Adam Back, CEO of Blockstream, cryptographer and privacy advocate, inventor of Hashcash and cited in the Bitcoin whitepaper rejoins me on the show. We chat: 

• Regulatory environment for Bitcoin vs building
• ‘Crypto wars’ in the 90s
• Proof of Work
• Bitcoin privacy 
• Confidential Transactions in Liquid and for Bitcoin
• Trade offs involved
• Blockstream satellite base station
• Using bitcoin in cheaper ways

Previous episode:

• SLP 42 Adam Back, CEO Of Blockstream – Blockstream Satellite, Tim May, Bitcoin Privacy 

Sponsors: 

• Swan Bitcoin
• Hodl Hodl Lend
• Compass Mining
• Unchained Capital (code LIVERA)
• CypherSafe (code LIVERA)
• CoinKite.com (code LIVERA)

Stephan Livera links:

• Show notes and website
• Follow me on Twitter @stephanlivera
• Subscribe to the podcast
• Patreon @stephanlivera

Podcast Transcript:

Stephan Livera:

Adam, it’s a pleasure to get you back on the show.

Adam Back:

It’s great to be back. It’s been a while.

Stephan Livera:

Yeah, it has. There’s been a lot going on. I think there is the very pressing topic right now of this whole infrastructure bill. And I guess to put it into context, right? America’s population is, I don’t know, 330-350 million out of a population of 8 billion, but it does still impact what happens on the rest of the world. Given obviously America’s place in the world, wealth and all of these things. And I also noticed there is this interesting parallel with what was going on back in the nineties, in the crypto wars, so I’m wondering, do you see any parallels to that?

Adam Back:

Yeah, I mean America is a big market and I can’t pretend to understand American-Australian politics. They’re hard enough to understand local politics at times it seems like a messy process. I think mostly what we’d like them to do is to not mess it up, not create silly illogical rules that create a mess. So of course everybody has opinions on it, you know? So some people have a view that well. Just focus on technology. It doesn’t matter what they do and stuff like that. So I think there’s fundamentals that’s true, but at the same time, you don’t want them to create a mess because it will be time consuming for people to deal with or create a funny environment where some countries or some provinces within some countries are no go zones whenever nobody wants to provide business services.

Adam Back:

And that happened in New York with the BitLicence. So it’d be shame if he did something like that or create something this organized that doesn’t really make sense. And that presumably has to get worked out later in less tidy ways. So I think that’s why, you know, what CoinCenter has been seeing makes sense. I like the fact that one Senator put forward a a bill, which was what I was saying, like, why do you even need this? Can you just delete it? And he put forward an amendment to do that. So I was like, good, that’s the right answer. But the experts in US political lobbying at CoinCenter to think that would work like that won’t pass. And it doesn’t, it doesn’t make a lot of sense to me the whole thing, really, to be honest, but…

Stephan Livera:

Of course, yeah. And just context for listeners. So there is a current infrastructure bill draft, and it has a wording in the tax code at defining brokers to include quote unquote, any person who for consideration is responsible for regularly providing any service evacuating transfers of digital assets on behalf of another person end quote now that could be seen as overly broad, and maybe it captures in people who are not actually brokers. And so I think one of the pushbacks we’re seeing, or at least some of the commentary we’re seeing is oh, see Bitcoin people. You don’t want to pay your taxes and whatever, but really it’s not just, even if you set aside the tax part, it’s capturing people as brokers when really they are not brokers. And so that’s what some of this amendment is about and really trying to make it feasible for people to still operate in the Bitcoin world, whether that means they are running a lightning node or whether they are a Bitcoin developer, whether they are, let’s say operating a multisignature service like Unchained capital, or even like blockstream green. So, and I think you have commented in the past that maybe your view is a little more, like let’s try to keep innovating the technology and not focus as much on the politics. But I guess that’s also seen reflected in some of the Bitcoin community where some of them are saying, oh, screw them. Bitcoin is meant to be all about self sovereignty anyway. Right. so how do you sort of balance that?

Adam Back:

I mean, I’m on the write code, not laws don’t vote. It encourages them end of the spectrum, but I am practical. So I’m pleased that there are competent people lobbying for common sense in their circles. They do have some influence, of course it’s all a bit chaotic and random why actually happens. So that’s a bit disappointing for something of value to an economy, but what actually comes through is down to sort of random last minute haggling by some politicians who know there are some politicians who actually do understand and own Bitcoin, which is nice to see, but now there are many who don’t, who are lobbying, who don’t even understand what they’re lobbying for. And that is not a good recipe in general.

Stephan Livera:

Of course. And if we were to see the worst of it happen that this amendment passes through, or sorry that the this bill passes through it without some kind of amendment to give a carve out for certain Bitcoin companies, what’s your view on where companies might go, would they restructure, or would they perhaps go offshore to some other countries in the world to set up their services?

Adam Back:

They might, I mean, there’s certainly — the US is a more complicated zone to provide services. And I mean, Blockstream is a Canadian company with operations in other countries as well. And so in many of the market, operational entities, like exchanges and derivatives platforms and so on are not in the US and many of them won’t provide service to US residents, for example. So this is already a factor. So, and the number of some of the more advanced market services, like leveraged options and leveraged trading, some of the crypto lending markets are hard for US residents to get to but it’s a reason. So they’re sort of disadvantaged and I guess ultimately that sort of impacts the American economy.

Stephan Livera:

Yeah. And another angle is also the mining aspect. So I believe even the quote-unquote bad amendment, here does have a carve out for proof of work mining, but that I have seen some of the commentary from some of the politicians saying, oh, look, how much energy proof of work is using. Obviously I know you’ll have something to say about that also. So do you have any views on what that impact might be, or could we potentially see an ESG style attack and say, oh, look, see, we should use proof of stake because it doesn’t use as much, again, quotes, it doesn’t use it doesn’t waste as much energy as the quote unquote wasteful proof proof of work. What would you say do you see a risk there?

Adam Back:

I mean politics and any complicated nuanced topic don’t typically mix very well. And so the, there is certainly some potential to create, to create some logistical problems to clear up. But I mean, actually in terms of energy use there are lots of arguments to be had. I think that, for example we have an operation in the US and operation in Canada, in Quebec province of Canada. The Quebec province of Canada has the electrical grid is 99% renewable. It’s like 95% hydro 4% wind on 1% I guess other sources that are able to be spun up and down very quickly, which is probably gas or something like that. Let’s say it was like as green as it comes and effectively, and it’s 50% unused and it’s very hard to get access to it.

