Shinobi (aka Bitcoin Twitter character @Brian_Trollz) joins me in this episode to discuss a range of topics:
- Why it doesn’t make sense to use Litecoin for paying with things
- Confidential Transactions and the different approaches
- The push for smaller blocks
- Different approaches to scaling
- Problems with sidechains and drivechains
Shinobi / Brian Trollz links:
- Twitter: https://twitter.com/brian_trollz
- BlockDigest YouTube: https://www.youtube.com/channel/UCb53lXz2IzEFT5JNHSbdvPg
Podcast Transcript (Sponsored by GiveBitcoin.io)
Stephan Livera: Welcome to the Stephan Livera Podcast, focused on Bitcoin and Austrian economics. Learn the technology and economics of Bitcoin by listening to interviews with bitcoin’s best and brightest. Today, my interview is with Shinobi, also known as Brian_Trollz on Twitter. Definitely, one of the characters of Bitcoin Twitter. You’ll probably notice he is often fiery in his debate threads and arguments, but I think he has a worthwhile point of view to share. I hope you enjoy his commentary. Shinobi, I am a fan of some of your work on Twitter and Block Digest. I think you’ve got a real talent for explaining things that are a bit more technical, and some of the work you’ve done with your debating online as well I think has been quite interesting. So it’s a pleasure to welcome you to the show.
Shinobi: All right, it’s a pleasure to be on here. Thanks, man. It’s not really a usual thing for me to be going on other people’s shows. Actually, it feels kind of weird, like there’s people a lot more important or competent in this space you could be talking to.
Stephan Livera: Oh, no. I think you’ve got a good point of view to share. And so, yeah, look, I think a lot of the stuff you’ve commented on can be more, what’s the word? It’s kind of more… you can get into some real debates online. And I think the way you explain things and articulate things is quite nice. So, yeah, look, I think maybe we can just start with a few things on Litecoin. I know you had some comments around that. So some people put out this narrative around Litecoin as being so-called cheaper for payments. How would you think of that?
Shinobi: Well, to be honest, I was one of the people. I wouldn’t say that I actually supported that narrative, or I was convinced it was going to happen, but for a good while, I was open to considering the possibility. But the more and more I started really thinking about it, it’s like all of the arguments that I see made for it just fell apart in my mind, and in terms of not actually holding up to logical criticism. I mean, like the first one, I think one of the most substantial ones is this argument that Litecoin is always going to be cheaper for payments. And like not to be an a-hole, but I think that the logic for that is really kind of grade school level because everywhere I’ve ever seen it argued is that effectively the blocks come in four times as fast. There’s four times as much block space, so it will always be four times cheaper at least.
Shinobi: And that’s absolutely not how economics works, like there is a supply of something. And as long as the entire supply is not going to be eaten up, the price for that isn’t really going to be subjected to heavy bidding pressure. But let’s say, let’s assume that all of the other issues I have with this working are just magically not issues, and everything would work perfectly for Litecoin linking into bitcoin and seamlessly paying between them, well, there’s always going to be more demand for an equivalent good that is for utilitarian purposes identical if the price is cheaper. And so the demand will keep picking up for that alternative good, Litecoin, until it effectively reaches an equilibrium with bitcoin’s prices. So even though there’s four times as much block space, eventually, if this narrative were to happen, those prices would be bid up until it was just as expensive as bitcoin.
Shinobi: And so really, you’re kind of looking at it’s pointless then. And whichever one of these networks is the superior store of value, the bigger network effect is going to just kill the other one. And ultimately, that leaves Litecoin in one of two positions, either accept that, and in my opinion, would inevitably die and shrivel up, or go the BCash route and attempt to artificially keep that fee pressure at bay forever, at which point you’re effectively trying to atomic swap into something that’s entirely centralized. And given that an atomic swap is only as secure as the weakest side of it, that’s not really secure or sustainable.
Stephan Livera: Yeah, right. And the other component there is that you’re still dealing with fees on both sides, on both blockchains. You’re still paying a bitcoin transaction fee and a Litecoin transaction fee, and the slippage that you might incur from translating from one asset into another.
Shinobi: Mm-hmm (affirmative). Yeah, exactly. Like I actually did a kind of dickish tweet in a kind of nasty tone, or tweetstorm awhile ago in a kind of nasty tone where I broke down a lot of my arguments against this narrative. And it’s like if you look at it one way where supposedly everybody stores their value in bitcoin, but uses Litecoin to transact, while if I pay a merchant and I swap over to Litecoin to do that, they have to swap back over to bitcoin to store it. And so really, where is the efficiency here? You’re just adding another layer or series of middlemen that are going to have more fees. So why do that instead of constructing a way to just keep with bitcoin the whole way without exposing yourself to that slippage or the huge variants and prices.
