with the fungibility of the coin, essentially, creating two classes of Bitcoin? Bitcoin that’s always been in the Bitcoin blockchain and only the Bitcoin blockchain and Bitcoin that is of a somewhat lesser status because it’s spent some time in a sidechain and had a bit less proof on it and, therefore, might be somewhat suspect. [39:10]

PT: The idea there is not that it’s actually really spent time in the sidechain, rather it served as a backing to the sidechain. [39:18]

AL: Yeah. [39:19]

AA: Right. [39:19]

PT: It’s like the gold in the vault... [39:20]

AL: Yeah. [39:21]

AA: Right. [39:21]

PT: ...that the bank notes are printed on. [39:22]

AL: It never actually leaves the (??) blockchain. [39:24]

AA: The problem is when Germany asks for it back and you can’t produce it because the sidechain transactions didn’t actually happen. It was sitting in the vault but then when Germany asks for it back in the main Bitcoin thing, you can’t deliver it. [39:35]

PT: Yeah, yeah. Here’s a great real world (??) – we’ll go say the US government and the German government, for once, they both now have vaults full of gold that are supposed to back the currency. A bunch of gold gets moved to Germany and a bunch of paper notes get created based on this and move around the economy and someone goes up to the Germany bank and says – Hey, look. See these paper notes? I want my gold back. The German bank follows the rules and gives them their gold back. It turns out they were counterfeit and if you own German notes, now your notes are no longer backed by gold because someone managed to go steal them, based on a fake proof. It’s the same thing with a sidechain system – while it may be backed by bitcoins but when it’s attacked, it’s no longer backed. [40:24]

SM: Right. [40:25]

AA: This is an edge case, obviously, which occurs in particular scenarios. It’s not the general case. How do you protect against those kinds of edge cases? How can you make it more robust as a system? [40:36]

PT: The proposal has been that, from the sidechains community, has been that we go have a quiet period, where we go spend, say, a day accumulating miner proof that this was the true chain and this is really agreement. [40:56]

AA: That’s not unprecedented, that’s similar to what happens with mining rewards which have 100 block quiet period, where they can’t be spent. [41:04]

PT: Or another example, if you try to go deposit feathercoins at an exchange, they’re not going to give you any bitcoins for a good day. [41:11]

AL: Why is that? [41:14]

PT: Feathercoin’s been 51% attacked. [41:16]

AA: Frequently. [41:18]

PT: Yeah, frequently. [41:19]

SM: Same thing with Terracoin, there was that time warp thing. If you deposit feathercoins at an exchange, they’re not going to give you bitcoins because Feathercoin has been 51% attacked a few times. [41:28]

AL: In the past, this has proven to be something where you shouldn’t allow withdrawals quickly because it’s proven to be a danger. It seems like this is much the same here. [41:37]

PT: Although, it can be even worse than that because the protocol is just a dumb protocol. It’s proof of work and it moves coins around. What if I go decide – Alright, I’m going to go use my pool to go and attack Zerocoin because I think anonymity is bad. I go up to GHash.io or something and I throw them some money and say – Alright, I’m just going and mining this sidechain but don’t publish the blocks you find. If I can go get a majority of hashing power there, I can go mine in secret and I can go back to the Bitcoin chain and say – Hey look, give me these coins. The Bitcoin chain will potentially respond and give me these coins. Now you have two chains and there is no good (?? programmable) way to respond there. [42:31]

AA: Hang on a second. This would be an example, similar to the selfish mining paper we saw a while back, where you’re mining but hiding those blocks. In the case of the selfish mining paper, you were publishing them on the main blockchain, but what you’re saying here is you publish the proof on the sidechain where you’re moving the coins, but you don’t publish it on the sidechain you were originally mining, so you create a discrepancy in the records, in the ledger. [42:56]

PT: Yeah, yeah, or it could do the other way round which is to go and give the Bitcoin blockchain the proofs that some mining was done but never actually publish the blocks themselves, essentially, proving to the Bitcoin chain that blocks should be taken out. Meanwhile, other people are trying to mine along but not seeing any proof. You can try to further hand wave around saying – Alright, we’ll make reorganization proofs to go prove there were two chains at once. I could also go destroy the chain by deliberately mining a reorganization at the same time... like, it just keeps on going. Yeah, you can go come up with a lot of solutions but there is a lot of fragility here, a lot of complexity and fundamentally, none of these solutions really work unless you have the majority of hashing power, but, we’ve already said, if you have a majority hashing power, we’ve made pools more centralized. [43:45]

SM: Yeah. This is really good to point out. (Laughter) [43:53]

AL: OK. [43:54]

______________________________________________

ADVERT:

EasyDNS is the Swiss Army knife for your domain names. Helping meet their customers’ individual needs since 1998. EasyDNS has been an outspoken critic of SOPA and CISPA. EasyDNS was an early supporter of Bitcoin and now they are proud to sponsor this show. Do business with a company that shares your values. Get a 13% discount when you pay with Bitcoin. Go to Bitcoin.EasyDNS.com and be sure to use discount code LTB. [44:34]

ANNOUNCEMENT:

AL: Hey everybody, Adam B. Levine here. Quick question – one of the user-created assets that I’m working on is a charity coin that essentially acts as a global charitable rebate program. Basically, charities have monitor donation addresses and whenever somebody donates to the charity, they earn a share in a charity token that’s distributed to all the people giving to these charities around the world, based on how many other people are doing it at the same time. The question is to you – would you be more interested in charitable giving if you were getting back some type of token that could then be used at fundraising events or auctions or things like that, as charities sometimes do, or alternatively, could be sold on the market? Leave a comment at Forums.LTBcoin.com or leave a comment at Letstalkbitcoin.com on Episode 104. Back to the show! [45:23]