Adam Back:

And that was down to politics. That was election year. A lot of things got confused. There was a moratorium on power for mining. You know, that that province of Canada has enough, has more than enough unused hydro-power to power the entire Bitcoin network today, even today, years later. Right. So to see the government’s politicians have concerns about ESG while there’s a solution, right there, stop blocking access to green power. And it’s not costless because if you, if you don’t use power from a hydro dam, you just open the sluice gates and pour the water downstream, and it hits up the environment at the bottom of the dam and no, it’s a zero zero difference to the environment. And it basically forgoes billions of dollars of net revenue to this power grid owner, which is a government owned corporation.

Adam Back:

And so it loses money for the province. And of course, business flows around restrictions, right? It’s like the internet routes around damage, but coal mining is extremely survivable and will go wherever it needs to go. And so we certainly started to explain it more in the US and reaction to that. There are many other countries. So I actually, I mean, China is another one. So some people suspiciously commented well, the Chinese government have reduced the carbon footprint of Bitcoin mining by you know, pushing a number of miners, making it difficult for miners operate in China. And so they, they relocated, or some are in the process of relocating hash rates still down. But actually China is a good example, the country with enormous amounts of unused hydros. So particularly it depends on the season rainy season versus not, they also have coal in other places.

Adam Back:

So there’s some truth to that, but there’s suddenly a lot more unused hydro capacity in China now. So but that’s a mixed result I would say. And it’s people say that that’s good for decentralization, but I think you want actually a balance of mining and lots of different countries. So some mining in China is actually good because it balances out the biases of other countries. So you’d have to agree with a particular countries policies. You just want lots of countries that may or may not agree.

Stephan Livera:

And I think the other angle that could come in the future is even hypothetical. Now, of course, I believe we can make that argument say, Hey, look, look how much people are using renewable. Well, like you can make that argument, but I wonder in the future, there might be some ESG people will say, even if it was a hundred percent renewable, it’s still not good. And they might say, that’s why we should use proof of stake or some other mechanism. And of course, I guess the Bitcoiner answer to that would be something like, look, proof of work is actually how we achieve a decentralized consensus and make this an actual money that is not politically controlled. So that’s the whole point. So how would you come back to that sort of argument?

Adam Back:

I mean, it’s true and I’m very skeptical of the proof of stake actually works at the end of the day. Even if it does work, it’s not even if it somehow magically was made to work. I would say it’s undesirable because it has the same factors that go into political money, government money, which is there are people that are printed the money who I think going to hand it out and you have the Cantillon effects and people who are now have close ties with the committees that are in control of these things, get cheaper money, or get free money, or get money for being promoters. You know, then you get kind of special interests that can get fevers. Like if they lose money, they can undo it. If little, as people who are less influential or that have less context, they can’t.

Adam Back:

And so there’s basically like fiat, but instead of being run by world-class, [inaudible] economists run by some JavaScript developers basically with no prior economic trading, and I’m not sure that’s better actually at the end of the day. So I think proof stake is basically you know, a disguised centralized Federation, almost worse than a Federation because you can buy seats, right? You buy, you buy stake and you can get influence. So it’s kind of parental takeover. And like all of these things have been observed in the wild, I think, altcoins are kind of great for brute forcing all possible failure modes often with warnings of, Ooh, don’t do that. It will fail. And then they do it and it fails. But they’ve certainly proven empirically many things actually do fail in the way that people predict they will.

Adam Back:

So I think it’s another one of those, another argument about you know, with, with proof of work, I think it’s kind of like gold mining, right? So there’s a quite old satoshi quote from Bitcoin talk or somewhere that the world is a better place for having gold as a dependable apolitical money than without the expenditure to mine it. And another thing is that in the particular case of Bitcoin, it teaches people about saving and long-term thinking and about money and about Austrian economics. And so many people who would have previously been prone to spend all of their disposable income on gadgets and stuff become avid savers because they realize that if you can manage, you can save your money in something that has more than doubled every year for 10 years. That could be very economically interesting if it were to continue.

Adam Back:

And so they will stop spending. And so people think about money in a wrong way. They think that it comes from nowhere, but there’s always a foregone alternative in any expenditure, right? So the people that bought Bitcoin or mined Bitcoin, they gave up some other form of economic activity to do that. So given the average Western person’s spending power spending habits, which includes very little saving, I must say it involves a lot of credit card debt and consumer goods. So many of the consumer goods like basically made of plastic, they end up in a landfill within a few years, and that’s the alternative, right? So you’re saying, oh, Bitcoin mining or Bitcoin mining is significantly done with renewable energy because it’s the cheapest. And even if it were not, it’s still probably a net benefit for the environment, because all those there’s far less things that end up in landfills as a result of Bitcoin savers that would have been buying these things. So I think that’s interesting. And I think the long-term thinking is generally a good thing for many reasons, but including kind of evaluating the state of the planet for future generations, I mean, people are saving. They start to think about what happens, what happens to their money, what happens to their descendants, things like that, which people who are trapped in a kind of consumer rat race they’re focused on next week or next month, right. Or what they can spend next.

Stephan Livera:

Absolutely. And there’s so many social and cultural impacts of Fiat money. And as you rightly pointed out, we have to compare monetary standards overall. So what is the cost of a gold standard versus a Fiat standard versus a Bitcoin standard. And we have to look at that holistically. And I think people who only look narrowly at the energy, they don’t understand. And so that’s why I think we could argue, even if Bitcoin was a hundred percent fossil fuel mined, it would still be well well worth it. And that’s probably a part of how we have to explain it to some people, but for others, of course, we can explain to them all look, lots of renewable energy is being used.

Adam Back:

Right. I mean, I think another, another point, which so that’s where the proof of stake actually works. Like functionally typically the degrade into very inefficient, complicated proof of work. But the other disadvantages we talked about, but Paul Sztorc who has a background in academic game theory has has some interesting comments about it, which is that if you have a way to obtain money, logically people will be prepared to expand up to the value of the money to obtain it. So if a Bitcoin is worth $40,000, ultimately, including all of their costs and their projections, there’ll be willing to spend up to $40,000 per coin, mining it now today, cost of money coins, probably below 5,000. It’s very profitable for various reasons in this period. But that’s generally true for commodity economics, right? And so that being the case, it proof of stake system doesn’t save any money.

