LETS TALK BITCOIN

Episode 104 Tree-chains with Peter Todd

Participants:

Adam B. Levine (AL) Host
Andreas M. Antonopoulos (AA) Co-host
Stephanie Murphy (SM) Co-host
Peter Todd (PT) Bitcoin core developer, Chief Scientist at Mastercoin Foundation & Dark
Wallet



AL: Today is April 26
th
2014 and this is Episode 104 of Lets Talk Bitcoin.

The following is intended for informational and educational purposes only.
Cryptocurrency is a new field of study. Consult your local futurist, lawyer and investment
advisor before making any decisions for yourself.

My name is Adam B. Levine. Im the editor-in-chief of the Lets Talk Bitcoin show. Thanks to
the many who gave their opinion; we wont be changing the name. Today is Episode 104
the completion of one year worth of shows. Weve talked about how great we are and how
much fun were having during previous episodes, but I do want to acknowledge both the
listeners and especially those creating content, those building the platform along with me.
Thank you. Todays episode is a long one, split in two distinct parts. For the third time in
LTB history, Torontos recent Bitcoin conference saw all three of the LTB hosts in the same
room talking about Bitcoin, once again. On Episode 99, I spoke with Austin Hill and Adam
Back about the idea of sidechains of Bitcoin, instead of altcoins based off of Bitcoin. This
idea caught fire and as many who thought theyd made up their minds about
cryptocurrency, re-evaluating our future, but not everybody is so enamored with this
proposal. Peter Todd recently spoke on LTB about stealth addresses and we caught up with
him again, in Toronto, to talk about tree-chains a different way of looking at a blockchain
that would also solve the mining centralization problem. You dont want to miss this. [1:27]

But first, Ive got a confession to make. Recently, Ive become very interested in the
possibilities presented by user-created assets built on top of Bitcoin or Ethereum or
whatever blockchain you prefer. Really, at the core here, this is a conversation about
bootstrapping, which is something thats very interesting to me. Bootstrapping is the
process all would be self-sustaining enterprise goes through, many unsuccessfully. There is
a period of time, at the beginning of any new venture, where the sheer newness and
smallness of the venture is a big, blinking, red light, warning off first potential users. After
all, who wants to use a completely new unheard of or unknown service or eat at a deserted
restaurant or register on a forum where nobodys posting. Its all a matter of comparison.
In a world where eBay dominates the person to person auction market, what reason would
a buyer have to choose a brand new website with no sellers and why would sellers list,
when there are no potential buyers? Bootstrapping is a chicken/egg problem. Which comes
first - the valuable users or the users to generate value? Satoshis solution with Bitcoin was
novel. Give the privilege of receiving new bitcoins to the miners, enabling the usefulness of
the network. In other words, the system has these tokens, bitcoins, that must be
distributed somehow and the chosen strategy, as designated in the Bitcoin specification,
says that it is miners adding their hashing power to the network who add the most value to
the network itself. They enable it for other users, so especially in the early days, miners
were 100% critical and the system needs all it can get to protect itself from bad actors.
When this process started, the bitcoins themselves were functionally worthless. Over time,
as the network grew and found success, these worthless tokens became incredibly valuable.
Bitcoin, of course, has some problems the miner reward is only paid to a single miner
which has led to pool centralization and some other not so great trends, but the fact
remains that distributing new bitcoins by making miners compete with every other miner on
the planet, has led to a wildly powerful Bitcoin network and spread the creation of an entire
class of machines doing what is functionally make work. Although the power of the Bitcoin
mining network dwarfs the most powerful government or commercial super computers,
hashing SHA256 actually doesnt process transactions, its merely the measuring stick by
which all participants in the system are compared against. [3:36]

This isnt a complaint; rather an attempt to illustrate the power of tokens released on a
fixed, long term and deflationary schedule to participants adding the most value to the
system. Imagine stumbling across a wishing well in a world where you only carry gold coins.
Most people faced with the choice of throwing a valuable gold coin into a wet, deep hole in
the ground, probably arent going to do it, even if its really magical looking with cartoon
Disney birds flying around. From basically any angle you look at this, its a short term and
long term, bad economic move. Faced with the choice, most people would walk on by
because the cost of participation does not reflect the value they believe theyll get. Imagine
finding the same well with a penny dispenser next to it. Each day, it gives out 10 pennies
with distribution based on how many people visit it. Its out of the way, youre the first to
find it and can take all 10 pennies if you want. Suddenly, the value equation has changed
and where before the cost far outweighed the benefit, now your cost was just showing up.
Given these conditions, Id personally feel much more comfortable using the service of a
wishing well, where before, I probably never would have bothered. Over time, as other
people find the well, the free pennies are split more ways until not everyone who visits each
day can toss in a free coin. Its at this point where demand outweighs the freely available
supply, that a market price is required and so the market establishes one. Lacking the free
tokens, would the well have grown in popularity as much, or even at all? Probably not. The
value of the token is a direct reflection of how popular the service is and those who found
the well early, but saved some of the coins, can even profit from their early support of these
systems. [5:08]

A user-created asset, at its core, is a crypto-token that does not give new tokens to the
miners, instead riding on top of a platform, like Bitcoin or Litecoin or Ethereum, where the
processing of transactions is the main focus. User-created assets utilize the miners of
another already secure chain and so, because security isnt a concern, the size of these eco-
systems and the purpose of the coins can be very specific to their need, without
compromising on security. While it was never very hard to fork Bitcoin or Litecoin, it is
technical and while hundreds have found a dev, changed a few parameters and struck out
on their own, the reality is the only people who went down this path, believed they could do
what Bitcoin was already doing but better. As Bitcoin mining has become more difficult and
old hardware obsoleted, miners still holding that hardware have a very real incentive to look
for the next network, where their transactional mining will be more valuable due to less
competition and more deflationary potential. Thats a huge thing new crypto-tokens,
whether attempting to compete with Bitcoin or riding on top of it, have much greater
deflationary potential relative to the amount of time or money invested, simply because
theyre so much earlier in their life cycle. User-created assets dont want to process
transactions, have miners or developers, they dont want to have to worry about patching
implementation vulnerabilities and by building on top of the already very secure Bitcoin
network, they dont have to. [6:25]

If these new tokens arent given to the people securing the network, they can be given to
the people adding value to whatever the project is. This is called non-computational mining.
Although crowd-funding services, like KickStarter, have become very popular in recent
years, through the use of crypto-tokens, we can do better. KickStarter brought the donate
and get a reward model to the worlds stage, but what if you think a project is neat but
dont see the value in the reward for yourself or anyone you know? Or maybe you like the
reward but dont agree with the donation amount you want to give in order to receive it.
The way things are now, if you dont want the reward, theres very little reason to support a
project, even if its a good idea or you think it can succeed. Sure, you can just donate but, in
practice, most people view their donation and its reward as a pre-order. Lock-in is another
big thing in the world of crowd-funding. Ive supported many projects with estimated
deliveries of six months, only to see delay pile on delay, multiplying the wait. Sometimes,
its OK with me, sometimes its not but again, the reality is I have no choice in this situation.
Im totally trapped. While refunds arent formally supported on crowd-funding platforms,
since theyre donation based, people do occasionally give them when they feel as though
theyve failed to meet the expectations of those viewing their donations as pre-orders. This
is sometimes resulted in whole projects blowing up as the founder gives money they dont
have or thats needed to finish the project for the backers who remain patient. Its a terrible
situation for everybody. Adding a token eliminates this problem too. Think of crowd-
funding a grocery store sure, you could pre-order a pallet of canned soup, but wouldnt it
be better if you received store credit instead? While there are relatively few buyers for a
pallet of soup, imagine if a token, call it store credit, was given instead? Store credit, as
good or better than cash at the store in question, is much easier to find a buyer for. Just as
backers can profit from a successful project, so can they escape a project they no longer
want to be a part of. Of course, if thats the general sentiment, theyll certainly be selling
these tokens at a discount to what they paid. Compared to the situation now, where the
project succeeds and you get what you purchase, where the project fails and you get
nothing at all, its better for everyone to have options. This is also non-destructive to the
project, since the process doesnt even involve the founder or their project funding. People
who want to get out can make their escape via the market, without disrupting the project
for everybody else. [8:31]

Im working on a project called Tatianacoin with Tatiana Moroz. Its one of the first, so-
called, crowd-funding coins, and its also one of the first artist coins. Tatiana wants to raise
an amount of money, lets say $100,000 to record her new album and a tour to support it.
The crowd-funding page, at first glance, looks pretty normal funding, goals and backer
rewards but rather than signing on for a $40 album and T-shirt package, the individual
receives back $40 worth of Tatianacoin when the project successfully funds. Those tokens
trade on a centralized and decentralized market, so from the minute the funding is over and
the tokens are created, and then distributed, the market is valuing them. Because these
tokens are only issued in that one batch to support Tatianas specific project, if the thing you
can use them for is something more people when the project is finished, the album is ready
to shift, the tour is starting then at the beginning, before the album exists, they should be
deflationary. If they are deflationary, early supporters of the project will see the value of
the tokens they received, in exchange for their donation, increase. When the rewards are
ready, the number of Tatianacoin required to purchase your desired reward has gone down.
[9:31]

Really, what were doing here is creating an eco-system where people who support
Tatianas music or activism or her other projects, can invest in her early, give her the
resources to make a bigger impact than she would be able to do, lacking that support.
Those supporters then profit from her successes, more people discover her work and also
want to support her. A smaller eco-system, like Tatianacoin, is valuable because its a
partnership between the funded project and the backers supporting it, where everybody
gets what they want and backers arent trapped by a failing project but rather spiralling up a
successful funding and effective use of those funds leads to a higher profile and successful
project. After the first success, Tatiana can use the same coin to fundraise for her next
project, except instead of tokens being created and distributed at the original fixed rate,
theyre created at whatever the current market rate is. When the money supply expands,
its being backed up by real value moving into the eco-system. Instead of deluding earlier
donors, each new token coming in reinforces that the current market rate is the correct one
because people are paying real money for it right now. When Oculus Rift, the prototype
virtual reality headgear was funded on KickStarter, they received millions of dollars worth of
support to develop a very speculative project. Not too long ago, they were purchased by
Facebook for $2bn worth of cash and stock and the backers who put their collective millions
that brought the project to that point, they got developer kits as promised and thats about
it. My background is heavy in videogames so Oculus was always one of those projects that
was interesting to me but I didnt want a developer kit so I didnt support it. If a token
solution had been in place, not only would I have supported it but the purchase, by
Facebook, would have skyrocketed the value of that token that everybody had bought. This
would have happened at no cost to the Oculus Rift team, simply because the project has so
many more eyeballs swivelling to look at what has become a very high profile project
indeed. Id love to tell you how Permacredits, the local cryptocurrency for the global
permaculture movement were getting ready to launch soon but its basically just this same
type of idea applied to real estate and the scales about 10x or 20x as large as a Tatianacoin.
[11:25]