______________________________________________

AL: I assume that you’ve articulated these concerns to the other side of the issue? [45:31]

PT: I have. They tell me that they’re working on a White paper which will address them but this is based on what I publically know. [45:39]

AA: This is an ongoing discussion, as with all of these proposals and this is great because that kind of scrutiny allows the problems to be better articulated and to get clarity. [45:49]

AL: What do you think about the problem they’re trying to solve? What do you think about the concept of sidechains in general? Do you think there’s a problem to be solved here and this just isn’t the way or that this is just a strange path to go down? [46:00]

PT: After all, I’ve got my own competing idea called tree-chains which works differently but has very, very close similarities on a lot of levels as well. [46:09]

AA: If we take away the ‘how’ you do it, underlying this idea of ‘why’ people are interested in sidechains, is essentially the fluid exchange between coins to create a more unified and homogeneous set of currency baskets essentially, that allow us to ignore the differences between coins on a technical level and use them very fluidly and interchangeably. You’re saying you have a different ‘how’ for the same ‘why’? [46:39]

PT: Yeah and I would also go further. To me, it’s not just coins that excite me, it’s new systems of transactions, new systems of auditing and new systems of publishing. You’ve got to remember, Bitcoin can move value around, Bitcoin can move value around that happens to represent a lot of stuff, but you can also go use Bitcoin to go audit things by going and forcing people to publish results of audits. You can do things like make better decentralized publication platforms by ensuring that you actually see what may or may not have been published. [47:13]

AA: This is using the full power of decentralized ledger, proof of existence, cryptographic proof of state of systems in a consensus, regardless of currency. [47:24]

PT: Yeah, yeah. The way I see it is all these systems has... proof of work consensus is always more secure if it’s bigger. The fact is, every single system in this whole space should be working together for security. We should not have 100 different little altchains, with their own little bit of hashing power. That’s not secure. We should have all this stuff working together. Sidechains, I think, was an attempt at that and the merge mining was an attempt at that, but to do that, we also can’t go and wreck the security by making things more centralized. [47:57]

AL: How does what you’re doing accomplish decentralization, the way that they haven’t been able to? [48:03]

AA: You want decentralized unification. [48:05]

PT: Well, I guess I better explain tree-chains. [48:08]

AL: Sounds like it. [48:09]

SM: Yeah. [48:09]

PT: I’ll actually start by explaining how embedded consensus systems work and this is your Mastercoin, your Counterparty and, to a lesser extent, your Coloredcoins. The idea there is given a set of data that you know was provably published in some order to some audience, a great example is the Bitcoin blockchain - anything in it has some very well defined order, I know exactly who had it, the mining community and I can go take that data and then apply my own rules to it. Mastercoin does this by taking special Bitcoin transactions that have had data encoded into them, extracting that data and saying – OK, we’re going to create a new system that has new rules, based on top of that. [48:58]

AA: We’ve spoken about this before. We talked about the hierarchy of knowledge which is the fundamental concept within the blockchain is not only that everyone knows how the rules work but that everyone knows that everybody else knows how the rules work and apply them in the same way and that everyone knows that everyone knew that, at the time. Those three layers create that shared knowledge, so when you publish something in there, you know that everybody else saw it, that everybody else validated it, that everybody else accepted it as true, which gives you the state of that time. [49:28]

PT: Let’s see – I claim that those three statements actually are somewhat independent of each other. [49:39]

AA: OK. [49:40]

PT: I’ll give you an interesting thought experiment. Imagine if in Bitcoin, miners didn’t validate. Any transaction you published, they’d go put it in the blockchain, they didn’t care what it did. [49:50]

AA: So it’s just a time stamp. It’s just a distributed time stamp, nothing else. [49:54]

PT: Not a time stamp, a proof of publication. [49:56]

AA: In this specific order and time. [49:58]

PT: Yes. Now, if you’re running a full node, obviously a full node can just go through a blockchain, throw away the invalid transactions and come to consensus. In Bitcoin, using this model is completely secure. It’s interesting that if you have that model, not only is it secure, but I can have two different systems running on top of it and they’re both contributing to the same security. You may want to have standard Bitcoin transactions, I may want to have Zerocash transactions. [50:29]

AA: This was one of the arguments I heard levelled as a criticism of metacoins like Mastercoin and Counterparty was that, while they’re transactions have been mined and time stamped and put in order into the blockchain, the clients that mined them didn’t validate them. That was criticized as a – Well, that doesn’t count. You’re saying this is a feature. You’re saying – We don’t even need this for Bitcoin transactions, we can just get the order time stamped and then solve the transaction chaining on a per node basis, at a later time once you have an established order that’s verified. That’s a very interesting perspective. [51:10]

PT: Yes, yes. Going back to what we were talking about SPV. With SPV... [51:14]

SM: Sorry... hold on...one sec... [51:16]

AL: Yeah sorry, I think you’ve lost both Stephanie and I here. [51:18]

SM: Yeah, sorry we’re not very technical. We just want to understand. Why would you not want somebody to validate a transaction? [51:29]

PT: Remember we were talking about SPV and how with SPV, essentially, you’re trusting miners to validate for you? [51:36]

SM: Yeah. [51:36]

PT: If they lie to you, you’re going to trust them and you’re going to accept coins that don’t actually exist. What I’m proposing with this client side validation is really what Bitcoin users already do if they’re using Bitcoin in the most secure way, which is to run a full node. [51:56]

AA: They validate everything down to the root of the genesis block. The difference is that if you expect the miners to validate and you depend on the miners validating, you get a side effect which is rather damaging, and that is that if you want to make a change, or if you want to introduce something like Mastercoin, they can’t validate it, they don’t validate it, they don’t include it, so you have no way of doing that later. If you just have them add

everything and all they’re doing is recording, then you have the option of how you validate things later, at a different layer which opens the door for validating a lot more while still depending on structured ordered recording at the mining. [52:39]

