Conversations about Software Engineering

Conversations about Software Engineering (CaSE) is an interview podcast for software developers and architects about Software Engineering and related topics. We release a new episode every three weeks.

Transcript

Stefan Tilkov: Welcome, listeners, to a new episode of The CaSE Podcast, Conversations About Software Engineering. Today I'm absolutely thrilled to have Andreas Antonopoulos as my guest. Andreas is extremely well known in the Bitcoin community. He's the author of two books; one is called Mastering Bitcoin, which is a very technical and very good introduction to the technology behind Bitcoin. The newest one is called The Internet Of Money, which is a book about why Bitcoin matters. He's a very well-known, very engaging speaker, so I'm absolutely happy to have him on the show. Welcome, Andreas!

A. Antonopoulos: Thanks for having me, I'm really excited!

Stefan Tilkov: Andreas, maybe you can start us off by talking a bit about how you got into this space.

A. Antonopoulos: Well, it starts with me being a geek, and very much of a geek, in fact. I got my first computer and started programming when I was just over ten years old. I got completely lost in that technology for six months, emerged from it being able to program in both Basic and Assembly. This was in 1982. That started the trajectory of my life where I've been fascinated, enamored, passionate about computers and about the impact they have on society. Over the next two decades I also got involved in the early internet, before most people knew anything about it, when it was still in an academic network. I also started getting engaged on Usenet and learning a bit about cryptography and the whole cypherpunk movement. I was fascinated with the intersection of internet computers and politics and money. At the time - the early '90s - we started seeing the first digital currencies that were based on cypherpunk ideals, things like David Chaum's DigiCash etc. We also saw applied cryptography for the masses with PGP and various other technologies like that. I was an avid user and fascinated by this. Anyway, I got involved in various aspects of information security as a professional. I graduated with a master's degree in Data Communications and Distributed Systems, I'm a computer scientist by trade, and I did a lot of work related to networks and information security. And I kind of forgot about digital currencies for a while, because nothing interesting was happening. Sometime in 2011 I read the first thing I read about Bitcoin. I completely dismissed it, assumed it was just some silly centralized thing for gamblers. Then the second time was about the middle of 2012, and I read about Bitcoin and for some reason I kept reading, and there was a link to the Bitcoin whitepaper, which I downloaded to get a better understanding... Understand the technology, not just what other people were saying about it.

A. Antonopoulos: I read the whitepaper, and by the time I finished (got to page 9) my mind was so thoroughly blown. I realized immediately this is much more than I thought; this is a combination of peer-to-peer concepts (like BitTorrent) with the digital signature technology and cryptographic primitives of PGP, with a decentralized model for achieving consensus and synchronization across a distributed system with a time-stamping server... This is mind-blowingly complex, but also innovative and counter-intuitive and fascinating. And then I lost myself. For four months I did nothing else. I got up in the morning, I spent 18 hours reading, writing and coding everything I could about Bitcoin. Not eating, not sleeping... And I emerged out of that four months later and decided "This is what I'm doing for the rest of my life." I dropped everything else, and that was the beginning of 2013, and wow - what a ride it's been.

Stefan Tilkov: I guess you picked the right thing. You could have picked something else that nobody knew about, but you picked exactly the right thing to immerse yourself in.

A. Antonopoulos: No, I picked something no one knew about, that everybody dismissed and everybody thought was ridiculous and that only a geek could be interested in. That was when I picked the internet, that was when I picked computers, that was when I picked programming, that was when I picked modems, and finally, that was when I picked Bitcoin. When I pick technologies, they're still at the "everybody's ignoring or laughing at it" stage. Over the years of picking technologies that people are laughing at or think are never going to amount to anything, and proving that wrong through my own experience, I developed the confidence that when I saw Bitcoin, I thought "You just keep laughing. This for me is world-changing."

Stefan Tilkov: Can you give us a brief introduction to Bitcoin and the concepts behind it?

A. Antonopoulos: Bitcoin is a system that is composed of a number of different technologies, many of which existed before Bitcoin but not in that particular combination. It is a completely decentralized payment network, currency system, issuance system, and a ledger of all of the transactions that are synchronized across this peer-to-peer network without anybody having to trust anybody else... Based on a set of rules that operate in software. The peer-to-peer network consists of at least 10,000 nodes that are publicly listening and detectable on the network, plus several tens of thousands more that participate in a more stealthy fashion, or over Thor, or are not listening on an open port and cannot be inventoried in such an easy manner. That peer-to-peer network has essentially participating nodes which keep a copy of this ledger of transactions, but it also has some nodes that are doing a special function which is called mining, where they grind through cryptographic hashes in order to validate the security of transactions while having a personal investment of energy that it takes to do that computation as to guarantee that they're playing by the rules.