Adam Back:

It just means that that energy that incentive flows elsewhere. So in the same way that political monies or the petrodollar does, right? So it leads to wars, it leads to lobbying, it leads to bribery, the favoritism, accounting costs for reconciliation legal disputes. So basically the same amount of money is spent because you’re chasing, it’s chasing the same incentive, right. And it will, it’s just spent in like untidy inefficient ways, which waste human resources essentially. So I think that’s another reason like Bitcoin is extremely clean and tidy and provides some kind of mathematical avenue for people to expend their demand in. So that has a very predictable and tidy market where the other market is all full of insider advantage and lobbying and fraud of different kinds and so on.

Adam Back:

And so it’s not a good backdrop for economic growth. I think for economic growth, you want clean, dependable markets, Bitcoin does a much better job of giving that. So I think that of course the Bitcoin standard is a much more lofty thing than Bitcoin with physical gold, for example, or gold ETFs. But you know, it does make a lot of sense to see the world migrate back to the digital gold standards resuming the gold standard, as opposed to this on the arc of history, very short term experiment with easy credit and money — fiat money printing.

Stephan Livera:

Well said, and so when we’re talking about Bitcoin mining, and as you said, this idea of predictability and if mining flows out of the USA, even, I mean, it’s weird because it seems like a lot of the mining is coming into the USA, but let’s say there’s also other areas where people are going to mine or even El Salvador, right. The idea of volcano mining or geothermal mining. Do you have any thoughts on that whole idea of geothermal mining? Do you see that that might become more prominent or do you think it’s going to be more like the hydro is going to be the way?

Adam Back:

I mean, there is significant geothermal mining and actually Iceland is another country that has volcanoes. So volcano mining, if you like, it’s a fantastic meme. Of course it recently took on, but there is you know, there’s significant amounts of that going on in Iceland. And I think the trade-off with geothermal is the infrastructure is relatively costly per megawatt to set up, but with the right cost base and expertise and funding like a government infrastructure bond, something like that could be possible. So we’re certainly interested to explore that something we’re working on in the background.

Stephan Livera:

Great. and while we’re on this topic of mining, I think another angle, and as we are hearkening back to this idea of the crypto wars and potential censorship in the future. So of course, this is not a thing right now, but I wonder is that a potential in the future where let’s say a lot of the big miners are publicly listed entities that are regulated by the government and potentially at that point, could the government try to levy some kind of whitelisting or blacklisting approach to sensor where the transactions go, and then at that point, then it’s going to be, well, there’s a few sort of defenses in the ecosystem. One of those could be the use of privacy techniques so that the miners don’t know which party is who, because it’s a synonymous ledger. You don’t know who is who but I guess it kind of, it depends on how many people are coming in through say the KYC on ramp versus people who are, let’s say, earning or mining or buying non KYC, just as an example. But do you see that as a possibility or do you see that, like, it’s just not going to be feasible given the decentralization?

Adam Back:

I mean, decentralization definitely helps against that issue and you know, that there was one corporate miner that was talking in these terms. But they have since had new management and dropped the idea. So that’s good to see, I think you need sufficient decentralization? I think another thing that helps is cause there are different sort of factors for centralization. One is the mining pools and the other one is the physical mining, the miners and the mining farm. And so it’s actually more centralization in mining pools than in mining farms. I mean, of course the total hashrate is quite big. So decentralization might be tens of megawatts in a warehouse or something. Right. But nevertheless they’re in different countries and mining itself is in principle anonymous, right? So unlike transactions, there’s no history to remind a coin and there’s no — it’s necessarily that way so that minus can join and leave the network.

Adam Back:

And so the network’s survivable. So, but I mean, I do think that Bitcoin’s privacy and fungibility could be w it’d be great to see that be improved. And so I think that helps, I mean, for mining a particularly it’s probably for most private part of Bitcoin protocol because there’s no coin history. So in a sense, if you have reasonable cost of power and you can mind some Bitcoins in a garage or a small warehouse or something, those are actually very private coins in a way. Right. But the other parts of Bitcoin where you have a transaction history, I think it would be great to see technology become deployable into Bitcoin. So I’ve, I’ve been very interested in that area and we deployed a few things related to that and liquids Bitcoin side chain. So particularly confidential transactions I think is an interesting kind of hybrid, which provides some aspects of privacy, but is very compatible with existing model. And people tend to like incremental changes and there are probably some things you can build on top of it once you have it, but it definitely helps a bit in this way.

Stephan Livera:

Yeah. And so you were touching there on the idea of home miners or garage band miners, and this idea that maybe they’re not necessarily doing it wholly for commercial reasons, but partly for ideological support the network reasons also because they want to earn non KYC sats as all of us would like to earn more sats. Of course. And so it seems like over the industry in the earlier years, it was, well, maybe I’m colored by the time I came in, but everyone was saying, oh, don’t mind it. You gotta be putting in lots of money. And now it seems like there’s a bit of a resurgence in the idea of home mining, even if you are potentially not fully profitable on that you’re just paying a little bit of a premium to get non KYC. And I think even right now, many miners are profitable even on their home rates. So I wonder, do you see that being an angle that more and more people we see lots and lots of home miners or more, let’s say the people who do like the mining and like a container and they they’d drag it around and plug it in kind of thing.

Adam Back:

Yeah. I mean, because of the economic situation with mining profitability right now, it’s you can technically make money out some ridiculously high energy rates now, but that may not persist for too many years, but at the moment there’s a bit of a shortage of whiteness. And I guess eventually there may be next to a shortage of power infrastructure because people don’t, they’re built just in time and there’s only so much there’s, there’s lots of a reasonable cost hydropower in the Quebec province, as we were just saying, but it’s difficult to get I mean, you could certainly do a modest scale in a home environment or something, but if you try to do it as a business that that’s difficult in that province, but certainly other places that would work. So it’s a good time.

Adam Back:

I mean, of course the miners were a bit hard to get, but there are, there’s more available to you since the China ban, I guess finally they’ve been talking about banning, Bitcoin in various regards for many years. And so people came a bit of a running joke and they never really banned it, but finally they have actually done something to discourage mining in China. So yeah, that freed up some capacity for certainly used miners. If you want to take that risk or new miners became less oversubscribed.