AL: OK, I think I understand. The interpretation moves to the individual client side, so each individual user is interpreting for themselves, as opposed to the miners doing it all, the miners no longer are doing the interpretation. They’re just doing the recording, so they’re notaries, basically. [52:53]

AA: Let me give you an example. Let’s say you were writing a ledger of transactions and instead of doing it in English, you’re doing it in Mandarin and you have no idea what the transactions say, but what you do is you just write down the Mandarin characters as they come through, you time stamp them, you put your signature next to it, then you rely on someone who, somewhere else, gets a copy of this ledger, reads the Chinese, understands the Mandarin and knows what this transaction means, but more importantly, they see your signature and they know when it got into the ledger and they know that it was, in fact, introduced at that time. You don’t even need to understand the Mandarin. All you’re doing is validating; you’re narrowing the scope. You’re no longer validating you understand the transaction, you’re simply validating that it existed. You’re doing proof of existence only. [53:36]

AL: OK, but doesn’t this bring us back to the scalability problems that individuals have running full nodes? I mean, I was speaking with a miner, Kimber (??) today... [53:44]

SM: I was going to ask a similar question. Isn’t there a cost to doing that notary service to record all the transactions? [53:50]

AL: No, no. The notary service is... that’s carried by the miners. The miners already have that cost. The miners actually do less in this system. The miners just do the notary side, they don’t do the verification side, so you can imagine that Visa has different sections. To this point, miners have been everything, now we’re dividing them into miners over here doing notary and users over here doing actual verification. [54:11]

AA: And chaining. [54:12]

AL: And chaining. [54:13]

SM: Both of those have costs to them, so what’s the incentive to notarize and what’s the incentive to verify the transactions? [54:23]

AA: Great question. [54:25]

SM: What’s required to do that? [54:25]

PT: The incentive to notarize, in a pragmatic system like this, you would end up in reality having some really, really basic layer to just move a bit of value round and that’s just so you can go pay a miner – Look, go publish this for me. [54:37]

AA: We already have that, that’s Bitcoin and it works already so you can do it for the basic Bitcoin transactions. [54:42]

PT: Exactly, now in terms of the other part of scalability as well, I want to go have an Android wallet, that’d be lovely. I like this. I just want it to be secure. Coloredcoins is a great example that’s because people always say Coloredcoin is not SPV compatible, it’s not efficient, yada yada yada... but hang on a second, if I’m giving you a Coloredcoin, all I actually need to do is prove to you that that coin existed. I don’t need to go prove to you that all other coins exist or that their valid or anything about that. You actually just need a very small subset of the total data of the system. [55:18]

AA: You’re talking about doing validation all the way down to the genesis of the Coloredcoin, so it’s not just a partial SPV, but it still ignores all of the other metadata for all of the other things that are going on. [55:31]

AL: I think it’s even more specific than that, right? It’s like, I have some inputs in my wallet and I get some transactions and the only transactions that my wallet cares to verify are the ones that it thinks it got. Everything else... so you, basically, trim out 99.9999% because your fraction is the only part that you care about. [55:53]

AA: How is that different from SPV? [55:55]

PT: SPV wallets don’t bother doing that. [55:57]

AA: They don’t even do that. [55:59]

PT: No, they don’t. [55:59]

AA: They just depend on... [56:00]

PT: They could if they wanted to. If we were in an eco-system where they were designed to do that, I think we’d be in a much better state than we are. They don’t. [56:09]

AA: Let me ask you... one of the criticisms of doing that in the lightweight manner, is that I’m assuming that in order to do that, you would need to retrieve a chain, a Merkle tree, that takes you all the way back to the root of that Coloredcoin, so you can validate it. In trying to retrieve that tree, say with a bloom filter, or something like that, you’re revealing to the world information. There’s a privacy implication here and there’s been a lot of work among the developers here to say – How can you say I want to learn about this transaction without telling everyone I actually own this coin? [56:44]

All agree.

PT: Here’s an interesting model and this looks like it will probably implemented first on Coloredcoins is, when I go give you some coins, I can go give you a bit of proof. You don’t need to go to the rest of the world and get that proof. I can go give you that. [57:01]

AA: Right, so you transport it so it’s self verifying. [57:04]

PT: Yes and that’s actually what we’re moving towards with the Bitcoin payment protocol. [57:09]

AA: That’s part of the proposal for smart property too. [57:12]

PT: Exactly. [57:12]

AA: From what I remember, is that you hand the property and the Merkle chain that proves its chain of ownership. [57:19]

PT: Yeah, sure. [57:19]

SM: What’s a Merkle tree and what’s a bloom... what did you say?... filter? [57:24]

AA: A Merkle tree is basically, simply describing a path from the current state of the system all through its history, narrowly defined as just the path of those coins as they changed hands, in a way that you can validate it. Rather than saying here’s the entire blockchain, it’s here’s a tiny branch of it, but it’s a branch that walks down just this specific asset that’s been transferred. [57:49]

PT: It’s a map. [57:49]

AA: A Merkle tree is a data structure, a tree of hashes but, essentially, it’s just a map, exactly. Rather than giving you the entire city, I’m going to say start here and if you turn left, turn right, turn left, turn right, you’re going to end up at the origin of these coins and now you know they arrived here correctly. You don’t have the full map of the city. [58:11]

AL: Even without that, there are no security trade-offs for sacrificing everything but that one path? [58:20]

PT: I guess I should say if you have the path for your coins, yes, there are no security trade-offs because you don’t care whether or not anyone else’s coins weren’t valid, you just care that your coins were valid. [58:35]

