Peter Todd: This Isn’t Based on Trust, This is Based on Math
In an exclusive interview with Binary District Journal, we talked with Peter Todd, contributor to Bitcoin Core. We discussed the Blockchain community and the gradual evolution of the industry surrounding the technology. The conversation also touched on digital currencies and the issues surrounding them, including that of privacy, which is promised by some emerging coins.
Todd is known for his unorthodox views on many issues in the cryptography space including ICOs, the use of digital currencies and centralisation. We spoke at length with Todd about these issues and beyond, on everything from Facebook’s (now relaxed) ban on crypto-related advertising to the potential for government-run cryptocurrencies.
On the Blockchain Community and Industry
Margarita: Where is the largest blockchain community?
Peter Todd: Well, I’m going to go out on a bit of a limb and define the blockchain community a little differently to what you’re thinking which is — who actually uses this tech? The biggest deployment of blockchain tech is certificate transparency. That’s what your web browser uses to be sure that the website you’re talking to is the website you think you’re talking to. Now, authors of certificate transparency seem to hate the term ‘blockchain’, but it is a chain of blocks.
The beautiful thing about that is that the community is enormous and they don’t even necessarily know that they’re part of that community. That’s kind of coming into normal crypto. It didn't even need the bitcoin/blockchain people to do that; it’s just part of crypto.
I think in the future we’re going to see much more understanding in the very very broad crypto-community of what blockchains are and what they’re useful for.
M: Where will the epicentre of development be?
PT: You have to ask ‘who would want to develop decentralised tech?’ I don't know that banks really care that much. Large companies probably don't care that much in most cases. Communities of people? Very frequently the interests align, so yeah it probably will be communities. They may get funding from large companies and so on, but will that be the main push? Probably not. That just hasn't been what we’ve seen for any of this tech.
M: Are there different physical communities?
PT: When you’re talking about physical communities, I tend to find that there aren't that many differences. Travel is so cheap these days, it doesn't actually matter very much where you live; it’s ‘can you get to the place you want to be to see the person you want to see?’ With the amount of money that many of us charge per hour for consulting, we don't really care that you might pay a thousand bucks on a flight and spend two nights in a hotel somewhere. It’s not necessarily such a big deal. What you really care about is, is this time efficient? Can you see someone in person and make use of that?
M: Is there a ‘blockchain industry’ right now?
PT: I think there’s an industry. Often, scammers use the term ‘blockchain’ to go and push things that don't really work and don’t really exist and so on. I think that’s a bit unfortunate because that kind of overshadows how chains of blocks are a useful cryptography technique.
At the same time, I think there’s a real, genuine industry of real companies solving real problem that are making use of this — which is another facet of cryptography. Like many things, a lot of the tech needed to use a blockchain has been around or in development for a very long time, but once you fit all the pieces together it sort of makes the leap from ‘in theory you can do this’ to ‘yes you can actually do this’. That’s where we’re seeing real applications making that final leap to deployable stuff.
M: Can you give an example of a real application of blockchain?
PT: Well, your best example is certificate transparency. It works, it’s used and it has made a very big impact to the certificate system. I mean, if you want to know how big its impact is, ask the likes of Symantec about how well their CA business is doing now that certificate transparency caught them committing fraud. Or, in fact, ask Let’s Encrypt users.
Let’s Encrypt was a model to encrypt the internet; that wasn’t really feasible until you could audit things sufficiently well to root out fraud. Now that you can, Let’s Encrypt can operate — that’s a huge advancement. Or, of course, ask the many different uses for, say, Bitcoin for paying people.
What Blockchain is Actually About
M: Can you give an example of a common misconception?
PT: I would actually say R3 is a bit of a hopeful example. They’ve taken a problem, which is fintech stuff, they’ve thrown in technology that is reasonably likely to work — has reasonable scaling properties and so on — and solved kind of boring problems.
Is this exciting? Not really — this is just better accounting. Better accounting can be very good; accounting itself is a good example where double entry accounting revolutionised business and the way it did it was by making trust a little less necessary.
The problem companies like R3 will run into is that currently, for many applications, we already trust each other fairly well so that type of fraud isn’t a big deal. That’s not always true — Let’s Encrypt is an example of where fraud was a big deal and, by getting it closer to zero, you can make a big revolution but that’s not going to be true in may cases.