Stephan Livera:

Yeah. And as more people might do it ideologically, then that might also help the censorship resistance aspect because let’s say all the regulated miners have to potentially in the future, this is a hypothetical, or they might say, oh, you need to whitelist or blacklist addresses. Well then the transactors he want to be more self-sovereign and private might be attaching a little higher fee to their transactions. And then the ideological garage band miners might be the ones who are picking those transactions up and ensuring they still get mined into a block.

Adam Back:

Yeah. I mean, actually I proposed another protocol. This is back in 2013 to potentially solve this problem, which is that you basically, when you mind, you don’t see the addresses that are being transacted, they become visible later maybe a day later, but they can actually persist in that state for long-term that’s called committed transactions or encrypted transactions. So the idea is that you sort of process like a hash of the transaction and at a later point you reveal the keys. And at that point it’s difficult for the miners to undo it because they’d have to undo their own, like they’d have to redo and compete against their own previous work. So it changes the economics of applying policy to some transactions. And you don’t want like policy coming in, but it doesn’t, it doesn’t necessarily mean that it’s loses the transparency after the process.

Adam Back:

It just kind of prevents addresses being used as a policy during the mining process effectively. So that’s something that be worked on, could be interesting as well. I was going to say, the other thing that can help is with, I said, there’s a lot more centralization with mining pools and there are some new pool protocols which enabled the miner. So today your miner is just asking a pool, like give me a string to mine on. So they don’t even know what transactions are in it. Right? So the pools are there, people that really see the transactions still the blocks are produced. And so with these new protocols, it’s possible for the miner, even a small miner to construct their own block and still benefit from a pool reduction in variance. And so now those, those protocols being worked on by a number of different people we did some of the early work on it, Andrew and under the name open hash, and it’s been talked about as BetterHash and Stratum V2. It’s all the same kind of basic idea. So I think that’s a good direction, too, because as a miner you want not just to mine, but you want to have a control of which transactions are mined so that you can apply whichever ones are more profitable policy to that, right?

Stephan Livera:

Yeah. So hopefully with Stratum V2 that might help in some ways there, around the relation between a pool and the miner. And yeah, so you were also touching on this idea of confidential transactions. And so that seems like, at least my understanding of it is that the Bitcoin community at large Bitcoin users at this stage, it doesn’t look like they would support this in Bitcoin today. But I’m curious your thoughts on the hopes for it to someday come to Bitcoin.

Adam Back:

I mean, to my perspective, it needs to be, I mean, there are two versions of it. One has perfect privacy, but in a very distant future, like a concept supercomputer or something if you’ve got the perfect privacy variant, then you have a risk of coin inflation. And of course in a Bitcoin context, people really hate that because the 21 million cap is what it’s all about, right. And they don’t want a risk even a very remote future risk to be considered. So we use that perfect privacy, variant and liquid, but liquid is more for kind of short-term transacting and trading. So we think that’s a reasonable trade off there, but there’s another version which would, I think be better, for Bitcoin, which is it doesn’t have that risk, like there’s, it’s mathematically work to, if somebody attacks it in the future, they’ll strip the privacy, but they won’t be able to create coins.

Adam Back:

And so that’s probably the failure mode that is more attractive for Bitcoin. So it just falls back to the status quo if that technology erodes over time. And I think that technology is good for decades to be clear. So it it’s really a kind of remote far future hypothetical kind of issue. And those, those transactions are also not that compact. So that’s not of the concern, right. So I think that you would want kind of the one without inflation, like mathematically provably, no inflation, and to find a way to make them more compact. So the techniques to make confidential transactions smaller happen, not to work for that type, they work for the type that has inflation risk. And so we’ve used some of those things and liquid and like we’re looking to move to bulletproofs, but bulletproofs lose that property.

Stephan Livera:

I see. Yeah. So just summarizing from my understanding, correct me if I’m getting this wrong. So the method that would help us have privacy, but with some inflation risks, that’s using Pederson commitments, and then the technique that can be used to make those transactions smaller is bulletproofs. And so that’s what we’re looking to use in liquid, as you were saying. But potentially not the right trade-off for Bitcoin. And then the other side is the, we definitely know a hundred percent, there’s not going to be any inflation beyond 21 million, but the trade-off is the transaction sizes will be higher. And so therefore scalability could be more of an issue and that’s using, I believe, ElGamal commitments. Right?

Adam Back:

Correct. Yeah. Right. So that’s the trade-off so, but I mean, there remains hope, at least, at least I think it’s theoretically possible that one could find a more compact way to do Elgamal commitments. So like a breakthrough in that could move this kind of project forward. And of course there’s an area of very active research like there’s a lot of interest in Bulletproof and Bulletproof, like things. So it’s quite plausible that some more breakthroughs can happen.

Stephan Livera:

Yeah. So potentially then if we were to do this ElGamal way that doesn’t have any inflation risk I guess th there might maybe there’d be some people in the community who might still be concerned that, okay, maybe there is some implementation risk and therefore there could be some problem there. Right. So maybe that could also be an issue for them in their minds.

Adam Back:

Yeah. I mean, I think that sort of fear of the unfamiliar in a sense that because the result is sort of counter-intuitive and amazing, right. While you can you can hide the amounts and you can mathematically prove that they add up, like, how is that even possible, right. Zero knowledge proofs are kind of novel things, and this is a novel use of them, but if you, if you get down into how it works and waxwing has a PDF explainer where he, he basically taught himself that he went, read the papers and reconstructed it and read some Python code and give some examples and explain to her how it all works. It’s basically the same technology as the ECDSA signatures or the Schnorr signatures particularly. And it’s just basically a ring signature saying this bit of the number is a zero or a one, and you don’t know which, and it just applies that multiple times plus a bunch of optimizations.

Adam Back:

So ultimately if you dig into it a bit further, it’s not that hard to understand it’s using the same technology that Bitcoin already relies on. And it’s very old technology it’s been around for decades. So it doesn’t have to kind of bleeding edge risk that comes with some of the other SNARK type things where things actually have gone wrong in the field or it’s all those things can be so complicated that there are very few people who really understand them. I think one of the things that went wrong was the implementation was correct, but the paper was wrong. And if you’d noticed it was an academic paper, so there is a reason to be scared of complexity, but actually ElGamal commitments are, I mean, of course not everybody understands them, but not everybody understands ECDC and how that worked, how and why that works either.