Stephan Livera: Precisely. And I think another really fascinating point that was made on a very seminal post on the Lightning-dev email list by pseudonymous developer Z-man, he essentially made this argument for Lightning Network as a single asset network. And essentially, this is the post around HTLCs, Hash Time Locked Contracts as an American Call option. So I think there might be potentially some maximalist implications from that. Can you comment on that?
Shinobi: Yeah, pretty much the argument goes if you have a Lightning node that has liquidity on… let’s use bitcoin and Litecoin as the example here, there’s nothing to stop me from just sending a payment on the bitcoin side to myself on the Litecoin side, and then just not releasing the pre-image for the hash lock, unless Litecoin goes up in price versus bitcoin. So I can just sit there and effectively do what’s the, an American call option, which is pretty much I buy the right to take possession of an asset, but not the obligation. And usually, in conventional markets, how that’s dealt with is effectively putting up a collateral. So if I buy a call option and I choose not to exercise it, I still forfeit that collateral, it’s kind of a disincentive for this kind of strategy where I can just speculate freely without any negative consequence until it goes my way.
Shinobi: And so I really don’t see… and again, I definitely could be wrong here. But I personally don’t see a way to actually solve this without either centralizing payments made in this way. So creating some kind of reputation system where you have to identify yourself to make a payment through this, or some kind of centralizing factor where you’re taking the hash lock and not having it in the receiver’s control on the other side, or introducing things like fees for just attempted Lightning payments, and that breaks the notion and scalability of routing from what I see. Because if I have to pay for every attempted payment, even if it doesn’t succeed, while that’s… eventually, I’m going to run out of tries to make a payment that I can afford, and it still costs me money if I can’t make it at the end.
Stephan Livera: Yeah, I think it may potentially be a strike against this concept of being able to do atomic swaps, bitcoin to Litecoin via Lightning Network just because of the construction of the way it works.
Shinobi: I think they can work in the realm of an actual exchange, like I am specifically trading this asset for speculative purposes. I just don’t see a way that they can work in the context of like making a seamless payment where I’m paying with bitcoin and you’re receiving in another currency. I still think this can be useful for like an actual exchange type construct, just not like a seamless decentralized payments across currencies.
Stephan Livera: Right. Done in the centralized trusting the exchange way, rather than the atomic swap mechanism done in the kind of trust-minimized way, let’s call it. Okay, cool. I think another topic I was interested to get your thoughts on and discuss is confidential transactions. So obviously, it can lead to much better privacy being able to blind the amounts of the transactions. However, there is potentially the risk of silent inflation, which may reduce our level of comfort or our assurance that Bitcoin has a 21 million cap. Now, there are trade-offs here between using ElGamal commitments and Pedersen commitments. And then there’s also switch commitments. So can you just break that down a little bit for the listeners?
Shinobi: Well, this is mostly going to be me just going over things I have been told by people like Adam Back or other more experienced cryptographers in the space. So I just want to be clear here, like I very well might wind up misspeaking here. But from my understanding of all of this, the ElGamal commitments are quantum safe. So that would be something that could protect us from silent inflation tax. But the issue is that they’re much larger than the Pedersen commitments. And the part of the issue really I see with ElGamal versus Pedersen commitments, especially looking at things like Bulletproofs is you can condense the commitments for a Bulletproof. So let’s say, we all get together and 10 people make a CT CoinJoin. With Bulletproofs, that can all be condensed into one commitment that doesn’t really grow that much for each participant in it.
Shinobi: And so that creates an economic incentive to encourage the use of it. You can wind up actually paying less using CT even though one transaction with one commitment is bigger than a transaction without a commitment. You’re like just one to one in terms of inputs and outputs. But that condensing of the commitments, it’s the way to economically incentivize using it. But those Pedersen commitments are not quantum safe. So that puts the network at risk of silent inflation. And there are some ideas in terms of trying to limit the ability that that could damage things. Like for instance, some people have gone over this idea of kind of an extension block that commits to how much of the bitcoin supply is within CT outputs using Pedersen commitments, so that, let’s say it’s broken.
Shinobi: Everybody could move their coins out and it would not allow more than the legitimate amount of coins locked up in CT to go to non CT outputs. But my issue with that is that creates kind of a disincentive to even use CT in the first place. Because if somebody breaks something and we’re using a mechanism like that, they’re going to know it. So they are going to break it and immediately start moving their coins out of CT outputs into non-CT outputs. And so pretty much, yeah, it would stop the systemic destruction of the supply in the system. But if you had that happen, legitimate people with legitimate coins using CT would likely just wind up screwed, and they would all lose their money.
Stephan Livera: Yes, there’s not a safe way to go about it at this point potentially. And then there is also this concept of switch commitments as well. So I haven’t done a huge amount of reading into this, but my understanding is Tim Ruffing came up with this idea of starting with one type of commitment and then switching to another.