A. Antonopoulos: It's counter-intuitive, it's the first really practical model of using market economics as a security model to build a decentralized system, a distributed system that achieves synchronization over a period of ten minutes. On top of that, once you have that, a platform that you can trust, that is neutral, that is decentralized, that is cryptographically secured, the most obvious application you can build is currency... But there are many, many more that arise out of these primitives, and we're just beginning to see this thing explode onto the internet.

Stefan Tilkov: So that really was a complete introduction to Bitcoin in about two minutes, and I can imagine that if this is the first time people have heard about the technical details, this is actually quite a lot to digest... So maybe we can walk through some of the things more slowly. The first interesting thing is that you mentioned that it's a peer-to-peer network. What actually happens if somebody wants to have a transaction performed? What way does it take?

A. Antonopoulos: There are a number of ways you can interact with the Bitcoin network, but the proper (if you want to use that term) way is to participate as a node, in fact a fully validating node, where you run the software to fully validate and connect to other peers on the network. If your listeners are familiar with technologies like BitTorrent or previous peer-to-peer networks, the way these peer-to-peer networks work is first they go through a process of discovery; sometimes there are some bootstrap nodes that tell you about other nodes they've seen recently on the network, and then you connect to them and then you ask them to introduce you to other nodes, and then you randomly connect to some of those, and not connect to others. So you can create essentially a mesh network.

A. Antonopoulos: In this mesh network of peers, every node connects to about eight incoming connections and can have more outgoing connections. This mesh network then routes information using a flooding algorithm. That means that when you receive a transaction from one of your peers, you validate it, and then if you think it's valid according to the rules you have, you forward it to all of the other peers that you're connected to if they don't have it yet. You do the same with a block of transactions. That means that if you create a Bitcoin transaction, which is a data structure, a cryptographically signed data structure, and your node tells one of your peers, injecting it effectively into the network, that peer will validate it and then propagate it to all the peers it knows, which will validate and propagate it to all the peers they know. Within about eight to ten seconds your transaction will ripple out across the globe and will be seen by almost everyone connected to that peer-to-peer network. That's how transactions propagate.

A. Antonopoulos: Some of the people who see this transaction will be miners. They will also validate it, and then they will include it in a block of transaction, they'll do the proof of work required to validate that block, and then if they find a solution, they will propagate that block out, again using that same flooding mechanism. Once everybody has seen that block validated as correct, it gets added to the blockchain, which is essentially an append-only database. The append-only database synchronizes across all of the nodes every ten minutes, or eventually, if you're not well-connected, and provides the truth of what has been spent and what hasn't been spent, and who owns what in terms of Bitcoin. That's the peer-to-peer network.

Stefan Tilkov: What does it mean for a transaction to be valid?

A. Antonopoulos: There are a number of things... There is a set of rules that are validated by the software. Some of them are fairly obvious, other ones are mostly data-type constraints, but let's start with the obvious ones. In order for a Bitcoin transaction to be valid, the amounts that you're trying to spend must not have been already spent. The fundamental problem that the decentralized network of Bitcoin solves is the so-called double-spend problem, which is how do you ensure that a form of digital money that can be replicated hasn't already been spent in another transaction previously? The other way that could be solved in the past was by using a centralized clearing house, which then became a single point of failure, or seizure, or shutdown, and it's why all of the previous digital currency systems mostly failed.

A. Antonopoulos: Bitcoin solves the double-spend problem by having everybody validate that the funds haven't already been spent, and not having a central clearing house, but essentially having a decentralized clearing house, which is everyone who's participating on the network. So the first thing you need to validate in a transaction is that it hasn't already been spent. Then you have to validate the digital signatures, and this ensures that the person spending them - or the system spending them rather - is in possession of a private key that authorizes them to spend that, and you compare that with the public key that's recorded in the ledger as the owner of that money. You use classic public key cryptography to validate a digital signature.

