Transcript

[00:00] SPEAKER_00: Instead of having a contract that's backed by a legal system, you would put money into a magic box and then that magic box would just automatically move the funds over to me if I do what I need to do and refund the funds back to you. Otherwise, in this sort of natural state of affairs, the individual incentives and the collective incentives are absolutely disaligned. So in theory the smart contract is not going to be necessarily controlled by anyone. It's not going to be controlled by me if I do. Ultimately it would just sort of sit there and the whole thing would just process automatically.

Spend an hour talking about really the economic concepts behind cryptocurrency and digital consensus in general. We're going to talk about some of the really interesting underlying economic primitives behind some of these ideas that we're putting forward. We often like to think about Bitcoin as a sort of revolution in economic paradigms. We like to think about this idea of this grand history of money where initially we had commodity money, then something like gold, then we moved on to gold certificates, then finally we moved on to fiat currency. And maybe, just maybe, Bitcoin might be the next revolution in this monetary evolution where we'll have this currency that's not only not backed by anything, but it's really not tied to any kind of entity whatsoever. It's money that sort of just is without any, almost without any real justification. Like what is a bitcoin worth anyway? It's just a bunch of bytes floating around the Internet with no intrinsic value and yet it's got a value of $420.

But really then we talk about these concepts like smart contracts, this idea that you can have these self enforcing contracts where instead of having a contract that's backed by a legal system where you say I agree to do this and if I don't do this then you can sue me. Instead you have this sort of self enforcing smart contract where you can pay, instead of you paying me something to do that, to do a certain thing, you would put money into a magic box and then that magic box would just sort of automatically move the funds over to me if I do what I need to do and refund the funds back to you otherwise. So this idea of contracts that allow for a completely self executing legal and direct interaction and basically allows entire segments of the economy to be automated.

When we talk about these really interesting, almost utopian concepts, we talk about these decentralized autonomous organizations, these jurisdictionless entities floating around somewhere in the cloud. Nobody. And yet, at the same time, they can have control over resources, they can have entire departments that can have control over thousands and thousands of machines and incentivize it to millions of people around the world. Finally, we spent. And then the joke is, well, isn't this going to create Skynet? Well, the interesting thing is, in all these new innovations, there really aren't any new philosophical paradigms that are being made. Pretty much everything that we've done in the Bitcoin space has already been done before.

So first off, I'd like to talk about how really get down to the basics. Get down to the basics of how traditional societies work. So in general, in economics and in game theory, there's this concept of a prisoner's dilemma. So the scenario in a prisoner's dilemma, basically, is that you have two prisoners. Those two prisoners are both being interrogated in separate rooms, and they were both involved in committing some crimes. And the investigator doesn't really have too much evidence either way. So the choice that the investigator gives to them, to both of these prisoners is he says, well, you can either rat out the other guy or you can stay silent.

So if both of the prisoners stay silent, then the investigator is not going to have any evidence. Both of them go free. If both of the prisoners rat each other out, then the investigator is going to have lots of evidence. Both of them go to jail. However, if one of the prisoners stays silent and the other prisoner rats the first one out, then the prisoner that rats the second one out, not only is he going free, but he's also going to get a bit of a reward. And the one that stays silent is going to go to jail for a really long time also because he tried to cover up his ass.

So what does this create? It actually creates a very interesting paradox because the collective interest for the two prisoners is obviously for both of them to stay silent and for both of them not to reveal any information about each other so both of them can go free. Let's look at it from the perspective of one individual prisoner. Let's suppose prisoner B is going to stay silent. Prisoner A, if he cheats, he's going to get a reward and he's going to go free. If he stays silent, then he's just going to go free. Now, suppose prisoner A is going to rat the other one out, then the choice is, well, he can stay silent and go to jail for a really long time, or he can rat the other prisoner out and go to jail for just a long time. In both cases, the individual incentive is in the exact opposite direction from the corrupted incentive.

And in game theory there's this concept of a Nash equilibrium. Basically what is the stable state of the system? What is the state of this game where no player has the incentive to change their strategy? And as it turns out, the only Nash equilibrium is the one where both prisoners rat each other out because neither prisoner has the incentive to deviate from that situation. And as a result it's unfortunately the worst possible outcome possible for both of them.

So the interesting thing about prisoner's dilemma is that you can actually think of it as a model to describe life in general. So 10,000 years ago, if you imagine a bunch of people marauding around a forest with clubs, and there's a lot of opportunities for two people to interact with each other and at some point person A and person B would go up to each other and they would have an option. Both of them could have the option to either peacefully trade or either of them has the option to kill the other in their sleep and take all their stuff. So for the dilemma, once again, both of them peacefully trade. Split trade. One of them kills the other guy with a club. He wins, other guy loses. And worst possible scenario of all, both of them kill each other with their clubs. So this is what's called the Hobbesian jungle equilibrium. In this sort of natural state of affairs, the individual incentives and the collective incentives are absolutely disaligned. And so unfortunately, people creating all performing their individual irrational choices results in the worst possible outcome for everyone.

So here's an interesting solution to that particular problem. What if we had this concept of punishment? What if there was a way for some of the players in this system to do something, say to take some small amount of effort and actually punish certain groups of people. So this could be some light amount of punishment, like burning their hut. It could be something more severe like actually hitting them with a club. Doesn't really matter. But the idea is that it's some action which is not really by itself not beneficial to anyone at all. If I'm one of these punishers and I end up burning your hut, then that's going to be a lot of cost. It's an effort for me, it's even risky for me. And then for you, you're going to lose your hut. It benefits nobody.

But why do we punish? The answer is it changes the incentives. And it changes the incentives so that if you are a cheater and you don't peacefully trade and instead you always try to gain your advantage in every single situation, instead you're going to get punishers coming after you. And the situation for you is not going to just be bad for everyone, it's also going to be bad for you specifically. So as long as these punishers exist, the incentive is for everyone to cooperate. And so you have the second paradox. This act of punishment, this process that theoretically harms everyone, ends up radically improving the situation.

But the problem is not yet solved. Here's the thing, why would anyone be one of these punishers? What's the incentive to participate in the system? And so here is a clever solution. And this is basically what I would argue the first great solution of civilization. Recursive punishment. You say that the process of punishment is itself enforced by a sort of second order punishment. If you have this group of punishers, if they do not participate in punishment, then there has to be some kind of second order punishment in order to punish them. But then, okay, you have second order punishers, then you need third order punishers to make sure those punishers also punish. So hey, is that infinite recursion problem?

Well guess what, here's what we do. We say that everyone is required to participate in the punishment process in some form, directly or indirectly. And not participating in the punishment process is considered to be an offense on the exact same level as the original crime itself. So the punishment is recursive, the exact same mechanism does the level one, level two, level three, all the way up to level infinity minus one. And so the whole system closes itself and it works.

So sounds pretty brutal. Well, turns out that's how pretty much every legal system works in practice. Take the example of the tax funded police. So this is a somewhat common mechanism for securing cities and civilizations. Basically you have a bunch of people running around with clubs or more sophisticated substitutes. And if you do something bad like stealing or killing, then these people come at you and hit you with a club. Maybe put you in a cage. Now the problem is though is that why would these people do that? Well guess what, those people are professionals. They're paid salaries and everyone has to pay taxes. And if you don't pay taxes, then they come after you with a club and they put you in a cage. So that's one solution.

The other thing is that the exact same mechanism is also implemented in this concept of social ostracism. So much more humane approach, but it's actually the exact same principle. So if you look at a lot of the different traditional societies and especially societies that are embedded inside of other societies, especially if you look at, say, gypsy cultures, if you look at some groups that are living under external governments that are sort of from foreign groups, then the legal systems that they tend to have basically consists of a social ostracism mechanism. So the rule is that if you break one of the rules, if you break any communal rule, including this one, then you get ostracized. So if you break a rule, you get ostracized. If you don't ostracize someone who breaks a rule, then you get ostracized. If you don't ostracize someone who doesn't ostracize someone who breaks a rule, you also get ostracized. Infinitely recursive punishment. And it works.