Much of the blockchain hype comes from people making claims that just don't bear water or by making claims where you, in theory, get fraud down to zero in this very narrow threat model. There are much bigger issues to worry about. So, fixing that just isn’t going to fix this much bigger problem.
M: Can you explain what blockchain is exactly?
PT: I always go to the example that blockchain is a chain of blocks — it’s not that complex.
People who try to make it more complex than that tend to be trying to sell you something, including sometimes Bitcoins.
This whole ‘Bitcoin not blockchain’ thing ignores the fact that there’s a hell of a lot things that are databases and we want them to be better databases. Well, what’s a better database? Slap a blockchain on it.
You can nearly always make a database better by putting a blockchain on it for the simple fact that, if it has a blockchain on it, you and I can better audit it because we can know we can agree on the same thing.
If you look at a file system — older style file systems like FAT or ext2 or whatever — it wasn't really possible to say that this should be the state of the file system. Whereas things like Btrfs are based on blockchain-like hashes and I can say that, from this root of the state, let’s drill down and ensure that everything is the way that it should be.
That’s blockchain tech. It's not going to get called that, but it is ultimately blockchain tech and that adds a lot of value.
M: Is blockchain appealing to everyone?
PT: When you talk about PR, you have to think about your audience. If your audience is boring regulators who want to go and control the world, maybe you should talk about certificate transparency. Although, even they might get annoyed that it doesn't let them go and defraud people.
If you’re a government, you might not like certificate transparency because it means that you can no longer go and highjack websites. It’s a big problem if you’re, say, China and trying to do ‘man in the middle attacks’.
On the other hand, if you want something really out of the way, you could talk about how Bitcoin lets you donate money to the likes of Wikileaks. That’s not a popular thing amongst all of the political spectrum, but it certainly is to some. You could meet in the middle and point out how if I want to donate money to a planned parenthood organisation — in many countries that’s illegal, you’re supporting abortion or in other places you’re supporting not abortion; there’s just lots of political freedom issues with money.
In the same way, there’s lots of issues with freedom of speech. Many people want to attack freedom of speech and many people want to attack the freedom of speech of your money. Bitcoin and other currencies are potentially a big PR talking point there, but it’s not going to appeal to all audiences.
On Digital Currencies and Financial Privacy
M: Most countries have their own currency. Is it realistic to move to a digital currency?
PT: Basically all currencies are digital currencies — the ultimate ledger of truth in currency systems is nearly always digital. Maybe some terrible backwards country like North Korea might be keeping it all on paper but if you go to most places in the world, it’s going to be digital records. So most places have digital currencies already.
Equally, most places you can transfer money digitally. Cryptocurrency is not about being able to move money digitally, it’s about auditing. In the case of decentralised cryptocurrency, it’s about the ability to move money and audit it without permission.
But when you’re talking about a government currency, obviously there’s permission, a central authority and control — end of story. So the cryptocurrency part of it is about giving people better ability to audit what happened, audit what the supply is and audit what the transactions are.
In reality, a lot places don't really care about that. Does even the government of Canada care about giving people the ability to audit the money supply? Probably not as much as you’d think.
M: Is there an issue of digital money not being as convincing as cash for some people?
PT: When it comes to convincing, yeah, it might not be as convincing as cash in your pocket, but in future governments are trying to outlaw cash. The likes of Visa and MasterCard are trying to outlaw cash.
If you’re Visa or MasterCard, you have pretty strong incentive to try and get more people paying you money to do transactions. There’s lots of political troll incentives: one of the scariest consulting clients I ever had… I got contacted and they said ‘we want to do this cash replacement blockchain and every transaction, everything that you’re doing, literally the receipts should go on this blockchain’.
So if I was to buy a magazine off of you, which magazine I bought would be on this chain. If I buy a pack of condoms, that would go on that chain and be public. Also they wanted the ability to freeze money at will and move money at will. So if I did something that the government didn't like, I would get my accounts frozen and they can take that money at will. Of course, I ask ‘well that’s an interesting set of requirements, what country is this?’ and the client kind of ummed and ahhed and wouldn't really say because ‘…it’s part of an NDA’ and so on.