Once again, tokens go to whomever is adding the most value to the network so in the
example so far, thats people who donate funds which make the project happen. Its fairly
simple. On the other hand, there are many situations where the activity adding value is
actually non-monetary in nature. Imagine a jobs board, like Coinality.com people looking
for workers go there to post, people looking for work go there to post but the thing that
really adds value are successful, happy matches over the medium to long term between
those two types of users. We could create a new token called Jobscoin which is distributed
at a daily fixed rate to successful, happy matches that then has a check in feature six months
later for a second round of it. If only one person successfully confirms they got the job and
the employer successfully confirms that not only do they have the job but the fit is good, the
two parties split the new tokens distributed that day. If there are a 100 such matches in a
day, its split 100 ways. Again, the thing that we never want is complete inactivity. Services
that have no users are useless services and inactivity broadcasts that fact, making the
situation worse. Those tokens can be used for a variety of things, such as voting up or
featuring positions of a chosen job posting your resume. By not fixing prices and letting
users simply bid against each other for positional advantage, as the service becomes more
popular, so will the competition become more fierce which means that those wanting
prominence, itll be very important to acquire the coin, probably through the market and
probably from people whove acquired less coin and would rather sell them than use them.
Its a good interview with Peter Todd today, so Im not going to take up too much more of
your time but I would like to talk really briefly about LTB coin. [12:56]

Letstalkbitcoin.com is a content network. We create original journalism and entertainment
so there are three ways that individuals can add value to our system. The most valuable
way is to create good, engaging content that meets our rather high quality standards and
release it on our platform. Content creators receive the largest share of new LTBcoin
distributed weekly, based on two sets of criteria. The first is proof of quality when you
release a new piece and it meets LTBs rather strict publishing protocol, you get a share of
the weeks new tokens. If theres one piece of content released, you get all of it. If there
are 100 pieces of content released, and you all have the same point value a 600 word
blogpost is worth less than a hour long produced video show, for example then they split
the weeks allocation. Next is proof of value this is a composite metric that will grow over
time as we figure out what works, but basically, its a combination of revenue generated and
reach. This is a second round of compensation that takes place about a month after the
piece has been released. This distribution is weighted to encourage people to create
content that the audience finds valuable or that sponsors want to support. Engagement
with the audience adds the next largest amount of value, and so we reward our favorite
behaviors with new tokens - proof of commenting, proof of tipping and proof of sharing.
Each day, the amount of tips, the number of comments weighted by community votes and
how much impact and individual sharing had, are tallied up and compared against all other
participants in those individual programs on that specific day. Those individuals then
receive their share of the new token based on their contribution. [14:19]

Its easy to imagine on a slow day, sending a tiny tip to a content creator might actually
make a profit from the new tokens that are awarded, simply because on that day, that small
tip was the big spender. The value for LTBcoin comes from our sponsorships and
advertising. Once we start this program, if you want to sponsor a show on the LTB network,
advertise with a banner, whatever, youll need to bid in it on LTBcoin, in our auctions. This
sounds like a barrier to entry, I mean who would bother, but our problem has never been
demand from advertisers, rather its our ability to follow up with them because we dont
employ sales people and I spend most of my time making content and talking with people.
Rather than auction specific sponsorships that are locked and non-transferable, LTB will be
publishing our sponsor standards and selling at auction for LTBcoin what were calling,
Sponsor tokens. These Sponsor tokens use the same wallet as Bitcoin and LTBcoin and once
purchased from LTB, can be traded or sold for any cryptocurrency to any group or individual
who would find it more valuable than the value that original person paid in LTBcoin. This
means that while I only have to worry about maximizing our LTBcoin sales by attracting
more interested people, these people dont have to be sponsors. They can be profit seeking
individuals who jump through our specific hoops to acquire LTBcoin, acquire these Sponsor
tokens and then sell it to someone who values it for profit. Over time, frequent sponsors
will probably find it more valuable to simply be in the deflationary LTBcoin eco-system and
deal with us directly because its cheaper to cut out the middle man but thats going to take
a while. In the interim, there is this opportunity for people to act as our sales reps and to
profit from it. This solves both our short term and our long term problem, without requiring
me to become a sales person or to pick someone whos going to be a great individual sales
person. [16:01]

One of the most common reactions I get to talking about user-created assets is the thought
that they wont be big enough and that the eco-system will be much smaller than Bitcoin.
This is actually very true and I think its good. Small things are specific and small things are
powerful and powerful, under-appreciated small things have the most potential to become
very big things, once the base of the community and evangelism is established. User-
created assets allow you to align the incentives of all participants in the system with the
success of whatever your specific project is because the success of your project is their
financial gain. What Id like you to take away from this is that any problem that you had in
the past that involved trying to motivate people to get on the same page as you and to see
the value in what youre doing, I really would encourage you to take a look at the problem
through the lens of user-created assets and incentivizing behavior with tokens, because I
think that many of these bootstrapping problems have been fundamentally solved now. We
now have a good template by following the lessons of Bitcoin to bootstrap anything and to
take any idea... I mean, the idea still has to be good, it still has to be enough that people
want to participate and see the potential in it, but theres a way now for people to be
invested in what youre doing, whether it be through monetary means or not, that I think is
really going to change how these projects get implemented and what is possible and what is
not. Take the logic of cryptocurrency and the logic of user-created assets and see if it
changes your situation now and then, make it happen. I look forward to another very full
year of cryptocurrency and Bitcoin with everybody. Thanks for listening. [17:38]


____________________________________________


ADVERT:

KryptoKit is the worlds first Chrome browser Bitcoin wallet. Its the easiest, fastest Bitcoin
wallet payment system with a simple one click install, it takes just seconds to get your wallet
set up and because KryptoKit finds the address and payment for you, theres no more
fussing around or tab switching. KryptoKit is more than just a wallet. It comes with a pre-
loaded PGP encrypted social network, newsfeeds from Reddit and Google and up to date
charts from exchanges. Finally, KryptoKit directory allows you to make two click payments
with any of the BitPay merchants. Once you install KryptoKit, you wont need anything else.
For more information, or to download KryptoKit, visit www.KryptoKit.com. [18:26]


ADVERT:

Hey folks. Adam B. Levine here with an experimental sponsor today a hiring one. David
Johnston said it best anything that can be decentralized, will be decentralized. Reverse
Dealer is that idea applied to buying and selling of cars. At Reverse Dealer, the people are
the dealership and the whole point is to save everybody money. The founder writes We
are the exact opposite of a traditional dealer. We are the change we want to see in the
world and we are currently hiring. Theyre looking for one skilled developer, a social
marketing expert and theyre interested in speaking with additional investors as well.
Interested? Send an email to ReverseDealer@gmail.com. [19:03]


_____________________________________________


AL: Were here again at the Toronto after party, so to speak, in Stephanies room.
(Laughter) [19:10]

SM: Its where everyone wants to be. (Laughter)

AL: The day after the Toronto Bitcoin conference and sitting down with us now, we have, of
course again, Andreas Antonopoulos and Stephanie Murphy. [19:19]

SM: Hello. [19:19]

AA: Hi. [19:20]

AL: We are joined today by Peter Todd. Hes the chief scientist of the Mastercoin
Foundation and a myriad of other projects too. [19:27]

PT: Yeah, chief scientist at Dark Wallet now too. [19:29]

AL: Chief scientist at Dark Wallet too and youre a Bitcoin core developer. *19:32+

PT: People call me that, I guess. [19:34]

AL: Have you submitted changes to the core that have been included in shaping code?
[19:38]

PT: I guess that means I am. [19:39]

AL: Well, I guess that means you are. (Laughter) Weve just had this conversation with
Amir. (Laughter) On Episode 99, I had a conversation with Austin Hill and Adam Back
talking about a proposal theyre calling sidechains, which is this idea that you can have
alternative Bitcoin blockchains that dont have their own tokens on it, dont have their own
bitcoins on it, so theyre not like an altcoin necessarily, but they can have other
characteristics, such as a shorter block time, or larger block sizes and so do some of the
things that conventional altcoins have done. The difference is that you can then move a
token from the Bitcoin blockchain at a 1:1 peg ratio onto these other blockchains where it
might be more useful to you at that particular point of time. This has been received by the
Bitcoin community, broadly speaking, with kind of mixed response. Nobody really knows
how to think of this and people who are very supportive of altcoins are concerned that
there is something going on here. You and I had an interesting conversation, where you
basically told me that we were completely wrong about this and actually, this is a terrible
thing. Can you kind of summarize... did I do a good job of summarizing this in your eyes.
Please correct me? [20:47]

PT: Maybe a little too harsh on terrible. [20:49]

AL: OK. [20:50]

PT: Ill go start by saying I think the basic ideas behind it, the basic push behind it, I think
(??) you want to be able to give people options. You want to have more than just Bitcoin
and completely separate systems, but where I dont like it is that theres this idea of using it
with merge mining. The thing with merge mining is it lets a consensus system, like Bitcoin,
say that OK... or actually I should say a better example is Namecoin, says OK, rather than a
Namecoin block being valid because of someone doing a bunch of useless work, the hashing
power associated with it, well reuse the work of a different blockchain. In some ways, this
sounds pretty good. I mean, we can go secure Bitcoin and we can secure Namecoin at the
same time. [21:44]