Next step. So reputation is very interesting. An interesting one. So here's the interesting thing about this concept of reputation. So in general, the way reputation actually works from an economic standpoint is that let's say I have some reputation. Let's say I have a reputation that's worth some amount of money as a businessman, let's say $15,000. So what does that mean? It means that because of my reputation, people trust me. And so I have an opportunity to get better business dealings that would presumably be $15,000 more profitable than if I was just some random anonymous person.

So what does this actually give me? It also means that I have this sort of strange social asset. And if I do something to lose that reputation, let's say I get into a business dealing with someone and I cheat them, then I lose it. So if I enter a business reputation relationship with someone because I have this reputation, I have the incentive not to cheat them. I have the incentive to act honestly. And they know that. And so they're willing to trust me with up to $15,000 more.

So next one. So here's an interesting puzzle. Does kidnapping people reduce your reputation? Seems obvious. Well, let's actually economically analyze it. Suppose that it is. So let's say you do kidnap. Let's say I have a reputation, it's worth $20,000. And let's say society has a rule that if you kidnap people, your reputation drops by $10,000. It's obviously an incredibly crude approximation. But, hey, this is game theory land. We have to approximate everything into numbers somehow.

So let's say that happens, okay, I kidnap. My reputation drops by $10,000. I have less reputation left to lose. So that means that I now have the incentive to cheat in any case that I have an opportunity to get away with somewhere in between 10 and $20,000. Other people know that. So therefore other people realize that I'm not trustworthy with any kind of business dealings in that range. And so I'm going to be able to get less business relationships out of this reputation. And so it's worth less. Everything all neatly fits together.

Now suppose that we have a rule that kidnapping people is perfectly okay. In that case it doesn't reduce your reputation at all. So, okay, I kidnap someone, my reputation is still worth the exact same amount. And so I still have the exact same reputation. Other people have the incentive to trust me in the exact same context. And so everything is exactly as it was before. Both of these two situations are surprisingly as it is, are equally economically valid. That's the issue.

And here's the more fun part. It's also equally economically valid to have a rule that says it reduces your reputation to kidnap people on Tuesdays but not on Thursdays. It's also economically valid to say it reduces your reputation to keep your business open on Saturdays, but not on Monday to Friday. See where that example comes from. It's exactly how Jerusalem works.

So next step. So here we move on to the next topic. This is a very interesting island called Yap, somewhere around the Philippines. And on the island of Yap, they use these stones of rai as currency. So you might think, okay, people are using rocks as currency. So they must be just trading rocks, storing them privately in their inch measured chests. No, that's not how it works. Here's the problem. These rocks are something like between 2 and 10 meters tall. You can't really move them around. The stones always stay in the exact same place.

So how does ownership change? The answer is ownership changes just based on collective agreement. If village A wants to trade with village B, then village A agrees to transfer ownership of this particular rai stone. Everyone knows that the transaction took place, and so everyone knows that the ownership changed. So therefore the ownership changed.

Here's some interesting properties of this particular mechanism. At one point there was actually a tribe that managed to bring one of these rai stones over from another island. But unfortunately the boat collapsed in the middle of the trip and the rai stone got dropped to the bottom of the ocean. So here's the thing. The rai stone is at the bottom of the ocean. People still knew that it existed. Therefore people were still using that rai stone as if it was valuable. People were still trading it. People were still recording the ownership of this rai stone and it still had a value just like all the other stones.

Case study number two. Germans at some point invaded and at first they wanted the locals basically to help them build roads. At first the locals said, hey, why do I want to build a road for you? Reasonable question to ask, right? I mean, if I were to ask you to build a road for me right now, would you do it? Okay, fine. Yeah. So could you, like, build one going over here? Yeah.

So then the Germans decided, okay, we have to do something about this. And so they settled on an expedient. They decided that the Germans would go to all these rai stones and they would mark all of them with an X. Guess what? All the locals got really scared. And the locals finally submitted and they cooperated. The Germans sent other people out, cleaned the X's off of the stones and all was good. Interesting, isn't it? So the people valued the sanctity of the monetary system so highly, but they allowed it to be used against them as a vehicle for exploitation. Theoretically, these Yap residents could have easily just cleaned the X's off themselves. And yet they didn't. This shows you the power of consensus mechanisms.

Next slide. So another interesting study in this whole area is moving back to this concept of trust and reputation. So this is something called a hawala network. It's a pretty popular informal mechanism of international money transfer. So here's how it works. A hawala network consists of basically individuals called hawaladars, each of them located in some particular city. Each hawaladar has a credit relationship with some certain set of other hawaladars. Now not every hawaladar knows every other hawaladar. It's a network. It's a distributed network. Some of them are three or four hubs apart. There's a concept called six degrees of separation, where in theory any two people in the world that are connected at all, with the exception of completely insulated tribes, are at most six hops apart. Hawala network is probably even more tightly linked.

So let's say I'm in New Delhi and I want to transfer money to my friend in Amsterdam and I want to use a hawala network. Let's say it's $5. Here's what I do. First of all, I go to some hawaladar in Delhi. And I tell him, hey, can you help me move money over to Amsterdam? So the guy in Delhi does some research and he says, oh, look, I have another hawaladar I know in Calcutta. Let me ask him. Oh, the one in Calcutta turns out to know some other hawaladar in Berlin. And then that hawaladar in Berlin happens to know someone in Amsterdam.

So here's what happens. Suppose that before, first of all, the customer sends to the hawaladar in New Delhi $5. Then the hawaladar in Delhi says, okay, before, I owed you the hawaladar in Calcutta $5. Since I'm transferring you $5, I now owe you nothing. One in Calcutta says, okay, hawaladar in Bombay, you owed me $5. Now you don't owe me $5 anymore. That gets cancelled. And finally, the hawaladar in Berlin, in Amsterdam. Guess what? You no longer owe me $3. I now owe you $2. And so with these sort of multiple debt transfers, what happens is, if you look at the whole state of the system and you add everything up, what happens is ultimately it's that the one in New Delhi lost $5 and the hawaladar in Amsterdam gained $5. And then the hawaladar in Amsterdam would presumably allow the guy's friend in Amsterdam to take $5 out minus whatever fee. So the idea is that you use this sort of credit network to move money around the world without ever actually moving money. So just the fact that you can move money around the world without moving money should tell you something about what the nature of money really is.

Next slide. So this is where we get to the somewhat more technical background behind this concept of Bitcoin cryptography. Cryptocurrency, really, the thing that started it all is this concept of public key cryptography. So public key cryptography, you know, we all know the concept of RSA. Basically, modular exponentiation is easy, but inverting the process is hard unless you know how to factorize a particular number. So you take two large prime numbers, P and Q, those are your secret key, but then you multiply them together, and that's your public key. You can publish the public key out to the world, and people can use the public key to encrypt messages that only you can decrypt.

So what's the benefit of that? Well, basically, it's pretty obvious. You publish your public key. Anyone can send you encrypted stuff that you can decrypt without you having ever have had any kind of prior communication. The other interesting application of that is actually signing. So signing. The general idea here is to use the exact same cryptography. I publish a public key, I can sign a message with a private key and that produces a number called a digital signature. And you can take the number, the message and the public key, and you can actually use that and see that that's a proof that I'm the one that actually sent that particular message.

So then after that, that was the 1970s. In the 1980s, we had this concept of ecash. So David Chaum created this really clever protocol called blind signing. So the idea of blind signing is that you have this function called blinding. And the idea is that if I have a number, I can blind the number, pass the blinded number over to some entity. The entity can sign the blinded number, I can unblind the number and the signature and I get the signed number. So the entity was able to sign a number without even knowing what it was signing.