A. Antonopoulos: In the case of Bitcoin, Bitcoin uses the elliptic curve digital signature algorithm (ECDSA) on a very specific curve, which is the secp256k1 curve. If you're not into elliptic curve mathematics, none of that made any sense whatsoever, but basically, it's public key cryptography, simply using elliptic curves. You have a public key, you have a private key, and you can do digital signatures to prove that you have the private key, and that's the base of ownership of Bitcoin. A transaction has to have a valid signature, it has to spend less money or equal to what you have and not more; that money must have not been spent before, it has to have the right timestamp into it, and the data structure that describes the transaction must be property formatted in many different ways to fulfill the requirements of the network.

A. Antonopoulos: Once you've checked all of those things, that's a valid transaction. Everybody knows it happens, and that means that the recipient can now in turn spend that money to someone else.

Stefan Tilkov: So that's the validity of a transaction, ensured by essentially public/private key cryptography. What role does this block of transactions play in the whole thing?

A. Antonopoulos: In order to maintain the database consistency, rather than trying to record individual transactions, they're batched, and you have a batch clearing process. This batch process happens every ten minutes on average. It's a statistical ten minutes, meaning it's a Poisson distribution, which on average means that a blog will be validated every ten minutes. Sometimes that's eight, sometimes it's twelve... If you take the long-term average, it's ten. Blocks are just buckets of transactions; they're just aggregation data structures that have a batch of however many outstanding transactions have happened since the last block that were outstanding, and the miners simply aggregate from all of the transactions that have been broadcast over the last ten minutes - they aggregate the ones that give them the highest level of fees per byte into a fixed-size block, which is about one megabyte right now. Then they publish a proof in order to validate that block, and then it gets added to the database. So rather than adding one transaction at a time, you just add a data structure that contains approximately 2k-3k transactions in one megabyte of space.

Stefan Tilkov: You obviously mentioned that there not all of the nodes, but many of the nodes can be mining nodes... So every one of those nodes will work on whatever transactions they wanna work on, and they will work on different transactions likely, I guess...

A. Antonopoulos: There is a 95% overlap between the transactions they are likely to be working on, but yes, they won't be identical in sequence of a perfect match of the set, yes.

Stefan Tilkov: As you mentioned, we now have a consensus problem, because the whole world has to agree which of those blocks is the right one, because every transaction can only be in one block, right? So how do they go about that?

A. Antonopoulos: That's where the process of mining, this competitive race happens. In order to make a bloc valid in the eyes of the network, you have to commit a certain amount of computation. This is modeled on technology invented about a decade before Bitcoin called HashCash, which was invented as a form of spam protection for anonymous remailers on Usenet... But basically, it involves grinding a hash, trying all possible inputs or a sequence of possible inputs - a random sequence of possible inputs - to a hash function, with the goal of producing a cryptographic hash that has certain characteristics, such as for example the first few bits are all zeroes.

A. Antonopoulos: Because you can't predict the outcome of a hash function, when you change something in the input, it produces what is effectively a random number. In the case of Bitcoin, that's a 256-bit random number. The chances of the first bit of those 256 bits being zero, there's about 50/50; the chances of the first two bits being zero is one in four, 25%, and so on down the line, meaning that producing one with the current prefix - which is, I don't even remember, it's almost 20-25 bits maybe of zeros - requires quadrillions or quintillions of hashes per second across the entire network to be computed. Only one of those will produce a number that is suitable, that fulfills the proof that's required. And that means you have to spend a lot of energy.

A. Antonopoulos: That's the competition part - you spend a lot of energy grinding this has algorithm in order to produce a specific outcome... It's useless; it doesn't do anything other than prove that you are willing to spend the energy. And essentially, what the energy is is your bond, it's your guarantee, your assurance to the network that you didn't do this for nothing, you did it by investing energy, and the only chance of you recouping some of that cost is if you properly validated all of the rules of the network and didn't cheat, in which case everyone will accept your block as valid if you are the first to find a proof for it, and you will get rewarded by collecting fees and newly-minted Bitcoin.

A. Antonopoulos: You're always riding this razor edge of competition where if you do everything right and you validate all the rules correctly and you don't cheat and you're very lucky and you burn quintillions of hashes worth of electricity computation, you might make a reward. That way no one cheats, because if they cheat, the amount of money they lose in electricity they're never getting back; they still have to pay that bill.

Stefan Tilkov: That's what you meant by applying market economy to arriving at consensus, right?