AA: Namecoin is one of the altchains that is merge mined, more than self-mined or solo-
mined. [21:51]

PT: Absolutely. [21:51]

AL: Can we talk about merge mining real quick? Can you just recap that for the listeners?
[21:54]

PT: Yeah. Namecoin was your first example of it. Namecoin is a DNS alternative; its
supposed to be a decentralized domain name system and its not directly a financial system
in itself. You can still buy and sell Namecoins but theyre really meant to (??) domain
names. The issue there is How are you going to keep it secure? Initially, Namecoin was
just a separate chain, just like Bitcoin is its own thing, but the people behind it came up with
the idea of Why dont we go secure both at the same time? Well use the same hashing
power that keeps Bitcoin secure to help to keep Namecoin secure, which basically means
that if Im trying to mine Bitcoin blocks, I can, through the special protocol called merge
mining, simultaneously mine Namecoin blocks, at the same time. [22:43]

AA: But you get the reward in Bitcoin which is your incentive, whereas if you were mining
Namecoin, there would be no reward. [22:49]

PT: Actually, you get the reward in both chains. [22:51]

AA: OK. [22:51]

PT: Yeah, thats your incentive to go to the trouble of doing this in the first place. *22:54+

SM: Theres even an incentive for just straight up Bitcoin miners to do merge mining
instead because then they get more coins. [23:01]

PT: Absolutely. Right now, I think the number works out to be Namecoin is roughly say of
the Bitcoin hashing power. [23:09]

AA: So this is going with Namecoin? [23:12]

PT: Yes, yes, so of Bitcoin hashing power is also mining Namecoin. [23:16]

SM: Wow! Thats very interesting because without merged mining, it would probably be a
tiny, tiny fraction of that. [23:24]

PT: Yeah, absolutely. [23:25]

AL: Isnt that good for Namecoin? *23:28+

PT: Namecoin happens to have of the hashing power for it. It cant be attacked. [23:33]

AA: Right. Whats the downside? Let me take it from a different perspective. Youre a
miner and you have a choice of either mining straight up Bitcoin or merge mining Bitcoin
and Namecoin, at the same time, or perhaps merge mining Bitcoin, Namecoin and a bunch
of other SHA256 proof of work... [23:50]

SM: Can you pick like that or, if you do merge mining are you mining every coin that allows
it? [23:54]

PT: The protocol most implementations merge mining use allows is... allows for an
unlimited number of chains to be mined at once. [24:02]

AA: You choose that as the miner; you pick how many chains and what chains? Do they all
have to be the same proof of work algorithm? [24:07]

PT: Yes. [24:07]

AA: Right, so if youre doing SHA256 mining, you can merge mine any altcoins that use
SHA256 as a proof of work. [24:14]

PT: SHA256 merge mining. [24:16]

AL: Isnt it really all (??) *24:16+

AA: That use SHA256 merge mining. [24:18]

PT: Yeah. [24:19]

AA: OK but then is there a disadvantage to doing merge mining across multiple coins versus
doing straight up Bitcoin mining? Do you lose something in the competition for Bitcoin
reward? [24:29]

PT: You dont, however you do have to run a Namecoin full node and a devcoin full node, I
think, IXcoin is another example. [24:41]

AL: For each of these that you add on as another chain that youre merge mining, it actually
does require additional infrastructure? [24:47]

PT: Yep, absolutely. [24:48]

AA: Mostly storage which isnt too expensive to run. The actual mining difficulty which
chews up a lot electricity, which is your main cost as a miner, that doesnt change? *24:57+

PT: For now. For now it is. [24:58]

SM: What is it if youre part of a mining pool, thats pretty much irrelevant, right? *25:02+

PT: Absolutely. [25:03]

SM: There is a popular mining pool, CEX.io which almost got to a huge scary percentage of
the Bitcoin network, at one point. That just does merge mining for you. It doesnt even ask.
[25:13]

PT: Heres a real question. Me personally, I have some Bitcoin mining equipment, not much
but I run it at home and I go use P2Pool to mine. [25:25]

AA: Can you describe P2Pool thats a completely decentralized peer to peer mining pool
without a pool operator, right? [25:32]

PT: I think you just described it. (Laughter) Of course, I had to go set up a full Bitcoin node
to do that. Now, the Namecoin reward is pretty small and Ive never bothered setting up a
Namecoin node. Its just why would I do it? [25:47]

AL: Even though the mining part is literally zero difference to what youre already doing,
the barrier to entry is having to bother to set up this full node. [25:57]

PT: Yeah. [25:57]

AA: And maintain it and mostly that has some costs. Youve got to upgrade the software
every time it gets a maintenance release and stay up to date otherwise you might get
hacked or all kinds of things like that. [26:06]

PT: Its overhead. Yeah. *26:07+

SM: So then do you have unclaimed block rewards from the Namecoin mining? [26:12]

AL: It doesnt work like that does it? *26:14+

PT: Its not unclaimed, its more that I could have gone and did it at the same time but since
I didnt, there just is no reward that I can get. *26;22+

AA: There are opportunity costs, if anything if you didnt take advantage of the
opportunity to merge mine Namecoin, so youre just mining Bitcoins. *26:32+

SM: Doesnt each block have a block reward? Lets say, for purposes of discussion, that you
were solo mining and you found a Namecoin block but you were doing P2Pool and you
didnt set up a Namecoin node, what would happen to the block reward? *26:49+

PT: Oh well, thats it. If I dont set up this merge mining protocol, I do not find Namecoin
blocks. [26:55]

AL: Because hes not mining Namecoin. *26:56+

PT: Yeah. [26:57]

AA: You have to set up a node. [26:59]

AL: It uses the same work.... [27:02]

SM: Oh, oh, oh, so youre not mining it unless you set up a node, I gotcha. *27:03+

AL: Exactly, but you have to set up... again, when I was thinking about sidechains, it sort of
occurred to me that if this is something that can easily be merge mined, then you could
have thousands of these, but it sounds like youre saying that, in practice, thats not really
something thats going to happen. Individual miners might pick a few but theres actually a
maintenance cost per sidechain they have to mine. [27:21]

PT: Absolutely. To put it in concrete numbers, last I checked, the Namecoin block reward in
terms of value, its about 2-3% that of the Bitcoin block reward. Now, if Im a miner earning
$100 a month on my little setup, I can justify the cost of setting up a Bitcoin node, thats not
so bad, but can I justify the cost of also setting up a Namecoin node? No. [27:46]

AA: Im assuming there are other overheads too. One of the things that is an overhead for
miners, or anyone running a full node, is keeping the mempool and the unspent transaction
pool which is a load. For those who dont understand what that is, that would require you
to have RAM on your system and RAM is obviously much more expensive than permanent
storage. If you were running a full Namecoin node, youd also have to have the memory
pool which means more RAM for that. [28:18]

PT: What it gets down to is like, suppose it took me an hour to go set up Namecoin and the
only cost incurred was my time. I might go bill $100/hr to a client so lets say its $100 cost,
well, that $100 cost, over the next, say, 12 months, Im going to earn something like, I dont
know say, 12 times maybe $5/month. Im not going to make that back; Im not even going
to bother. Will I make it back in Bitcoin? Sure. OK. Now, lets go do 1000 sidechains. Well,
there is no incentive for me, as a small miner, to mine all these little chains. [28:52]

SM: With any kind of mining, the value or the price of the coin is always a wild card, right?
For instance, if you set up to mine Namecoin with merge mining and then suddenly theres a
rally in Namecoin a few months from now and youve been holding Namecoin, then it would
be worth it. You just dont know that in advance. [29:11]

PT: Oh, sure. [29:12]

AA: Then youre not a miner, youre a speculator. You might as well buy Namecoin, in that
case and it might be faster. If you were going to spend an hour of your time, earn $100
from your client, use five of those dollars to buy Namecoin and youve got the same
advantage. [29:24]

SM: Sure, OK. I see that, yeah. [29:25]

PT: In the big issues that well... if mining these sidechains does have a positive return and
say there are 1000 of them and they all earn, for me with my amount of hashing power, $1
each, I still cant, for me as a small miner, justify installing all the sidechains. The network
(??) is still not positive but if I mine at say BTC (??) 25% of the whole hashing power, yeah Ill
go make a lot more money. Im going to go move to bigger pools so I can take this overhead
cost, which is fixed, to mine at all and spread it out a whole lot of people with hashing
power. [30:04]

AL: Interesting. In a mining pool you only have to run one full node per pool as opposed
to for individual miners where they have all the same cost of being a pool, basically... thats
very interesting. [30:16]

AA: Or a P2Pool where its like solo mining only pooled. You still have to run the full node.
[30:21]

AL: Right. [30:21]

PT: Yeah. [30:22]

SM: Its like an economy of scale. *30:24+

AA: Which then leads to centralization so merge mining creates an impetus for
centralization because youd rather go to a pool that does all of the overhead for you.
[30:33]

PT: Thats absolutely true. *30:35+

AA: Wow! Thats very interesting. *30:37+

AL: OK, so what else about these things. [30:40]

AA: How does this connect to sidechains and some of the other technologies that have
been proposed? [30:44]

PT: That idea with sidechains is you have a separate blockchain that is somehow being kept
secure and you create a protocol by which you can go securely move value between one
chain and another. By securely, what I mean is on the Bitcoin side of things, you go provide
Bitcoin with a proof that some amount of hashing power claimed that that transaction
happened, to go move value back and the same way as the other way. Now, Bitcoins quite
secure so moving value to the sidechain, from a sidechains point of view thats certainly
secure, although you do have the problem that when youre moving value back, its not
feasible to necessarily provide a full proof that in the entire history of this blockchain these
coins were moved around according to the rules and eventually ended up being moved back
to Bitcoin. What youll actually do, and whats being proposed, is provide whats called a
SPV proof or Merkle path and... [31:55]

AA: This is Simple Payment Verification... [31:58]

PT: Exactly. [31:58]

AA: ... is the same protocol used for lightweight clients, so instead of carrying the full node
verification of every block back to the genesis block, instead what youre doing is simply
providing a path that shows sufficient confirmation within the other blockchain, the other
sidechain. [32:13]