Shinobi: Yeah, that would pretty much be starting with, Pedersen commitments and committing to an ElGamal commitment. But I still have a problem with this idea because I think it creates a huge social attack vector and a very non-zero risk of splitting the network because effectively what the logic is, is we start using Pedersen commitments, and then when it becomes unsafe to use those, we would fork and invalidate the use of Pedersen commitments and require the use of ElGamal commitments. But again, there’s the whole economic incentive aspect of ElGamal are bigger, more expensive. To my knowledge, right now, cannot be condensed the way that Bulletproofs can.
Shinobi: And I think that opens up a huge social attack vector because how do you decide when it’s not safe? That’s pretty much a social coordination problem. And what happens when people start sounding the alarm? Like how is that going to be perceived? Is that going to be dismissed as, “Oh, stop fearmongering. We don’t have to worry about this for a while.” How many people are going to latch onto that as a reason to not support it because they don’t want to pay more in fees? It becomes a very sticky issue in my mind in terms of what happens, and do we wind up seeing a network split potentially when the first group of people start trying to sound the alarm to switch to the ElGamal commitments?
Stephan Livera: Right, and some people might disagree and they might say, “No, I think you’re calling it too early. I still want to have my Pedersen cheaper commitments.” There’s a lot of different ways people could argue and disagree. And it may be… I suppose as I understand you then, you’re essentially arguing and saying that we are better off not going down that pathway at this point in time given the technology we have.
Shinobi: Mm-hmm (affirmative). If I were to support any form of confidential transactions myself, I would want to just go straight to ElGamal commitments, like go to the thing that is as sound and secure as possible and not try to play these games of pushing things off, or getting temporary savings as long as we can, given the potential risks I see coming along with that type of strategy.
Stephan Livera: Right, and in order to actually get ElGamal commitments, it may just not be feasible just given the size of the blocks and what that would do to the centralization or the decentralization of being able to run a full node.
Shinobi: Well, I don’t think it would necessarily have to. I know a lot of people want… if we were to do something like that to increase the block size to counter that, but I would personally not support something like that. So effectively using ElGamal commitments would pretty much be… I think it would take more resources to validate things, but it would just be the same size blocks and then less actual transaction throughput possible with that if things were done the way I would hope they would be.
Stephan Livera: Right, and it may potentially be that if there’s enough people who use, say, Lightning that maybe the amount of block space required in some theoretical sense could come down and maybe then people would be, okay, comfortable to use ElGamal commitments, but maybe not now, but at some point in the future.
Shinobi: Yeah, potentially. Honestly, from my perspective, I would rather just leave CT out of the main chain and try to get as many privacy and fungibility improvements without it, and really see where that leaves us standing before a push to just try and shoehorn this into the chain, given that pretty much comes down to the fundamentals of the actual cryptography involved, and that it’s just a really big gray area in my opinion in terms of the downsides that can come along with it.
Stephan Livera: Oh, agreed. Yeah, I think I pretty much agree with you on this. But I suppose just to play the devil’s advocate role, what about the argument that say when you want to use Wasabi Wallet, the fact that confidential transactions might help in terms of improving the privacy that somebody gets by doing a CoinJoin compared to right now where there are certain problems and there’s a use of equal inputs, for example?
Shinobi: Yeah, that’s pretty much the main benefit of CT in my mind. It’s the fact that you don’t see the amounts, like you still have discreet outputs that you can identify as an individual output. But that solves most of the coordination problems with CoinJoins in terms of amounts because they’re all just outputs, now you don’t have to have the same amounts. And it would also help with things like identifying change outputs or just it would… it doesn’t completely get rid of the ability to distinguish individual outputs. It just destroys most of the statistical assumptions that chain analysis uses to identify transactional patterns in them.
Stephan Livera: Fantastic. Yeah, I liked the way you articulated that. And I think while we’re on this whole topic of block sizes as well, so obviously, on Twitter there’s been a little bit of a… I’d call it a slight push towards smaller blocks. But that may not necessarily be the best thing for bitcoin right now. But in your view, what’s driving this push?
Shinobi: Honestly, in my opinion, it’s really just thinking ahead to the future. Like if we take Luke-Jr’s figures right now, over the last year, we’ve seen the node count, including non-publicly reachable nodes go from 100,000 nodes down to like 55,000 nodes. And so that is a short-term statistical analysis of things. Although there are other potential explanations just like coinciding with the market moving to the high in December 2017 and down and so on. But really, I think that the biggest reason for this is just open access to validation. Because looking at the figures of bandwidth improvements and Moore’s law regarding CPU improvements, it’s somewhere around like 17% improvement year-over-year on the low end. And with bandwidth, it can be as much as 50 in well developed areas. But with decisions like this, I think the important thing is to always look at the low end.