A. Antonopoulos: Yes, it's a very straightforward risk reward, and the fact that anyone can participate as a miner - or stock mining - any time they want, and they can do it with any energy source they want, at any electricity price they want, with efficient or inefficient equipment, and then they have to compete against everybody else means that it delivers a very high level of security, because the end result is that this enormous investment in hardware and energy goes in, and what that investment does is it underwrites the security of Bitcoin, as that is the money that would be lost if you tried to cheat.

Stefan Tilkov: Because essentially, if I do something that puts the network at risk, I am putting my investment in the network at risk as well, because my Bitcoin wouldn't be worth anything anymore if I did something to the network that devalued--

A. Antonopoulos: Well, not just that, but more immediately, you wouldn't make a reward from the specific block, so your punishment will arrive a lot faster than the punishment to the whole network by the devaluation of Bitcoin itself. You won't be able to pay your next month's electricity bill.

Stefan Tilkov: But that's if I cheat in a cheap way. If I try to maybe double-spend something by trying to cheat on the validation of a transaction or a block or both, then everybody else will simply reject my block and my invalid transactions, correct?

A. Antonopoulos: That is correct. In fact, sometimes you just simply fail to validate according to the latest rules, unintentionally. In order for miners to continue to compete in this space, that means they have to keep up with the rules, and they have to very carefully validate every transaction, because their risk is the highest.

Stefan Tilkov: Because they spend all that electricity, and if they don't get anything in return, this is really a pretty bad loss of money right now.

A. Antonopoulos: Yes, we're talking about hundreds of thousands of dollars per day.

Stefan Tilkov: What if I try to cheat on a more significant level, if I try to acquire so much mining power that I can actually arrive at a forged consensus, where I can make my forgery the new truth?

A. Antonopoulos: Well, again, part of the challenge here is that you can mine a forged block, but then when you try to propagate it, everyone who's running a node is going to try and validate that block.

Stefan Tilkov: Sure, but what if I'm running the majority of nodes?

A. Antonopoulos: Well, you can't also run the majority of nodes, because the people who have economic interest in the network - the exchanges, the merchants, the users and the wallets - are running nodes of their own in order to validate everybody else... So miners don't have as much power as you might imagine. If you accumulate enough hash power to fabricate consensus on the network, there's not that much you can do with that consensus. In most cases, keep in mind, you can't spend somebody else's Bitcoin, because you don't have the private keys to apply signatures. And if you tried to, then everyone else who's validating will immediately reject any transaction you sign fraudulently.

A. Antonopoulos: All you can do effectively with a majority of the network is change the sequence in which transactions are being confirmed, and potentially double-spend by erasing the history in spending a transaction, which really is only of benefit if you're doing it for your own transactions. In the case where, for example, you pay someone for something, you receive the service or product in return or convert it into another form, and then you erase history to make that transaction never appear, or go to a different destination... It's very difficult to pull off an attack like that, it's very costly to pull off an attack like that. It would most likely be noticed, and the rewards you're gonna get from pulling off that attack is less than the reward of if you just continued doing your job as a miner, which kind of takes a lot of these types of attacks into an academic realm, where the self-interest of miners actually prevails; the most important thing they can do with the equipment they have is just keep mining, fairly.

Stefan Tilkov: Okay, makes perfect sense. So onto maybe two of the most often-cited criticisms of Bitcoin... The first one is scalability, which addresses the fact that if you mine a block every ten minutes that has 2,000 transactions in it, you can do the math - I won't do it right now, but you can do the math and arrive at a few transactions per second as the global capacity of the Bitcoin network. I guess that's obviously a problem, so how is this being addressed?

A. Antonopoulos: The truth of the matter is really pretty straightforward - decentralized blockchains do not scale; they cannot scale, because in order to remain decentralized and to use the blockchain technology, they broadcast all transactions to all the participants and have a rather expensive mechanism for securing the decentralization of that database and ensuring that no one can take over control. That naturally limits the scale that you can achieve. We see many newer blockchains claiming to have overcome these difficulties, but if you dig a bit deeper what you'll find out is they're either not being used at the volumes that Bitcoin is being used, so they're enjoying kind of the honeymoon period, just like Bitcoin had back in 2013 - zero fees, plenty of room in the blockchain, no scaling problems, everyone was friends, no real debate going on... And that simply had to do with the fact that it wasn't as useful and broadly used at the time. That's one scenario.