PT: Thats absolutely true. I mean, explaining SPV a bit, its important to remember that I
have an Android phone, I have an SPV wallet and its only security is that it knows that the
longest blockchain claimed that some coins were given to me. It does not check where the
coins came from; it does no verification at all. It just assumes that whoever is mining the
longest chain is honest. [32:42]

AL: Isnt that the assumption of the Bitcoin network? *32:45+

PT: No. If you run a full node, your node checks every single block and if they try to lie to
you, from your point of view, theyre just not mining Bitcoin. *32:55+

AA: Its important to understand this. This is critical. This is the difference between height
and depth in blockchain. When youre running a full node, lets say were currently mining
block 290,000, right? Your node is checking the height of that blockchain, the block thats in
there and its transactions and is validating, from that height of 290,000 blocks, all the way
down to the genesis block and linking the entire chain and making sure that every
component of it is part of a valid transaction. When youre doing Simple Payment
Verification, youre looking at it from a different perspective. Youre saying How deep in
the blockchain, from the longest path, is my block. Youre saying right now, this is what we
call confirmations, youre saying Well, since that thing was given to me in a transaction,
ten other blocks have been piled on top and Im relatively certain that ten blocks of weight
above it, or height above it, which is really how deep it is embedded in the longest chain,
that gives me some level of certainty that all the miners who looked at this and layered ten
blocks above, thats the trust I have. I have ten blocks deep of trust, instead of having
290,000 blocks high of trust. Thats a very different proposal. *34:17+

AL: OK. If I am running a Satoshi client on my computer and Ive downloaded the
blockchain, am I running a full node, even though Im not mining? *34:25+

PT: Absolutely you are. [34:26]

AA: Yes. [34:26]

AL: OK, great. Terrific. [34:27]

AA: You essentially have 290,000 blocks worth of trust in that chain. [34:34]

AL: This is a light client problem. [34:35]

AA: Exactly, exactly but now that applies to the mining of sidechains. [34:39]

SM: Fewer and fewer people are running full nodes. Isnt that right? *34:44+

PT: Absolutely. [34:44]

AA: Weve seen a precipitous decline, in fact, in the last three months. I dont mind but I
run a full node on a couple of cloud computers just to contribute to the verification of the
network. Thats the kind of thing that you would do as a volunteer. Very few people will do
that. [35:02]

PT: Its important to note that when you say youre contributing to the verification of the
network, thats kind of a bit of a misnomer in many ways because its not like you finding
that something is wrong, actually automatically gets to the network. [35:14]

AA: No. [35:15]

PT: Your node just rejects that block and says I dont know what the hell theyre doing
but... [35:18]

AA: Right. [35:19]

PT: Thats true. *35:20+

AA: You need mining in order to do that. [35:22]

PT: Yeah. Other technologies maybe possible in the future where your node might, say,
produce a compact machine readable proof but they dont exist yet. Also, theyve got their
own problems, not least of all, what if some fraud goes unnoticed for a week, someone
produces a proof finally and Oh shoot. Now what do we do? [35:42]

AA: Yeah, you cant unroll everything thats happened in that week easily, without
disrupting a lot of other transactions that depend on it. [35:49]

PT: Thats absolutely true. *35:50+

AA: Right, so youre saying that when you move something from a sidechain back into the
main Bitcoin blockchain, the problem is that that move requires a proof of hashing power to
verify the transactions that happen in the sidechain. [36:06]

PT: Yeah. [36:06]

AA: There isnt the depth of hashing power in some of these sidechains and youre only
providing a simple proof thats based on depth, instead of height. *36:17+

PT: Heres a very concrete, pragmatic example. Lets pose for a moment that someone
decided to implement Zerocoin as a sidechain. The way that would work is the Zerocoin
protocol would be merge mined with some percentage of the hashing power. For the sake
of argument, well say 50%, so it is secure but BTC Guild and maybe one other big pool gets
hacked and for the next three hours, they end up producing some invalid Zerocoin blocks.
Invalid Zerocoin blocks claim that all these zerocoins were spent and moved back to the
main Bitcoin chain. All these bitcoins that are just held in stasis, waiting for bitcoins to be
moved back from the sidechain, now theyre released off into Bitcoin again. When this gets
noticed, and the Zerocoin chain gets properly rewritten, there are no more Bitcoins so they
cant withdraw the money anyway. That one event, a hack of just a few hours, has
permanently destroyed all of the bitcoins associated with this sidechain. [37:26]

AL: Its able to recover the bitcoins, even though its invalid work... [37:32]

PT: Yes. [37:32]

AL: ...because there is an incentive... [37:36]

AA: Sidechains expose you, potentially, to an attack on the weakest chain in the link of
sidechains, that is accepted in Bitcoin because if you can attack the smaller hashing power,
that is part of the merge mining for that sidechain and then export the effects of that attack
into the larger Bitcoin, youve essentially achieved an attack with a lot less hashing power
than would be required to attack Bitcoin full on. [38:09]

PT: To be clear, this isnt an attack on Bitcoin. If you hold bitcoins, your money isnt getting
inflated, youre not losing any but Im saying... *38:18]

AA: No, but its an attack on money transferred from the sidechain. *38:20+

PT: Money goes to the sidechain, but its held in stasis until there is a proof that the money
should then come back from it. It moves to the chain, where say Zerocoin transactions can
happen and then it would go move back, based on SPV level proof that the Zerocoin chain
now says money can move back. [38:42]

AL: Bitcoin transactions are irreversible, so once its been done, all you need to do is just
even... so it might not even take hours, it would just take as long as it takes to get them to
release and then youre... *38:51+

PT: Yeah, yeah. [38:52]

AA: Doesnt that introduce a problem with the fungibility of the coin, essentially, creating
two classes of Bitcoin? Bitcoin thats always been in the Bitcoin blockchain and only the
Bitcoin blockchain and Bitcoin that is of a somewhat lesser status because its spent some
time in a sidechain and had a bit less proof on it and, therefore, might be somewhat
suspect. [39:10]

PT: The idea there is not that its actually really spent time in the sidechain, rather it served
as a backing to the sidechain. [39:18]

AL: Yeah. [39:19]

AA: Right. [39:19]

PT: Its like the gold in the vault... *39:20+

AL: Yeah. [39:21]

AA: Right. [39:21]

PT: ...that the bank notes are printed on. [39:22]

AL: It never actually leaves the (??) blockchain. [39:24]

AA: The problem is when Germany asks for it back and you cant produce it because the
sidechain transactions didnt actually happen. It was sitting in the vault but then when
Germany asks for it back in the main Bitcoin thing, you cant deliver it. *39:35+

PT: Yeah, yeah. Heres a great real world (??) well go say the US government and the
German government, for once, they both now have vaults full of gold that are supposed to
back the currency. A bunch of gold gets moved to Germany and a bunch of paper notes get
created based on this and move around the economy and someone goes up to the Germany
bank and says Hey, look. See these paper notes? I want my gold back. The German bank
follows the rules and gives them their gold back. It turns out they were counterfeit and if
you own German notes, now your notes are no longer backed by gold because someone
managed to go steal them, based on a fake proof. Its the same thing with a sidechain
system while it may be backed by bitcoins but when its attacked, its no longer backed.
[40:24]

SM: Right. [40:25]

AA: This is an edge case, obviously, which occurs in particular scenarios. Its not the general
case. How do you protect against those kinds of edge cases? How can you make it more
robust as a system? [40:36]

PT: The proposal has been that, from the sidechains community, has been that we go have
a quiet period, where we go spend, say, a day accumulating miner proof that this was the
true chain and this is really agreement. [40:56]

AA: Thats not unprecedented, thats similar to what happens with mining rewards which
have 100 block quiet period, where they cant be spent. *41:04+

PT: Or another example, if you try to go deposit feathercoins at an exchange, theyre not
going to give you any bitcoins for a good day. [41:11]

AL: Why is that? [41:14]

PT: Feathercoins been 51% attacked. *41:16+

AA: Frequently. [41:18]

PT: Yeah, frequently. [41:19]

SM: Same thing with Terracoin, there was that time warp thing. If you deposit feathercoins
at an exchange, theyre not going to give you bitcoins because Feathercoin has been 51%
attacked a few times. [41:28]

AL: In the past, this has proven to be something where you shouldnt allow withdrawals
quickly because its proven to be a danger. It seems like this is much the same here. *41:37+

PT: Although, it can be even worse than that because the protocol is just a dumb protocol.
Its proof of work and it moves coins around. What if I go decide Alright, Im going to go
use my pool to go and attack Zerocoin because I think anonymity is bad. I go up to GHash.io
or something and I throw them some money and say Alright, Im just going and mining this
sidechain but dont publish the blocks you find. If I can go get a majority of hashing power
there, I can go mine in secret and I can go back to the Bitcoin chain and say Hey look, give
me these coins. The Bitcoin chain will potentially respond and give me these coins. Now
you have two chains and there is no good (?? programmable) way to respond there. [42:31]

AA: Hang on a second. This would be an example, similar to the selfish mining paper we
saw a while back, where youre mining but hiding those blocks. In the case of the selfish
mining paper, you were publishing them on the main blockchain, but what youre saying
here is you publish the proof on the sidechain where youre moving the coins, but you dont
publish it on the sidechain you were originally mining, so you create a discrepancy in the
records, in the ledger. [42:56]

PT: Yeah, yeah, or it could do the other way round which is to go and give the Bitcoin
blockchain the proofs that some mining was done but never actually publish the blocks
themselves, essentially, proving to the Bitcoin chain that blocks should be taken out.
Meanwhile, other people are trying to mine along but not seeing any proof. You can try to
further hand wave around saying Alright, well make reorganization proofs to go prove
there were two chains at once. I could also go destroy the chain by deliberately mining a
reorganization at the same time... like, it just keeps on going. Yeah, you can go come up
with a lot of solutions but there is a lot of fragility here, a lot of complexity and
fundamentally, none of these solutions really work unless you have the majority of hashing
power, but, weve already said, if you have a majority hashing power, weve made pools
more centralized. [43:45]

SM: Yeah. This is really good to point out. (Laughter) [43:53]

