Trustlessness Scalability And Directions In Security Models
Speakers: Matt Corallo
Transcript By: Bryan Bishop
Tags: Security, Scalability
Trustlessness, scalability and directions in security models
https://twitter.com/kanzure/status/1043397023846883329
… Is everyone awake? Sure. Jumping jacks. Wow, that’s bright. I am more idealistic than Eric. I am going to talk about utility and why people use bitcoin and let’s see how that goes.
Trustlessness is much better than decentralization. I want to talk about trustlessness. People use the word decentralization a lot and I find that to be kind of useless because decentralization is a means to an end. We use bitcoin because we don’t want to trust a third party, and decentralization is a fuzzy word but trustlessness you can assign some meaning to this. There was a piece on linkedin that was a history of ecash and where bitcoin came out of from the community in the 80s and 90s and it clearly birthed bitcoin. He talks a lot about various attempts at building ecash systems and why they all failed, and at the end of the day you had to trust someone. There’s a lot of different forms of that- trusting someone to continue to exist and stay in business, to not seize your coins or whatever. They all failed for those reasons. In Eric’s posting of the original satoshi announcement, you saw that you didn’t have to trust anyone. It was at least a two sentence blurb. Let’s talk about what forms this trustlessness takes in bitcoin. Why do people care about this and how do they use bitcoin?
It’s nice to think about digital gold vs payments argument; I think this is useless for evaluating cryptocurrency, but it’s interesting to loo kat that for what it implies for trusting or why you care about bitcoin. There’s a digital gold aspect of secure settlement where you want to only trust your own node, you want to verify the chain hopefully without inflation, and you get this nice property that you can run your own node and verify the rules and see on your own node the hashrate. You can see it and add it up, and calculate how much hashrate went into confirming these transactions. Maybe you wait a week, or a month, there’s various other issues with mining today. So you wait a while, you can accept transactions and say okay I know for sure without trusting anyone, a central bank, the fed, I don’t trust any of these people, or the government of Venezuela or whatever form that takes.
On the other hand, we have a payments view of trust where people are trying to avoid trusting Paypal, Visa, or someone more direct. So you are looking at bitcoin from the lense of wanting faster payments, you care about not necessarily waiting a week… where the entire modern financial system is built on the idea of coming together nad having trust around Visa or whatever. If Visa says you have paid a dollar then that’s the case. Some people might not want this- maybe you’re censored because you’re a marijuana grower in the US or various other places in the world… maybe you’re in a place where Visa doesn’t work or wherever it is. You want to be able to use bitcoin without necessarily trusting someone like that.
There’s this interesting concept that comes up. There’s this wonderful bitcoin system, hashrate you can see, you can see transactions coming through. But is that enough? Ultimately, people like to use bitcoin for more than just “well I can see a transaction and if it confirms that’s great”- they care about not being censored, about censorship resistance and getting their transactions through hopefully without trusting anyone else. Where do we get this property from?
This is where the decentralization ubzzword comes in. I refer to the concept of consensus-group distribution.. It’s useful to talk about consensus group distribution because it applies not just to proof-of-work and proof-of-stake but other systems. Your system has people putting transactions into blocks. At bitcoin, we have an attempt at consensus group distribution with hashrate and hopefully it’s decentralized and it’s really not today– that’s a huge open question; can we build a system that is in the long-term censorship resistant? It’s unclear. There have been othe rattempts like proof-of-stake and it turns out that stake and wealth has always been incredibly centralized throughout human history. There are also other untested proposals. Bitcoin is still very experimental, as well. Can we build this censorship resistant system that people want?
Also, this comes back to community norms. Why does bitcoin today actually work and have censorship resistance if mining is so centralized? Turns out, that’s community norms. People use bitcoin for censorship resistance, and if miners started aggressively violating that, then bitcoin would have less value, and miners would have less value in their investment. There’s an expectation in the community and this has played a useful role in creaitng censorship resistance. I would argue this is only temporary. If you have the next generation of miners or government, eventually people are going to find pressure points and figure out how to violate censorship resistance and try to censor payments and transactions as government are want to do.