Adam Back:

Right. So there has to be some kind of if we restrict ourselves too much, we give up some opportunity and maybe, maybe irrationally so. And I’d argue, this is a case now, of course, that’s a discussion that would be a fun discussion to have, it’s a much more interesting discussion than a block size discussion. Right. But we do want some more fungibility, obviously another, another area people would argue about and it’s like, oh it’s more private. And maybe that reduces the chances of an ETF or something like that. Right? Like maybe regulators won’t like it and so on. But actually when we first introduced confidential transactions into liquid, it seemed like everybody liked it, including people from a banking background because they thought for the full transparency was too much it was not good for commercial activity.

Adam Back:

And you still got the audit plus I think the other thing is incremental. So it doesn’t actually erase the transaction history. You can still see the inputs and the outputs. You just don’t know how much was transacted. So I think that’s an argument, that’s a convenient argument that it’s actually fairly incremental on how things work today, right. It’s still the same inputs and outputs. You can see which clients went from, which addresses to which addresses. You just can’t see how many coins were involved. And it’s a reasonable thing to say that, well, why should you know how many coins are involved? That’s bad for safety and security, and you can’t see that with somebody’s bank accounts. So why should you see it with bitcoin?

Stephan Livera:

Of course. Yeah. And so from a scalability point of view, I’m not sure if you’ve looked at the numbers recently, but what kind of impact would it have in terms of how much bigger would the transactions be? You know, so let’s say right now a Bitcoin block might have 2000, 3000 transactions in it, like on average, what kind of numbers would we be talking about if we were to move into an ElGamal confidential transactions world?

Adam Back:

I’d say they are, I dunno, maybe about five times bigger. So the, I mean actually physically 20 times bigger, approximately 15, 20 times bigger, but, liquid is organized like Bitcoin. So that has, and the confidential transactions range proofs go into, into witness. So they get the discount. So in terms of the way of a transaction, it might be four times bigger in terms of the size. It might be closer to five times bigger in terms of the size. It might be closer to 20 times, 15 to 20 times. So something like that, maybe five times and so hopefully that could be optimized and that kind of so there’s less overhead, I think, in terms of the argument for why that might be a good thing to do anyway, even if you couldn’t optimize it as much as you’d like is that it’s a more powerful transaction.

Adam Back:

So it could replace multiple non-confidential transactions for some uses and you see this, right? So when people do in coinjoins, they split their coins up into units, like 0.01 or 0.01 with confidential transactions. You don’t need to do that. Right. You can just join anything with anything. And it doesn’t matter because nobody knows what the values are. Anyway, you just need to know that you cut out as much as you put in. I’ve certainly seen people company level or individual level storing coins in chunks so though they’ll make a wallet and they’ll, they’ll split it. Now they’ll take how much money they have and they’ll split it into 20 or 50 or something. And then they’ll make change with it. So they’ve got hundreds of outputs maybe to obscure how big their wallet is if they spend from it or something like that. I think it’s generally a good idea to not put all your eggs in one basket, because if something very low probability happens, that’d be bad. So people sometimes do a small test transaction first, I think that’s a reasonable thing to do. So you do want some outputs, but you do get some back because they’re more powerful transactions. So that’s the argument

Stephan Livera:

In that world. Let’s say we did move into that. Would it be possible then that some transactions would just be standard and then others would be ElGamal style or do you think it would be like an all or nothing thing here? Well, they are compatible

Adam Back:

So liquids confidential and non-confidential can inter-operate and basically the math works out. So you can say, well has cause cause what you want is the rule in the Bitcoin world is that the inputs have to add up to the outputs plus the fees. And it’s still a true with confidential transactions. The inputs, you don’t know what they are. I have to add up to the outputs plus the fee and you see the fee, but you can mix in some confidential and non-confidential and a master works out so they can enter operate. Now of course, privacy lights companies. So it’s better if more people use it. And you know, one argument, I mean, Greg Maxwell and I were talking about this because he was the person who did you know, sort of the optimization and improvement of confidential transactions when it actually came to be implemented.

Adam Back:

And he made the argument that maybe in a Bitcoin setting you’d want to have the same fees for confidential. And non-confidential so that people are not deterred from using on a cost basis. I say I mean, you’d have to work out details of how to do that, but you know, let’s say there’s a bigger discount for the range proofs than signatures. And that fear’s the same, whether you use it or not. Right. And that, so then that could take away the economic argument. There’s certainly a liquid, basically everything is confidential because it’s going to default in the wallets. I mean, some of the wallets won’t even send to a non-confidential transaction to a non-confidential address and other as well. So it it’s a good default to say confidential everywhere.

Stephan Livera:

I see. And it there’s nothing stopping us from also comboing that and having using ElGamal confidential transactions and comboing that with lightning so we still can transact.

Adam Back:

Yeah. I mean, actually — so Blockstream is one of the multiple implementations of lightning. So we have C-Lightning and that is able to make lightning channels using liquid Bitcoin. So lightning, I mean, it’ll, people don’t know it, but lightning is actually a kind of caching layer that can work above Bitcoin and side chains of Bitcoin. So it can have different channels with different assets, liquid,Bitcoin being approximately, bitcoin, but you could also have a channel, which is, let’s say tether on the liquid network, which might be interesting to some people. And so we’ve had that working for a couple of years now. There are still some things to do. So we don’t yet have a confidential amount support. So the lightning channels have to be non-confidential. So we want to fix that obviously. And you know, we see how to do it. Like it’s something that can be done. It just requires additional work because in the lightning today, you can ask how much capacity is in the channel and you can check that. So it probably needs to make a range proof in response to say, well, you don’t need to know, but I can prove that there’s at least this much. So you, yeah.

Stephan Livera:

Right. Because of probing and so on, because as an example of lightning, while it might want to probe the pathways to sort of see, is there enough liquidity in the journals for me to be able to make these payments successfully or not, and therefore I can route it differently. And so,

Adam Back:

Yeah, I mean like if you do it too simplistically probably somebody could move for the confidentiality by just proving all the triple the capacity everywhere, at least for the publicly reachable channels. And then the CT is you have CT, but it’s not really meaningful because anybody that wants to can figure out what the capacities are. So you can, you can, you could prove like you could lie. You could say, well, I have a 10th of a Bitcoin and really you have two tenths that’s enough because you can prove that. And that sort of obscures the actual capacity of it.