AL: OK. [43:54]


______________________________________________


ADVERT:

EasyDNS is the Swiss Army knife for your domain names. Helping meet their customers
individual needs since 1998. EasyDNS has been an outspoken critic of SOPA and CISPA.
EasyDNS was an early supporter of Bitcoin and now they are proud to sponsor this show.
Do business with a company that shares your values. Get a 13% discount when you pay
with Bitcoin. Go to Bitcoin.EasyDNS.com and be sure to use discount code LTB. [44:34]


ANNOUNCEMENT:


AL: Hey everybody, Adam B. Levine here. Quick question one of the user-created assets
that Im working on is a charity coin that essentially acts as a global charitable rebate
program. Basically, charities have monitor donation addresses and whenever somebody
donates to the charity, they earn a share in a charity token thats distributed to all the
people giving to these charities around the world, based on how many other people are
doing it at the same time. The question is to you would you be more interested in
charitable giving if you were getting back some type of token that could then be used at
fundraising events or auctions or things like that, as charities sometimes do, or alternatively,
could be sold on the market? Leave a comment at Forums.LTBcoin.com or leave a comment
at Letstalkbitcoin.com on Episode 104. Back to the show! [45:23]


______________________________________________



AL: I assume that youve articulated these concerns to the other side of the issue? *45:31+

PT: I have. They tell me that theyre working on a White paper which will address them but
this is based on what I publically know. [45:39]

AA: This is an ongoing discussion, as with all of these proposals and this is great because
that kind of scrutiny allows the problems to be better articulated and to get clarity. [45:49]

AL: What do you think about the problem theyre trying to solve? What do you think about
the concept of sidechains in general? Do you think theres a problem to be solved here and
this just isnt the way or that this is just a strange path to go down? *46:00]

PT: After all, Ive got my own competing idea called tree-chains which works differently but
has very, very close similarities on a lot of levels as well. [46:09]

AA: If we take away the how you do it, underlying this idea of why people are interested
in sidechains, is essentially the fluid exchange between coins to create a more unified and
homogeneous set of currency baskets essentially, that allow us to ignore the differences
between coins on a technical level and use them very fluidly and interchangeably. Youre
saying you have a different how for the same why? *46:39+

PT: Yeah and I would also go further. To me, its not just coins that excite me, its new
systems of transactions, new systems of auditing and new systems of publishing. Youve got
to remember, Bitcoin can move value around, Bitcoin can move value around that happens
to represent a lot of stuff, but you can also go use Bitcoin to go audit things by going and
forcing people to publish results of audits. You can do things like make better decentralized
publication platforms by ensuring that you actually see what may or may not have been
published. [47:13]

AA: This is using the full power of decentralized ledger, proof of existence, cryptographic
proof of state of systems in a consensus, regardless of currency. [47:24]

PT: Yeah, yeah. The way I see it is all these systems has... proof of work consensus is always
more secure if its bigger. The fact is, every single system in this whole space should be
working together for security. We should not have 100 different little altchains, with their
own little bit of hashing power. Thats not secure. We should have all this stuff working
together. Sidechains, I think, was an attempt at that and the merge mining was an attempt
at that, but to do that, we also cant go and wreck the security by making things more
centralized. [47:57]

AL: How does what youre doing accomplish decentralization, the way that they havent
been able to? [48:03]

AA: You want decentralized unification. [48:05]

PT: Well, I guess I better explain tree-chains. [48:08]

AL: Sounds like it. [48:09]

SM: Yeah. [48:09]

PT: Ill actually start by explaining how embedded consensus systems work and this is your
Mastercoin, your Counterparty and, to a lesser extent, your Coloredcoins. The idea there is
given a set of data that you know was provably published in some order to some audience, a
great example is the Bitcoin blockchain - anything in it has some very well defined order, I
know exactly who had it, the mining community and I can go take that data and then apply
my own rules to it. Mastercoin does this by taking special Bitcoin transactions that have had
data encoded into them, extracting that data and saying OK, were going to create a new
system that has new rules, based on top of that. [48:58]

AA: Weve spoken about this before. We talked about the hierarchy of knowledge which is
the fundamental concept within the blockchain is not only that everyone knows how the
rules work but that everyone knows that everybody else knows how the rules work and
apply them in the same way and that everyone knows that everyone knew that, at the time.
Those three layers create that shared knowledge, so when you publish something in there,
you know that everybody else saw it, that everybody else validated it, that everybody else
accepted it as true, which gives you the state of that time. [49:28]

PT: Lets see I claim that those three statements actually are somewhat independent of
each other. [49:39]

AA: OK. [49:40]

PT: Ill give you an interesting thought experiment. Imagine if in Bitcoin, miners didnt
validate. Any transaction you published, theyd go put it in the blockchain, they didnt care
what it did. [49:50]

AA: So its just a time stamp. Its just a distributed time stamp, nothing else. *49:54+

PT: Not a time stamp, a proof of publication. [49:56]

AA: In this specific order and time. [49:58]

PT: Yes. Now, if youre running a full node, obviously a full node can just go through a
blockchain, throw away the invalid transactions and come to consensus. In Bitcoin, using
this model is completely secure. Its interesting that if you have that model, not only is it
secure, but I can have two different systems running on top of it and theyre both
contributing to the same security. You may want to have standard Bitcoin transactions, I
may want to have Zerocash transactions. [50:29]

AA: This was one of the arguments I heard levelled as a criticism of metacoins like
Mastercoin and Counterparty was that, while theyre transactions have been mined and
time stamped and put in order into the blockchain, the clients that mined them didnt
validate them. That was criticized as a Well, that doesnt count. Youre saying this is a
feature. Youre saying We dont even need this for Bitcoin transactions, we can just get
the order time stamped and then solve the transaction chaining on a per node basis, at a
later time once you have an established order thats verified. Thats a very interesting
perspective. [51:10]

PT: Yes, yes. Going back to what we were talking about SPV. With SPV... [51:14]

SM: Sorry... hold on...one sec... [51:16]

AL: Yeah sorry, I think youve lost both Stephanie and I here. *51:18+

SM: Yeah, sorry were not very technical. We just want to understand. Why would you not
want somebody to validate a transaction? [51:29]

PT: Remember we were talking about SPV and how with SPV, essentially, youre trusting
miners to validate for you? [51:36]

SM: Yeah. [51:36]

PT: If they lie to you, youre going to trust them and youre going to accept coins that dont
actually exist. What Im proposing with this client side validation is really what Bitcoin users
already do if theyre using Bitcoin in the most secure way, which is to run a full node.
[51:56]

AA: They validate everything down to the root of the genesis block. The difference is that if
you expect the miners to validate and you depend on the miners validating, you get a side
effect which is rather damaging, and that is that if you want to make a change, or if you
want to introduce something like Mastercoin, they cant validate it, they dont validate it,
they dont include it, so you have no way of doing that later. If you just have them add
everything and all theyre doing is recording, then you have the option of how you validate
things later, at a different layer which opens the door for validating a lot more while still
depending on structured ordered recording at the mining. [52:39]

AL: OK, I think I understand. The interpretation moves to the individual client side, so each
individual user is interpreting for themselves, as opposed to the miners doing it all, the
miners no longer are doing the interpretation. Theyre just doing the recording, so theyre
notaries, basically. [52:53]

AA: Let me give you an example. Lets say you were writing a ledger of transactions and
instead of doing it in English, youre doing it in Mandarin and you have no idea what the
transactions say, but what you do is you just write down the Mandarin characters as they
come through, you time stamp them, you put your signature next to it, then you rely on
someone who, somewhere else, gets a copy of this ledger, reads the Chinese, understands
the Mandarin and knows what this transaction means, but more importantly, they see your
signature and they know when it got into the ledger and they know that it was, in fact,
introduced at that time. You dont even need to understand the Mandarin. All youre doing
is validating; youre narrowing the scope. Youre no longer validating you understand the
transaction, youre simply validating that it existed. Youre doing proof of existence only.
[53:36]

AL: OK, but doesnt this bring us back to the scalability problems that individuals have
running full nodes? I mean, I was speaking with a miner, Kimber (??) today... [53:44]

SM: I was going to ask a similar question. Isnt there a cost to doing that notary service to
record all the transactions? [53:50]

AL: No, no. The notary service is... thats carried by the miners. The miners already have
that cost. The miners actually do less in this system. The miners just do the notary side,
they dont do the verification side, so you can imagine that Visa has different sections. To
this point, miners have been everything, now were dividing them into miners over here
doing notary and users over here doing actual verification. [54:11]

AA: And chaining. [54:12]

AL: And chaining. [54:13]

SM: Both of those have costs to them, so whats the incentive to notarize and whats the
incentive to verify the transactions? [54:23]

AA: Great question. [54:25]

SM: Whats required to do that? *54:25+

PT: The incentive to notarize, in a pragmatic system like this, you would end up in reality
having some really, really basic layer to just move a bit of value round and thats just so you
can go pay a miner Look, go publish this for me. [54:37]

AA: We already have that, thats Bitcoin and it works already so you can do it for the basic
Bitcoin transactions. [54:42]

PT: Exactly, now in terms of the other part of scalability as well, I want to go have an
Android wallet, thatd be lovely. I like this. I just want it to be secure. Coloredcoins is a
great example thats because people always say Coloredcoin is not SPV compatible, its not
efficient, yada yada yada... but hang on a second, if Im giving you a Coloredcoin, all I
actually need to do is prove to you that that coin existed. I dont need to go prove to you
that all other coins exist or that their valid or anything about that. You actually just need a
very small subset of the total data of the system. [55:18]

AA: Youre talking about doing validation all the way down to the genesis of the
Coloredcoin, so its not just a partial SPV, but it still ignores all of the other metadata for all
of the other things that are going on. [55:31]

AL: I think its even more specific than that, right? Its like, I have some inputs in my wallet
and I get some transactions and the only transactions that my wallet cares to verify are the
ones that it thinks it got. Everything else... so you, basically, trim out 99.9999% because
your fraction is the only part that you care about. [55:53]

AA: How is that different from SPV? [55:55]

PT: SPV wallets dont bother doing that. *55:57+

AA: They dont even do that. *55:59+

PT: No, they dont. *55:59+

AA: They just depend on... [56:00]

PT: They could if they wanted to. If we were in an eco-system where they were designed to
do that, I think wed be in a much better state than we are. They dont. *56:09]

AA: Let me ask you... one of the criticisms of doing that in the lightweight manner, is that
Im assuming that in order to do that, you would need to retrieve a chain, a Merkle tree,
that takes you all the way back to the root of that Coloredcoin, so you can validate it. In
trying to retrieve that tree, say with a bloom filter, or something like that, youre revealing
to the world information. Theres a privacy implication here and theres been a lot of work
among the developers here to say How can you say I want to learn about this transaction
without telling everyone I actually own this coin? [56:44]

All agree.

