This is the second part of a blog post. To read the first part, please click here.
Q: We actually have a couple of submissions on future outlook. I’m going to read off this. What do you think is the next big thing in the crypto space, outside of your own roadmap? For example, let’s say Hashgraph? And related to that, after scalability and sustainability, which do you think will be the next challenge? And what do you think will be your next big ticket, either in the crypto space outside of your current projects, such as Hashgraph?
Charles: I think the magic is that there are a lot of concepts that have been sitting on the academic shelf for 25, 30 years, or emerging trends that we’re seeing in hardware or software that can now be dragged into the cryptocurrency space. I’ll give three examples: one is multi-party computation; two is trusted hardware; and three is a lot of PL (programming language) concepts. So in terms of multi-party computation, these protocols or the concept of multi-party computation have been known about since the 1980s, but only recently have the protocols become efficient enough to run on consumer hardware. So, for example, let’s look at poker, that’s kind of the canonical example. This is a perfect example of something that you probably don’t want to run in an Ethereum-style virtual machine. You’re not talking about poker games with 100,000 players; you’re talking about poker games with five players, 10 players, 15 players, so you don’t have a very large set of people. And, really, what do you care about in poker? That people can cheat, and that at the end of the game I’m going to get my winnings and losses. That’s basically it. And you don’t particularly care if that data gets committed to the blockchain. Why should it be there? It’s a game. We’re using blockchain as a broker and a payment system, so we’re using it to find each other and to make sure that we get paid, but outside of that, what I really care about is I played the game. I don’t particularly care about the metadata, or if I do, there’s a way of capturing it that’s far more efficient. So if you look at the Ethereum-style solutions, they say, ‘Oh well, who cares? We’re still going to write it as a smart contract and all the same, your poker game, even though you’re only playing with five people, is the business of every single person on the entire network and competes for resources with every single person.’ So I think there are much more intelligent ways of doing things off-chain, and multi-party computation provides an avenue for that, so we’re exploring it. But then, there are also projects like Enigma, out of MIT Media Lab that are exploring these ideas as well. And so I’m really excited to see the intersection of MPC (multiparty computation) and blockchain, and I think you can do a lot of cool things, not just poker but things like decentralised exchange or even general-purpose computation.
Trusted hardware is really cool too because it’s the closest thing we have to magic. And I think it’s the only way we have for offline, off-chain payments. So let’s say you live in Africa. I was just in Rwanda and I was just before that in Ethiopia, and it would be really crazy for me to go around Addis Ababa and say, ‘I’m going to solve all your problems with my magic internet money which requires you to be online all the time to use, when you don’t even have a stable internet connection.’ They’ll just look at me like, ‘Okay, crazy white person. Go away.’ So the reality is that it would be nice to be able to have a trusted enclave that you can store the private key within that enclave so that you get certain guarantees like the balance associated with that key is correct, you haven’t double spent it, and when you transact it, you can move the private key from one enclave to the other and then get a proof that it was destroyed on the enclave that you had. Now, if you can do this – and trusted hardware can potentially allow you to do this – then you can transact offline. Because what I can do is just walk over to someone who has a cellphone or a hardware device and tap it with my hardware device, and, basically, we just move the private key from one device to the other device and transmit over a proof of destruction, and suddenly, they’ve just got paid. Now, from the blockchain’s perspective, no transaction has happened. It’s basically like staying the same; nobody knows that you’ve swapped the private key. But from the person who’s received that perspective, they’ve just been paid as if I’ve handed them $20. And none of this had to sync, it’s just all offline. So that’s really exciting me because that extends cryptocurrencies into an environment that they’re not meant for and allows us to do things in the maximal privacy because you don’t even know if your transaction’s happened, that’s the most private way of doing a transaction, and there are all kinds of things you can think about. You can even extend that to an offline ATM, for example. So if you can pay people offline, why can’t you have an ATM that’s offline and it can dispense cash and so forth? So trusted hardware, I think, is pretty magical, and there’s a lot of other things you can do with that. But we have a lab that is looking at these things, and there are companies like Rivetz, for example, and Intel’s involved with a protocol called Sawtooth, which is associated with the Hyperledger project, and the range of solutions from IOT (internet of things) all the way down to attestation of data and so forth. So that’s exciting to me.
And then in terms of PL concepts, and Duncan can probably elaborate better than I can on this, but what excites me the most is this idea of making formal specification sexy. There are some projects historically that have had huge impacts, but they’ve been extremely time consuming and incredibly expensive. Like seL4, for example, which was a microkernel that was verified. I think it took like 10 years or something like that?