AA: A bloom filter is basically... it’s almost like a search query but based on probability, so you say – Tell me everything you know about this address but instead of saying ‘this address’, instead you provide a data structure that matches it to a probabilistic level. That way, the other person can give you the search results without knowing exactly which address you were asking for. They just know that when you did this search, this result matched at 99%, so it must be one of the things you’re interested in, but I don’t know what you were interested in but here it is. [59:13]

SM: It’s like looking at a neighbourhood instead of a specific address or something like that. [59:17]

AA: Right, exactly. You’ll go out and say – I’m interested in this zip code and the zip code is a bit more specific than the entire map, but it’s not as specific as a single address. Yeah, that’s a great way of describing it; it’s like a neighborhood. Of course, it’s a much bigger data structure and it has a much broader range. It’s a lot harder to find from the zip code you asked for which address you have. [59:43]

SM: Right. [59:43]

PT: Now that we’ve this concept of client side validation and having subsets, I think then the next obvious question is why does it need to be one monolithic block? Can’t we split up this block into something a little smaller than an entire megabyte? What if we, say, made the block itself into something more like a tree, and let miners work on different parts of this? [1:00:09]

AL: When you say let miners work on different parts of it, do you mean work on different parts of it simultaneously? [1:00:16]

PT: Yes. [1:00:17]

AL: You could have multiple blocks going at the same time, each with different transactions included? [1:00:26]

PT: Remember when we were talking about merge mining, imagine you had a system where you had a root blockchain and it’s a linear blockchain just like one block follows another, follows another, but we’ll have a rule where we’re allowed to merge mine two blockchains under it; a left and a right. [1:00:47]

AA: Like branches. [1:00:48]

PT: Yeah, and then we go say transactions with a unique identifier starting with bits – for the first bit set to 1 are only allowed to be in the left blockchain, and the bits set to 0 are only allowed to be in the right blockchain. In the top blockchain any transaction can be in there. We can repeat this rule one step down. The prefix that it has to match, that we’re restricting where transactions can go, just gets longer and longer. [1:01:20]

AA: And it becomes a path. [1:01:21]

PT: Yeah. [1:01:22]

AL: Do miners select this? Is it a conscious choice to pick a particular branch that you’re mining on – there’s more risk reward or is it just something that happens? [1:01:32]

PT: It’s absolutely a choice but it’s a choice that’s meaningless because transaction IDs are pretty much random. [1:01:40]

SM: Could it ever be chosen based on something that wasn’t random, like mining for multi-signature transactions and certain kinds... [1:01:50]

PT: You certainly could, but I think this works best when you just have everyone contributing equally to the whole thing at random. The beauty of this is so if you’re a miner, and we have this big tree structure for the blocks, now you only need to process the data for one half of the tree. That’s a fixed amount of data, it is not the entire system, yet all of our actions together create a much larger system. [1:02:15]

AL: What happens to the block reward in an environment like this? Right now, block rewards are giving... right now 25 bitcoins to a single miner, which is a pool and then it’s distributed out from there. What does this do? [1:02:28]

AA: Is this related to GHOST? [1:02:29]

PT: No. [1:02:30]

AA: OK, but it sounds similar in some ways. [1:02:33]

PT: The thing with GHOST is it’s about taking blocks that were orphaned. This is about spreading the load out so we’re not going to have that problem. [1:02:44]

AA: Does the distributor reward in the same way that GHOST does? [1:02:47]

PT: No, what I’m thinking is to – if your top blockchain is the full difficulty, you go a level down and you can go make each half the difficulty because half the miners are working on one side and half are working on the other. You go a level down after that and now, we’re into quarters. They’re each working on the left, left chain or the left, right chain and so on. [1:03:11]

SM: Because the miners would be specializing more, then they would be able to mine at lower difficulty and it would decentralize mining more? [1:03:18]

AL: It’s like random specialization. [1:03:20]

PT: Yes, yes. [1:03:21]

SM: Yeah. [1:03:22]

AA: Yeah, that’s interesting. [1:03:23]

PT: If we all work together randomly working on bits, the sum total is that we still move the blockchain forward, and yet if I’ve got, say, a GHash of mining power, I’m still going to find a reasonable number of blocks, say, 5 levels down or 4 levels down. I’ll occasionally find blocks 3 levels down and even less often 2 levels. Sometimes, I’ll even go find the top block and if the reward is split across those in decreasing amount, on average, I still end up making a reasonable return and my variance is low, so I can mine profitably without

involving a centralized pool. I’m also contributing equally to the security of this entire system. [1:04:04]

AA: How deep can the tree go? [1:04:05]

PT: As deep as you want it to go. [1:04:07]

AA: In that case, I could be solo mining 64 levels down and still have a possibility of getting some, so the pool is now part of the data structure rather than part of a protocol? [1:04:17]

PT: Yes. [1:04:18]

AA: Essentially, it’s expressed as a distribution within the data structure rather than a distribution of nodes on the network. [1:04:23]

PT: Yeah. Another way to think about it too is that this is giving you a trade-off between security and scalability. Sometimes, you need to go publish data to the entire world. If you’re moving a lot of money, you can go pay a bit of fees and you want this to be absolutely secure. Conversely, at some point, obviously you’re going to get to the point where there is only one miner actually mining some chain, like 12 levels deep, 16 levels deep, whatever it takes and that’s not going to be secure. In the same way that eventually, an altcoin isn’t secure but there’s a catch. Unlike an altcoin, you can then go say the rule is if this block up here gets reorganized, you can say it’s children also get reorganized, which means that now even though not the whole system saw some block, say, 16 levels deep, the time ordering is still secured by the whole system, which means if I want to accept payment from a block that’s not very secure in of itself, I can just wait until its influence kind of propagates up and it can’t be reorganized out, then its sure that when those coins got spent, there is no way they’re going to be unspent without a much more difficult block getting reorganized and so I can (??) [1:05:48]