What's the point of that? Well, anonymous electronic cash. So here's the protocol. If I want to create a banknote, I basically generate a random number. I blind it, I send it off to the bank. The bank signs the number in exchange for a $1 fee and it sends me the signed number back. Now I unblind the number, I have the signed number. Now what do I do with it? I just send it to someone. Say I want to buy an apple from you. I send this number to you, you give me the apple. Then if you want to redeem your dollar, all you do is you just show the unblinded signed number to the bank. The bank checks if it signed the number before. If it did, then okay, the bank gives you $1 back minus a fee.

So the benefit of this is that you have this financial system that allows for pretty much total privacy, including privacy against the central bank that's running the system. So, if you haven't heard of this before, this may even seem impossible. You have a centralized system where you also have total privacy against the only central party. What's the problem with the system? There's a central bank.

So 1980s came along, 1990s came along. A lot of these protocols never really took off because there was a need to have this sort of central entity overseeing the whole thing. And the infrastructure requirements, some of the legal requirements around that, unfortunately made the whole thing really impractical until eventually highly secure payment systems like PayPal and credit cards took over. And that's pretty much all that we've had instead, all the way up until Bitcoin came along.

But then before that, there are a few other concepts that we need to talk about as well. So there's this idea of smart contracts. So we talked about this before somewhat. So a normal contract is I agree to pay you $300 if you do task X. If you do X and I don't pay you $300, then what are you going to do? You're going to go and complain to the legal system, and the legal system is going to hire the men to hit you with a club, which are funded by taxes, which are themselves funded by the threat of being clubbed and so forth. But you get the idea. We all know how legal systems work.

So smart contract is a bit of a different approach. It says I put $300 into a magic box and this magic box will automatically send the money out if you perform task X. If you don't perform task X, then it won't send the money out. So in theory, the smart contract is not going to be necessarily controlled by anyone. It's not going to be controlled by me, by you. Ultimately it would just sort of sit there and the whole thing would just process automatically.

So one of the interesting projects we actually had at the Hackathon, there was a guy who, a team really that was trying to basically create a house with locks that were automatically tied to an Ethereum contract. And the idea there would be is that if you want to rent out your house for a week, all you would do is you would send a message to the Ethereum contract that says, okay, for the next week, this private key is allowed to open the doors. And then that would happen and it would automatically give that particular person the right to open the doors, do everything with the house for exactly one week, and then at the end it would immediately expire. All completely automated. No need for human involvement.

So ideally, task X, whatever you do, would be a sort of cryptographically provable thing. So for example, something like cracking the password to a hard drive or solving some difficult mathematical problem. The sort of thing you can actually have a computer evaluate to see was task done or not. Often enough, however, that's not really possible. So for something like an employment contract or something like consumer merchant scenario, sending a product, you can't really automate figuring out whether or not a certain task was completed. And in that context, human intervention is still required. You do need some kind of a legal system.

But the promise that smart contracts can possibly bring is basically this idea of opening it up to a market. So in a system like PayPal, for example, there's this concept of chargebacks, where if a consumer is unhappy with a product and thinks that the merchant defrauded them, then the consumer can ask to get the money back, and the merchant can contest that. And if the merchant contests, there's an arbitration process. But PayPal, the money transmitter and PayPal, the arbitration service are bundled together. With this concept of smart contracts, the promise is, what if we can unbundle them? What if we can separate out this concept of infrastructure and this concept of the arbitrator?

So another important thing then in the 1990s there was this other concept of rules engines. So this is just a centralized system that was used internally in companies. It could be used by something like Amazon. It could be used by some business involved in any kind of product shipping. And the idea is you have software that automatically implements certain rules. And that software would basically check, is this condition met? Is that condition met? Did the customer pay and was the product produced, and is it time to do this procedure? If so, then ship the product. It would send a command, the command would process automatically. That was sort of the idea. So it's sort of like a very similar idea to this concept of smart contracts, where you can sort of plug in generic code, generic rules, and the rules would just sort of automatically execute themselves. But the thing is, is that all these rules executing themselves, it was still dependent on the rules being encoded in some kind of physical property.

So another important thing is here we get to somewhat a bit closer to Bitcoin itself. So we talk a lot about this Byzantine consensus problem. So the idea is, how can some number of nodes that don't necessarily trust each other figure out basically come to a consensus on some particular value. So originally it was called the Byzantine Generals problem because there were Byzantine generals involved. And the question was, should we retreat or should we attack? So there are two possible messages.

Well, as it turns out, if there are three generals, then the problem is unsolvable. So here's the basic proof. So suppose that the one that initiates the process, we can call them the commander. And the commander could be honest. If the commander is honest, then the commander is going to provide two equivalent messages to the other two people. So those two messages, let's say in this case they're both attack. One of the lieutenants is dishonest. So the dishonest lieutenant is going to reply back with a message to Lieutenant 1 saying retreat.

Here's the second scenario. The commander is dishonest. Commander is dishonest. Commander wants to screw the whole thing up. So the commander is going to tell one to attack, the other one to retreat. Obviously if half the army attacks, they're going to lose. And then once you beat the first half of the army, then you charge ahead, you beat the second half of the army and you're done. So in this particular case, attack, retreat. Lieutenant 2 is honest. And so Lieutenant 2 just repeats the message. Retreat.

Now notice what happens in these two particular cases. Case one, Lieutenant 1 here sees attack from the commander, retreat from Lieutenant 2. Case two, the lieutenant here sees attack from the Commander, retreat from Lieutenant 2. There is no way for the lieutenant to tell the difference between these two cases. So in this environment we're calling oral messages, messages that are sent from A to B without any kind of authentication, there is no way to solve the Byzantine fault tolerance problem if the number of traitors is at least a third of the total number of participants.

However, once you're allowed to introduce signed messages, so using cryptographic digital signatures, the problem becomes trivial. That's actually an important point and something that we'll get back to. So, next ingredient. This concept of JavaScript. So basically, you know, before JavaScript, this is, if you look at the early Internet, we had just HTML. HTML is a protocol with lots of features. You can do paragraphs, you can do italics, you can do buttons, you can do radio buttons, you can do forms that automatically submit, all these different features. But then, so you can do a whole bunch of stuff, but there's still a limit of the number of things that you can do. 43 features, you can do 43 different things, 46 features, you can do 46 different things, and so forth.

So what Brendan Eich came up with is let's have a programming language on the Internet. Instead of having lots of features, in practice all the lots of features are still there alongside the lots of features. Let's have a generic programming language inside the Internet where that programming language allows people to just write whatever they want. Whatever kind of feature you want, you just write it in your programming language and it processes automatically. Thanks to that, we have Gmail, we have Facebook, we have Bitcoin wallets on top of the Internet. So it's thanks to this concept of Turing complete programming language that we really have this basically responsible for the Internet as it stands today being so powerful. It's generalization.

Next one. So next one is this concept of hashcash invented back in 1996. So this was a system that's used originally intended to make sending email, to basically fight spam. If you want to send an email, then what you would have to do is you would have to solve this sort of cryptographic puzzle. You have to find a number such that the hash of the message plus a number has certain properties. And the idea is that the hash is a sort of pseudo random function. It's a function that returns pretty much random outputs for any distinct inputs. And so there's no way to sort of try to intelligently figure out how to solve. The only way to solve the problem is literally to just keep on trying different numbers until one works. So let's say the condition is that the value of H of M plus X has to start with 10 zeros, or let's say nine zeros. Then you obviously have to try a billion times until on average until you find a valid answer. But checking a valid answer requires checking one hash. It's hard to do, easy to verify.

Next we've got Wei Dai's b-money in 1998, really the first attempt at a decentralized form of money. Relies on solving computational puzzles in order to get monetary units. Problem is it doesn't really have a good consensus algorithm.