Duncan: Not quite that much, but it was a lot larger.
Charles: It was like five years, or a big chunk of time, and then millions of dollars were spent on it. So when you talk about formal verification software, you tend to have this vision that you’re Nasa or you’re SpaceX or you’re Boeing and you have massive budgets and thousands of engineers, and you have horizons of time that almost any rational person wouldn’t invest in normal consumer software, like five years, 10 years, 15 years and so forth. If you look at the smart contract, the smart contract is a small piece of code. Of all canonical examples you’ll be able to pull in Solidity, they’re not very large, they’re like several hundred lines of code, and they have usually pretty well-defined business requirements backing smart contract. So you can have a reasonable discussion about the semantic gap between what you intended on doing and what you actually ended up doing. So this is probably the perfect example of where you’d want to use some form of formal specification approach and verification approach to verify correctness. The other thing is there is high assurance in that if you get them wrong, hundreds of millions to billions of dollars can be lost, and also, you kind of have a very well-defined environment that these things happen to be executing in, so it’s like the perfect storm for formal specification and verification. So I’m very excited about where we can take older techniques, modernise them and drag them into our space in a lightweight way.
Duncan: And if we’re successful, that not just having everybody write Solidity programs, then we can start with smart contract languages which are amenable to formal analysis because they’re designed with it in mind, based on proper PL research rather than just Solidity, which was accidentally designed.
Charles: Right. And also, what’s nice is that competition is really brewing in this space. Tezos, for example, with Michelson, and I think it’s Liquidity is the name of the language there, and they’re definitely pushing hard. Simplicity is another language that’s being developed by Blockstream, by proper PL expert Russell O’Connor. And there are other examples in the spaces, end protocol is one, using concepts from F. There was an attempt to port Idris to run on Ethereum, and there’s been some formal verification work that’s occurring around Ethereum, particularly by a guy named Yoichi Hirai using Lem and a few other things. So there’s definitely some effort that’s been put into this, and that’s really exciting. If you study PL, these techniques tend to be on the fringe, and they tend to be isolated, small groups that work on these things, and nobody pays much attention to them, and when they do, they usually roll their own solution and it’s proprietary in-house or it’s for a particular project, and then you move on after it’s done. The fact that we’re now trying to take specification verification concepts and bring them into the mainstream and make them accessible to everyday programmers is a really new concept, and that’s really exciting, and I think it bodes incredibly well for software correctness. And I’m really excited about where that can go. So those are the three things: multi-party computation, trusted hardware, and PL stuff.
In terms of things like Hashgraph, you asked about that, there’s a lot of hype, guys, about DAGs (directed acyclic graphs) and hype about 10,000 transactions or 100,000 transactions per second, and my opinion is, most of this stuff is junk, either because it’s been deployed in a very unrealistic environment or because it doesn’t have a proper trade-off profile or because the protocol was designed without any Byzantine resistance or… you know, you have Byzantine actors or the protocol fails. And I’m very sceptical. There are some real protocols that do shard and have great performances, like, for example, OmniLedger is one and Thunderella is another, and these are protocols built within the academic world by academics, based on protocols that are already proven, or at least have some peer review behind them. So without a doubt, such things can exist, but usually when it’s happening with things like IOTA, which is based on a technology called Tangle or Hashgraph, is you see a wave of hype come along. The ICO comes, pots of money get raised, and then people psychologically buy into it, and no one really bothers to check if what they’ve implemented is right or wrong. The other thing is, you don’t really need to build a system where one chain runs 100,000 or 200,000 transactions per second; to be frank, you’re doing it wrong. Because even if you have that raw processing power, how do you move all that data? You need a network player to do that. And second, where do you store all that? If your security model is everybody has a copy of the blockchain and you’re running 100,000 or 200,000 transactions per second, how big do you think your blockchain is going to be in a year? And so, yeah, Google can store it, or the NSA (US National Security Agency) can store it; pick which one you want. It’s either California or (inaudible), you know, which facility you want your blockchain in. But you necessarily federate the network when you demand this type of performance.
So to me, it makes a lot more sense to have a multi-layered model where you have lots of sidechains. You have overlay protocols, things like payments channels or state channels, and you try to keep your transaction rate within a reasonable envelope. What I am excited about though is the notion of data sharding. I’d like to see ways of breaking up a blockchain and storing it like you would a torrent or storing it like you would a decentralised database. And there are some projects like Siacoin and Filecoin and others that are incredibly well funded, and they have real computer scientists behind them. In fact, Sia, for example, their core paper was given the best paper award at the Eurocrypt conference. They beat our paper; I was pretty upset about that. But that’s a high bar compared to where we were just two or three years ago with the first wave of those technologies, like Storage and MaidSafe. That’s my long-winded answer. Next question.