PT: Heres an interesting model and this looks like it will probably implemented first on
Coloredcoins is, when I go give you some coins, I can go give you a bit of proof. You dont
need to go to the rest of the world and get that proof. I can go give you that. [57:01]

AA: Right, so you transport it so its self verifying. *57:04+

PT: Yes and thats actually what were moving towards with the Bitcoin payment protocol.
[57:09]

AA: Thats part of the proposal for smart property too. *57:12+

PT: Exactly. [57:12]

AA: From what I remember, is that you hand the property and the Merkle chain that proves
its chain of ownership. [57:19]

PT: Yeah, sure. [57:19]

SM: Whats a Merkle tree and whats a bloom... what did you say?... filter? [57:24]

AA: A Merkle tree is basically, simply describing a path from the current state of the system
all through its history, narrowly defined as just the path of those coins as they changed
hands, in a way that you can validate it. Rather than saying heres the entire blockchain, its
heres a tiny branch of it, but its a branch that walks down just this specific asset thats
been transferred. [57:49]

PT: Its a map. *57:49+

AA: A Merkle tree is a data structure, a tree of hashes but, essentially, its just a map,
exactly. Rather than giving you the entire city, Im going to say start here and if you turn
left, turn right, turn left, turn right, youre going to end up at the origin of these coins and
now you know they arrived here correctly. You dont have the full map of the city. *58:11+

AL: Even without that, there are no security trade-offs for sacrificing everything but that
one path? [58:20]

PT: I guess I should say if you have the path for your coins, yes, there are no security trade-
offs because you dont care whether or not anyone elses coins werent valid, you just care
that your coins were valid. [58:35]

AA: A bloom filter is basically... its almost like a search query but based on probability, so
you say Tell me everything you know about this address but instead of saying this
address, instead you provide a data structure that matches it to a probabilistic level. That
way, the other person can give you the search results without knowing exactly which
address you were asking for. They just know that when you did this search, this result
matched at 99%, so it must be one of the things youre interested in, but I dont know what
you were interested in but here it is. [59:13]

SM: Its like looking at a neighbourhood instead of a specific address or something like that.
[59:17]

AA: Right, exactly. Youll go out and say Im interested in this zip code and the zip code is
a bit more specific than the entire map, but its not as specific as a single address. Yeah,
thats a great way of describing it; its like a neighborhood. Of course, its a much bigger
data structure and it has a much broader range. Its a lot harder to find from the zip code
you asked for which address you have. [59:43]

SM: Right. [59:43]

PT: Now that weve this concept of client side validation and having subsets, I think then
the next obvious question is why does it need to be one monolithic block? Cant we split up
this block into something a little smaller than an entire megabyte? What if we, say, made
the block itself into something more like a tree, and let miners work on different parts of
this? [1:00:09]

AL: When you say let miners work on different parts of it, do you mean work on different
parts of it simultaneously? [1:00:16]

PT: Yes. [1:00:17]

AL: You could have multiple blocks going at the same time, each with different transactions
included? [1:00:26]

PT: Remember when we were talking about merge mining, imagine you had a system
where you had a root blockchain and its a linear blockchain just like one block follows
another, follows another, but well have a rule where were allowed to merge mine two
blockchains under it; a left and a right. [1:00:47]

AA: Like branches. [1:00:48]

PT: Yeah, and then we go say transactions with a unique identifier starting with bits for
the first bit set to 1 are only allowed to be in the left blockchain, and the bits set to 0 are
only allowed to be in the right blockchain. In the top blockchain any transaction can be in
there. We can repeat this rule one step down. The prefix that it has to match, that were
restricting where transactions can go, just gets longer and longer. [1:01:20]

AA: And it becomes a path. [1:01:21]

PT: Yeah. [1:01:22]

AL: Do miners select this? Is it a conscious choice to pick a particular branch that youre
mining on theres more risk reward or is it just something that happens? *1:01:32+

PT: Its absolutely a choice but its a choice thats meaningless because transaction IDs are
pretty much random. [1:01:40]

SM: Could it ever be chosen based on something that wasnt random, like mining for multi-
signature transactions and certain kinds... [1:01:50]

PT: You certainly could, but I think this works best when you just have everyone
contributing equally to the whole thing at random. The beauty of this is so if youre a miner,
and we have this big tree structure for the blocks, now you only need to process the data for
one half of the tree. Thats a fixed amount of data, it is not the entire system, yet all of our
actions together create a much larger system. [1:02:15]

AL: What happens to the block reward in an environment like this? Right now, block
rewards are giving... right now 25 bitcoins to a single miner, which is a pool and then its
distributed out from there. What does this do? [1:02:28]

AA: Is this related to GHOST? [1:02:29]

PT: No. [1:02:30]

AA: OK, but it sounds similar in some ways. [1:02:33]

PT: The thing with GHOST is its about taking blocks that were orphaned. This is about
spreading the load out so were not going to have that problem. *1:02:44+

AA: Does the distributor reward in the same way that GHOST does? [1:02:47]

PT: No, what Im thinking is to if your top blockchain is the full difficulty, you go a level
down and you can go make each half the difficulty because half the miners are working on
one side and half are working on the other. You go a level down after that and now, were
into quarters. Theyre each working on the left, left chain or the left, right chain and so on.
[1:03:11]

SM: Because the miners would be specializing more, then they would be able to mine at
lower difficulty and it would decentralize mining more? [1:03:18]

AL: Its like random specialization. *1:03:20+

PT: Yes, yes. [1:03:21]

SM: Yeah. [1:03:22]

AA: Yeah, thats interesting. *1:03:23+

PT: If we all work together randomly working on bits, the sum total is that we still move the
blockchain forward, and yet if Ive got, say, a GHash of mining power, Im still going to find a
reasonable number of blocks, say, 5 levels down or 4 levels down. Ill occasionally find
blocks 3 levels down and even less often 2 levels. Sometimes, Ill even go find the top block
and if the reward is split across those in decreasing amount, on average, I still end up
making a reasonable return and my variance is low, so I can mine profitably without
involving a centralized pool. Im also contributing equally to the security of this entire
system. [1:04:04]

AA: How deep can the tree go? [1:04:05]

PT: As deep as you want it to go. [1:04:07]

AA: In that case, I could be solo mining 64 levels down and still have a possibility of getting
some, so the pool is now part of the data structure rather than part of a protocol? [1:04:17]

PT: Yes. [1:04:18]

AA: Essentially, its expressed as a distribution within the data structure rather than a
distribution of nodes on the network. [1:04:23]

PT: Yeah. Another way to think about it too is that this is giving you a trade-off between
security and scalability. Sometimes, you need to go publish data to the entire world. If
youre moving a lot of money, you can go pay a bit of fees and you want this to be
absolutely secure. Conversely, at some point, obviously youre going to get to the point
where there is only one miner actually mining some chain, like 12 levels deep, 16 levels
deep, whatever it takes and thats not going to be secure. In the same way that eventually,
an altcoin isnt secure but theres a catch. Unlike an altcoin, you can then go say the rule is
if this block up here gets reorganized, you can say its children also get reorganized, which
means that now even though not the whole system saw some block, say, 16 levels deep, the
time ordering is still secured by the whole system, which means if I want to accept payment
from a block thats not very secure in of itself, I can just wait until its influence kind of
propagates up and it cant be reorganized out, then its sure that when those coins got
spent, there is no way theyre going to be unspent without a much more difficult block
getting reorganized and so I can (??) [1:05:48]

AL: Even if its included in a really low level insecure block, like 16 levels deep, because it
eventually migrates up because its part of the bigger picture... *1:05:58+

PT: Yeah. [1:05:58]

AL: ...over time, as blocks further up are found, it will be included and essentially,
confirmed into existence even though, at the beginning, its unsafe. [1:06:06]

PT: Yeah, yeah, and if I have proof going back in time, I can go give you the proof that yes,
those coins really were securely moved to that chain, they were not attacked, you can now
trust this and you can then give that proof to someone else. [1:06:20]

AA: Does the tree of blocks, as its being mined, do you need to have completeness or can it
be sparse? [1:06:29]

PT: It certainly can be sparse. [1:06:31]

AA: Essentially, not all branches need to be mined and if some branches are not mined,
whats the impact of that? *1:06:37+

PT: Nothing. It just means that some transaction (??) [1:06:42]

AA: What about transactions that are in them? [1:06:42]

PT: It just means that if you are using a transaction thats in some block, by the time it gets
sparse enough, no one really cares about it. It gets to the level of individual miners. You
might have to go give some miners saying Could you go somehow get this mined? Usually,
youd really go use it in a way that youre still at a level that has a decent amount of mining
interest. [1:07:05]

AL: Ive had to do that before, in practice, with Bitcoin. Ive had to send a transaction that
got... it took like a week. I sent it to a mining pool and they were able to include it very
quickly. [1:07:17]

PT: Yeah, yeah. Its not unlike that kind of trade-off. [1:07:19]

AA: That means that, essentially, that gives opportunity for a much more fluid market for
fees and for mining power, so you can dial in how much fee you want and how much
mining power you want, which means you could have micro-payments chains within that,
where you do that trade-off between time to completion and security. [1:07:42]

PT: Yeah, yeah. When it gets down to it, its like the usual criticism Bitcoin for micro-
payments is why does the entire world need to know that I bought a coffee? With tree-
chains, the entire world doesnt. We go pick some security trade-off thats good enough,
but its much better than it would normally be because were all still working together in
this. [1:08:02]

