hello and welcome to the bitcoin dad pod this is an interview with og bitcoiner peter todd
peter is well known as the creator of open timestamps a protocol to establish document
validity by committing hashes of documentaries into bitcoin op return transactions he also
provides feedback and criticism on bitcoin improvement proposals and is generally considered
a critical voice in the space for technical changes to bitcoin i've spoken twice with paul
storks the creator of the drive chain concept a second layer scaling solution for bitcoin that
anchors the bitcoin market and the bitcoin market itself and i've spoken twice with paul storks
to the bitcoin blockchain and attempts to create a two-way peg between bitcoin and a drive chain
paul recently created a company layer 2 labs to promote the drive chain ideas and one promotion
he did was to ask peter todd to write a critique of drive chains i ran into peter todd at the
adopting bitcoin conference and i thought it would be a great opportunity to get his personal
feedback based on the paper he wrote for paul since we haven't had
a contrary view to drive chains on the pod i think this should be really interesting
i am here with peter todd og bitcoiner professional contrarian maybe i don't know i'm just inventing
titles for you you recently published a really interesting piece on drive chains and in just a
little context paul storks told me that he was going to pay you for an article to get you to
look at it and he thought that this might change your mind about the drive chain idea and i'm
the feasibility of drive pains did it do that well it changed my mind for the worst i thought
it was even less feasible than i did before i started writing the article let's get into it
i think the story kind of begins with the block stream side chains paper yep and when was that
published that would have been what 2014 2015 like pretty early i mean it's quite a bit before
segwit too okay so side chains are an old idea well and i should point out block stream side
chains was
a
a modification of an even older idea and what was the original idea well so when you say side
chains sorry block stream side chains what you actually should be saying is block streams
pegged side chains idea so that the side chain could have the same currency as bitcoin
side chains itself dates back all the way to like 2010 with namecoin right and that was always the
holy grail the two-way pegged side chain so that you could enter the side chain sending bitcoin
into the side chain and then sending side chain coin out
into bitcoin notably without uh involving changes to the bitcoin consensus protocol
obviously if you change the bitcoin consensus protocol and just add the side chain consensus
this is a trivial thing but doing that without that change that's where things get very difficult
was that change imagined to be a general change so that multiple side chains could be spun up in
a two-way pegged situation if you change the bitcoin protocol and really make the side chain
part of the protocol it's very easy to go send money back and forth because you've really done
a block size increase essentially with some different way of doing it so that you can
get the same amount of money back so that you can get the same amount of money back so that you can
get the same amount of money back so that you can get the same amount of money back so that you can
different rules the very very hard parts figuring how do you have coins associated with something
whose rules are not validated in bitcoin and the goal there is you don't want to add more data to
the main chain than the side chain provides in scaling and you also don't want consensus problems
on the side chain transmitting to bitcoin and breaking things and complexity etc and there's
also um definitely motivation in terms of feasibility i mean if you can make this somehow
work people can make their own changes to their own processes and they can make their own changes
protocols and yet still have the same security as bitcoin whereas if you can't make this two-way
peg work then the only way to go and you know make new protocol ideas that are mined with bitcoin
hash power and also two-way peg is to really just apply them to bitcoin itself and of course as we
know changing bitcoin is a long and involved process and so i think this describes the
motivation for side chains because we have a way to anchor another protocol to bitcoin you bootstrap
chain user base because the existing bitcoin user base can interact with it and you can have
whatever you want on the side chain big blocks fast transactions whatever and i should note that
the anchoring part is relatively easy depending on what you're trying to go do you know really
trivial example is my own open timestamps project which sort of you kind of roughly say it anchors
you know timestamps to bitcoin but the way that math works is it's totally trivial because there's
no need to have consensus over money right you're just creating a math proof
similarly the somewhat more involved example is like rgb which wants to allow other tokens other
currencies etc anchored to bitcoin so that bitcoin is keeping the accounting of them secure and while
the math of that is a little harder it's relatively easy project and it's the kind of thing that people
can just do without permission they don't need to change bitcoin to allow this to happen they can
just do what they want have their own rules and then have those rules validated by um people
running the central equivalent to like bitcoin full nodes but this doesn't give you