Next in 2005, Nick Szabo's secure property registries. This is actually the first attempt at using consensus to do something other than just the currency. So the idea here is let's have a trans political property registry. Let's have a property registry that just sits there that just sort of exists in a cloud and will continue to survive and be hyper resilient. And he actually came up with a lot of ideas around that. He came up with this really complicated system. It had all the big legal concepts in it. It had this concept of adverse possession. It had the concept of Georgian land tax, it had the concept of homesteading. It supported just about everything. But unfortunately it was never implemented because it didn't have a consensus framework.

Next slide. So now we get to finally Bitcoin. So Bitcoin, the idea behind Bitcoin is that Bitcoin was actually sort of two things at once. It was simultaneously a monetary system and a consensus protocol. So monetary system is actually best described as a state transition system. So this is a somewhat unconventional formulation for describing Bitcoin, but actually if you look for this particular circumstance, it's pretty much the correct one.

So the idea here is that in general, you can think of an accounting ledger in a bank as a state transition system. You have a state, that state consists of all the balances. Alice has $50, Bob has $50, Shirley has $70 and so forth. A transaction would be Alice sends $20 to Bob. Then you would have a transition function that says, okay, if the original balance was Alice 50, Bob 50, Alice sent 20 to Bob, then the new state is going to be that Alice has $30 and Bob has $70. All of it. See, all money actually is. See, we think of money as being some kind of physical commodity. In reality, money is just an arbitrary, is basically just an arbitrary state transition function. All it is is a database backed with this rule that the only way to increase the number beside one account is to equally decrease the number beside another account.

So Bitcoin implements it in a somewhat different way. It says here you have a bunch of coins. Each coin has an owner determined as defined by a public key. And it also has a denomination. How do you make a transaction? So transaction is basically contains references to coins that are already in the state. And it also contains alongside each of these input coins, it also has a signature, standard cryptographic digital signature. It's a way of cryptographically proving that basically you own the private key and that you authorize the transaction to spend that particular coin in that way. So a transaction is allowed to spend a certain number of inputs and it's allowed to create outputs. And then the way this state transition function works is if all the signatures are valid, then it takes the inputs out and it adds the outputs in.

So then there's this rule of transaction validity. When is a transaction valid? So three conditions. First of all, each input has to have its valid signature signed by its owner. Second, each input has to actually exist. Third, the total denomination of the inputs has to be at least the total denomination of the outputs. These might sound like arbitrary crazy computer science-y rules. They're actually pretty obvious. Rule 1 in plain English means you can't steal other people's money. Rule 2 in plain English means you can't create money out of thin air. And Rule 3 is just plain old conservation of value. That's all money really is.

So then the other part of Bitcoin is this concept of a blockchain. So before we were talking about the Byzantine Generals problem and we were talking about how there were two versions of the problem. One version of the problem was using this concept of oral messages where there are no signatures. Each agent directly talks to each other, but there's no sort of way of passing around a proof that a particular message was made. Then there's the version of signed messages. Everyone's allowed to sign messages. That version is trivial and well.

So first version, maximum one third traitors. Second version, almost everyone can be a traitor. But there's also this one in the middle where the idea is, instead of having messages that are signed, where the signature of a message represents your identity, why not use proof of work? So proof of work is really a digital signature that says that you possess a certain amount of computational power. So it's a thing that's sort of in the middle. It's in the middle between no signing, between no verification and total verification. No verification is you don't know what's going on. Signing is you know that the message is signed by this particular person. Proof of work is you know that this message was signed by somebody with at least a certain amount of power. So in this middle ground, as it turns out, the Byzantine Generals problem has this elegant solution where the number of traitors can be maximum a half of the network.

So how does the Bitcoin blockchain work? Basically take transactions and then you have the entities called miners. Miners basically keep on trying to package these transactions in a block and they try and solve one of these proof of work problems, try and crack one of these mathematical puzzles and attach it to the block. These mathematical puzzles are incredibly hard. On average it takes about 50 billion billion attempts for the whole network in order to solve one. Bitcoin network has gotten so powerful that one of these problems gets cracked every 10 minutes.

So the idea is every 10 minutes a new block gets created. That block contains a whole bunch of transactions. Each block also contains a reference to the previous block. So it's a chain of blocks, each block coming right after the other. So the question is, what's. So here we have a consensus architecture. You have this chain of blocks and these blocks are both hard to create. So attackers can't just come in and make a huge number of blocks and try and break the system. And there's also enough very nice and discrete units that everyone can easily reach consensus on.

Next slide. But then the question is obviously, so first of all, how do we know that this. We have to prove that this blockchain architecture is incentive compatible. We have to prove that it actually, how do we know that everyone's going to be honest at all? Right, so first of all, the rule in it is a block is valid if every transaction is valid, the proof of work is valid, and we know exactly what it means for a transaction to be valid. I was talking about that in the section on the state transition function. Then also the transaction points to a block that is also valid.

Next slide. So, interesting thing about that. It was a recursive rule. For a block to be valid, it had to point to a block that's already valid. It's a recursive definition. Maybe we want to enforce the recursive definition with a recursive punishment system. Here's the thing. Miners in the system have three ways to cheat. One way is they include an invalid transaction, giving themselves lots of bitcoins out of nowhere. Another approach is they just don't bother with proof of work. They don't bother spending all these expensive computations on solving mathematical puzzles. They just push out a random block that doesn't really, that just packages up transactions. And the third option is they mine on top of another invalid block.

So here's the interesting thing. Question is, why would miners not do any of this? The answer is if they do, then their block is going to get rejected by the network. It's going to get considered invalid. Why would other miners. But the thing is, okay, you have that other miners are not going to mine on your block if your block is invalid. But you have to justify that. Why are other miners not going to mine on your block that's invalid. And the answer is if you mine on a block that's invalid, then your block is also considered invalid by the exact same rule. And so other miners are not going to mine on top of your block. Why would other miners do that? Because if they mine on top of your block, then they're creating a block that's invalid. And so other miners are not going to mine on top of theirs. It's an infinitely recursive punishment system. The exact same math that makes tax funded police work and that makes social ostracism work also makes Bitcoin work. Interesting.

So here as we get to this concept of cryptocurrency 2.0. Cryptocurrency 2.0. We've all been talking about this, it's been a big buzzword. Basically the idea is how do we use Bitcoin to do more than just money? So the answer is that basically ultimately you have to think about what the problem that Bitcoin really solves. The problem that Bitcoin basically solves is this. Why does a monetary system need consensus at all? Why can't you just back the whole thing with public key cryptography? You know how much money people are authorizing. Why can't you just take all the transactions, add them all up?

Here's the problem. Suppose that I have, let's say $5 million. I take those $5 million and I give them to you in exchange for a private jet. I take those same $5 million and then I send the transaction giving them to someone else in exchange for say three houses somewhere in San Francisco. I say 5 million. Something like $5 million. And I might send them to a charity and I might send them to my grandfather. I'll just send them around to everyone. Multiply my money by a factor of 100. Yay, everyone's rich, nobody gets to be poor again. So obviously that's also going to collapse the economy.

So the problem with, so how do you deal with that problem? The thing is, if I send $5 million to you and then to someone else at the same time, the transaction that happened first is going to succeed, the transaction that happened second is going to fail. And the problem is you can't intrinsically look at a transaction and sort of cryptographically figure out when it was created. It's just fundamentally impossible. And so in order to solve that problem, you need to have this sort of distributed consensus system in order to agree on the order in which transactions took place. Hey, you can't send the transaction because this other transaction already got included in total. That's how Bitcoin works. It's a first to file system.