AL: Even if it’s included in a really low level insecure block, like 16 levels deep, because it eventually migrates up because it’s part of the bigger picture... [1:05:58]

PT: Yeah. [1:05:58]

AL: ...over time, as blocks further up are found, it will be included and essentially, confirmed into existence even though, at the beginning, it’s unsafe. [1:06:06]

PT: Yeah, yeah, and if I have proof going back in time, I can go give you the proof that yes, those coins really were securely moved to that chain, they were not attacked, you can now trust this and you can then give that proof to someone else. [1:06:20]

AA: Does the tree of blocks, as it’s being mined, do you need to have completeness or can it be sparse? [1:06:29]

PT: It certainly can be sparse. [1:06:31]

AA: Essentially, not all branches need to be mined and if some branches are not mined, what’s the impact of that? [1:06:37]

PT: Nothing. It just means that some transaction (??) [1:06:42]

AA: What about transactions that are in them? [1:06:42]

PT: It just means that if you are using a transaction that’s in some block, by the time it gets sparse enough, no one really cares about it. It gets to the level of individual miners. You might have to go give some miners saying – Could you go somehow get this mined? Usually, you’d really go use it in a way that you’re still at a level that has a decent amount of mining interest. [1:07:05]

AL: I’ve had to do that before, in practice, with Bitcoin. I’ve had to send a transaction that got... it took like a week. I sent it to a mining pool and they were able to include it very quickly. [1:07:17]

PT: Yeah, yeah. It’s not unlike that kind of trade-off. [1:07:19]

AA: That means that, essentially, that gives opportunity for a much more fluid market for fees and for mining power, so you can dial in how much fee you want and how much mining power you want, which means you could have micro-payments chains within that, where you do that trade-off between time to completion and security. [1:07:42]

PT: Yeah, yeah. When it gets down to it, it’s like the usual criticism Bitcoin for micro-payments is why does the entire world need to know that I bought a coffee? With tree-chains, the entire world doesn’t. We go pick some security trade-off that’s good enough, but it’s much better than it would normally be because we’re all still working together in this. [1:08:02]

AL: I recently, this morning, I had a conversation with Rassah from Mycelium wallet and they’ve got an interesting feature built into their local trader set that’s a confidence graph, they call it, that deals with message propagation. When I send a transaction to you, usually, before you’d feel comfortable, usually we’d have to wait for a single confirmation at least. Even then, it would be better if we could wait for more, but a single confirmation is kind of the standard for person to person stuff. What this confidence graph basically does is it tracks the transaction as it goes through the entire global network. Once it has essentially, permeated the network, then you can have a pretty high... and it confirms that there’s a fee and there are some other things in there... then there’s a very highly likelihood that, even if it’s not included in the next block, it will be included in a future block just because it’s sitting everywhere, waiting to be included in a block. It seems like with tree-chains, this would work even better because, again, it’s just a notary system and once it gets past the mining layer, which is the notary layer basically, it’s already in there and it’s just waiting to be processed, whether that takes a minute or a day. Am I wrong on this? [1:09:12]

PT: Yeah, I think you are. [1:09:12]

AL: OK, OK. (Laughter) Please correct me. [1:09:15]

PT: I think this always comes down to the issue of when is something confirmed. Confirmed is kind of this sort of loose concept. [1:09:23]

AA: It’s probabilistic; it’s not absolute, black or white. [1:09:26]

PT: Yeah, and it’s even worse than that. If it’s never been in a block at all, it’s not only that it’s not black and white; it’s not even a shade of grey. We don’t even know what color it is, per se, we don’t know... [1:09:38]

SM: Right. You don’t know when it will be more... what the probability will be over time, yeah. [1:09:43]

PT: ...there is no... it could be up to any sort of thing. I mean, I may be a hacker who’s hacked into some pool and changed the rules by which they confirm transactions. Maybe I accept the one with the higher fee because I’ll make more money that way. That’s not against the rules of Bitcoin, it’s against what the default client does, but you can certainly argue there are a lot of good reasons to do the opposite and go just take whatever transaction pays whatever fee. [1:10:07]

AA: I believe Eligius does quite a few things that are not part of the default client and accept transactions that are not part of... not quite... in order to increase the diversity of that opportunity. [1:10:19]

PT: Yeah, yeah. I mean, I’ve gone and argued to a lot of miners that it would actually be very smart if they changed their policies to mine the highest fee, precisely because we don’t want to get in a situation where we’ve set a precedent that miners have an obligation to go keep unconfirmed transactions secure because it’s an unconfirmed transaction, you don’t even know really if it’s been round the network. You don’t have any proof about anything about it. Mycelium, they probably have a bunch of nodes around the world, but how do they really know that their nodes represent the actual Bitcoin network – trouble is, they don’t. Maybe there is a parallel Bitcoin network; you just don’t know this stuff. You don’t really know how data gets around. [1:11:06]

AA: The only thing you do know is proof of work and increasing difficulty in the blockchain. That’s the only guarantee. [1:11:12]

PT: An interesting thought experiment would be imagine if there was some way to be sure that after I publish a transaction it got to everyone reliably, couldn’t I just go have a system based on - you know I can’t double-spend you because you ran your Mycelium radar, or something, and it got round to the world. Everyone knows it. You don’t need mining. If that was secure, you wouldn’t need mining, but you need mining because you have no way of knowing whether or not the transaction was actually published. [1:11:42]