A. Antonopoulos: If you see blockchains that say "Oh, that's an easy problem. We've solved it", usually they just don't have the volume to have a scale problem for which they need a scaling solution in the first place. The other thing you see is blockchains that claim to have solved it, but essentially they've done something else, which is they've dropped the decentralized part. So they can solve scaling by reducing decentralization, or by centralizing certain functions... So making a scalable centralized database - very easy: Visa, Mastercard, American Express... They do that. The problem is that we already have that. PayPal. We already have centralized payment networks that are very scalable. The interesting thing is a decentralized payment network.

A. Antonopoulos: So if decentralized blockchains don't scale, what happens next? Well, the interesting thing here to realize is that decentralized blockchains may not scale, but that doesn't mean that Bitcoin itself doesn't scale. Just like the difference between "IP doesn't scale", but the internet does. The way you do that is by introducing additional layers and additional optimizations at higher layers, and hopefully, if you do it right, without reducing the decentralization, the trust, the neutrality, the censorship resistance, the privacy - the important characteristics of the base layer. I think that's where we go next, just like if you had a global network based on broadcast Ethernet - it doesn't scale; a global network based on broadcast blockchain doesn't scale. But if you build layers above, you can actually make it scale. So there are a number of projects that are currently exploring all different ways of scaling blockchains. Some of these are scaling up, some of them are scaling out.

A. Antonopoulos: You can think of scaling as horizontal or vertical scaling, just like with any other protocol or database technology. Vertical scaling simply means making the underlying structure bigger - bigger blocks, to accommodate more transactions, or more frequent blocks, which is just taking that dimension into time instead of space. Both of those solutions, while obvious and relatively easy to implement, have the downside that they put very big pressure to centralization, both on miners and on other critical parts of the system. It makes it very expensive to process a block and validate a block, transmit and receive a block in terms of bandwidth, storage and CPU, which then means that only large infrastructure players can do that, which leads to centralization, and that defeats some of the underlying principles.

Stefan Tilkov: Excuse me if I interrupt you here... Isn't it the case that the actual resource-intensive thing is the computation of the hash - isn't that largely uninfluenced by the size of the block?

A. Antonopoulos: Yes, but in the highly competitive, resource-intensive computation of the hash - because this is a race; remember that as soon as you are ready to validate the next block, you are in a race against everybody else who's trying to do that... Which means that small differences in the number of transactions you first have to validate before you can start computing the next block will have outsized effects on your profitability. Then things like network latency and bandwidth, storage and CPU for validating the transactions, receiving and transmitting the transactions in blocks can affect your profitability. Even if you assume the same amount of hashing power, the miner that receives all of the transactions, validates them, receives the blocks, validates them, calculates the proof of work and then transmits the finalized block first wins... And if they have a 100-millisecond advantage on any one of those steps, they will win by a significant margin more often, so now bandwidth and CPU and storage become very important profitability factors.

A. Antonopoulos: It's a complex system because of this competition, and inevitably we will also scale up, but the benefits you can get from scaling up are limited, they're not sustainable, and they certainly won't get you to global scale. There simply isn't any way to take this inherently not easy to scale broadcast technology and scale it to a global level on the base layer. Most of the optimizations will have to happen in intermediate layers and upper layers. So that's the scale out. Scaling out basically means moving transactions to other blockchains that have different characteristics while maintaining the security in a base layer that is very decentralized... Moving transactions off-chain, and then only posting the aggregate of transactions while still using the underlying security model and trust model to ensure that you don't depend on third-parties, and then optimizing the space requirements of transactions themselves with various techniques - cryptographic techniques for aggregating signatures, compression techniques, optimization techniques, ways of synchronizing data between parties without sending the whole thing - diffs, effectively - off the network.

A. Antonopoulos: There's all kinds of different avenues where you can do optimization. I think is where you start seeing -- you know, some of the people who have had experience with this kind of scale of technology before, who have at least observed it, understand that this is a multi-dimensional problem that is solved with lots of different solutions. On the internet we didn't achieve video on demand and Netflix by simply scaling up the pipes to transmit this stuff. I can still not do real-time video uncompressed across the internet, and probably will never be able to do that.

A. Antonopoulos: The biggest difference in scaling was made by compression technologies. Mp3, mp4, perceptually lossy compression for video and audio - those were the big difference in terms of what we could achieve for the internet. It wasn't just bigger pipes. And of course, you also need bigger pipes, and we will get bigger blocks, but the bigger pipes alone definitely don't get you there; you really need to think about how each layer can squeeze the optimal number of transactions or capacity.