Q: I think it’s a shorter question. You guys are focusing on the development of the platform, obviously, and making it available for developers as soon as possible, but do you think it might be beneficial to team up maybe with some sort of a real world project to be implemented as a new test case, as a proof of concept, let’s say, of scalability of Cardano, and implementing that application as just basically a showcase?
Charles: Yeah. It’s kind of like we’re building the Xbox. So the question is, what’s our Halo?
Q: Yeah, exactly.
Charles: What are our games? What is the catalogue? So we do have a business development arm, and we also have a partner called Emurgo, which is a venture fund in Japan that seeks out projects to deploy on Cardano that will act as these proofs of concept. And we’ve had some degree of success. We haven’t been looking, but we’ve seen that there’s an overwhelming demand for pilots. I was just in Ethiopia and talking with the Ministry of Science and Technology, who we signed an MoU with, they have a very strong desire to do supply chain management on blockchain for coffee production. Now, this is a really big market. There are a million and a half farmers, there are massive amounts of stuff going on in those supply chains, so that would be a great stress test for the platform. But then, there’s an open question: what ought to run on the main network and what ought to run on a private permissioned ledger? Hyperledger exists for a reason, and IBM is not dumb. They created a really good product to service the needs of the enterprise. So part of Cardano’s remit is not just to look at what should run in a single universal environment that’s maximally decentralised, but ask, what can you deploy in a private setting? The canonical example I like to look at is the exchanges. So if you right now look at the way that exchanges handle tokens, basically, they have an address, you send your Bitcoin to that address or your Ether to that address and they have some sort of storage policy between hot wallets and cold wallets. They try to arrange it in just the right configuration, so even if the hot wallet’s compromised, the majority of funds stored there aren’t lost, which is fine but it’s not optimal. It would be much better if you used a sidechain transaction and you sent your token to a private ledger. Because you’re already trusting the exchange with your money, so you’re not really getting any extra security by being on the main network; you’re actually losing security because what you’re doing is saying to the exchange, ‘You can’t put in proprietary business logic to better protect my tokens.’ Like, for example, the ability to reverse transactions and so forth in the event that the system gets compromised.
So part of Cardano is to study the relationships between permissioned ledgers and permissionless ledgers and then find linkage points between these two things. So for high-stress applications, things that are … let’s say supply chain management in the coffee industry when you have a million farmers and hundreds of thousands of transactions every day and bloats and tons of data and IOT components putting sensor data on, it makes no sense in hell to run that thing on a big network and have it compete for resources with everybody else. It’s just not economically viable. It makes a lot more sense to just have the washing stations and the government and other people run consensus nodes and have a permissioned ledger there and then create some sort of linkage between the two systems. If anything, you hash the ledger regularly and store it on the main ledger; that can be an example of that. So you kind of have your cake and eat it too. You have a blockchain-esque environment, you get the timestamping, you get the automobility, you get the immutability and the record within the reason of decorum, but then you also get very low-cost operation and predictable performance of operation and a much easier time custom-tuning the ledger towards your business logic in your system. So we are looking for pilots like that, but we’re also looking for smart contracts to come on to our system, and when Plutus is fully available, we’ll be pushing like hell to get lots of people to come and do things. The advantage that we have, because we chose Haskell as our code basis, we kind of work with everybody in the Haskell space. I take it there’s like, what, four or five major Haskells that we don’t work with at this point. We work with Tweak and FP Complete, and Well-Typed and others. So we kind of know everybody there, and we have a very good brand footprint in the Haskell space. So once Plutus is available, there’s going to be probably a large group of Haskell developers who are curious to be able to write smart contracts in a language like Plutus. So that will create a wave of innovation.
We can also spark innovation by creating cohorts of people that are trained developers in our system. So we have an education arm, and we do classes. We did one in Athens, we did one in Barbados, and we’re soon doing one in Ethiopia. By the way, that class will be all-female developers; the government requested that. And we teach them Haskell and smart contracts. So once they learn these things, the target platform, they’ll write software for us on our system, and they’ll write lots of prototypes and so forth. So it’s a collection of these types of things. Some of the things you need to do to brand and showcase the system, but they don’t necessarily need to be run on the main network, they should be run on permissioned ledgers. Some things you do need to run on the main network, and you have to also have channels of them with which to attract developers to your system, and we have been pursuing that as a company, and our partners have also been pursuing that as a company. But it’s important to point out there’s overwhelming demand; there are lots of people who want to be doing things with us, and we have to tell them ‘no’ because we don’t have the capacity at the moment.