AL: Then again, you’re talking about fringe attack cases, basically, and I think that he made a point of mentioning, Rassah made a point of mentioning to me that the graph never gets to 100%; it stays at 99% and that’s where it maxes out. [1:11:55]

PT: This gets back to my comment of how it’s not black or white, or even grey. It may be a fringe attack case today but tomorrow the situation can completely change. [1:12:06]

AA: Yeah, a fringe attack case becomes a bot that’s doing it 1000 times a second. We saw that with transaction malleability. It was a fringe attack case for two years and then we had to fix it because it happened to be the main thing that was happening on the network. [1:12:22]

PT: I could go spend $1000 and fire up 500 Bitcoin nodes on Amazon EC2 and very quickly change the rules that the network (??) follows. One of the rules could be that if Mycelium wallet is connecting to me, I go give them a different mempool and someone else is connecting to me, and if I can identify Mycelium versus other nodes, they’ll never know. [1:12:47]

AA: Yeah. They’ll see a lot of nodes as propagating too, all of which you control. [1:12:53]

PT: Or, I might just go up to some big mining pool and say – You know what? It would be in your best interest if you applied replace-by-fee and they may choose to go hit the switch on that tomorrow. [1:13:03]

AA: We’ve had a discussion here where we looked at sidechains and then we looked at some criticisms of sidechains, or perhaps some things that need to be thought about and we need to explore a bit further. You’ve presented tree-chains to us, now I’m saying hash include, criticism (??). I’m going to throw in any criticism that you think you’ve heard or other people have discussed. Assume that I just voiced all the criticisms you’ve seen in your discussions, what are those? How do you address them? What are the weak points that people have concerns about? Giving you an opportunity to talk about some of those now. [1:13:48]

PT: In tree-chains or sidechains. [1:13:49]

AA: In tree-chains. In tree-chains, yeah. Then we’ll get Austin and Adam Back and then they can actually provide those criticisms, post facto. [1:13:57]

PT: I think that the catch is that using tree-chains efficiently is certainly hard. It requires a lot of, if not clever cryptography, at least, in the same way as Bitcoin, it was quite clever about how it structures its data. You need to go have these proofs, you need to be able to go and show someone else that something was published in some chain and that’s significantly more complex logic than Bitcoin, which is really dead simple in terms of how the crypto works. On the other hand, I’ve also got to point out that sidechains has all those issues too and (??) on sidechains, those solutions apply equally well to tree-chains. A way to go think about moving value from one node in this tree to... one block in this tree to another is, well that’s a sidechain. I’ve proven that that money was taken out of that block and now

should be resurrected here. All the same techniques actually apply, so I’m kind of excited to see all the stuff we’re going to come up with, with clever crypto, but I think the underlying layer shouldn’t be merge mining, it should be something like tree-chains. [1:15:07]

AA: So you can implement many of the same goals, using many of the same primitives but in a way that doesn’t require merge mining. [1:15:13]

PT: Absolutely. I’ll bet you 90% of the work in implementing tree-chains is going to be the 90% of the work in implementing sidechains. It’s that 10% base layer that’s actually my criticism. That’s all. [1:15:25]

AA: What requires a hard fork here? Both things require a hard fork, right? [1:15:30]

PT: No. [1:15:30]

AA: No. Neither of these require a hard fork? [1:15:32]

PT: Yeah, neither. [1:15:33]

AA: How does that work? How do you implement something like tree-chains and sidechains, without doing a hard fork, without changing the core protocol in Bitcoin? [1:15:40]

AL: A hard fork, to be clear, is a protocol change to Bitcoin. A change in the way the rules of Bitcoin work, as opposed to a soft fork, which is... [1:15:48]

AA: A non-backwards compatible change, not just a change but a change that requires all clients from that point on to follow the new rules because the old rules cannot see the new rules. [1:16:00]

AL: I see, so everyone must change in the event of a hard fork... [1:16:03]

AA: Must change. [1:16:03]

AL: ...versus in a soft fork, where they do not necessarily have to change; it’s backwards compatible. [1:16:07]

PT: To be clear, what a soft fork does is it tightens the rules. After the soft fork, blocks to the nodes running old rules, appear to be valid. In a hard fork, we make changes where the new blocks following the new rules appear to be invalid. The thing is that... [1:16:26]

AA: Let’s give a specific example. Multi-sig and pay-to-script hash addresses – any old client seeing a pay-to-script hash address... [1:16:37]

AL: Which is? [1:16:37]

SM: What is that? [1:16:38]

AA: ...pay-to-script hash is the multi-sig addresses that start with a 3. Before November 2013, an old client that saw a 3 address on the network would say – What the hell is this? And drop it. It would be considered invalid. That’s a hard fork because when you introduce... [1:16:56]

PT: No. [1:16:57]

AA: That wasn’t a hard fork? [1:16:58]

PT: That was a soft fork. [1:16:58]

AA: That was a soft fork?