Stefan Tilkov: Is what you just described at the core of the debate between Bitcoin and Bitcoin Cash and the fork that occurred a few months ago?

A. Antonopoulos: Yes, pretty much. And I think the debate is presented by most media as a either/or, like "Should we do big blocks or second-layer solutions? And a lot of the propaganda around that and the debate has descended into two opposing camps screaming "We will never do big blocks, we will only do second-layer" or "We will never do second-layer, we will only do big blocks." "Big blocks are the devil", "No, second-layer is the devil" etc, whereas in fact I think the pragmatic position is not either/or, it's "when." Both are going to happen.

A. Antonopoulos: The question for most of the sophisticated discussion, at least among the engineers and the developers who are engaging in science, was "What is the best sequence in which to introduce optimizations and at which layer, and how does that affect some of the principles and the capabilities of this system?" There was a lot of dumbing down of these discussions, to the point where they simply became slogans and you had this kind of tribalist splitting. The bottom line is that you can't solve with one or the other; you're going to have to do both, and the main disagreement was "Do we build second-layer solutions and postpone increasing the block size, even if that causes problems with fees?" Because that will actually also cause the user interface and wallet side of things to develop better fee estimation and fee management solutions... Or do we kick the can down the road, increase the block size now, relieve the pressure (absolutely) while we're working on these other things? I think that was where most of the disagreement was.

A. Antonopoulos: In the end, both happened. We now have two different blockchains that are approaching the roadmap in two different sequences.

Stefan Tilkov: So even though I'm dragging this out a bit, I still want to ask about one or two technical terms... One that everybody mentions is the wallet. What role does the wallet actually play? Does it store my money, or what does it actually do? What is it, from a technical standpoint?

A. Antonopoulos: So it's a keychain; from a technical standpoint, it is a keychain, first and foremost. What most people call a wallet doesn't store coins. The currency is never in the wallet, it's always on the blockchain, it's on the global decentralized network. Everybody can see all of the coins that are sitting on the ledger, everybody has a copy of the ledger... Everybody has the coins, they just don't own them. What they own is the keys that allow them to make digital signatures to actually spend these coins. So your wallet is a keychain; first and foremost, it stores private keys. It calculates public keys, it calculates public addresses, and it's able to apply digital signatures on transactions to prove that you are the authorized owner of those funds. But in order to do that, it also has to be able to receive the state of the blockchain and understand which of the coins that your keys control have been spent and which ones have not, so it can construct this second-layer abstraction which is a balance. Bitcoin doesn't have a balance, there's no account; you have to count all of the coins that you can address with your keys, and say "Okay, it looks like I can move this much total", but it's maybe stored under a hundred different keys that can sign for these coins.

A. Antonopoulos: The wallet has to be able to construct transactions, which means it needs to know what the rules are for valid transactions, and it has to be able to provide the basic interface cues that allow you to make important decisions like how much fee you're going to attach to a transaction based on how important it is to prioritize the inclusion of that transaction. Bitcoin has this scarce resource, which is the scaling issue we just discussed, the block size... We can't just get everybody's transactions in the next block immediately, so then the question is "Which transactions matter?" There's two ways to answer that. One is to have a set of rules that say "These one are spam and these ones are not." That gives a lot of power to developers who write those rules. And the other one is a market-based approach that says "Listen, every user gets to decide if their transaction is important, and if it is, they have to compete with everybody else and apply a fee that makes their transaction more attractive to miners", and that's the mechanism that's used in Bitcoin.

A. Antonopoulos: That means every transaction is only as important as the person willing to spend money to make it happen thinks it's important, and that's a non-normative, completely subjective decision, that pushes that decision and the power of that decision to the edge. But in order to do that for a user, they have to be able to understand what they're looking at and how to adjust that. So the wallet is the user interface... In many ways, it resembles a web browser, because it is speaking a protocol through the peer-to-peer network, to back-end systems that are feeding it with information; it is presenting a user interface that helps abstract the information it's getting from the back-end protocol. It is all about usability and user experience, even more so because it is also the nexus of a very important security consideration - the fact that it's storing money - so it has to be easy to use, but also easy to use securely, just like a browser... And it is the primary interface from which the user experiences this network, just like browser, and it's gradually developing all kinds of additional applications.