I finally got them to admit that it’s some f***ing dictatorship off in Africa somewhere. I’m sorry but when you’re asking for the ability to freeze people's money at will and have full surveillance of what they’re buying, obviously this is a dictatorship that wants full political control. It’s as simple as that.
I’m sure that Visa or MasterCard would love to waltz in there and provide that capability; things like Bitcoin are an attempt to provide an alternative to that.
M: How about financial privacy with basic income?
PT: With things like basic income, as an example, I had another client who, long story short, had a project in a Western country where they wanted a blockchain for welfare recipients. Their goal did happen to be full financial surveillance of what those welfare recipients were spending their money on.
But blockchain doesn’t inherently have to done this way. For that first purpose — giving money to people — you can create a blockchain tech that does not record what the transactions are, where they go and so on. In fact, scalable blockchain tech doesn't work that way. The reason why blockchains don't scale is because we give everyone all the data about everything.
Obviously if you improve on that, it will have better privacy against at least some threat model or some bad guy while also scaling better. It would be very easy for a government to say ‘alright, we respect financial privacy, we will create a blockchain where people have privacy’; that’s easy to do.
Why don’t they do this? Well, for the same reason that they’re trying to get encryption banned — it’s a control thing.
On Trust and Decentralisation
M: Does transparency mean trust?
PT: I wouldn't say that blockchains are necessarily a system where people trust each other — very frequently they are a system to allow people to not need to trust each other. When you send money on Bitcoin, I don't have to trust you. Through math and incentives, I know with high probability that I'm not going to have that money taken away from me. I know that the money you gave me was real. This isn’t based on trust, this is based on math.
M: In China, people refuse to talk about blockchain out of fear. Why is that?
PT: I’d beg the point that governments like China in part drive blockchain tech because they provide a use case; if all the government around the world were trustworthy, democratic and so on, we wouldn't necessarily need this stuff as much.
In fact, it’s always kind of funny because I’m from Canada — which I think has fairly stable politics, it respects freedoms and so on — and the people who I find understand the need for Bitcoin the least and are most against the idea of Bitcoin tend to be people involved in Canadian politics.
The reason is that they see the best kind of government — or one of the best governments — they see everything with the rosiest possible vision. From their point of view, it’s ‘why wouldn't you trust government to not surveil you, respect freedom of speech, get a warrant etc etc.?’ Their perspective is always from the positive side of ‘well, we’ve got to go stop the bad guys and the bad guys aren't the government — the bad guys are small time criminals’.
If you flip that around and think form the perspective of fascism, the bad guys are frequently the government, the authorities — it’s just a matter of perspective and where you happen to live. If you didn't have bad guys as authorities then you wouldn’t need this tech as much; we’d be able to trust other entities to protect our freedoms.
But because of governments like China and, unfortunately, Britain is moving in this direction, the US is moving in this direction, many places are moving in this direction. We can’t trust them, thus we need this tech.
M: Will blockchain be decentralised?
PT: The term ‘blockchain’ is too broad. I like the example of certificate transparency — some blockchains are going to be anything but decentralised, they’ll be very centralised and they’ll be about auditing centralised systems.
Other things will be very decentralised; it just depends on what you’re talking about exactly. In term of decentralised cryptocurrencies, chances are that it’s going to be mainly Bitcoin for a long time to come. Other things often don't have that. They have people who may be smart but not motivated for the right reasons — motivated by greed, for instance, so they may not have ethics involved. Some chains have none of this — no smart people working on them and no ethics. It just a big mix.
Equally, if Bitcoin wasn't on top in ten years that wouldn’t surprise me either. Ten years is a long time, surely someone could have come up with something better.
On Facebook Banning Cryptocurrency Ads
M: The next question is about cryptocurrencies and regulation, specifically Facebook banning cryptocurrency ads. Do you think that it’s going to have a real impact? Is Facebook doing better than most governments in this regard?
PT: From a freedom of speech point of view, I’m of mixed opinion on Facebook banning these advertisements. After all they’re from a private company and, from a freedom of speech point of view, you expect that they should be able to do what they want to do and so on.
We’re certainly taking away people’s avenue for advertising. But, from a very pragmatic point of view, what were those advertisements? They were advertising some scams, almost entirely.