Shinobi: And looking at that 17% improvement in less developed parts of the world based on Luke’s projections, I don’t have the exact years. I tried looking back for them in a Slack conversation I was having with him, but the logs roll over and delete things. But it was pretty much the resources required and the difficulty in doing the initial block download is going to continue getting worse and worse until the end of the 2020s. And it’s not going to in terms of assuming that these bandwidth improvements on the low end in Moore’s law continue, which they very well could wind up not keeping up with these projections, or something could happen with trade relations with China and just screw up the market dynamics that are driving tech improvements. We don’t know.
Shinobi: But assuming things go well and this growth keeps up with these projections, it will not get back to the relative difficulty of the IBD now, until like late 2040. And so I think at least my opinion on the logic here is trying to take that curve which is going to hit a peak and take a while to get back to now and bring it down, so that the less developed parts of the world will have the ability and the resources to access and validate things sooner.
Stephan Livera: Right, and I guess one thing to consider there is many enthusiasts in the community like to do the whole RaspiNode. There’s the RaspiBlitz and the RaspiBolt, for example. And do you believe there might be some kind of concern that maybe in 5, 10 years time could it be that you would not be able to run a full node off one of those low power devices?
Shinobi: Yeah, I do think that’s a very real concern. But on that note, at least in the developed parts of the world, I don’t think that’s necessarily an issue because I think by the time that starts becoming a problem, there will be more powerful devices of an equivalent price point that would be able to handle that. There’s already a lot of Raspberry Pi alternatives that are only like $20 or $30 more with a lot more computational power to them.
Stephan Livera: Right, right. And I think another key point here is to consider that it’s not just the block size itself, but also maintaining the UTXO set. Could you comment a little bit on that?
Shinobi: Yeah, I think a lot of people obsess over the block size as kind of the key variable in the scalability of the system and like that could not be more wrong or off point in my opinion. It’s the actual UTXO set, the collection of unspent outputs at the tip of the chain. And that has no direct size limitation. Like it only indirectly is throttled by the block size in the sense that you can only update or add to that UTXO set so much in each given block. And ultimately, you have to have that UTXO set to validate a block. Like you have to go through every single transaction in a block and make sure that each input is validly included in the UTXO set. And so it’s literally impossible to validate a block without having a valid copy of the UTXO set.
Shinobi: And this is really my big concern with talking about block size increases, is you’re talking about like for each increase of the block size, you’re talking about potential exponential increases in the rate at which that UTXO set can grow. And one of the hard realities I think that a lot of people have to accept here is that it’s not viable in the long-term for every individual person on this planet to have their own UTXO in the UTXO set. Like I do not think that that is an actual possibility without some huge, like new solutions developed. That’s just not practical.
Stephan Livera: Right, and I suppose you’re implying a little bit around channel factories then.
Shinobi: Yeah, one of the biggest potentials for channel factories I think is the ability to do something like a cold storage pool, where you could effectively have up to like 100 or something people put all of their money into one output, and then just have like pre-signed splice out transactions so that you could just pull your money out and put it somewhere else. And if this is being exclusively used for cold storage, people could just let money sit in something like that for quite a long time and still have like a web of splice outs that could be used if other people aren’t available or cooperating and pulling their own money.
Stephan Livera: Oh, fascinating. Yeah, and I think part of what’s driving some of this concern around the UTXO set is also the incentive to either further fragment, the UTXO set versus to condense that UTXO set. Can you just explain a little bit around that for the listeners?
Shinobi: Yeah, I think a lot of people forget this after the 2017 and 2018 with all of the nonsense surrounding the New York agreement that the UASF and then BCash afterwards is part of the whole rationale for how SegWit was structured in terms of the witness discount, where you pay less in fees for the actual signature data was to correct that kind of misincentive. Like you pay fees on the network based on the actual data size of a transaction. So if you take 10 transaction inputs and try to condense those into one output versus take one input and fragment those into like four or five outputs, you’re paying more for condensing outputs than you are for fragmenting them. And that kind of is an economic incentive to encourage always creating more UTXOs instead of condensing. And while SegWit doesn’t completely make those even costs, it brought down the disparity a lot. And that was a big part of the design rationale for how SegWit was implemented.
Stephan Livera: Right, and I suppose I’ll just explain for the listeners who maybe aren’t as aware on this. Essentially, one of the key drivers of the size of the transaction is the number of UTXOs that go into that transaction. And then obviously, the larger that transaction is in terms of kilobytes, that takes up more… obviously, Satoshi said, “You have to pay as a fee.” So I think what you’re getting at there is to help explain that if somebody were to take 10 different UTXOs and consolidate them, in some sense, they would be paying a bigger cost to spend those 10 UTXOs. But in doing so, they are helping condense the UTXO set, therefore helping reduce that tragedy of the commons problem into the overarching bitcoin blockchain that everyone has to maintain.