There’s an extension to this community norms concept– in bitcoin we talk about not wanting to trust anyone, but a clear violation of this is when the rules change out from undre you. This was the old 2x fork drama. Who should I have to trust to use bitcoin for the rules to change? I would argue bitcoin applied this new community norm and really grew out of it; this is where the fork happened. You had one part of the community that wanted different norms to change the rules more aggressively, and another part of the community that didn’t want to change rules without broad agreement. This has interestingly resulted in bitcoin being unique that there’s a norm that changes don’t get made easily. Because that is the expectation of bitcoin users, and people expect this to be a thing they rely on for them to continue using bitcoin; it becomes self-perpuating because the community expects it and you thus have this nice property where you don’t have to trust bitcoin for the rules. Other projects are more about the community and who is going to enforce these rules and enforce changes.
Who’s the tech guy in here?
What implications do these concepts of various types of not wanting to trust someone have on scalability and how we look to the future? Blockchains don’t scale. If anyone tells you that they have a blockchain that scales, they are lying to your face. They might be leaving out some tradeoffs they have made. There are a lot of different areas in this overarching concept of not trusting anyone that we can relax and get a more trust-centric system that is more highly scalable. These are all valid approaches, but they are not the approach that bitcoin takes.
We could give up on the decentralization of the consensus group. We could be Ripple or Paypal where there’s a single entity or a small federation that confirms transactions. Of course, you probalby give up some of your cnesorship resistance, and maybe you have programmable money. This is a valid approach. You can also experiment with other ones— proof-of-stake probably lands in this category where you have relatively centralized stake and you end up with a consensus group which is more centralized and maybe they can censor transactions more, or maybe you get other security guarantees. That’s fine, that’s a valid approach.
You could give up on hte concept of self-validation where you give up on everyone running a fully-validating node. Everyone could be a SPV client where they only do partial validation or only see some part of the network, and this encompasses a lot of things, like sidechains and other things and sharding and ohters also fall under this category. If you can only see part of the network, then things could go faster. Other things could be going on that are invalid or incorrect and this might come back to bite you later. You don’t have this digital gold use case anymore because something happening elsewhere– that attempt at not trusting others, well it goes out the window because something happened and now people are posting on reddit that hey don’t accept payments for the next week while we reorg the whole chain or whatever. Again, valid approach, but that’s not bitcoin.
You could also choose to build a centralized payment channel network, something the opposite of lightning network– something focused on centralization instead. You could build a bank. If someone only cares about bitcoin because they only care about not wanting to trust the Fed, then maybe they’re fine trusting coinbase.com and they should be able to use the cryptocurrency that is great for that purpose. It’s interesting, because other systems in the cryptocurrency space make decisions about this. Ethereum has been talking about building in sharding techniques at the base layer, giving up on self-validation as a tradeoff. They are building this for all their users; you’re required to use that trust model.
In bitcoin, we try to avoid making decisions for people. As a community, we have been encouraging people more to build systems on top of bitcoin that gives up some of the trustlessness. If a user wants to build a bank, then they can. If people want to build a sidechain on top, they can. But this doesn’t infect everyone else using the system. It’s not built in, it’s not baked in, it’s not required to force it on everyone else just because the developers or whatever have decided to try that.
What about the future of bitcoin? What does that mean for going forward? Each use-case has different trust models baked in. Encourage different trust tradeoffs for different use-cases. Many interoperable systems for different uses. If people want to use an ETF, then fine. Let them hedge. Reduce usability gaps for those with “stricter” trust models. Continue setting community precedent.
We have to describe how the trust model works to bitcoin users. We want them to pick the thing most optimal to them. This is a massive open challenge in the community of bitcoiners. We should find a way to build these different systems and allow users to use what they want.
We should also try to focus a little bit on the usability gaps between different trust models— centralized websites are going to be infinitely more user-friendly. We should try to reduce those differences when we can. Coinbase.com is always going to be more user friendly, and it’s always more user-friendly to have a trusted system than a completely trustless system. People who want to use bitcoin without trusting others should not be discouraged from doing so simply because the usability might be terrible. You can’t change the rules out from under me. You shouldn’t do that.