For Facebook to prevent a whole bunch of scammers from reaching targets, that’ll probably help Bitcoin because part of the risk for Bitcoin is people getting defrauded by thing relating to it — things with the label of cryptocurrency or crypto. That creates a political opportunity for people who are against Bitcoin to attack it. The lesser that happens, the better it is for it. So, it’s certainly a positive thing for Bitcoin, it just may not be for the right reasons.
M: Do you think that it’s also, in a way, very political that a large company that has such a huge impact in society can make such a significant move?
PT: Well, the existence of Facebook itself is negative. We shouldn't have one company with so much control over people’s online experiences. But that’s kind of a separate topic. If you’re just narrowly taking about the impact on Bitcoin itself, it’ll probably be positive.
M: There is also talk of creating a form of social media on the blockchain. Do you think that’s all nonsense?
PT: Most of these attempts kind of are. You always have to ask the question: what exactly are you trying to prevent from happening and what are your actual goals? Not, ‘how can we do this with blockchain?’ That’s just backwards thinking. Completely backwards.
On the Harm of ICOs
M: There was an interesting statement of yours: ‘In case you’re wondering why people invest in ICOs, you have to keep in mind that we live in an era where people are eating laundry detergent because the packaging looks nice’.
PT: That’s actually a subtle statement because the people eating laundry detergent are making YouTube videos knowing damn well that what they’re doing is dangerous. These are reasonably intelligent teenagers, who know that they’re taking a risk and know that this is not a good idea, but think they’ll get away with it. I think that ICO investors know it’s a bad idea but they figure they get away with it. These are not naive investors getting duped into things. A hundred percent of the time, I think that there’s a big chunk of people who figure ‘yes this is bulls***, but I’ll get my money out before the next guy’.
M: In a way, cryptocurrency trading and ICOs are a lot like gambling.
PT: I wouldn't say that regulators should focus on that stuff. The schemes that are obviously fraudulent are not that interesting to regulate. The things where regulators can do more good by stepping in — I’m not saying that they should do this — I’m just saying that if they exist and they feel that their mandate is to prevent harm, the harm they should be preventing is not the obvious fraud — it’s things that are not obviously fraudulent. That’s where the actual harm is.
Someone like Emin Gün Sirer is more harmful to this industry than ICOs are. Even the most fraudulent ones. Emin fools intelligent people, who would otherwise spend their money in good ways. An ICO that’s like a Ponzi ICO, so what if it’s technically illegal only idiots who know they’re going to lose money or know that they’re technically gambling are going to lose money on that.
That’s not such a bad thing. In society, we let people do dumb things. Like I do cave exploration. Cave exploration is f***ing dangerous, I could easily get myself killed doing this; it’s not a smart idea. But, I’m not going to argue that people shouldn’t be allowed to explore caves. It’s their choice. It’s their life.
Centralisation Fixes Everything and Proves Nothing
M: On the topic of proof of stake and centralisation, you recently said that ‘centralisation fixes everything and proves nothing’.
PT: Like a lot of proof of stake systems, because proof of stake is broken in many ways, particularly non-Slasher type stuff just sign to the next block, you can easily fix it with centralisation. Just go and pick amongst each chain which is the right one. That’s a trivial thing. But, of course, when centralisation breaks, the whole thing breaks down.
IOTA being a funny example — they’re sort of proof of stake-ish but not in the traditional sort of way — they have a coordinator and the coordinator is controlled by IOTA; when the coordinator goes down, all of IOTA goes down. It’s very easy for IOTA to make things appear to work by having a central point authority.
Much the same way as it’s very easy for PayPal to make PayPal look like it works by having a central authority. A lot of the more honest proof of stake schemes, freely admit that they don't have solutions to certain types of failures. Where people do not sign one history, they sign more than one because that’s to their advantage.
Well, how do you fix that? You get a centralised authority or you just hand wave and say ‘somehow, people will come to consensus’.
The Struggle for Talent is Real
M: Do you think that there’s a lack of talent in cryptography or blockchain?
PT: Absolutely yeah. It’s very difficult to hire qualified people. The problem here is that traditional cryptography education isn't quite the right thing to learn to understand Applied Cryptography and blockchain tech. The hard part in these systems is not the math; the math is actually very simple. The hard part is how to you make the math solve an actual human problem. This is a very different skill set than solving the math itself.
M: What do you need to have then? Social sciences?