Stephan Livera:

Yeah. And I guess another practical implication, we were to have confidential transactions in Bitcoin. It helps break. So from a chain analysis and chain surveillance perspective listeners, you can check out the recent episode with ergo where we talk about some of that, but essentially it would break the round number heuristic and it would help stop perhaps some change detection by an outside analyst, right? Because analysis, looking at the inputs and the outputs, and they’re trying to figure out which one’s the payment, which one’s the change. And so in a confidential transactions world, that’s a lot harder. So it’s not that coin would disappear it’s that we might do it a different way, or we might have one global kind of coinjoin liquidity pool, as opposed to having like different pools for different sizes. Or maybe we’d have some kind of batch spend some kind of blinded batch spend mechanism that way we can all transact privately in that model, is that how you’re seeing it?

Adam Back:

There are a number of things. So as you said, you don’t have to, you can join any value. So you get kind of perfect join up any value without matching sizes. So you get a better anonymously set, a bigger anonymity set. So that’s good. It’s simpler because you can, you don’t have to make the logic and it’s harder to analyze because you can’t guess at what was change from the amounts for some other things, like when we released confidential transactions, something that came out of that is the nimble Wimble protocol. So it wasn’t us, or at least I don’t think it was anybody at Blockstream, but it was a, it’s some kind of synonymous author that wrote the original paper and it uses the range proof is those basically confidential transactions. Coincidentally, before that, I had noticed in discussing with Greg one day when he was implementing it, that you could when you’re sending a transaction, you’ve got to prove two things with confidential transactions.

Adam Back:

One is you’ve got to sign with the address that controls it. And the other one is you’ve got to prove that it adds up. And so there’s a key that you use to prove that it adds up and you can have a blinding factor. So it sets a Greg you could probably make it, anyone can spend like drop the, drop the address and just prove ownership because you’re the only person that can prove how many coins that is without disclosing it. The fact that you can prove it proves you own it kind of thing. He was like, well, that’s true, but let’s just keep an orthogonal tidy and the same as Bitcoin. But if he had gone down that path, I think he would have found at least part of the Mimble Wimble approach.

Adam Back:

So remember one board just does that. And but of course it removes, I mean, everything becomes standardized, so you lose scripting. So that’s not as cool scripting is nice. So, but in liquid we made some changes to account for it. So that there’s a possibility for somebody to make a kind of Mimblewimble, like wallet doesn’t have addresses like everything’s, anyone can spend and arrange proofs are done. And so you could potentially remove history as a result of that. Now I’m not, I’m not convinced personally that mimblewimble is that great for privacy because you know, anybody is trying to analyze it will record the history as it, as it flows past. And so the fact that you don’t need the history to catch up, it doesn’t really give you privacy versus somebody that’s recording transactions, as they’re processed.

Adam Back:

Right. But anyway, I just thought I’d mention it because it’s related to the privacy aspects. And another thing you can do is kind of something like what Monero does, but in a more scalable way, or bytecoin I think was what came first with a ring signature. So instead of a ring signature, which results in ever-growing UTXO set basically. So with conflictual transactions, you can just basically send people dust. So I can collect some addresses from somewhere or some wallets, kind of a pitch per a call to advertise addresses. They would accept money on pre emptively. And I can just send you some dozens of people’s Toshi and they can choose to claim it. And from the outside, you don’t know, was that a real payment or was it dust, and it doesn’t result in UTXO set growth because you spend them. in Bitcoin dust is actually used abused for tracing, right? If you, if you look through an old wallet, you’ll see these like specific, odd, I guess, their minimum fee rate tasks. And they’re just trying to tag a bunch of coins and see which ones get spent at the same time. And they say, ah, that’s the same person. And so with CT, that should becomes a feature, which is, you can just send people to us and they can just say, thank you and spend it. Right. and that gives you privacy actually, unlike in a Bitcoin.

Stephan Livera:

I see. Yeah. That’s an interesting aspect because then the outside observer is going to really struggle to understand what’s going on, because part of what, how these companies do it now is that they’re really trying to assess what are the flows on the chain, as it were on the transaction graph, as it were. But this idea of confidential transaction dust might really gum up the works there and stop their ability to do that. But I wonder then it might also become, like, it also comes into the scalability conversation because obviously if it costs a lot more in terms of bytes or it costs a lot more in terms of fees then it might be a difficult part there, but I guess we’re hoping that future technological growth comes or something comes that makes it a little bit more amenable or palatable for the broader Bitcoin audience.

Adam Back:

Right, I mean, there might be, I mean, that would be, it would be a different controversial discussion, but there might be an argument to say maybe there’s consensus for a block size increase if you can get confidential transactions at the same time. And I think technically the range proofs are not as critical to keep forever because in Bitcoin, you don’t verify signatures beyond a certain depth. I mean, you can opt to override it, but by default you don’t check them more than from blockheight a year or something right back. And the same could be said for the wrench groups, because people wouldn’t miners and full nodes wouldn’t have followed the chain this far, if there was if the range proofs were broken or if the signatures were invalid. And so beyond a certain amount of work, people just assume, or the clients just assume, well, that must be correct, or it wouldn’t have got ahead, but there remains a possibility to you to profile folks, see beginning. So that could be applied to the range proofs as well.

Stephan Livera:

Yeah. So I guess it also comes into how accessible Bitcoin is because the typical conversation is all, it should be accessible for everyone. The retail individuals should be able to run it on community hardware, that kind of conversation and how much hard drive space.

Adam Back:

Yeah, definitely a concern. And you see it with liquid, like it’s got a different balance because each range proof is like dozens equivalent, dozens of signatures. And so the liquid blockchain is not full because it’s still growing and seeing adoption of different new wallets and swap services at market. No liquidity pool market makes some things coming into it, but it does make your CPU run hot. So I think it has potential to be at capacity to be maybe 10 or 15 times bigger history per day and require a bigger CPU. Right. So if they get some years of full capacity use under it, you might be talking about the good, a good DSL connection, not an average one and a desktop class CPU, not a raspberry pi 4 for example, and for liquids, that’s an okay trade-off because it’s an opt-in side chain for a use case.