AL: I recently, this morning, I had a conversation with Rassah from Mycelium wallet and
theyve got an interesting feature built into their local trader set thats a confidence graph,
they call it, that deals with message propagation. When I send a transaction to you, usually,
before youd feel comfortable, usually wed have to wait for a single confirmation at least.
Even then, it would be better if we could wait for more, but a single confirmation is kind of
the standard for person to person stuff. What this confidence graph basically does is it
tracks the transaction as it goes through the entire global network. Once it has essentially,
permeated the network, then you can have a pretty high... and it confirms that theres a fee
and there are some other things in there... then theres a very highly likelihood that, even if
its not included in the next block, it will be included in a future block just because its sitting
everywhere, waiting to be included in a block. It seems like with tree-chains, this would
work even better because, again, its just a notary system and once it gets past the mining
layer, which is the notary layer basically, its already in there and its just waiting to be
processed, whether that takes a minute or a day. Am I wrong on this? [1:09:12]

PT: Yeah, I think you are. [1:09:12]

AL: OK, OK. (Laughter) Please correct me. [1:09:15]

PT: I think this always comes down to the issue of when is something confirmed.
Confirmed is kind of this sort of loose concept. [1:09:23]

AA: Its probabilistic; its not absolute, black or white. *1:09:26+

PT: Yeah, and its even worse than that. If its never been in a block at all, its not only that
its not black and white; its not even a shade of grey. We dont even know what color it is,
per se, we dont know... *1:09:38+

SM: Right. You dont know when it will be more... what the probability will be over time,
yeah. [1:09:43]

PT: ...there is no... it could be up to any sort of thing. I mean, I may be a hacker whos
hacked into some pool and changed the rules by which they confirm transactions. Maybe I
accept the one with the higher fee because Ill make more money that way. Thats not
against the rules of Bitcoin, its against what the default client does, but you can certainly
argue there are a lot of good reasons to do the opposite and go just take whatever
transaction pays whatever fee. [1:10:07]

AA: I believe Eligius does quite a few things that are not part of the default client and
accept transactions that are not part of... not quite... in order to increase the diversity of
that opportunity. [1:10:19]

PT: Yeah, yeah. I mean, Ive gone and argued to a lot of miners that it would actually be
very smart if they changed their policies to mine the highest fee, precisely because we dont
want to get in a situation where weve set a precedent that miners have an obligation to go
keep unconfirmed transactions secure because its an unconfirmed transaction, you dont
even know really if its been round the network. You dont have any proof about anything
about it. Mycelium, they probably have a bunch of nodes around the world, but how do
they really know that their nodes represent the actual Bitcoin network trouble is, they
dont. Maybe there is a parallel Bitcoin network; you just dont know this stuff. You dont
really know how data gets around. [1:11:06]

AA: The only thing you do know is proof of work and increasing difficulty in the blockchain.
Thats the only guarantee. *1:11:12+

PT: An interesting thought experiment would be imagine if there was some way to be sure
that after I publish a transaction it got to everyone reliably, couldnt I just go have a system
based on - you know I cant double-spend you because you ran your Mycelium radar, or
something, and it got round to the world. Everyone knows it. You dont need mining. If
that was secure, you wouldnt need mining, but you need mining because you have no way
of knowing whether or not the transaction was actually published. [1:11:42]

AL: Then again, youre talking about fringe attack cases, basically, and I think that he made
a point of mentioning, Rassah made a point of mentioning to me that the graph never gets
to 100%; it stays at 99% and thats where it maxes out. *1:11:55+

PT: This gets back to my comment of how its not black or white, or even grey. It may be a
fringe attack case today but tomorrow the situation can completely change. [1:12:06]

AA: Yeah, a fringe attack case becomes a bot thats doing it 1000 times a second. We saw
that with transaction malleability. It was a fringe attack case for two years and then we had
to fix it because it happened to be the main thing that was happening on the network.
[1:12:22]

PT: I could go spend $1000 and fire up 500 Bitcoin nodes on Amazon EC2 and very quickly
change the rules that the network (??) follows. One of the rules could be that if Mycelium
wallet is connecting to me, I go give them a different mempool and someone else is
connecting to me, and if I can identify Mycelium versus other nodes, theyll never know.
[1:12:47]

AA: Yeah. Theyll see a lot of nodes as propagating too, all of which you control. [1:12:53]

PT: Or, I might just go up to some big mining pool and say You know what? It would be in
your best interest if you applied replace-by-fee and they may choose to go hit the switch on
that tomorrow. [1:13:03]

AA: Weve had a discussion here where we looked at sidechains and then we looked at
some criticisms of sidechains, or perhaps some things that need to be thought about and we
need to explore a bit further. Youve presented tree-chains to us, now Im saying hash
include, criticism (??). Im going to throw in any criticism that you think youve heard or
other people have discussed. Assume that I just voiced all the criticisms youve seen in your
discussions, what are those? How do you address them? What are the weak points that
people have concerns about? Giving you an opportunity to talk about some of those now.
[1:13:48]

PT: In tree-chains or sidechains. [1:13:49]

AA: In tree-chains. In tree-chains, yeah. Then well get Austin and Adam Back and then
they can actually provide those criticisms, post facto. [1:13:57]

PT: I think that the catch is that using tree-chains efficiently is certainly hard. It requires a
lot of, if not clever cryptography, at least, in the same way as Bitcoin, it was quite clever
about how it structures its data. You need to go have these proofs, you need to be able to
go and show someone else that something was published in some chain and thats
significantly more complex logic than Bitcoin, which is really dead simple in terms of how
the crypto works. On the other hand, Ive also got to point out that sidechains has all those
issues too and (??) on sidechains, those solutions apply equally well to tree-chains. A way to
go think about moving value from one node in this tree to... one block in this tree to another
is, well thats a sidechain. Ive proven that that money was taken out of that block and now
should be resurrected here. All the same techniques actually apply, so Im kind of excited to
see all the stuff were going to come up with, with clever crypto, but I think the underlying
layer shouldnt be merge mining, it should be something like tree-chains. [1:15:07]

AA: So you can implement many of the same goals, using many of the same primitives but
in a way that doesnt require merge mining. *1:15:13+

PT: Absolutely. Ill bet you 90% of the work in implementing tree-chains is going to be the
90% of the work in implementing sidechains. Its that 10% base layer thats actually my
criticism. Thats all. [1:15:25]

AA: What requires a hard fork here? Both things require a hard fork, right? [1:15:30]

PT: No. [1:15:30]

AA: No. Neither of these require a hard fork? [1:15:32]

PT: Yeah, neither. [1:15:33]

AA: How does that work? How do you implement something like tree-chains and
sidechains, without doing a hard fork, without changing the core protocol in Bitcoin?
[1:15:40]

AL: A hard fork, to be clear, is a protocol change to Bitcoin. A change in the way the rules of
Bitcoin work, as opposed to a soft fork, which is... [1:15:48]

AA: A non-backwards compatible change, not just a change but a change that requires all
clients from that point on to follow the new rules because the old rules cannot see the new
rules. [1:16:00]

AL: I see, so everyone must change in the event of a hard fork... [1:16:03]

AA: Must change. [1:16:03]

AL: ...versus in a soft fork, where they do not necessarily have to change; its backwards
compatible. [1:16:07]

PT: To be clear, what a soft fork does is it tightens the rules. After the soft fork, blocks to
the nodes running old rules, appear to be valid. In a hard fork, we make changes where the
new blocks following the new rules appear to be invalid. The thing is that... [1:16:26]

AA: Lets give a specific example. Multi-sig and pay-to-script hash addresses any old client
seeing a pay-to-script hash address... [1:16:37]

AL: Which is? [1:16:37]

SM: What is that? [1:16:38]

AA: ...pay-to-script hash is the multi-sig addresses that start with a 3. Before November
2013, an old client that saw a 3 address on the network would say What the hell is this?
And drop it. It would be considered invalid. Thats a hard fork because when you
introduce... [1:16:56]

PT: No. [1:16:57]

AA: That wasnt a hard fork? *1:16:58+

PT: That was a soft fork. [1:16:58]

AA: That was a soft fork?

PT: Yes. [1:17:00]

AA: But it changed... it created... [1:17:02]

PT: It did not. [1:17:03]

AA: OK, great. Lets explain that. Rewind. Back to (laughter)... Steve. (Laughter) *1:17:09+

PT: P2SH is a good example of a soft fork where, its called pay-to-script hash, we go take a
script, which are the rules required to spend a bitcoin. [1:17:21]

AA: The best example of that is multi-sig. [1:17:23]

PT: Exactly. We take them and we hash it and turn it into a little number and then we go
say Can you go provide me a script that hashes to that hash? If you can, and you can also
meet the rules of the script, you can go spend the money. [1:17:38]

AA: A 3 address. [1:17:40]

AL: Something like escrow, yes? [1:17:42]

PT: It can be used for escrow. [1:17:43]

AL: With multi-sig, it is escrow. It is escrow that its controlled by more than one key.
[1:17:48]

PT: Yes. [1:17:49]

AA: Its a 3 address. That 3 address doesnt represent a wallet, it represents a script and
that script has rules for escrow, multi-sig escrow in it and if you can provide the script that
has the multi-sig rules in it and the signatures that validate that script, then you can spend
whats in a 3 address. [1:18:06]

AL: OK. [1:18:07]

SM: The best explanation Ive heard yet. (Laughter) *1:18:09+

PT: Heres the crazy hack that made it a soft fork. Its that we added a new rule to the
Bitcoin protocol that said If you saw a script that consists of nothing more than hash of
that data, then check if that hash was equal to an existing hash. Well perform that as it
always would but then well also go and take the data and then run it, as though it were a
script. [1:18:36]

AA: Right and that was a really nasty kludge hack. [1:18:40]

AL: I dont know this means. (Laughter) *1:18:41+

SM: What does that mean? [1:18:44]

PT: You have a node and I go give you a script that says Well, these coins can be spent if I
provide you with a piece of data, that when hashed, happens to go match an existing hash.
[1:19:04]