PT: It’s a hard thing to nail down because it sort of varies problem to problem. It sort of just a general be wise and smart thing. Like, have some real world experience. It’s like asking, ‘what are the skills for a butler?’ It’s really difficult to nail down what exactly they do once you get past the obvious stuff. The soft skills, if you will, that make the difference between a good butler and bad butler, are very difficult to nail down. It’s quite difficult to teach as a lot of it comes from experience and if you don't have it, you do a terrible job at it.
M: Do you think that current blockchain projects will continue to struggle for developers or maybe even attempt to poach them?
PT: Absolutely they’re going to struggle, because there just aren't that many people who understand this stuff and we’ve found it very difficult to teach people these skills.
M: Why is it difficult?
PT: Because it’s just so ill-defined. It’s not like you can just give them a test and say, ‘here are these five things that you need to know’. In fact, I’ll also make the point that this isn’t all that different from other entities.
When I was at university for physics, the theoretical math courses were very difficult for most students to get through. It’s extremely difficult to teach them how to understand how to solve a novel maths problem. You could cram the test and you could memorise answers, which was bit of a problem in itself because there aren't that many questions you can ask.
Teachers have a hard time coming up with questions for these types of maths problems because you’re proving new things and there’s only so many things you can prove at that level of experience. So, teaching people to do this from scratch is just very difficult. You throw a bunch of problems at them and hope they somehow learn this and no one quite knows the answer to this.
On Sidechains, CoinDesk and Zcash
M: On sidechains, there was some criticism of an article published on Coindesk entitled ‘The Sidechains Breakthrough that Almost Everyone at Bitcoin Missed’.
PT: That’s such a terrible article. For starters, the breakthrough has been talked about for years. What it essentially is, is a way of proving, with a small amount of data, that a large amount of work had been done on a chain. Various ways of doing this have been come up with before.
The particular improvement that was mentioned in that article was just one of many different variations of it. The bigger issue is what that actually does is interesting without solving the bigger problem of sidechains and merge-mined sidechains in general; they are relying on trusting miners. They are saying to the host blockchain that, ‘because a lot of miners say so, this thing is true’.
Well, of course, if that's the way it works, you can just go and steal money. A bunch of miners say, ‘it’s true that we own all the money on the sidechain’ and the host chain has no way of verifying that. It’s based on hashing powers, it’s not based on the truth of the statement.
That means that majority of miners can steal money. That’s not a good position to be in. It creates really ugly incentive for people to get access to hashing power — so they can take money from sidechains. That’s just dangerous in so many ways. And, to make that bad idea a little bit more efficient is not really much of an improvement. It’s kind of cool; it’s a bit of interesting math, but it’s not an improvement.
M: Do you think that this misconception comes from a lack of education on the part of the journalist?
PT: You have to understand that things like Coindesk, they do not have the money to hire experts. They do not have the time to do proper research. I know journalists in the space and they constantly claim that they’re forced to do work on very short deadline and they just do not have the ability to do proper research.
On top of this, often the editor changes what they write anyway to better the suit the narrative that the institution is trying to push. Coindesk is an example. They make their money not from the journalism but from running conferences. The conferences are filled with scams, so Coindesk is not going to want to be in a position where they get too critical about everything.
M: Have you attended Consensus?
PT: Yeah and Consensus is exactly the problem. Consensus makes money from having a ton of people at Consensus — a ton of projects — and how you do that is by letting in a ton of scams.
M: You retweeted that ‘it turns out that the canonical ZKCP example transaction (pay for Sudoku solution) was subtly broken, but the idea can be fixed fairly easily’.
PT: This was actually something related to Zcash. So what that is, is that in Zcash there’s this thing called the common reference string which is essentially some data that needs to have been destroyed. Then everyone making proofs in the Zcash system, they’re making proofs that depend on something extracted from that data. So the data that needs to be destroyed is kind of like a private key and what they’re making proofs against is the public key. If that private key isn't destroyed, you can fake the proofs.
On top of this, you can de-anonymise existing Zcash transactions. Now the ZKCP example — that’s the ‘pay for sudoku’ solution — that was broken because the authors of it didn’t realise that, with a broken common reference string, you could de-anonymise the transaction. Long story short, it let’s you break that protocol.