Shinobi: Yeah, exactly. And given the fact that the input is where the signature is, and a signature can be up to like 60 or more percent of a transaction size, like that is the biggest part of a transaction, and so that’s a huge disparity before the SegWit witness discount was introduced.
Stephan Livera: Fantastic. And I suppose the other thing to talk about when we’re talking about running nodes, what are your thoughts around plug-and-play nodes changing the game? So, for example, Casa has one, Nodl has one, Lightning in a Box, Samourai Dojo are coming out with one. What are your thoughts there?
Shinobi: I think that it’s a nice thing to have for the really non-technical users, like your parents, your grandparents, like people who, to be a little extreme in the example, can’t even figure out how to program the clock on the VCR.
Stephan Livera: Right, right. And the other component is also just right now with Lightning, so we don’t have Neutrino, which is BIP 157 and 158 in place. So for people to actually properly participate in Lightning main net, typically, they have to run a full node as well. So do you believe that will help change the game in terms of encouraging more full node use, or do you think that perhaps with Neutrino coming out on main net that people will opt for the Neutrino option rather than running a full node supporting their Lightning behavior?
Shinobi: I think honestly it will probably lead to less people using full nodes in the end of the day. Most of the rationale for Neutrino was mostly just a privacy improvement against bloom filters, which is the mechanism that SPV wallets used to use, or most still do true SPV wallets anyways. Ones that query random nodes to get your balances, which are a lot easier to actually break the assumptions that keep your balances private and identify which coins are yours. Because it’s pretty much the bloom filters, you have the filters and send them to the node, but you include a bunch of a pretty much dummy requests that are going to connect to coins that aren’t yours. Whereas Neutrino, you’re getting filters from a node and actually looking through on your local side to grab a whole block that you think has things relevant to you. So you’re not giving a full node anything they can really use to identify your coins except the potential that the blocks you’re querying have your coins in them. And that’s a pretty big set. It’s usually like 2,000 or 3000 transactions per block.
Stephan Livera: Right, okay. And I think the other thing just when we’re talking about block size and block weight, the other thing is there is only a limited capacity in terms of developer time and work. Is it really worth pushing for smaller blocks at this point in time versus pushing for things like Schnorr, Taproot, Graftroot?
Shinobi: Well, honestly, I very much would like to see smaller blocks, but I am not about to go run out and start encouraging software deployment if it’s clear that there is not consensus on something. Even as somebody who wants to see it happen, it’s pretty clear right now that there is not consensus on doing that. But as far as developer attention, I really don’t think it’s that much of an attention diversion if we were to do this. Like a block size decrease is not… it doesn’t really involve checking new cryptographic constructions or mathematical research to encourage the soundness of something. It’s just deploying software that would restrict the block size more. So if there were consensus, I really don’t think it would be that much of a significant brain drain away from other developments coming down the pipeline.
Stephan Livera: Okay, fair enough, fair enough. Do you have any thoughts around other benefits that you are keen to see coming out of Schnorr, Taproot, Graftroot, and potentially around aggregation of signatures?
Shinobi: Oh, yeah. I am really excited to see those just because of the fungibility improvements. With Schnorr, you’re not going to be able to tell opening and closing of a lightning channel as long as it happens cooperatively. Like you won’t be able to tell that coins being spent were part of a multisig address. Taproot and Graftroot, you can hide all of the other conditions to the point where if you don’t have to resort to them because of people not cooperating, then it’s just a normal transaction. That’s what the fungibility is all about, making everything look the same. And Graftroot especially, I am really excited about because that allows people to shoehorn in new spending conditions without actually moving coins to a new UTXO.
Shinobi: So I mean things like Graftroot, I am especially interested in seeing because I see a lot of potential there for solutions to a lot of problems in terms of coin ownership and people’s estates. Like we could see a lot of the problems in terms of giving coins to your inheritance or like pretty much every problem that exists right now in terms of leaving your coins to somebody else if something happens to you. I think Graftroot can really help build a lot of new interesting constructs for that without requiring you to actively keep moving your coins to lock them to a new script.
Stephan Livera: Right, and I think what you’re getting at there is that when you spend UTXOs, you can place a certain encumbrance upon them. And with Taproot and Graftroot and so on, you can start using more advanced forms of an encumbrance. Is that what you’re getting at there as well?