First to file system. What else can we use them for? Domain name registration. So domain name registration, basically if I want to register a website, if I want to register ethereum.org, what do I, well, okay, I registered it, let's say now, okay, hey, it's a very valuable domain. How about you register ethereum.org as well? Guess what? Your attempt to register ethereum.org is going to fail. Why is it going to fail? Because domain registration is a first to file system. First one to file gets it, everyone else doesn't. Hmm, maybe if it's the exact same problem that Bitcoin's been having and there's this magic blockchain based decentralized consensus algorithm which solves that problem. What if we take this magic decentralized blockchain based consensus algorithm and apply it to this other problem as well?

Eh, too hard. Came up with the name anyway 2010, now it's gotten up to a market cap of about $80 million. So the idea here is that Namecoin is also a state transition function, except here it's a bit more complicated. In Bitcoin the state only contains coins. In Namecoin the state contains coins and it also contains all of the domains that already got registered. So in Namecoin, in normal DNS if you would register .com, .org, .net, and in Namecoin you register .bit. So send a transaction. So transactions, they don't just move money around. Transactions can also register. And if you register then your domain gets into a new state. Pretty simple.

Next step. So then later on when we had Bitcoin, people have been trying to think about hey, what if we could do more complex stuff on top of Bitcoin, what if you could do something like have multiple currencies on top of Bitcoin. Bitcoin, let's do decentralized exchange on top of Bitcoin. Let's do financial contracts. So people invented protocols like Mastercoin, like Counterparty and let's try to have lots of new features inside of them.

So how these new features work, so how metacoins work? Basically the idea is that you have this sort of meta protocol where the idea is that every metacoin transaction is simultaneously also a valid Bitcoin transaction. But yet that metacoin transaction also has another meaning that exists only in the context of its alternative state transition function. So the idea is that you have the Bitcoin state transition function, you have state, transaction, state prime, same as before, but at the same time all of the users of the metacoin protocol also keep track of this other state called the metastate. And in that metastate you have accounts. Here we have Alice with 45 Mastercoin, 190 Sweetcoins, then you have Bob with 600 Mastercoins, 875 Sweetcoins. And then there's an order where Alice wants to sell her Mastercoin for Sweetcoins. So then Bob creates a transaction, he signs it, but that transaction also contains in its data field a message to fill that particular order. The order gets filled, both of the Mastercoins move from Alice to Bob, the Sweetcoins move from Bob to Alice, all automated. So how does this happen? Basically because there's this metastate. Now the metastate never actually exists anywhere. The only place where it exists is in the minds or rather on the hard drives of the nodes that care about that particular meta protocol.

Except now here's this other interesting system called Ripple. So Ripple is, here is basically how it works. You have people in the system, everyone in the system can have credit relationships with other people in the system. Not everyone has a credit relationship to everyone else. I might trust Richard with some amount of money, but I might not trust some random person in China. However, if I want to send some money to some random person in China, there's probably going to be some chain of people where each of us have a credit line with each other. So if I wanted to send $10 off to my friend in China, the way that it works is that I would send $10, where by sending $10 it really means I would cancel a debt. Or we would agree that the debt changed by $10 and then my friend would do the same with his friend and his friend would do the same with his friend and so forth. Ripple is just a mechanism for automating this.

So as it turns out, Ripple is building on an old idea. It was around in this concept of hawala networks. Now however, hawala networks have been digitized and coupled with a decentralized consensus algorithm. Magic. So the advantage of Ripple is that with Ripple you can store any currency on the blockchain if someone is willing to act as a backer. So one of the big problems with Bitcoin so far is its volatility. It's gone up from 1 to 32 to 2 to 266 to 65 to 1200. Did it go to the moon yet? Yeah, it's getting there. So most people don't really want to deal with that. They would prefer to just have plain old dollars but still be able to use this sort of hyper efficient financial system in order to transfer them. So you just send them over on the Ripple network and then the way you do that is you have some entity that you basically represent those dollars on the blockchain basically as debt.

Next slide. So the idea with all of these protocols is that the thing that really joins them all together, Bitcoin, Namecoin, metacoins, Ripple, is that ultimately they're all different state transition functions. And so people were thinking of all these different protocols that have lots of different features. And ultimately the idea behind Ethereum basically is, well, instead of having a protocol with like 50 different features on it, how about let's do the exact same thing that Brendan Eich did when he created JavaScript. Let's create a protocol that has a programming language and you can write whatever features you want in that language.

So sounds like a radical idea. It's really not. JavaScript's had it for 19 years now. Your personal computer has had it for 40 years. Nothing new. So here's how the state transition system works. So here's a transaction, it's from one account, the 14CF, going to BB75. An Ethereum transaction also contains a value. A value is basically the amount of currency that you send and it can also contain data fields and obviously has a signature.

So the way the state transition function works is first of all the value moves from sender to the receiver. That's pretty obvious. That's how financial systems work. Then every account has the option to include some amount of code and the code. And the idea is that when every time an account with code gets a transaction sent to it, the code activates and the code can do whatever it wants to. So the code can manipulate its own internal state. The code can even send transactions by itself. And in this case the code is simple. You also notice that every account also has internal storage. So the storage is just sort of an internal database for every account that's independent of the main, or well, that exists together with the main database.

So the idea is okay, here you have this database and what the code says is take the first item in the data as an index. If the first item in the data is not yet taken, then put in the second item in the data. So you notice before it was 0, 2, 3, 5, 2, 3, 5, 0, Alice. Now 2, Charlie. 2 hasn't been taken yet, so let's replace the 0 with Charlie and there we go. It's all written in code. So two lines of code basically that replaces Namecoin. Now it's obviously not a complete implementation of Namecoin. A really complete implementation of Namecoin will also, it'll let you transfer domains, it will let you sell them, it will let you register them with a fee and so forth. But the general principle is there.

So that's really what Ethereum is. People talk about Cryptocurrency 2.0 being like the Internet of Value. We're not the Internet of Value. Ripple is the Internet of Value. We're an arbitrary processor for state transition functions. Got that?

So, next slide. So the way Ethereum works is basically that you have this, is that the state is stored in this big tree. And the interesting thing about the tree structure is that you can, even though every block stores the entire state at the same time, the tree structure actually automatically deduplicates all the data. So you notice in this particular block only that one tiny value at the bottom right got changed from 27 to 45. But really, so what you're doing is, but the thing is that most of the data actually remains unchanged. So what happens is, and so how the system deals with that is, well, it doesn't copy over the data, it just points to the same data twice. The only time it copies over the data is when the data got actually changed. So you notice here, only one branch of the tree gets stored in this particular block. So that is basically the reason why Ethereum scalability doesn't completely break in 30 minutes. Now Ethereum scalability still breaks about as quickly as Bitcoin scalability breaks. That's the problem that we are dealing with. And I have actually an entire presentation on hard problems in cryptocurrency that you can watch about that.

So next slide. So the idea with Ethereum is that, okay, we have this completely abstract system that solves the decentralized consensus problem. We have a completely abstract solution to this concept of first to file system. And so the question is, well, okay, you can implement. So you have this concept of contracts. You have these accounts that have code, the code runs every time you send transactions to them. What can you use that for?

Well, name registration, Namecoin. All a Namecoin is, it's a database that says, okay, if this hasn't been registered yet, you send a transaction to register it, then you registered it. Done. Then sub currency. So as we talked about, a currency is a database with the rule that you're allowed to increase the value at account Y by X only if you decrease the amount of value at some other account by X. And you're also authorized to send the money from account Y. So that's just math. If you can implement the math in code, you can create your own currency inside of Ethereum as a subcontract.

Decentralized exchange. So this is where we get into smart contracts. So smart contracts, we'll remember, these automatic boxes that automatically send you $300 if you do something. Well, Ethereum contracts automatically execute and perform certain computations if you send transactions to them. Guess what? We have smart contracts now. You can employ people to solve mathematical puzzles and pay them in ether. And the whole thing is trust free. Anyone want to do that right now? Perfect.