Now Zcash, their multi-party computation shouldn't be vulnerable to this, but we don’t know if the checks needed to fix this problem are actually done. The only way you can figure that out is by very careful auditing the whole process by which the multi-party computation was done — and no one’s done that yet.
M: In relation to that, are there any questions that you would ask Zooko?
PT: What would be good would be to get solid answers from him on: How this is being audited? Who has actually audited this stuff? How do they know that the multi-party computation actually progressed the way they thought it was? How do they know that the deterministic builds did what they thought they did? After all, there were parts of that that weren't deterministic builds.
For example, the software in that software we all ran was not determinist built. You could also ask him, well, what he actually claims to be this multi-party computation or not? Also ask him: How is Zcash going to scale? That’s a really interesting question because Zcash already has scalability problems. Those are probably good ones. You could also ask him, for instance, where all the Zcash founder’s reward money is going. I mean, a bunch of it is going to Roger Veer. That's a problem.
Glitter Nail Polish and High Resolution Pictures
M: Last question. Potential blockchain use-cases — glitter nail polish and high resolution pictures?
PT: Oh yeah, that one is kind of fun. That’s one of these kind of complex blockchain use cases which at the ground of it is actually quite simple. Imagine if I’m a manufacturer of equipment and I want to convince you that the equipment that you got wasn't selectively backdoored.
That I haven't given you a special phone, say, with a microphone in it or some modification that will surveil you or break your security or whatever. So, what I really want to convince you of is that the device I shipped you was manufactured just like any other device.
One way I can do this is by proving to you that the actual device that I gave you is one that I made prior to when you created the order. So the physical box you get exists in untampered form prior to when you created you order and was selected at random from the inventory. And I can actually do this with the blockchain. So I create a blockchain committing in advance to all my inventory and I make it tamper resistant.
Glitter nail polish is just one way to make something tamper resistant, it makes it very difficult to replicate a box and take it apart and reseal it. Then you pick at random which of those boxes you want me to ship to you and you know that the boxes were sealed prior to when you even made an order.
That’s actually a very secure way of doing it. When you’ve done all that, you’re just as likely to get a box from the pile as anyone else. Thus, I’d have to backdoor everyone system, not just you.
M: Is this similar to the authenticity?
PT: It’s a bit more complicated than authenticity. It partially related to authenticity, but it also ensuring that what I shipped to you is randomly picked rather than being a special unit just for you. Like the NSA is an example, they backdoored Cisco networking gear by intercepting it in transit. So tamper resistant packaging helps solve this. Cisco at the time wasn’t using tamper resistant packaging, so the NSA could just cut up the boxes, take the routers out, put a backdoor in them, put them back in the boxes and ship them.
But this is solving the next problem which is, even if the NSA are working with Cisco, you want to make sure that they can’t just selectively backdoor a box just for a particular customer. That would force them to backdoor everyone boxes and that makes it more detectable — there’s just more people with a box with a backdoor and there’s just more of a chance of finding it.
M: How does the high resolution picture play into this?
PT: Well glitter nail polish is just one way of making something tamper resistant. Once you’ve put it on there, it’s very difficult to recreate the exact shape of all the glitter particles and the high resolution photos mean that you can compare what was sealed to what were actually shipped.
Imagine if you want to recreate some glitter nail polish. You’re going to have to sit there with glitter particle and carefully manipulate every single one to just the right position. It’s a very very hard task. It takes a lot of time and makes it harder for the attacker.
You could easily have a million particles covering a box, are they going to put a million particles back in the right place? They could in theory, but that’s going to take them a while.
When Peter Todd talks, people listen. He is known for his contributions to Bitcoin Core and for being an authority on security issues surrounding cryptocurrencies. Todd is also focussed on research and educational aspects of blockchain technology and is classed as an independent applied cryptography consultant. He maintains the python-bitcoinlib and the OpenTimestamps projects.
As a person, Todd combines the best of both the arts and sciences. He has an all round education, including a fine arts degree as well as experience working for a geophysics startup where he worked on analog electronics design. Todd’s views on scalability of Bitcoin have been reported widely and his thoughts on the future of cryptocurrencies in general are often the subject of much debate and discussion. You could say that, where some only see the code, Todd is also focused on the bigger picture.
Illustrations by Kseniya Forbender
To contact the editor responsible for this story:
Margarita Khartanovich at [email protected]