a two-way pay definitely not this is very useful for something like tether right which has its own
currency but it doesn't directly let you go and move bitcoin around at least not without much more
advanced mathematical techniques like zero knowledge proofs and so we come back to the
block stream side chains paper and you point out in your article about paul storks's drive
chain proposal that actually there were two elements to the block stream side chain there
was both escarole so the ability to send bitcoin into an address and the ability to send it to an
address that is escrowed while it's on the side chain and then withdraw from that address when
side chain coins are sent back into bitcoin but also a fraud proof so why do we also need a fraud
proof well the fraud proof is so that the escrow isn't just blind trust in particular the term
block stream came up with to describe this type of escrow is a dynamic multi-membership system
based on proof of work and what that really means is we just trust miners go hold the money and in
that model if miners want to go spend that money they're going to have to go hold the money and
money in a way that maybe the you know quote unquote owners of the money you don't want
they're screwed there's nothing they can do about it the idea with fraud proofs is that somehow you
would create a system where you could prove that a transfer was fraudulent and frankly block stream
just hand waved around this they kind of said well fraud proofs would be good we're not sure how to
actually do this yet but we should do more research and figure out how to make that happen
what i'm told from block stream insiders who are around at this time is they thought this would be
an easy thing to do or at least feasible and it turned out to be basically impossible so they gave
up on the idea of merge mine side chains and that's why block stream liquid is a clear trusted
centralized federation when i looked into liquid there are surprising details that i think hint
at the desire for something like a fraud proof because there's a subset of the federation that
can withdraw bitcoin out of the block stream multi-sig address on the bitcoin block chain
but they can also only withdraw to specific addresses and they include hardware well hsms
i gotta point out though like like what you're describing there's not actually something
directly enforced in bitcoin all right there's no mechanism in bitcoin that prevents the members of
the escrow from doing what they want with that money where the security feature comes in is
block stream building in hsm solutions or at least claiming they do i mean there's no way for us
external to actually verify any of this is done but that's what they claim they did right because
an open source hsm is a contradiction well i mean it's not even that it's just it's impossible to
know what other people what other hard
where other people are running without trusting someone else to go tell you if i were in block
streams case or if i was any of the signatory you know escrow agents in the liquid side chain
absolutely i would want to be running this kind of hardware because i don't want to be in a position
where i can steal money you know that's actually a very dangerous thing to do because someone who
hacks you can go do that so i'm sure they've done what they can to avoid this problem but
fundamentally it is a different trust model in bitcoin yeah exactly what i'm describing is
there's additional complexity that they've designed to overcome the
weaknesses of this model yes and i think the key thing to say is all of this additional complexity
all this additional security that is implemented in trusted hardware and drive chains in theory
want to have a different trust model and the trust model revolves around minor hash rate escrow and
instead of a fraud proof or a complicated non-consensus hardware security module there's
a concept of delaying withdrawals from the side chain well i got
a point i mean the delaying thing isn't the fundamental idea here fundamental idea here is
that rather than put money in an address that any one miner could take you require many different
blocks to approve of a particular withdrawal you know one way to talk about is its minor vote it's
not that one miner can steal from the side chain it's that miners would need to collaborate not
necessarily okay do go on that seems like a big problem well it depends on how big the when you
what what we really are talking about here is it's not that anyone who can create a block
can withdraw it's that over a certain period of time at least a certain amount of hash power
has to agree the problem is when you say something like one minor this isn't necessarily true right
because we're talking in a world of mining pools yeah and you know a good example here is given
that there are two mining pools that collectively have 51 of the hash power i mean to be exact
things like 60 system if drive chains existed now those two mining pools would have been
could do whatever they wanted with money tied up in drive chains and how long would it take for 60
percent of the hash rate to drain a drive pain paul stark's proposal um that would be that they
could go do this after i think it would work to be like yeah three months or six months i think it
was six um in total i see but you know something like that it's a couple months anyway and so this
was a known issue with the drive chain proposal which is outlined in bips 300 and 301 what is
paul's
refute or like what is his argument how does how does he handle this or is that not even