PT: Yes. [1:17:00]

AA: But it changed... it created... [1:17:02]

PT: It did not. [1:17:03]

AA: OK, great. Let’s explain that. Rewind. Back to (laughter)... Steve. (Laughter) [1:17:09]

PT: P2SH is a good example of a soft fork where, it’s called pay-to-script hash, we go take a script, which are the rules required to spend a bitcoin. [1:17:21]

AA: The best example of that is multi-sig. [1:17:23]

PT: Exactly. We take them and we hash it and turn it into a little number and then we go say – Can you go provide me a script that hashes to that hash? If you can, and you can also meet the rules of the script, you can go spend the money. [1:17:38]

AA: A 3 address. [1:17:40]

AL: Something like escrow, yes? [1:17:42]

PT: It can be used for escrow. [1:17:43]

AL: With multi-sig, it is escrow. It is escrow that it’s controlled by more than one key. [1:17:48]

PT: Yes. [1:17:49]

AA: It’s a 3 address. That 3 address doesn’t represent a wallet, it represents a script and that script has rules for escrow, multi-sig escrow in it and if you can provide the script that has the multi-sig rules in it and the signatures that validate that script, then you can spend what’s in a 3 address. [1:18:06]

AL: OK. [1:18:07]

SM: The best explanation I’ve heard yet. (Laughter) [1:18:09]

PT: Here’s the crazy hack that made it a soft fork. It’s that we added a new rule to the Bitcoin protocol that said – If you saw a script that consists of nothing more than hash of that data, then check if that hash was equal to an existing hash. We’ll perform that as it always would but then we’ll also go and take the data and then run it, as though it were a script. [1:18:36]

AA: Right and that was a really nasty kludge hack. [1:18:40]

AL: I don’t know this means. (Laughter) [1:18:41]

SM: What does that mean? [1:18:44]

PT: You have a node and I go give you a script that says – Well, these coins can be spent if I provide you with a piece of data, that when hashed, happens to go match an existing hash. [1:19:04]

AA: The 3 address. [1:19:06]

PT: Yeah. Your old node looks at that, runs a little bit (??) – that’s fine. Why did you include all that other stuff there? But that’s OK by the protocol, so you just ignore it and you’re good to go. We upgrade that and we say – If you see that, in that little, very specific form, we’ll add a new rule, where then you go take that data, treat it as though it was another script and then go validate it, according to the Bitcoin script rules. You, the old node, that sees new transactions by this, you just ignore them. They’re valid, from your point of view. [1:19:44]

AA: The new nodes open it up and say – Oh, this particular script is a multi-sig and requires escrow. Now, I need to count two out of three signatures to validate this. The old node isn’t seeing the multi-sig, isn’t seeing the escrow, isn’t seeing the two out of three, it just sees a valid address and it says – OK, whatever that is, I’ll just take it. [1:20:03]

AL: It seems like this is analogous to what Mastercoin or Counterparty do, basically, where they’ve got this... you can send Mastercoins to a Satoshi client, the Satoshi client can’t see them but the address still controls them at the point that you move from that to the... yeah, OK. [1:20:19]

PT: The key difference with Mastercoin is because it’s client-side validation. You don’t need a soft fork, you don’t need miners to do anything. [1:20:25]

AA: This is layering of protocols and this is separation of concerns, so in a distributed system, this is very much equivalent to a TCP client forwarding things to Port 80, and it doesn’t know what those things are, but if you have a web client, it can take those Port 80 things and say – Hang on, let me open this up. Oh, this is a web request. Now we’re going

to send web pages instead. The TCP client doesn’t need to know any of that detail. It can just forward things to Port 80, not knowing what’s inside them. In the case of Mastercoin, the exodus address is the equivalent of Port 80 and the underlying Bitcoin client forwards them along, without understanding what’s inside. The more sophisticated Mastercoin is running a layer above and can unlock that and do additional things with it. [1:21:08]

AL: Now I understand the exodus address a little bit better too. [1:21:10]

AA: It’s your Port 80. It’s the HTTP address. [1:21:13]

PT: Going back to tree-chains and sidechains, how do you go soft fork tree-chains or sidechains to add them? You simply go add new rules; you go say if you have a transaction that has a special format that to old nodes looks like just meaningless data... [1:21:28]

AA: Meaningless but valid data. [1:21:30]

PT: Meaningless but valid data... and by valid, all we mean is that the data was encoded in the standard push data to stack format. Now, the new nodes go say – OK, that’s a sidechains proof, let’s go apply this proof, let’s go figure out whether it’s valid. In the case of tree-chains, you do this implementation and it’s even easier. It’s actually just merge mining. It’s merge mining where the rules follow a particular pattern, so that the whole system can go work in this multi-level deep thing, but for the old Bitcoin nodes seeing only the first top blockchain, all they ever see is – Yeah, I guess there’s a block in it; had two more hashes in it. Maybe if money needs to be moved from the lower parts of the tree up, you use the sidechains protocols. [1:22:23]

AA: I think this goes well to prove the underlying theme of the last several years and of many of the conferences I’m going to – this is not a damn currency! (Laughter) This is not about coins; you are missing the point! These little discussions really show how far we’ve come from... even from the title of the Satoshi paper – A Distributed Digital Cash System. It’s absolutely no longer about cash. It’s so much more than that, both in terms of the applications but even in terms of the complexity of the implementation and the amount of innovation that’s happening here has nothing to do with coins anymore. [1:23:03]

PT: I’d like to go make the analogy of the telephone network versus the internet. I think something like sidechains is not unlike the way how do we add features to the telephone network, we went up to the telephone carriers and said – Look, can we do this? Can we do this? It’s the same as going up to miners and say – Can you merge mine Mycoin? Can you merge mine this coin? Whereas, tree-chains is more like the internet where we have this really, really, really low level protocol – IP and if all you want to do is just be an internet router and move IP packets around, that’s great. Go for it. The fact that there’s a whole bunch of other stuff built on top of that, you don’t need to know about, you don’t need to care. If I want to go and experiment, I can and it works just as well as your experiment. It works just as well as your production ready token transfer system or your Bitcoin system. Who knows what you’re doing, but it all works because the underlying system works. [1:23:59]

AA: It’s important to realize that if you do the protocol layering well, you get two very, very important side effects. The first one is that you can preserve the neutrality aspects of the core protocol, which means that as long as it’s from A to B and some content, you don’t need to understand what that content is, you simply deliver it. That allows the innovation to flourish within that system. The second one is that if you structure it correctly, the layers above do not affect what happens in the layers below. That way, you have separation; you have modularity. You don’t have weird side effects happening. That’s critically important because then, the innovation can go completely at the edges and you can have all of these applications flourish. [1:24:44]