Adam Back:

And it’s not as good. I mean, the liquid has got trade offs. It’s not as good for ultimate censorship resistance and things like that. Right. So I think it’s okay for that to make a different trade off, but to do that on the main chain on Bitcoin, that that’s a more difficult discussion. So really, I mean, of course computers get faster over the time and bandwidth increases, but not that much. And history is growing too. So it’s still a tricky trade-off so ideally there’s some more optimization I think is the best answer.

Stephan Livera:

Yeah. And also some of what we’ve been talking about plays into this idea of Bitcoin as censorship resistant money. And I know you guys at bloodstream are doing a lot to help with that, even with Blocksat satellites. So people can download the blockchain over a satellite from their dish. And I know you’ve got a new product out it’s called a base, right? Yeah.

Adam Back:

The base station. Yeah. So that is, I mean, actually with we introduced we didn’t use to have full history. We used to only have like a couple of weeks of kind of rotating history. So we increased the bandwidth. We did a lot of custom compression, so like to make everything smaller. And then we were able to get a full history sync in a week or two. So in some areas there are two satellites that you can reach and that they’re broadcasting different error, correction streams. So if you’ve got two dishes point or two satellites you can sync twice as fast basically. So that gets you down some one week, otherwise it’s two weeks. So we’re pretty excited about that tech and the base station is a newer kind of satellite dish technology. So the elliptical dishes are analog, these new dishes, I kind of phased array rectangular, and there’s more dish there’s digital tech in a dish.

Adam Back:

You know, there there’s ethernet it’s powered by power over ethernet, not a co-ax, it’s a [inaudible] So it’s a little bit less sensitive to pointing errors and it’s a bit more component and elegant, and it has hardware accelerates decoding actually in a dish. So we have hardware accelerated decoding for the elliptical dishes, but it’s a separate kind of it looks like a DSL modem, some kind of box you plug in, and it has to be in the house with the analog. So you plug the co-ax into it and you plug it ethernet into it or a wifi. And then you can broadcast Bitcoin transactions for your local network or over wifi, but with the, there’s just less moving parts and easier to assemble with the base station because you basically you point it, it connects out outside, it’s all powered over a single cable, which is power of ethernet.

Adam Back:

And then you’ve got a power and a deer coming in over one line and there’s no less things to plug together, less things to plug into the wall, less cabling, less configuration. So it’s more, more plug and play. So people were pretty excited about that. And yeah, it’s cool. And it gives you potentially full history as well, if you want to. So that’s nice because the one that did the spectrum, we have people arguing the computers are fast networks and fast. We should go to giga blocks back in 2015 right. And the other end of the spectrum, you’ve got whole whole countries and continents with very few nodes. And when you dig into why it was cause too expensive, right. You know what I think Nigeria has like very few nodes, for example like one of the guys where the nodes, we know who it is, it’s like a Bitcoin contributor.

Adam Back:

And so a very high speed internet connection. There is like probably more than most people’s salary or something, right? So it’s just a different economic and there are parts of the world where that’s the case. So it was one of the interests for the satellite project is to reduce the cost of directly participating in the network. And at the same time, we added the full sync. We recently added lightning gossip data to, so the lightning node, if you, if you connect to lightning nodes or lightning network, the biggest, their consumption is catching up with the state of a network. So it’s source routed. So each node needs to know a full map of reachable nodes, and then it gets updates over time. So we made a protocol to basically broadcast it over the satellite. And that means if you’ve got a fixed dish, that’s receiving Bitcoin data or running a Bitcoin full node receiving the lightning gossip, they’re running a lightning node. Now your external bandwidth usage drops another order of magnitude on the lightning side as well. So you can do, you can do your own routing without relying on a third party and your kind of internet bill and bandwidth use goes down a lot. So you can run it on, I dunno, like a 2 G or 2.5g smartphone tether or something without running up a big bill in a, in a market where data is expensive relative to the cost of living.

Stephan Livera:

Yeah, that’s very clever. So essentially instead of that person having to download, call it 400 gigs of Bitcoin blockchain, plus maybe another gig or, so of gossip lightning data, then now they can download all that through the satellite dish and then they would still need an outgoing internet connection. But as you were saying, they would need a lot less in terms of external bandwidth and that in doing so, it’s making it more accessible for people who want to be able to be the, as we say, the fully sovereign Bitcoin and lightning user, doing it in their, with their own keys and their own Bitcoin node and all of that, all those good things that we like people to do. Yeah. So I think that that’s an interesting aspect there around censorship and how Bitcoin helps people participate even where they haven’t been.

Stephan Livera:

And for some people that’s just using a simple mobile wallet, but for others, it’s actually going the full way and using your own Bitcoin node. And of course we encourage people to be able to do that, but we understand that not everyone can. I’m also curious your view on development in the ecosystem. So we’ve seen that come a long way. In the recent years, we see multiple development organizations. We’re seeing Bitcoin exchanges and companies support Bitcoin development. And of course I know at Blockstream you do support directly some Bitcoin enlightning developers. What’s your view on the current state of Bitcoin development funding. And is there anything you’d like to see in the future there?

Adam Back:

I mean, I think that the kind of maintenance aspects, if you like, is covered. So in the sense that I think the Bitcoin project is quite big in the kind of list of open-source projects, the number of contributors, how active the project is. If you start to crack into github it’s pretty high up there. And so I think the area, which is maybe more interesting to me is to see features that reach users, right? So if somebody is refactoring part of Bitcoin to make it more scalable or elegant or something that’s good and needs to happen, but there’s a group of people who are funded do that now, but what is a little more tricky is there’s a new feature that comes into Bitcoin and it has implications and you, and people want to use it and they need, so they need wallet support, or they need application support or web integration.

Adam Back:

And so historically, mostly the way those things happen is as a start up tackles the a problem. But I think there’ll be room for open source funding to build use cases like, so one thing we tried to help help seed was more peer to peer coinjoin, basically so some of the coinjoin protocols involve a server and that’s a policy risk potentially. So conceptually you would like for it to happen in a wallet, purely like a peer to peer wallet. So the wallets are somehow coordinating, that’s it peer to peer, and there’s no server to shut down and it’s more resilient and more people can use it. So we organized a kind of hackathon for people to come to a location or dial in and discuss, brainstorm about how to do that. And that was the payjoin protocol also called pay to endpoint. And so it’s not a full joint, but it’s a kind of opportunistic join to it.