Q: I’m curious … this is kind of a fuzzy area, but what do you see as the role of cryptocurrency in society? Right now, there’s so much talk of ‘Lambo’ and ‘to the moon’, and a lot of what’s going on is purely speculative work. Are we going to have our grandmothers using this on a day-to-day basis? Is this going behind the scenes? What do you think?
Charles: Well remember, not too long ago the internet revolution was treated the same way. People were making fabulous amounts of money from vaporware products, and the market collapsed. But on the ashes of that, you got the Googles and the Facebooks and the YouTubes and so forth. So cryptocurrency technology, when you decompose it into its fundamental components, is a discussion about trust and coordination, identity, reputation, the representation of value and the movement of value. These are the core components of cryptocurrency technology. So if you look at society and markets, all of these things require an opinion on how these things ought to fit together. Now what ends up happening is, you look at the default configurations we have, almost always there is some sort of middle-men of necessity, not of desire. You don’t put Bob in charge, make him the gatekeeper, because you like Bob and he happened to have built the business around it, and because his business is operating well, it becomes a core component of the way the market structure works. A great example would be eBay. Nobody really likes eBay, but eBay is eBay, you kind of have to deal with them. So you need a marketplace, you need a reputation system, you need a way of organising your buyers and sellers, you need a payment system and so forth, and eBay happened to be the winner of that fight, now they have a monopoly and they just kind of run that. Similarly, with YouTube, there’s more than one person, sorry guys, that have some issues with YouTube and getting demonetised and so forth, and maybe you guys feel you’re doing a good job – some people don’t, but no matter what, YouTube’s YouTube, it’s just of scale. Uber’s another example of that.
So there are hundreds of these things that when you start really looking carefully, you notice, in the flow of money, in the flow of commerce, in the flow of insurance, in the flow of commodities in every facet of life. So what cryptocurrency tech is all about is saying, can we reinvent this marketplace where we can get rid of that central broker and directly connect the buyer and seller, allow them to somehow coordinate, somehow trust each other and have a successful commercial transaction? Now a lot goes into that. You need to have things like reputation, you need to have things like insurance, you need to have a payment system, you need to have a value stable currency, which we still don’t have, you need to have credit, you need to have the ability to do settlements that you don’t even have the full amount of money for – it’s called eventual settlement, where I’m going to pay you but I don’t have the money on hand to pay you quite yet. It happens quite a lot in the world. You need to have an invoicing system. You need to have lots of stuff. But just because we don’t have all the basic components doesn’t mean there’s no merit to the system. It’s just like with the internet, you needed to have the cookie, you needed to have the certificate, you needed to have the browser, you needed to have good web languages, you need to have high-speed internet to be able to get things quickly to people. Eventually, you needed to have mobile internet and so forth. But once these infrastructural components got put in, the internet got great and changed our lives. And so, I view cryptocurrencies much the same way.
Now there is the natural question to ask of where does the token fit in all of this? Because everything that I’ve mentioned doesn’t really require Bitcoin; it just requires protocols and rails and so forth. So what the token acts as is some sort of incentive mechanism for people to maintain these particular types of systems. It’s not necessarily what the instrument of value’s going to be. The token just decides who gets to be in control at the end of the day, especially in proof-of-stake systems; it’s very explicit in this respect. I think any of the proof-of-work systems are eventually going to die out because they’re not sustainable or competitive in the long haul, but on proof of stake the token’s about who gets the vote, who gets to decide who’s in control. And I think what’s going to end up happening is you’re going to have the liquification of value and the tokenization of value, and we’re going to converge to a universal wallet notion. So in life, you have lots of stores of value: you have commodities and you have stocks and you have bonds, you have real estate. I have a lot of airline miles; I’m saving up enough to buy a jet. I travel 200 days a year; I’ve been to 63 countries, so I’m a pretty tired guy. We have currencies, you have whatever, you have hundreds of these stores of value. Now, we tend not to look at them as the same thing. We tend to look at them as silos, right? My gold is not the same as my airline miles. Why is that? They’re just value, they’re just wealth, and you put them all together, that’s the portfolio of your wealth. So the capstone I think of where the cryptocurrency movement is going is to remove the walls between these tokens of value and give you ways of representing them that are interoperable with each other. So you can turn your gold into silver. You can turn your silver into currency, turn your currency into airline miles. And because all the payment systems are now programmable, thanks to you guys and many others, the merchant gets paid whatever the hell the merchant wants to get paid, now. So I can walk over to Starbucks, and I can have my house tokenized, and I can sell it. There’s a market maker that lives in between that, and I sell one-millionth of my home and I can buy that cup of coffee, somebody bought that from me and the merchant gets paid in dollars or pounds.