Shinobi: Well, yeah, both of them allow you to get more advanced. But the key differentiation between Taproot is like it’s… A Taproot script tree is kind of set in stone. So with taproot, if you wanted to change it, you would have to move to a new UTXO with a new script tree with different spending paths. But with Graftroot, like the whole difference is instead of a Merkle tree committing to the different paths, Graftroot is just the keys that the UTXO is at signing a new script. And then you keep that, and you can spend those coins now as long as you have the signature proving that the key that it’s encumbered to signed this new script. So with Graftroot, you can literally like… I can have coins that have been sitting there for like two years, and I can just get all the keys that it’s locked to and sign a new script and give it to you. And then you can spend them, those same coins that haven’t moved with that new script.
Stephan Livera: Right, so it helps. It’s a clever construction in that it enables less use of the blockchain. It enables, yes, less, movements in terms of UTXOs.
Shinobi: Exactly.
Stephan Livera: Fantastic. Okay, do you have any other thoughts on different approaches to scaling and the trade-offs that we will face?
Shinobi: Honestly, one of my biggest, I guess, disappointments in this space is the lack of interest in improving custodial solutions because it’s just a cold hard reality, unless you want to just keep increasing the block size, which will damage the decentralization of the underlying network, put the sustainability of the long-term fee market more and more into question. We’re going to have to make last mile trade-offs to actually transact the kind of volume that you do with normal retail use of something. And I don’t really have a problem in and of itself with custodial solutions. It’s the fact that nobody seems interested in engineering them in a way that preserves as much of those core properties of bitcoin as you can, like keeping user’s privacy, making it as difficult as possible for that custodian to pick out individual transactions and censor them based on who’s involved with them.
Shinobi: And I recently got into a huge shit fit about this tippin.me project on Twitter. And I’m really pissed off about it because you have people building custodial lightning solutions like this, and nobody seems to be interested in looking at building Chaumian eCash services, which is literally something that predates bitcoin by almost 30 years, which is a custodial solution where at a big scale, it’s pretty much impossible for the custodian to pick out and censor individual transactions. It’s almost impossible for the custodian to identify who is paying who. Like it’s a custodial solution that maintains that censorship resistance and that privacy. And it really pisses me off that people are willing to take the legal and the regulatory risks in building these custodial things that they can tie everything going on to individual users, but no one’s willing to take that exact same risk to build something that gives people censorship resistance or gives people privacy.
Stephan Livera: Interesting. Yeah, look, to be honest, I don’t know as much about Chaumian eCash servers. I’ll have to a bit more reading on that. But on the topic Lightening Network, custodial wallets, and so on, do you have a thought on whether it’s okay for people to do it so long as they leave a small amounts there and that they are swiping it out into their own node where they hold the keys, etc?
Shinobi: People are going to do what they’re going to do, but I don’t like custodial solutions that do not try to maintain some degree of privacy for their users. And it is perfectly possible to build custodial projects that do so, but everybody I see doing these things just keeps taking these shortcuts that frankly destroy their users’ privacy. So it’s like my issue isn’t with just them being a custodial thing, it’s how they’re going about building that custodial thing and the consequences it has for people’s privacy.
Stephan Livera: Right, okay. Yeah, look, honestly, it’s an area I’m not as knowledgeable about. I’ll have to go and read a little bit more into that. Okay, and one more topic I was keen to discuss with you, I know you’ve got a lot of thoughts on this is around sidechains. So let’s talk a little bit about where sidechains are useful, and where they might make sense, and scenarios where they maybe they don’t make sense or they are insecure. Can you tell us a little bit about that?
Shinobi: Well, most of my problems with sidechains are people trying to involve miners with them. I think that that inherently damages the network as a whole. And now let’s see how should I go about, I think we’ll start off with the notion of a Drivechain, like Paul Sztorc has been pushing. And frankly, I think that there’s two main ways that this damages bitcoin as a whole. The first is he is constantly claiming that the blind merge mining construct just magically gets rid of all mining centralization consequences. And I think that’s frankly bullshit. Like what the construct is, is pretty much you have a node that is not mining itself that produces a block for a sidechain, and then gives it to a miner and pays the miner most of those fees for the miner to commit to it and make it a valid block, and only keeps a small portion of those mining rewards for itself.
Shinobi: But the thing with mining is it’s going to keep drawing new miners online so long as there is a profit margin. And every time more miners come on, it raises everybody’s operating costs. So eventually, you get to a point where the profit margin for miners will tend to be razor thin. And you eventually get to a point where that small amount of fees that these Drivechain nodes are keeping for themselves, a miner can just run that Drivechain node themselves and keep that extra bit of fees. And it might be a very thin margin, but now that miner is more competitive than other miners. And they can bring more online, which raises everybody’s operating costs. And you eventually get to a point where you have to run these Drivechain nodes yourself as a mining operation or you’re not going to be competitive.
Shinobi: And so really, from everything I see, like this blind merge mining doesn’t actually solve the mining centralization aspects of merge mined sidechains. It just delays them until bitcoin has grown to such a huge size and stabilized and become a big important part of the global economy. And then they kick in full force.