Adam Back:

It proved to be relatively challenging, but this incremental bit of tech seem promising, which is that you basically join with the merchant or the person you’re paying. And so they get to defragment their wallet and save a bit of money because reorganizing a wallet costs fees too, with you and it breaks some of the heuristics because the changes it looks like the person you’re paying put one of the inputs into it. And so you don’t really know what the amount was and you can’t tell it was a pay to end point or payjoin. And so I think things like that so a few wallets implemented that. It’s in a BTCPay server integrated wallet, but it could use being available in more wallets. And so I think projects like that could use funding where there’s actually a, an end-user reachable result and interoperability is another issue, right? So I think it’d be nice to see more interoperability and things like that. And also some bigger, more ambitious projects cause the sort of maintenance and new BIPs is one side of work. But I mean, apart from taproot and some other lightning developments, there are some bolder things that could be done, but perhaps not the teams of specialized people to push them forward. So I think that could be interesting, bolder

Stephan Livera:

So what kind of bolder things are you referring to?

Adam Back:

World. I mean like new layer twos focused on privacy or confidential transactions in Bitcoin. Let’s you know, let’s because, I mean, quite often people have an idea, but if nobody the innovations come by train, so if you just try to do it and I not deploy it, but try to build it and see what it’s like in a wallet and how it works. Sometimes the act of doing that results in a interesting discovery optimization. So I think let’s try and do some of these things. I mean, of course it’s very curious because if you ask Bitcoin holders and investors, what they care about, they mostly care about security and dependability they’ll say, well, I mean sadly some of them don’t really care about lightning that much either. Right. And they just think, well, don’t break it.

Adam Back:

Just don’t break Bitcoin cold storage security and I’m happy. So they would actually be happy if it was like largely ossified effect. But I think that loses some potential, sorry, I think the ossification, I mean, because there’s another statistic about how he rushed the Bitcoin script so that it would be sort of soft extensible, so people could build other things with it without needing to change it with the idea that it would be hard to change. Bitcoin. So I think it’s a very interesting observation because I’m not sure it would have been obvious to most, most of us it would be hard to change Bitcoin at the beginning when it had no users, but evidently he saw that it would be the case. And so he tried to make it extensible, but the Bitcoin script is not that expressive.

Adam Back:

So, and some of them got disabled because of bugs. Right. so I think something like simplicity, it’s another project we’re working on at blockstream that dates back to kind of early, Bitcoin IRC is a next generation scripting per Bitcoin. So obviously that’s also something that’s a few years away, but for Bitcoin, but it’s coming to liquid much more eminently. We just did another update and hope to have that in liquids later this year. So if people get experienced using that and liquid, maybe that could come to Bitcoin and provide the extensibility, but you know, obviously that requires a lot of interoperability work and wallet work over time.

Stephan Livera:

Yeah, I see. Yeah. So there’s lots of different angles and ways that things could go. I’m curious then in your mind, which is more important as the hard money, digital savings technology aspect, or is it the ability to use Bitcoin privately or perhaps even like the smart scripting aspects, which like for you, what would you, how would you preference order those?

Adam Back:

It’s a very interesting question because you see some contention on this front already, right? So people who are focused on additional digital gold aspects some of them are not too concerned about overregulation, let’s say. And so that there is a future, a Bitcoin future, which sees Bitcoin as digital gold, maybe with too much of it in ETFs. And I think that’s potentially a policy risk for the permissionlessness. And so if you had to choose, I would actually choose the electronic cash, bearer electronic cash case, but I think they’re like into link. So if you push it too far and Bitcoin becomes most of it is in ETF and ETF-like products. Like we have, there’s a lot of ETF products today, right. Where there’s a custodian and your own units and something.

Adam Back:

Cause if that percentage gets too high, I think it runs into policy risks and it could erode the value. So maybe, maybe it has value as a digital gold, but mostly as a savings technology. But I think that loses the potential and the reason many of us get excited about Bitcoin, which is the sort of permissionlessness of it all right. That you’ve got an internet global internet money that people can innovate on and use without permission. So, yeah, but that’s the discussion. Hopefully it can be both. Right. But I think we have to be a bit careful about not having too much stuff in central custody.

Stephan Livera:

I see. Yeah. So if you had a message for people out there who are, maybe they are lawmakers and legislators on Bitcoin what would you say to them about the aspects and the need for the censorship resistant elements of Bitcoin? Well, I think

Adam Back:

It’s it’s a useful analogy to look at the internet because it took governments awhile to adapt to the concept that it was the people could communicate and there wasn’t much they could do about it. And that wasn’t a bad thing. That was a good thing, right. Improved freedoms in the world over through some corrupt governments, ultimately all as it was a part in that right. People’s ability to organize. And it just changed the balance of power and that became the new norm. So, but you know, that is largely down, I think, to the open network permission-less nature of it that people could innovate where with previous network technologies, you would have to you’d have to be a telecom company or near the sort of, kind of overlapping period, like a mobile phone operator when those were very locked down and it was hard to get for party apps.

Adam Back:

So that that world is a much less innovative world. It doesn’t, it doesn’t evolve and improve. So I think the messages like open networks, so don’t, don’t over-regulate or try to take the permission-less nature of it all you’ll, it will be bad for the golden goose and the you know, it’s a global world, so the business will move elsewhere. And the fortunes of empire has changed over time, right? There were periods where different parts of the world where the center of the economic world and there’s room for that to change again. So take it easy on squeezing innovation of your geography, the currency, which is the world reserve currency. And he lost historically like a hundred years or so. So you can lose world reserve, currency status, thought we bash, you can lose the nexus of blockchain innovation. That will also be bad as that becomes a bigger part of the global future. So politicians ultimately just public servants, they work for the public and the public, the progress of humanity is what matters. Right? So I think regulators just have to be careful to not get in the way of that.

Stephan Livera:

Excellent! Well, that’s probably a good point to finish up here. So listening to make sure you follow Adam @adam3us on Twitter and blockstream.com anywhere else you would like to point listeners to?

Adam Back:

No, that’s good.

Stephan Livera:

Excellent. Well, thank you very much, Adam. It’s been a pleasure chatting with you.

Adam Back:

Likewise. Great catching up.