Okay, so hedging, that's another interesting application. So the interesting thing is that with Ripple you can send, you can have US dollars on the blockchain. And the way that you do that is you rely on a trusted issuer. As it turns out with financial derivatives, it's actually possible to create a currency on top of Ethereum whose price tracks the US dollar. And without requiring any kind of central issuer, without requiring any physical backer, all you need is just a data feed to tell you what the price is.

And the way it works is financial derivatives market. You have, you create a contract that says I put some amount of cryptocurrency in. Then after 30 days I get the same. Let's say that that amount of cryptocurrency is worth $500 and then some other counterparty is going to put in cryptocurrency as well, after 30 days I get cryptocurrency back equal to the same amount as measured in US dollars and the speculator gets back the rest. So I put in $500 worth of cryptocurrency, I get back $500 worth after 30 days. The speculator basically gets 2x leverage. So if the value of Ether goes up by 10%, then he benefits by 10% and he also benefits by even more because I actually get less Ether back and he gets more. So there's benefits to both sides of the equation here.

So then there's this concept of decentralized Dropbox where you can basically automatically pay anyone in the world per hour to act as basically store a backup of your file. And you can do this in a sort of completely trust free way where the contract itself automatically verifies and automatically makes sure that people are storing your file. So this might be actually one of the first viable applications of Ethereum. Basically we have Dropbox. Now Dropbox is pretty expensive. So what if you can take Dropbox and you turn it into this decentralized system where you can let anyone store your file, you let anyone rent out your hard disk space and earn money per gigabyte hour. Sharing economy for the computing world.

So now here's a really interesting part of all of what smart contracts really are. This is something that we're calling fact of law. So the idea here is that decentralized consensus systems let us create these sort of cryptographic environments that contain assets with sort of inherent emergent value. So bitcoins, they don't have any kind of links to the outside world. Bitcoins are just bits. And yet each one of these bitcoins is worth $420. So now cryptographic systems have a lever into the real world through these sort of emergent assets.

So what does that mean? Theoretically, it means that in some circumstances we can do certain actions, we can reward people for doing things, we can enforce laws, we can subsidize things without actually requiring any kind of real world activity. So let's say I want to subsidize scientific research. Here's what I do. I define a currency. So I create a currency such that people automatically get 100 units if they participate in some particular project that would be classified as scientific research. So there's something called Primecoin, for example. It automatically sends people, automatically gives you money for free if you discover a certain class of chain of prime numbers. So where does that money come from? It's coming out of nowhere. No one has to explicitly pay anyone in order to do these prime number computations. And yet the money just sort of comes out of nowhere and you receive it anyway.

Next slide. So the idea here is that ultimately there have been, in general there are. One of the main problems in economics is what we're calling the public goods problem. If there is some good that benefits a lot of people, but only benefits each individual person very slightly, then it's a very good thing if that was funded. But there's not enough incentive for each individual person to go out and fund it. So far, the only, so in a pure market, the problem isn't really solvable.

However, if there are large organizations, let's say some large company, Google, a government, anything that's got enough people behind it, if an organization is large enough, then it can absorb enough of the benefit from the public good in order to have the incentive to fund it. That's been the only solution to this particular problem so far. And public goods are really a really large part of goods in society. If you talk about scientific research, a whole bunch of open source software, a whole bunch of things on the Internet, everything on Wikipedia, really, anything that you can't restrict people, anything that's like information, it's free to copy, free to share, once it's out there, it benefits everyone, falls into this category.

So interesting thing about currencies is that with currencies we have this mechanism that allows you to reward certain behavior without any specific person needing to explicitly pay anyone. So you can just create a currency and you can pay people out in that currency. And all you need is to convince people to accept it, at least in some fashion. And in that way, if you can do that, then you've sort of created money out of nowhere. Now obviously the value comes out of somewhere. The value comes out of the social acceptance that this particular currency has. So in a sense, it's almost a sort of really interesting democratic, sort of new democratic sort of economic paradigm.

Now, once again, interesting thing is this is not new at all. I was talking before about reputation and I talked about how reputation sort of functions somewhat like a currency. You get more of it, you get less of it. And the interesting thing is there are no economic laws that constrain under what circumstances reputation can be gained or lost. It's pretty much entirely under the control of society to determine under which circumstances reputation goes up and when it goes down. So this is, it's ultimately the exact same principle. The principle that emergent value can come out of social consensus and that we can leverage this value to provide public goods.

Now, so can this stuff be applied in practice? So open source software, this is actually a specific area that can actually really benefit from this particular area of inquiry. So in general, there's been two approaches to having a software company. One approach is you make your software proprietary, you license it, you charge people to use it, you cripple the software, you install ads, you start taking people's information, handing people's information over to the NSA, selling it to the Chinese government, which maybe sells it to the NSA, we don't know. And buy Oculus Rift for $2 billion, get even more money out of that, probably put ads everywhere.

Other approach is, okay, we're going to be a nice good guy company. We're going to open source everything. Yay. Happiness. Free software for all. Oh, where's my revenue? Okay, I'm a consultant now. $3,000. Okay. $4,000. Okay. Yeah. So there's a reason why Red Hat isn't as big as Microsoft or Apple, even though Linux is even more popular than both of them in the server world.

So those are the two old approaches. Here's a new approach. Release an open source ecosystem that contains emergent network assets. That's what Bitcoin is. It's an open source ecosystem. It's an open source protocol that allows you to efficiently transfer money around the world. But it's also got an internal asset, the bitcoin, that you can use, and that automatically gains a sort of emergent value as the value of the Bitcoin network goes up. So the benefit is you earn lots. If you can build something like this, you can earn lots of money, but nobody has to explicitly pay you. Not with money, not with private information. The value just sort of comes out of the network.

Here's an interesting idea. What if you wanted to build a decentralized Twitter? Here's how you can fund it. On Twitter you have to, in order for you to have an account, you have to have a name. In order to refer to people, they have to have names. So what if you create this decentralized Twitter, combine it with a Namecoin, preferably a Namecoin on top of Ethereum, please. And what you do is you fund your Twitter by selling off all of the one to four letter names. And people are people, they like one letter names. Cowork.com sold for I don't know how many million. Just imagine if a decentralized Twitter really took off, became the next big thing. How much would you pay for having an account with the letter Q or even say E? Would anyone here pay more than $1,000 for the letter E on Twitter as their name? $2,000. There we go. So you got at least $52,000, presumably once you add over all the 26 letters.

So the idea here is basically the old paradigm was do you do open source and earn very little money? Or do you do cripple-ware and earn decent amounts of money? The new paradigm is do you release a new blockchain with new assets? Do you release a platform with new assets? Do we create Ethereum with Ether that we're creating ourselves? Would we create our own Namecoin. If you're building a decentralized Twitter, would you create your own Namecoin or would you use the Namecoin that already exists?

So the dichotomy here is basically there is the approach of using assets that already exist. That's the approach that's going to earn you less money. But it maybe has some select benefits in terms of standardization or you can make something that's somewhat more proprietary and earn more money. But in this dichotomy you notice the whole thing massively shifted in favor of open source. In both of these paradigms you're still open sourcing everything. The only difference is are you creating your own assets or are you using existing ones? Much better trade off for us I should think.

Finally, actually, so here's the other interesting. So in Ethereum one of the other things that we're really focusing on is we're focusing on ease of use. So one of the announcements here that I'd like to make is we just recently released a whole bunch of changes to the Ethereum protocol. We just added a proof of concept four of our code. I got the Python code working just over the last like literally three or four days, staying up past midnight, which I do very, very rarely. And I got the newest and I renamed our high level language to Serpent.