the argument that actually to be honest i was a little misled by was this idea that there would
be blind merge mining and my conception of how drive chains worked until i actually looked into
it more carefully was the blind merge mining was a mechanism why people could go pay money you know
in terms of transaction fees to influence how the drive chains operated and paul's drive change
proposal does have blind
merge mining but where i was wrong or my understanding was wrong was i assumed that the
blind merge mining would also be related to the voting and it turns out that's not true you know
drive chains is purely a minor hash power vote there's no mechanism to influence it other than
by being you know by having control of hash power and that's just it and i think paul's
refutation is basically saying well i mean obviously minors would go do the right thing
they have other incentives at play here they have reputation you know they have potential fee
revenue but you know my argument there is that if you're not doing the right thing then you're not
doing the right thing you're not doing the right thing and i'm not doing the right thing and i'm not
doing the right thing and i'm not doing the right thing you know that's your bottom line
um i think it's just kind of the fact that takes a lot of time it's a mind Argentina obviously
argument there is not so much that those statements are clearly wrong it's that in environments where
any of this is happening and drive chains are actually working mining has to either be very
centralized or you know it's likely that drive chains will fail in nasty ways in which case the
drama of this failure will cause problems in bitcoin itself and when you say for this to work
mining would have to be very centralized are you imagining a single huge mining pool and they're
too corporate and don't want to be like sued by the drive chain developers or something like that
yeah i mean that's the kind of scenario you need for drive chains to reliably work on the other
hand if you look at the other possible scenario where there's a lot of different mining pools out
there they aren't necessarily all run competently from bitcoin's point of view that's totally fine
like it's great if there's you know a thousand mining pools and like if not all of them are run
competently it doesn't actually matter for bitcoin because bitcoin's incentives are extremely strong
and bitcoin works very well
even if you know mining pools don't necessarily cooperate with each other and so on the problem
is in that scenario it's likely that drive chains will suffer all kinds of issues first and foremost
being getting your money out because miners have to approve of a drive chain withdrawal and there's
no other mechanism if they were implanted tomorrow i'd say the most likely failure mode would actually
be people's money would get stuck and the price of the coin on drive chain would become decoupled
from bitcoin and start crashing because people realize oh shoot there is no way i could get my
money out
paul has
made the argument that drive chains through blind merge mining could be a massive source of miner
revenue because a drive chain would likely want so there would be a drive chain transaction in
every block and the fee revenue for this would create a long-term incentive for miners to keep
the chain yeah i'd say that's clearly false and the problem is that drive chains have no ability
to have a block size limit without a block size limit there's no reason to pay other
than trivial fees you know there's just no mechanism without block size limits for fees to
actually amount to anything and that's what we see on other coins you know other coins that are not
running into block size limits just don't have not you know anything beyond trivial fees that's
exactly what would happen and unfortunately there's until you had a block size limit to drive chains
i don't see a way around that and i don't think paul has articulated a way around that other
otherwise other than saying well obviously miners would get together and say the fee revenue has to
be high right it was set high transaction rate and then they would have to pay for it and then they
would have to pay for the transaction fees but that's assuming a cartel right the only way to
artificially increase transaction fees in the absence of a of a fixed limit on block size is
by getting a cartel together and saying yeah we're not going to allow miners to undercut us i guess
another aspect of the drive chain fee conversation is that if blind merge mining was merged as well
as the drive chain bit then i could run a bitcoin node and i could run a drive chain node and i
could be a quote-unquote drive chain node and i could be a quote-unquote drive chain node and i
by constructing drive chain blocks and then offering that block through whatever mechanism
as a bitcoin transaction to miners and giving them a fee to mine that block so i would be a
drive chain miner paying bitcoin miners to mine yeah it doesn't work that way um in fact it works
the opposite way so assuming for sake of arguments that somehow there is significant fee revenue
what actually happens is opposite where you have a real cash flow problem if you're trying to be a
drive chain miner a blind drive chain miner because you're trying to be a drive chain miner
because you get this money coming in in the form of drive chain fees which is not the same thing as
bitcoin and you now have to go pay out bitcoin fees you need a big war chest of money be able