AA: The 3 address. [1:19:06]

PT: Yeah. Your old node looks at that, runs a little bit (??) thats fine. Why did you
include all that other stuff there? But thats OK by the protocol, so you just ignore it and
youre good to go. We upgrade that and we say If you see that, in that little, very specific
form, well add a new rule, where then you go take that data, treat it as though it was
another script and then go validate it, according to the Bitcoin script rules. You, the old
node, that sees new transactions by this, you just ignore them. Theyre valid, from your
point of view. [1:19:44]

AA: The new nodes open it up and say Oh, this particular script is a multi-sig and requires
escrow. Now, I need to count two out of three signatures to validate this. The old node
isnt seeing the multi-sig, isnt seeing the escrow, isnt seeing the two out of three, it just
sees a valid address and it says OK, whatever that is, Ill just take it. *1:20:03+

AL: It seems like this is analogous to what Mastercoin or Counterparty do, basically, where
theyve got this... you can send Mastercoins to a Satoshi client, the Satoshi client cant see
them but the address still controls them at the point that you move from that to the... yeah,
OK. [1:20:19]

PT: The key difference with Mastercoin is because its client-side validation. You dont need
a soft fork, you dont need miners to do anything. *1:20:25+

AA: This is layering of protocols and this is separation of concerns, so in a distributed
system, this is very much equivalent to a TCP client forwarding things to Port 80, and it
doesnt know what those things are, but if you have a web client, it can take those Port 80
things and say Hang on, let me open this up. Oh, this is a web request. Now were going
to send web pages instead. The TCP client doesnt need to know any of that detail. It can
just forward things to Port 80, not knowing whats inside them. In the case of Mastercoin,
the exodus address is the equivalent of Port 80 and the underlying Bitcoin client forwards
them along, without understanding whats inside. The more sophisticated Mastercoin is
running a layer above and can unlock that and do additional things with it. [1:21:08]

AL: Now I understand the exodus address a little bit better too. [1:21:10]

AA: Its your Port 80. Its the HTTP address. [1:21:13]

PT: Going back to tree-chains and sidechains, how do you go soft fork tree-chains or
sidechains to add them? You simply go add new rules; you go say if you have a transaction
that has a special format that to old nodes looks like just meaningless data... [1:21:28]

AA: Meaningless but valid data. [1:21:30]

PT: Meaningless but valid data... and by valid, all we mean is that the data was encoded in
the standard push data to stack format. Now, the new nodes go say OK, thats a
sidechains proof, lets go apply this proof, lets go figure out whether its valid. In the case
of tree-chains, you do this implementation and its even easier. Its actually just merge
mining. Its merge mining where the rules follow a particular pattern, so that the whole
system can go work in this multi-level deep thing, but for the old Bitcoin nodes seeing only
the first top blockchain, all they ever see is Yeah, I guess theres a block in it; had two
more hashes in it. Maybe if money needs to be moved from the lower parts of the tree up,
you use the sidechains protocols. [1:22:23]

AA: I think this goes well to prove the underlying theme of the last several years and of
many of the conferences Im going to this is not a damn currency! (Laughter) This is not
about coins; you are missing the point! These little discussions really show how far weve
come from... even from the title of the Satoshi paper A Distributed Digital Cash System.
Its absolutely no longer about cash. Its so much more than that, both in terms of the
applications but even in terms of the complexity of the implementation and the amount of
innovation thats happening here has nothing to do with coins anymore. *1:23:03+

PT: Id like to go make the analogy of the telephone network versus the internet. I think
something like sidechains is not unlike the way how do we add features to the telephone
network, we went up to the telephone carriers and said Look, can we do this? Can we do
this? Its the same as going up to miners and say Can you merge mine Mycoin? Can you
merge mine this coin? Whereas, tree-chains is more like the internet where we have this
really, really, really low level protocol IP and if all you want to do is just be an internet
router and move IP packets around, thats great. Go for it. The fact that theres a whole
bunch of other stuff built on top of that, you dont need to know about, you dont need to
care. If I want to go and experiment, I can and it works just as well as your experiment. It
works just as well as your production ready token transfer system or your Bitcoin system.
Who knows what youre doing, but it all works because the underlying system works.
[1:23:59]

AA: Its important to realize that if you do the protocol layering well, you get two very, very
important side effects. The first one is that you can preserve the neutrality aspects of the
core protocol, which means that as long as its from A to B and some content, you dont
need to understand what that content is, you simply deliver it. That allows the innovation
to flourish within that system. The second one is that if you structure it correctly, the layers
above do not affect what happens in the layers below. That way, you have separation; you
have modularity. You dont have weird side effects happening. Thats critically important
because then, the innovation can go completely at the edges and you can have all of these
applications flourish. [1:24:44]

PT: I go work for Mastercoin, Counterparty and some other ones. The fact of the matter is,
I dont actually care that much whether or not Mastercoin survives or Counterparty
survives. What I care about is they were given a chance to test their protocol, to see if they
could make it work and they had the security, so that they werent going to be killed off by a
small group of people who might decide this is a bad thing. I want the space to experiment
and I think people should have that shot at trying. [1:25:13]

AL: No more monopolies. [1:25:14]

PT: Yes. [1:25:14]

AA: Yes because even if we get Counterpoint or Mastercoin or any of these other things
wrong, once you open the door for things to be built on top, someone else will build it right
and there will be a marketplace for people to try all variations and decide what is right for
them, without having to ask the permission of the underlying layer. Thats the really
important argument thats been going on in the Bitcoin space for a while now. Thats why
the ideas of spam and dust and bloat of the blockchain can be seen from two different
perspectives. One, its bloat but on the other side, its an opportunity to open up all kinds of
applications, without having to stress the core development team or to request protocol
changes in the core layer. [1:25:58]

AL: Whats next for tree-chains? It kind of sounds like this is at the ideation level and I
mean, youve thought about it and it sounds like its an interesting solution to a similar type
of problem that sidechains are trying to solve. Hows it going? *1:26:16]

PT: Its a matter of sitting down with a pad of paper and working out the details. An
interesting and exciting possibility is, for instance, Ethereum. You could actually go ship
Ethereum as a tree-chain thing, with no scripting at all, crazily enough and add scripting in
layers in soft forks. If you did watch the miner validation on top of this idea, alright fine, add
it piece by piece. If you didnt, thats OK too. Equally, you can take the same idea and apply
it to Bitcoin. Im not quite sure yet in what form the first pieces of code will be written, but I
expect that to be fleshed out much more in the coming months. Simultaneously, whatever
the sidechains guys do, their experimentation will feed into the crypto in understanding
thats going to make tree-chains work, in the same way that Mastercoin and Counterparty.
Their experimentation with the concept of client-side validation will feed into making tree-
chains actually work, from a pragmatic point of view. [1:27:20]

AA: You could implement this, not only use this to implement Ethereum on top of Bitcoin,
you could also implement tree-chains within Ethereum, for example... [1:27:28]

PT: Yeah, exactly. [1:27:28]

AA: ...as its own mining approach, or any of the altchains. [1:27:33]

AL: This has been a pretty mind-expanding.... owww! (Laughter) [1:27:40]

SM: Yeah. Does your mind hurt when it expands? [1:27:42]

AL: A little bit. (Laughter) Lots of brow furrowing this one, but... [1:27:47]

SM: This was cool. Thanks for explaining a little more detail for those of us who dont have
the technical background. I hope the listeners will be able to keep up and I think they will
be. [1:27:58]

AL: Yeah, I think that when we learn along so hopefully they... OK, Peter, you do lots of
projects. If somebody wants to get in touch with you, whats the way to do that? If
somebody wants to support your work, is there any way to do that? [1:28:12]

PT: Email me. [1:28:12]

AL: Email you. OK. As simple as that. (Laughter) OK. You want to give that? [1:28:17]

PT: Yeah, PeterTodd.org. [1:28:20]

AL: PeterTodd.org. OK, well I think that wraps it up for us this time. [1:28:28]

SM: Were done. No more conference. *1:28:29+

AL: Yeah, no more conference. Alright guys. This closes out our recordings at the Toronto
conference. Thank you all very much for being here. Andreas. [1:28:36]

AA: Thank you. [1:28:37]

AL: Stephanie. Peter. Thank you very much. This has been... Im going to be paying
attention to this and trying to continue to keep up with you. Its good work. *1:28:47+

PT: Thank you. [1:28:48]

AA: I think the feedback weve received, at least the feedback Ive received is that when we
do more technical, more in depth episodes like the one I did in... the first one I did in Vegas
with Adam, I think that was probably the most in depth one weve done, up to that point.
People go back and listen to it again and again and again and try to decompress all of the
ideas and Ive had so many people come to me and say, that was just amazing. Not only did
I learn a lot of new things but in trying to learn those new things, I learned a lot more about
Bitcoin than I ever thought. I think we can challenge the audience and the audience
absolutely loves it. [1:29:24]

SM: Theyre going to be challenged. (Laughter) *1:29:26+

AA: They like that. We dont need to patronize our audience. We have episodes that are
great for beginners and we need to give them the real meat and episodes that are great for
people to expand their understanding. [1:29:40]

AL: Thats what we do is we try to... its a learning process. Were learning along with it. I
think its always good to have the three of us here because we represent a range of
experiences and contexts. [1:29:49]

AT: You have a good dynamic. You should do themed ones as well, like some more techie,
some more social kind of stuff. [1:29:59]

SM: Sidechains, yeah sidechains of Lets Talk Bitcoin. *1:30:01+

AL: Yeah, sidechains of Lets Talk Bitcoin. (Laughter) *1:30:03+

SM: Adam, whenever you say youre going to make different podcast feeds, I say theres
going to be a hard fork. (Laughter) [1:30:09]

AL: I think that wraps it up for this time guys. Thanks everybody. [1:30:15]


________________________________________


CREDITS:

Thanks for listening to Episode 104 of Lets Talk Bitcoin.

Content for todays show was provided by Adam B. Levine, Andreas Antonopoulos,
Stephanie Murphy and guest host, Peter Todd
Music for this episode was provided by Nils Frahm and Jared Rubens

Thanks for listening. [1:30:33]