Stephan Livera: Right, so it’s essentially like kicking the can down the road. Can you tell us a little bit around how is the problem here that it causes a centralization of the miners?
Shinobi: Yeah, because in order to mine, you have to be able to validate blocks to propose them. Otherwise, your rewards are invalid. And so if a miner wants to try and get that little extra bit of fees that a Drivechain node is keeping for themselves, they have to validate and construct all those blocks themselves. So the validation costs continue going up. And I think it’s like 256 Drivechains that can be spun up given the way that the whole blind merged mine construct is set up right now. Well, even if it’s only like something the same size as blocks right now, that adds up. And there’s no reason it has to be the same size as a block now on the main network, they can be way bigger. In fact, I would tend to think they would likely be way bigger because part of the whole rationale is kind of like more block space, being able to stuff more stuff in a chain and “not worry about mining centralization.”
Stephan Livera: Right, help me understand this here. Is it essentially that Drivechains and sidechains could potentially so-called suck away the fees from the main chain?
Shinobi: Yeah, that’s also another aspect. If Drivechains are deployed, they could be a lot bigger with a lot less fee pressure. And if you spin up a Drivechain and that starts being full, it starts being subjected to fee pressure, we’ll then we’ll go spin up another one and another one. And so not only does it create this dynamic of mining centralization in the long-term, it creates this dynamic where it’s going to start being like a relief valve to fee pressure on the main chain. And so it’s just, it starts to destabilize the whole mining ecosystem.
Shinobi: And to be clear on this one point, it’s all good and dandy that it doesn’t matter how big the block size is, like I can still run mining equipment somewhere. But if I have to go to you and use your node to make blocks that I’m going to be mining for, then it’s still centralizing the transaction selection aspect of it. And that’s really what’s most important. Like it doesn’t matter if all of the hardware ownership is super decentralized. If the nodes that they have to go to actually get blocks to mine for are very centralized and can start colluding or excluding transactions, then it starts to undermine the whole promise of censorship resistance.
Stephan Livera: Right, and I think also the point around helping a fee market develop. So, obviously, as we all know, in, say, 10 years time, the amount of block reward will be much, much less. And there is a need then, though the argument has been put forward that there needs to be a fee market, and if these Drivechains and sidechains can potentially suck away the fees, then that might also be another point against them.
Shinobi: Yeah, the way I look at second layers is they should be structured in a way that still require coordinating through the main chain. Otherwise, they start to undermine that fee revenue at that core layer, and then that starts destabilizing the whole system.
Stephan Livera: Fantastic. Yeah, it’s a really quite a technical subject and you really have to think clearly through these points. So thank you for that. Another area I was interested to get your thoughts on, and this comes more to the more trusted and federated models. So an example is obviously Liquid by Blockstream. In what scenarios does that make more sense than, say, these kind of other sidechains that we’re talking about just now?
Shinobi: Well, pretty much anywhere that you are already trusting a third party. I mean like Liquid’s whole design rationale is for quicker movement between different third parties. And I mean like to really drive to the core of the semantics, Liquid is really just a fancy multisig smart contract, where the Liquid blockchain is kind of the operations of the smart contract and the federators are the oracles ensuring that it’s functioning properly with how it interacts with the main chain. And so obviously, something like Liquid, I don’t think is ever going to be a way to have like general purpose censorship resistant transactions for general use. It’s a brilliant construct when it comes to taking an interaction with a third party and distributing it more, so that instead of just trusting a single third party, you have a quorum of them that are all aligned in a way where they’re incentivized to keep themselves in check. And so it’s a lot less likely that that third party can be coerced or collude to do something malicious.
Stephan Livera: How about now in terms of more ethical approaches to altcoins? So some of the discussion, and this comes up around should people start an altcoin if they’ve got this new technology that they want to test out? What is a more ethical way that these things can be tested potentially using sidechains?
Shinobi: Well, it’s like really people are going to start altcoins and it’s like that the incentive is just too strong to try and make your own money that you can benefit from by being in on the ground floor. But personally, I think that using like a bounty on something else, like a sidechain, a test network, so on, it would be effectively the same kind of thing. And I actually think superior in a lot of ways because if you deploy a live network and expect like if there are vulnerabilities, somebody is going to take advantage of them, steal money and go try to trade that off into something else or profit from it, like you can almost guarantee that the places they can go to trade that to other coins or cash that out, they’re going to sit there and go, “No, we’re going to try to stop this.” Like there’s a lot of gray area kind of leaving that open to be interpreted as a criminal act. Whereas just collecting a bounty that was legally set up for breaking something not used for financial use is like there is no gray area there, like you didn’t do anything illegal, like this was specifically set up for this purpose. You can collect this money and not have to worry about those potential legal issues.