to go do this you as a small entity will never be able to go pull this off because you're going to
lock up your money for a very long period of time without any any reason to think you know any
guarantees that you'll ever get it back i guess what i'm thinking is i i see that issue obviously
because the withdrawal from the drive chain is uncertain because under paul's proposal you need
miners to all out of the drive chain because you're going to lock up your money for a very long period of time
the withdrawal transaction and it takes three months but what i'm getting at is wouldn't the
bitcoin mining pool be the natural producer of drive chain blocks well now we have a centralization
problem all over again right because why do they have to share the drive chain coins with me
in exchange for bitcoin they can just take the drive chain coins yeah honestly i think the blind
merge mining thing was just kind of an add-on paul made to try to make it a more plattable idea
like i don't think there's any reason to think it will actually work
it makes much more sense for mining pools to directly mine drive chains but in that environment
you're really forcing mining pools to install a ton more software to use a lot more bandwidth
to you know use a lot more disk space and i think the key thing being to get themselves involved in
a lot more complexity and that adds a lot of overhead every single new piece of software
you have to install and manage is expensive and that's more centralization of mining
absolutely you know we would really we're working very hard
to make it possible to have decentralized mining pools apparently luke jr is uh working on this
i might have maybe said a little more than i should have but uh i've heard that those rumors
and uh there's something called braid pool um which exists there's also p2 pool um which for
technical reasons doesn't work very well right now although i personally used to use p2 pool
back when i was mining bitcoin and these ideas work quite well i mean you run a bitcoin node
you install this extra piece of software which isn't very hard you point your hash power at it
and you are actually acting
as an agent of a mining pool directly you are the one constructing blocks and if you get lucky
your block is found it really was your block and this enormously decentralizes block production
it's extremely good thing to have it will avoid a lot of issues issues around censorship aml kyc
and bitcoin etc but that's completely incompatible with drive chains because it's already hard enough
to convince people to run one piece of software let alone you know 50 there's no way i in my
i in my basement with a relatively small hash power operation
am i going to make money off drive chains it's just not going to happen but if drive chains are
big and are profitable i will kind of be forced to because it's the only way i can compete with other
other miners i think you've articulated quite well the sort of fee issue of a quote-unquote
drive chain miner who receives drive chain fees and has to pay out bitcoin to mine blocks and
that this would logically create a low price for this drive chain token because it it might be
uncertain when or if you could convert it to a drive chain token
to bitcoin but what if the drive chain token actually did have value such that it was
significant enough for a a miner to be interested in well then we're not talking about a drive chain
anymore we're talking about a thing with a separate token i guess what i'm getting at
is all pointed out to me that litecoin and other bitcoin fort and are being merged mine even now
and there have even been cases when a bug in this sort of merged mine chain software
with uh with a block template and you know and basically a mining pool lost out on a on a block
subsidy a block reward and so what i'm wondering is if there is any economic value on the drive
chain is mev also a concern on top of all of these other things or is that just a small potatoes for
the audience uh you're talking about minor extractable value and the fact is i mean that's
that is a a concern regardless of uh drive changer you know merge mining so on but fortunately in
there really haven't been very many opportunities for mev because the sort of protocols that create
those opportunities for the most part don't exist on bitcoin there are some small exceptions but
they're pretty insignificant at this point and we've been careful to avoid creating those
incentives in bitcoin mev is a bad thing we you know you do not want mev to exist that causes
endless problems in ethereum and bitcoin we want to avoid that now that's not to say it's impossible
for people to go create these problems but you know this is why you go and argue that hey you
drive chains aren't a good idea you know certain types of exchanges on top of bitcoin aren't a good
idea etc and you just avoid creating environments where it becomes a bigger problem it sounds like
you've looked deeper into drive chains found more to be concerned about well i mean you know i got
to point out too i mean as part of his article i looked deep into enough to go find some really
stupid cryptographic mistakes too you know the particular way that blind merge mining works
is actually kind of busted it may not be worth getting into in this this discussion but you know
i was actually quite surprised to see the um particular you know these kinds of mistakes
getting made and you know i wrote that up on my blog post but i think the fact that i seem to be
the first person to notice this really says that very few competent people have ever bothered