PT: I go work for Mastercoin, Counterparty and some other ones. The fact of the matter is, I don’t actually care that much whether or not Mastercoin survives or Counterparty survives. What I care about is they were given a chance to test their protocol, to see if they could make it work and they had the security, so that they weren’t going to be killed off by a small group of people who might decide this is a bad thing. I want the space to experiment and I think people should have that shot at trying. [1:25:13]

AL: No more monopolies. [1:25:14]

PT: Yes. [1:25:14]

AA: Yes because even if we get Counterpoint or Mastercoin or any of these other things wrong, once you open the door for things to be built on top, someone else will build it right and there will be a marketplace for people to try all variations and decide what is right for them, without having to ask the permission of the underlying layer. That’s the really important argument that’s been going on in the Bitcoin space for a while now. That’s why the ideas of spam and dust and bloat of the blockchain can be seen from two different perspectives. One, it’s bloat but on the other side, it’s an opportunity to open up all kinds of applications, without having to stress the core development team or to request protocol changes in the core layer. [1:25:58]

AL: What’s next for tree-chains? It kind of sounds like this is at the ideation level and I mean, you’ve thought about it and it sounds like it’s an interesting solution to a similar type of problem that sidechains are trying to solve. How’s it going? [1:26:16]

PT: It’s a matter of sitting down with a pad of paper and working out the details. An interesting and exciting possibility is, for instance, Ethereum. You could actually go ship Ethereum as a tree-chain thing, with no scripting at all, crazily enough and add scripting in layers in soft forks. If you did watch the miner validation on top of this idea, alright fine, add it piece by piece. If you didn’t, that’s OK too. Equally, you can take the same idea and apply it to Bitcoin. I’m not quite sure yet in what form the first pieces of code will be written, but I expect that to be fleshed out much more in the coming months. Simultaneously, whatever the sidechains guys do, their experimentation will feed into the crypto in understanding that’s going to make tree-chains work, in the same way that Mastercoin and Counterparty. Their experimentation with the concept of client-side validation will feed into making tree-chains actually work, from a pragmatic point of view. [1:27:20]

AA: You could implement this, not only use this to implement Ethereum on top of Bitcoin, you could also implement tree-chains within Ethereum, for example... [1:27:28]

PT: Yeah, exactly. [1:27:28]

AA: ...as its own mining approach, or any of the altchains. [1:27:33]

AL: This has been a pretty mind-expanding.... owww! (Laughter) [1:27:40]

SM: Yeah. Does your mind hurt when it expands? [1:27:42]

AL: A little bit. (Laughter) Lots of brow furrowing this one, but... [1:27:47]

SM: This was cool. Thanks for explaining a little more detail for those of us who don’t have the technical background. I hope the listeners will be able to keep up and I think they will be. [1:27:58]

AL: Yeah, I think that when we learn along so hopefully they... OK, Peter, you do lots of projects. If somebody wants to get in touch with you, what’s the way to do that? If somebody wants to support your work, is there any way to do that? [1:28:12]

PT: Email me. [1:28:12]

AL: Email you. OK. As simple as that. (Laughter) OK. You want to give that? [1:28:17]

PT: Yeah, PeterTodd.org. [1:28:20]

AL: PeterTodd.org. OK, well I think that wraps it up for us this time. [1:28:28]

SM: We’re done. No more conference. [1:28:29]

AL: Yeah, no more conference. Alright guys. This closes out our recordings at the Toronto conference. Thank you all very much for being here. Andreas. [1:28:36]

AA: Thank you. [1:28:37]

AL: Stephanie. Peter. Thank you very much. This has been... I’m going to be paying attention to this and trying to continue to keep up with you. It’s good work. [1:28:47]

PT: Thank you. [1:28:48]

AA: I think the feedback we’ve received, at least the feedback I’ve received is that when we do more technical, more in depth episodes like the one I did in... the first one I did in Vegas with Adam, I think that was probably the most in depth one we’ve done, up to that point. People go back and listen to it again and again and again and try to decompress all of the ideas and I’ve had so many people come to me and say, that was just amazing. Not only did I learn a lot of new things but in trying to learn those new things, I learned a lot more about

Bitcoin than I ever thought. I think we can challenge the audience and the audience absolutely loves it. [1:29:24]

SM: They’re going to be challenged. (Laughter) [1:29:26]

AA: They like that. We don’t need to patronize our audience. We have episodes that are great for beginners and we need to give them the real meat and episodes that are great for people to expand their understanding. [1:29:40]

AL: That’s what we do is we try to... it’s a learning process. We’re learning along with it. I think it’s always good to have the three of us here because we represent a range of experiences and contexts. [1:29:49]

AT: You have a good dynamic. You should do themed ones as well, like some more techie, some more social kind of stuff. [1:29:59]

SM: Sidechains, yeah sidechains of Let’s Talk Bitcoin. [1:30:01]

AL: Yeah, sidechains of Let’s Talk Bitcoin. (Laughter) [1:30:03]

SM: Adam, whenever you say you’re going to make different podcast feeds, I say there’s going to be a hard fork. (Laughter) [1:30:09]

AL: I think that wraps it up for this time guys. Thanks everybody. [1:30:15]

________________________________________

CREDITS:

Thanks for listening to Episode 104 of Let’s Talk Bitcoin.

Content for today’s show was provided by Adam B. Levine, Andreas Antonopoulos, Stephanie Murphy and guest host, Peter Todd

Music for this episode was provided by Nils Frahm and Jared Rubens

Thanks for listening. [1:30:33]