So why did I call it Serpent? Because it's basically Python. So basically the idea is that in this programming language you can use to basically write Ethereum contracts to write code onto the Ethereum network that self executes. So this thing over here is, it's a currency. You can literally see it in the code. From sender, to, value are data fields. If the storage contains an account from at least value, then subtract value from that account and add value to the other account. It's a currency. So the idea here is it includes a whole bunch of convenience features. Make your own currency in 10 lines of code. Like literally like five hours after I pushed the tutorial onto GitHub, someone created a replacement for Kickstarter in 30 lines of code. This thing's pretty powerful.

So, next slide. So really what we're trying to build here, I can actually think we can really explain with the case study of gambling. So in 2006 making a gambling site was really hard. You have to have your own website, you have to have your own VPS, you have to get your own domain name, you have to get a merchant account, handle money, handle security, etc. And what do you get out of that? Well, here's the benefit, here's what you get out of it. You can cheat. You can load the dice in your favor as an operator of a gambling site and consumers have no way of knowing that you're doing it. So the market was pretty horrible for everyone.

2012, Satoshi Dice, Bitcoin. Bitcoin replaced all the complexities of a financial system. In Satoshi Dice, Bitcoin serves as the database, it serves as the payment system, it serves as most of the security system. You still need to have a website, you still need to have a server, but you really need very little aside from that. And what does the consumer get? Provably fair gambling. So Satoshi Dice runs, determines the results of all their games according to a deterministic algorithm. And at the end of every day they actually release the secret keys for that day. So after the day you can actually verify that all of the games were done legitimately. So if Satoshi Dice cheats, they get caught.

2014, you can clone Satoshi Dice or any gambling site and run it as an Ethereum contract. 20 to 50 lines of Serpent code, zero infrastructure requirement, no server, no VPS, no domain name, no nothing. Write a contract, push it onto the blockchain, put the address on Reddit, anyone can use it. It's there forever. And benefit. Not only is it provably fair in the sense that you get caught if you cheat, you can't cheat. It's a smart contract. It self executes automatically.

So ultimately what we're really striving for here is zero infrastructure, ease of use. Anyone should be able to write just about any kind of contract without any kind of restrictions. Ultimately, in 10 years time I'd like to see 8 year olds building their own financial systems.

So actually, next slide. Yeah, next actually we're done. So in general, one of the points that I would like to make here is that all these technologies that we've been working with, we've been working with currencies, name registrations, smart contracts, all of these ideas that are ultimately sort of these emergent assets that exist only because of social consensus. None of these ideas are new. They've all existed for a long, long time. They've all existed in some kind of informal context all the way since back in the good old days of cavemen clubbing each other to death and socially ostracizing each other. Hopefully it's socially ostracizing each other. It's a bit more humane, don't you think?

However, the exact same rules are now in play once again in all these systems. But the interesting thing is that if you look at the last few centuries, we've moved into a much more centralized paradigm. We're moving into more centralized law enforcement. We're moving to centralized corporations, centralized financial systems. And a large part of the reason of why that happened is because we moved from a high information society to a low information society, from a rural society where everyone knows everyone else and groups are small enough that informal consensus can work on a human level into these anonymous city environments where you don't really know anyone at all.

Now, in the past four years, the pendulum has been shifting. We've been moving away from a world where manufacturing is getting easier and easier into a world where the predominant factor is like communication is getting easier and easier. And it's becoming easier and easier to create these kinds of architectures and allow anyone to talk to anyone in the world that allow decentralized networks to come into consensus pretty much at very low cost.

And the interesting thing is that a lot of these sort of older paradigms, a lot of these paradigms that are ultimately based on consensus systems, that are based on people basically creating these sort of emergent assets that only have value because they see that they have value, people that are creating rules that don't need any kind of enforcement on their own because the rules just exist. You just define a currency, whether it's a sort of pseudo currency like reputation or something else that you get, or you get more of it by following the rules, all these different systems are becoming much more viable again. And it's this rapid increase in communications efficiency that's making it all possible.

So the question is, how much of all this is utopian craziness? How much of this is just completely impractical ideas that are all that are eventually going to get shot down, get banned, get banned by FinCEN and People's Bank of China, and people are just going to forget about it once the bubble inevitably pops and so forth. And how much of it is actually going to turn into reality? How much of these different protocols are going to turn into something that we end up using and relying on every day? I don't know. Let's work together and find out. While you're answering questions, do you mind putting up the slide that was just before this one that you spun over?

[1:12:29] SPEAKER_01: Would it be possible to write a self replicating Ethereum smart contract?

[1:12:32] SPEAKER_00: It would have to figure out where to pay the fees from. It would have to find some way of getting money to keep on replicating itself. That's actually one of the interesting ideas that people have been having. This idea of a sort of decentralized autonomous company, sort of like a robot that provides services, gains resources and keeps on multiplying itself. It's theoretically possible, but you need to figure out a business model.

[1:12:56] SPEAKER_01: I was thinking more in terms of a DDoS attack or a virus or something.

[1:13:00] SPEAKER_00: Well no, because if it's just a virus and it benefits nobody, then it's impossible because you would have to keep on getting fees to get the. You would have to keep on paying computation fees and eventually just run out of money.

[1:13:12] SPEAKER_01: And in the current implementation of Serpent, could you write an encrypted contract whose purpose isn't really clear?

[1:13:19] SPEAKER_00: Code obfuscation in general is a very, very hard problem. But you notice the researchers just recently came out with a way, really the first practical way of doing that, six months ago. It's still impractical. It's got a billion factor slowdown. So it's a technology that will become possible eventually, but it'll take time.

[1:13:42] SPEAKER_01: Do you see that as becoming a problem potentially in the future?

[1:13:46] SPEAKER_00: It's an interesting technology. I'm sure it'll have its applications. I really don't know.

[1:13:50] SPEAKER_01: Can you give me a bit of color on your rationale behind the 29.4% premine?

[1:13:57] SPEAKER_00: 29, yeah.

[1:13:58] SPEAKER_01: So I downloaded the white paper and reread it on the plane right here. And notice that the reserve, which is essentially a premine that you'll distribute yourselves is 29 point…

[1:14:12] SPEAKER_00: Okay, so in terms of those statistics basically. So it's not really correct to say that we're distributing it to ourselves. The rules did change a bit and the slice is actually going, is decreasing substantially. But the idea is in terms of the issuance model, there's some slice of Ether that's going to people who buy it, there's a slice that's ever growing that goes to miners and there's some slice that's going to be distributed centrally by the organization. That slice is going to be distributed at some, some of it's already been distributed, some of it will be distributed soon, some of it will be later. So the precise mathematical, the precise statistics on that will clarify over the next week or so.

[1:14:51] SPEAKER_01: Do you guys have any concerns about, I mean, if that's high and the current value on the white paper is obviously quite high, it's much higher than other coins where there was premine and that was considered a Ponzi scheme. And then that undermined the value of the coin. Like for example, Ripple, which dropped considerably.

[1:15:12] SPEAKER_00: Ripple is a very different case because Ripple, they issued 100% of the currency units to themselves and then they are maintaining full control over how they're going to distribute them. That's really the big problem here. Like for us, our level of control over the Ether, over the Ethereum ecosystem is going to be extremely limited.

[1:15:32] SPEAKER_01: Sure. But I mean, if the group is interested in making a lot of money on it, then wouldn't it make sense to follow the rule that you put up there about not being able to get a coin without proof of work? And then if somebody wants to get rich in it, then they should start mining right away as soon as it comes out. And actually that contributes to the system, would it not?

[1:15:56] SPEAKER_00: Well, so more in line with…

[1:16:00] SPEAKER_01: I guess the ethic of cryptocurrency.

[1:16:03] SPEAKER_00: So mining contributes to the system, but it's only mining. It contributes to the system up to a certain point. Right. It's only one of the many kinds of work that are needed to make Ethereum or any crypto system really work. The other big thing that you need is development. And I think a big problem that we recognize in Bitcoin is the fact that nobody's really paying for development. It's also something you've seen with OpenSSL, the Heartbleed bug. It's a volunteer project. The guys were getting like $2,000 of donations a year. So we feel that it's important to have an issuing system that benefits all kinds of work. And that means not just miners, but also initial contributors, early and late purchasers, all sorts of different groups.