So that’s where I think this is all going, that it’s going to have this ecosystem of tokens that live. The tokens that are connected to the command and control of the protocols I think will survive because they become basically like a prediction market in the sense of the utility and value of that protocol to society. It’s almost as if you could tokenize BitTorrent or something like that and say, ‘Okay, here you go. This is the value of BitTorrent to society.’ And that’s one thing, but then you’re going to have tokenization of concepts, you’re going to have tokenization of stores of value. And that’s what you’re going to end up spending on the system. So those can be government-issued, they can be synthetic in that you somehow create a value-stable cryptocurrency, they’re called stable coins and they’re traded as if they’re dollars, even though they’re not issued by a government. They can represent loyalty, you can be selfish, like you can organise your labor as an engineer and say, ‘I can take 40 hours of pre-paid labor, and people can buy it on the open market.’ You can do all these types of things. That’s where we’re going, I think, with this entire system. And that’s really cool to have a single unified global market, you have a much finer-grained way of handling trust and coordination, having universal identity and reputation space, so people can get backed and get into the system. You can know how to do business with your counterparty in a safe way, and then to have value become liquified and fluid. Now, who’s going to win that fight? I have no idea. I’m betting on myself, you know, with my protocol, but I’m not insane enough to believe that we’ll probably universally win, nor should we. It should be diverse [inaudible].
Q: Great, Charles. Well, this has been very informative. Thank you so much for joining us at Google today and taking time out of your busy schedule.
Charles: Oh, one thing I forgot to mention, real quickly, we’re passing out these flyers. We don’t have them in your offices. Unfortunately, Richard hasn’t mastered teleportation yet.
Richard: We have a little meetup going on tomorrow – The Symphony of Blockchains that we mentioned to you. If any of you guys on the screens are coming to London tomorrow, we’d love you to come and join in if you’ve got free time tomorrow afternoon. Charles will be talking, Lars Brünjes as well on the delegation scheme, and we’ll also be showing some art. Free bar, so come and join us if you can.
Charles: And I want to explain real quickly that IOHK has a secret third division. So we’re an engineering company and a science company; we’re also a design company, and our head of our design office is right there. His name is Richard Wild. So it was really important to me that in addition to getting the science right and getting the engineering right that we actually find ways of representing and visualising what we’re doing. So it’s not just good enough to write code, the code has to be alive. You have to see it and be able to touch it. So our art department tries to visualise things. And so, we started with Bitcoin and we said, ‘How do we visualise a block explorer?’ So block explorer just tells you the history – what’s in this block and how many transactions were in it, how many fees were paid, etc. Wouldn’t it be so cool to put that into a three-dimensional, navigable art piece that’s on our website and eventually VR’d and you can walk through it and so forth? It makes it far more accessible to the general public because these concepts, as much as I happen to love them, are really boring. But if you have a piece of 3D art, then you can put that in a gallery and people can see this. And also, it gives you a visual way of representing things. Like, we asked a question of, what is a healthy network? Before Bitcoin Cash came, we had a big crisis in Bitcoin where every block was full, you had to wait hours for transactions to be able to confirm, sometimes days, fees were very high, it cost you $25 to buy a cup of coffee in some cases, so it’s not a very healthy state of affairs. So it would be nice to visualise that. You could just look at a blockchain and say, ‘Boy, it’s a red day. It’s not a good day. Normally we have green days, but, no, this is bad. Bitcoin’s not healthy right now.’ So it would be really cool to do that and allow people to be inspired and understand that.
Also, when we talk about concepts like IOTA or Hashgraph, which are directed acyclic graph-based structures versus a blockchain-based structure, how are they different, conceptually speaking? It’s one thing again to talk about the graph theory, it’s another thing to actually show people a picture or show people a model. And so, all the art we do is interactive. We use Three.js and WebGL and these types of things. So if you go to our website, you can see some of the art we’ve done, including the Symphony of Blockchains. And the event we’re having today is the first of its kind, and certainly not the last. And there are goals to build up a large portfolio of art. And eventually, we’re going to try and create incentive systems for the general public to be able to create these types of things and be able to make money from it and so forth. So you’re all welcome to come. Free beer and interesting people to meet.
Q: Great. Thanks a lot Charles.
The above is an edited transcript of the discussion at Google’s London offices on May 14, 2018.