Stephan Livera: Right, so it’s kind of like the equivalent of doing white hat hacking as opposed to black hat hacking, say, yeah. And you mentioned also this idea of using a proof of burn mechanism. So would the idea be that if somebody wants to test out a new form of technology, they would prove that they have burned a small amount of bitcoin to it to get the coins on the other side of that sidechain?
Shinobi: Yeah, I wouldn’t say I’m fond of that, but I think it’s more ethical than just creating a new shitcoin from scratch and trying to pump it up, because you actually have an opportunity cost there. You have to give something up that already has real value to gain something in this new construction as opposed to just like this thing just popped up is worth almost nothing, and you can just try to collect as much of it as possible to profit by dumping it on the head of the next person to come along.
Stephan Livera: Yeah, yeah. Now, I think that makes a lot of sense to me. And I suppose then to summarize the thoughts on some of the sidechains and Drivechains, it’s that there are certain models where you’re okay with trusting certain parties. So obviously, if I’m a large OTC trader, I have to trust the exchange. So I’m okay with that model of trusting that two-thirds of, say, the functionaries within Liquid will not cheat me. But obviously, going into that with open eyes, I know the risks that I’m taking. And I think that’s a trade-off that can make sense. But in the other example of, say, the more kind of open sidechain that still has mining, that’s an example where it doesn’t really necessarily make sense. Would that be a fair summary of what you’re putting forward there?
Shinobi: Yeah, and one more thing I have a big issue with in terms of Paul’s claims is he very regularly claims regarding Drivechains that we can just do this and only miners have to actually enforce these Drivechain rules and then it’s safe, or as safe as it can be. And that is objectively false because the entire restriction as far as miners pulling money out of a sidechain is a consensus rule, like that delay is a consensus rule.
Shinobi: And so if miners are the only ones enforcing that and none of the rest of the network or the economy or businesses are, then 51% of the miners can just instantly steal all the coins in a Drivechain, like there is no delay. There is no restriction because none of the other nodes are enforcing that. The miners can just steal that money and all of the other nodes in the network will instantly recognize that as valid. They won’t be stopped by a delay because only the other miners are enforcing it. And once you have a majority of miners willing to steal, they can just do it because none of the other parts of the network are going to recognize any kind of delay there.
Stephan Livera: Right, and they won’t stop them, just because of the construction of it. So whereas if 51% of the miners wanted to steal your coins, they couldn’t do that because they can’t get past the encumbrance that your private key places on that UTXO. Whereas in the Drivechain model, they can steal the coins.
Shinobi: And so like for Drivechains to have any of the security of the delay as far as withdrawals, the whole economy would have to be enforcing those rules, not just miners. Otherwise, there practically is no delay.
Stephan Livera: Fantastic. Yeah, look, this has been a very educational discussion. We’re getting close to the end of the time allocated. So, Shinobi, just if you’ve got any closing thoughts, and also obviously tell the listeners where they can find you and find Block Digest.
Shinobi: Yeah, really just a closing thoughts is I think one of the most important things about being in this space now this early is trying to think things through yourself. Like I see way too much in this ecosystem of people just latching on to big names in the space and just blindly regurgitating whatever kind of claims they make about things. And people should not be doing that in a space like this. You should be thinking things through for yourself. Even if that takes a while. Like I spent months before I actually supported SegWit. I spent more than a year actually looking through Lightning Network and thinking about that before I became convinced that that was a concept that can work and is worthwhile. Like these new projects and these kind of claims about how this system works that people throw out, you shouldn’t just blindly accept them. You should be thinking them through yourself. Otherwise, we’re just evolving towards that same kind of centralized system led by closed groups that we’re all trying to get away from. If we’re not going to try and do that, then what’s the point of all this?
Stephan Livera: Yeah, look, I think they’re good comments. I think people should pay attention to that and really try to learn a little bit more about these different concepts that you’ve helped articulate today. So, look, I think that’s pretty much it. I’ve really enjoyed the discussion. Thanks very much for coming on.
Shinobi: Mm-hmm (affirmative). And if you guys actually care to hear me rant about more things, me, my friend Janine and Rick do a biweekly show on YouTube called Block Digest. You can just find that searching on YouTube. And if you for some reason wander into my Twitter feed, be prepared for a very abrasive attitude.
Stephan Livera: Yeah, look, bitcoin has its characters. All right, listeners, I will make sure to put the links for Shinobi’s Twitter, and also Block Digest in the links. Thanks again for coming on.
Shinobi: Thanks for having me, Stephan. It was pretty fun.
Stephan Livera: So there you go. Let me know what you thought of that. Show notes on my website, stephanlivera.com. My DMs are open on Twitter. My handle is @stephanlivera. Remember to rate, review, and share. Thanks, guys. Chat soon.