looking at drive chains i think people kind of read the summary and say yeah that's that's a silly
idea you know and then they go work on something more important i appreciate the summary of your
research into drive chains it sounds like paul is probably not going to be contracting you for more
time i guess i was personally interested in the concept you know in a sort of naive way because
there is this idea of scaling bitcoin somehow somehow taking transaction taking data moving
it off chain and somehow anchoring it the goal of drive chains is something that lots of people want
the problem is drive changes don't work and you know there's lots of ideas we've had that we would
really like to go work and then someone goes and point some holes in it and we realize yeah that
isn't possible you know i personally i mean i had my own um idea that was in competition with
fidelity bonded banking and lightning is just endlessly better than my idea so yeah nobody's
using my idea and that's fine lightning was just better in order to avoid this conversation being a
total downer do you have any sense of where scaling is going to come from or what projects
currently seem more of investigating and lightning and rgb those are the two main approaches that get
really good scaling as part of what you know where i say lightning i'm also talking about extensions
to lightning
such as arc is you know a recent one that's come out um you know you get all kinds of things like
channel factories coin pools etc etc maybe the way i could go put it is lightning's approach is to say
let's go use justice to prevent people from doing something bad and there's many many different
variants of that idea and then the rgb approach is saying let's go have people who actually want
to go and validate a coin for themselves validate the coin for themselves and you kind of call it
difference between active
security and passive security active security like lightning where you go do something in response to
someone doing something bad so that that never happens in the first place and passive security
where you go and validate and you get yourself in a position where you know that this math proof if
you will was true and the only trick there was scaling is figuring out how to split up the math
proofs and that potentially um with zero knowledge proofs can go very very far you know we may be in
a position in the future where we can extend zero knowledge proofs to bitcoin itself and that would
allow you to split up the consensus so that not everyone would have to validate the whole consensus
rather i could go and prove to you that a coin i had without proving to you the full data is actually
real and in that environment well block size can be a lot bigger i see because you've moved data
off chain there's just a proof i haven't really moved it off chain what i've done is i've changed
the meaning of what on chain means right like right now to validate a bitcoin block you have
to have the whole thing with certain types of zero knowledge proofs we can go modify that
and potentially get to the point where
you can go and validate the whole data and then you can go and validate the whole data and then you
you're only having to validate part of the chain and then collectively we validate the whole thing
is this the sort of scheme that is driving something like utrixo uh i wouldn't say directly
i think utrixo is doing something a lot simpler and less ambitious than what i described but you
know some of these techniques have overlap certainly like utrixo has the idea of applying
merkle trees to consensus and a lot of the stuff i just described that is part of how it would work
but i don't think there's there's a strong overlap you know like this more of a spiritual connection
well i really appreciate your thoughts on these questions and is there anything you'd like to say
anything you'd like to point people to well i think the number one thing i'd say to people and
i'm surprised at how many people haven't taken this advice is actually download a lightning
wallet and try it you know there's a lot of bitcoiners who go endlessly theorize about the
stuff but never actually use lightning what's your favorite bitcoin wallet phoenix is the most
obvious one i think these days um it's straightforward it works very well you know has good routing and
it's non-custodial with phoenix you are actually on your phone having a real lightning channel and
you do hold those coins so yeah certainly if you haven't already try phoenix well great advice from
peter todd actually we've been looking for a lightning wallet to sort of without nuance
recommend and that sounds like the correct choice phoenix is great option well thank you so much
peter i really appreciate your time thanks for having me on i hope you enjoyed that interview
if you have any questions please feel free to ask them in the comments section below and i'll see you next time
feedback please reach out bitcoin dad pod at protonmail.com at bitcoin dad pod on weapon x i'm
also a noster if you can find me and we have an elements chat room maintained by chris at jupiter
broadcasting where we have ongoing discussions remember this is a listener supported podcast
we don't have any sponsors or ads so if you think that you got some value out of the conversation
and you want to support ongoing production please boost in and be sure to include a message
we read all of those messages and they mean a lot to us thanks for listening this has been your
bitcoin dad see you next time