[1:16:44] SPEAKER_01: Sure. But then, wouldn't the crowdfund go towards that development cost?

[1:16:51] SPEAKER_00: Right.

[1:16:52] SPEAKER_01: I thought that was the idea behind the crowdfund. Yes, then it's the crowdfund plus the premine.

[1:16:58] SPEAKER_00: So something. A lot of people want to be paid in Ether before the currency launches. So we feel that we have to have some mechanism of meeting that desire.

[1:17:10] SPEAKER_01: Sure. But is there a conversation going around in your group about the potential to undermine the value of Ethereum if that premine is just too high?

[1:17:21] SPEAKER_00: It's really not high at all. Like it's basically equivalent.

[1:17:25] SPEAKER_01: 29.4% is not high.

[1:17:27] SPEAKER_00: So 29.4% is a bit inaccurate because our currency supply is pretty much infinitely growing as well. So the size of this slice is just going to decrease over time. And we've also even got a time lock, so we can only spend a limited amount per month.

[1:17:44] SPEAKER_01: Well, I mean, I hope it's a debate that the community continues to develop. I think I speak for a lot of people in saying that we're all tremendously excited and it's a wonderful innovation and obviously congratulations to your group on that. But then at the same time, especially in the early going, you don't want to undermine the integrity of the currency. We'll fight short trying to compensate a small group too quickly and then you attract the ire of miners, which could create a 51% attack or attract the ire of the community. At the end of the day, the cryptocurrency community has had success because of its egalitarian ethics.

[1:18:32] SPEAKER_00: The thing that you have to understand about that particular ideology is that in general, I think in the whole Bitcoin space there is definitely a lot of this sort of libertarian open source sentiment where the desire is to have sort of systems that are technically fair in a sense that there's no privileged parties that are getting some amount. But the other thing you have to understand is that even if a system is technically fair, that doesn't mean that it's actually fair. So in the context of Bitcoin, almost nobody here had a chance to be part of Bitcoin before 2011. And yet at the start of 2011 a quarter of the bitcoins that will ever exist are already gone.

So the thing is that if you say, if you create a currency where the only way to obtain it is to mine it, all you're doing is you're just privileging. Privileging only the people that. We'll list the questions. In the time we got some people lined up there.

[1:19:27] SPEAKER_01: I just got some quick questions about the technical detail. I'm developing myself, software engineering background. So I'm really interested in the types of configuration because I'm really familiar with like saying Hadoop, doing some big data processing. And I'm also kind of curious about Serpent. If you could address those two things, I think that'd be great.

[1:19:46] SPEAKER_00: Address what exactly?

[1:19:47] SPEAKER_01: Well, first of all, Serpent, you mentioned that before. Is that your own domain specific language?

[1:19:52] SPEAKER_00: Yes.

[1:19:53] SPEAKER_01: And if so, what types of, like you mentioned computation and everything. What does that facilitate between the Ethereum…

[1:20:01] SPEAKER_00: Serpent allows you to write pretty much arbitrary Ethereum contracts that do anything. So they can manipulate the internal storage, they can send transactions, they can create other contracts.

[1:20:13] SPEAKER_01: Right. Okay. And are you going to be like releasing a complete SDK that's still in development?

[1:20:19] SPEAKER_00: Yes, that's still in development, coming soon.

[1:20:22] SPEAKER_01: So in order to develop for the system you have to learn like a new programming paradigm completely or is it very much like Python?

[1:20:29] SPEAKER_00: It's very similar to Python, yes. That's why we call it…

[1:20:34] SPEAKER_01: A lot of people might be familiar with scientific computing, NumPy and Python.

[1:20:38] SPEAKER_00: What we're trying to do is make the whole thing as friendly as possible to people who aren't familiar with anything. It's literally if the storage at the same index is this, then do that.

[1:20:49] SPEAKER_01: I see. Yeah, it'd be great if you put a lot of examples up and demos. I'd love it.

[1:20:55] SPEAKER_00: Yeah, just blog.ethereum.org. We got a tutorial on how to do all this sort of stuff.

[1:21:02] SPEAKER_01: Hi there. Once mining begins, what's going to be the ideal platform to mine with and how long until it evolves into GPUs and ASICs?

[1:21:12] SPEAKER_00: Well, we are trying very hard to create a mining algorithm that will basically stay ASIC resistant forever. So we have some ideas around how to do that. We're basically thinking of proofs of work that involve processing arbitrary contracts. So the benefit of that obviously is that if the proof of work requires arbitrary computation, you by definition can't make a specialized computer for it because it's a general purpose processing. So that's. So we're thinking, we're trying to basically make ASICs not worth it in general. I think we'll probably see a CPU and GPU balance of some kind.

[1:21:51] SPEAKER_02: I have two questions. The one's kind of a follow up of the other guy's question about the Serpent contract language. I guess if it's very similar to Python. I'm assuming you submit this contract, which is Serpent script, to Ethereum somehow.

[1:22:11] SPEAKER_00: So not like you compile a script into a VM code and then you submit the VM code to the…

[1:22:17] SPEAKER_02: Okay, so I can write a Python script that will run for like weeks doing some really useful mathematical analysis of some scientific thing I'm researching and say I just put that into a Serpent script and submit it to Ethereum and do some small transaction that just kind of triggers it to fire up. What kind of censors those kind of abuses of the system. For someone trying to just take your network and use it for some other useful computational power that they might want to.

[1:22:58] SPEAKER_00: Okay, so every computational step in the Ethereum system requires a transaction fee. So if you try and make a script that runs for weeks, it's going to go bankrupt pretty much immediately.

[1:23:10] SPEAKER_02: Okay. Second question, which is completely unrelated. You discussed how Bitcoin has its proof of work and state transition function, which is basically the currency. And I guess with Bitcoin the transaction fee is basically derived from that state function itself, pretty much. But with Ethereum, which has an unlimited number of contracts, how do you choose what type of contract the transaction fee is returned to the miners as.

[1:23:46] SPEAKER_00: So the rule is that the transaction fee is attached to the transaction, the transaction fee entitles the transaction to take some number of computational steps. So the part where the fee is paid to the miner is sort of outside of the contract system. That very much happens before.

[1:24:02] SPEAKER_02: Okay.

[1:24:08] SPEAKER_00: What's your opinion regarding the proof of stake? So it just seems like since you guys have miners, the Ether supply would be constantly diluted. Would there be any advantages to just having the people using their contracts? Well, whatever contract is being run requires Ether, correct?

Yes.

Okay, so would it make sense that only the people that are actually using the contract or making a contract using up, so the user would be paying for it and not diluting the total money, the Ether supply? Basically, yeah.

So we have been looking at proof of stake. Like if you saw in my blog, I created Slasher, the proof of stake algorithm, which I think still surprisingly might be one of the best PoS algorithms around. Although I think some mathematicians in Israel are coming up with something better around now. So we are happily watching it, looking at that. We might end up incorporating a proof of stake component. We might not. We'll see.

So I have a question. Assuming that each computation requires a certain amount of Ether to process, how do you pay up front if you don't know how many computations that you're going to need in order to arrive at an answer? You don't always know exactly how many computations you would need.

So the general process would be is that if I'm sending a transaction, I would first process the transaction locally. I would see how many steps that takes. I would add a safety margin or publish without.

Thank you very much, Vitalik. If you like my channel please hit the like button and be sure to subscribe. I also have a Patreon account and wanted to give a special shout out to all the awesome people there and a huge thank you to the sponsors of the show for making these videos possible. Thanks so much for watching.