A. Antonopoulos: You can either make a wallet that is fairly lightweight, that does some very basic things, but you can also use the wallet as kind of a portal to access all of these secondary applications that are developing on top of the various blockchains, whether those are Bitcoin, Ethereum and others. Again, very much like a browser; you can just have a very barebones, HTML-rendering-plus-HTTP-speaking browser, or you can have something that can run all kinds of little apps, like you do with some modern browsers.

Stefan Tilkov: While we're talking about fees, I was wondering, is there any way for me to make sure that my transaction actually gets executed if it is transferring such a low amount that it's always gonna be uninteresting to all of the miners?

A. Antonopoulos: At the moment, no. The problem is because of the rapid appreciation of the value of Bitcoin, and the fees being denominated in Bitcoin means that the fees also rapidly depreciated, especially over the last several weeks, it is financially non-sensible to do any transaction under, say, $100... So Bitcoin is currently failing at micro-payments, because the scalability restrictions and because the second-layer solutions are not ready yet have made it very difficult to use for small transactions.

Stefan Tilkov: I'm a bit out of order here, but I'll probably rearrange this later... Let me address the second issue that's always mentioned when people talk about Bitcoin; the first one is scalability, that we talked about, and the second one is the energy consumption issue. What's your answer to this? Because I see this as a concern even among people who are actually very positive about the whole blockchain/Bitcoin/cryptocurrency thing; they still see this as one of the major issues.

A. Antonopoulos: Well, part of the problem here is that a lot of the writing about Bitcoin's "energy problem" is just a morass of misunderstandings, unscientific extrapolations, and really poor journalism. And all of that just gets conflated into this massive thing where you have all kinds of bias being exhibited -- cognitive bias, not worldview bias. Let's break it down... First of all, the idea that this is a use of energy that is useless, or that this is a waste of energy - that's a very normative analysis, because what is a waste of energy is something that is not useful to anyone; clearly, this is useful to some people... So you're making a judgment about what is useful, or those who are talking about this make a judgment about what is useful and what is not useful in society. Those judgments generally are probably best made by the people who are using it, and not some third-party. We don't end up with a good society when we start deciding for other people what is useful and what is not.

A. Antonopoulos: So to the people using Bitcoin and to the people for whom Bitcoin is an important thing that cannot be done any other way - or at least they don't believe it can be done in any other way - to people for whom censorship resistance, neutrality, global access of a completely decentralized system of payments and currency that has no geopolitical attachments is a very useful application. Some would say it's one of the most useful applications of the 21st century, in which case is this a waste of energy or is this a very good investment of energy? You can't do the security of Bitcoin without the energy, and there's a lot of people who will tell you you can; effectively, what they're saying is that you can get something valuable for nothing. To me, that can be boiled down to the equivalent of a perpetual energy machine. There's a reason why the security of Bitcoin costs that much in terms of energy, and that's because if you do it for less, then it's less secure. And if it's less secure, then it will be attacked and then you don't have the valuable network at the end of it. So the energy in Bitcoin is not wasted, it's used; it's used to make the network secure, it's the only way we know to make the network secure without assigning a central authority that takes on security themselves. And we don't want to do that because we already have that. It's called PayPal, and it has its own problems.

A. Antonopoulos: So this is the way to do it in a decentralized manner. No one has yet demonstrated at scale an alternative. People talk about proof of stake and the alternative consensus algorithms... There's a lot of complexity in the idea of trying to use an intrinsic currency as stake for the security of that same currency. The game theory gets very complicated. Proof of work is pretty straightforward - you spend money on energy in the "real world" in order to secure the virtual assets, and if you mess it up, not only do you lose the value of the virtual assets, but you also have this energy that you spent that you have to pay for in the real world, that isn't going to go away; you've already spent that. That creates a level of grounding.

A. Antonopoulos: I am very skeptical of those who say that you can do without that. It's also the primary basis on which Bitcoin achieves immutability. Immutability is the idea that it is as computationally expensive to rewrite the ledger for three days as the amount of energy you spend to write the ledger the first time for three days. So one of the security guarantees that Bitcoin has is that in order to rewrite the ledger, you have to expand the energy again, at the same level, only this time presumably you're going to receive the reward once, because if you rewrite it, then the original reward you got is gone, you don't get it twice. So you expand the energy twice to rewrite the past, but you only get the reward once, which makes it very expensive to rewrite even small stretches of the network. That is the basis of immutability. We do not know of a better basis for immutability that doesn't use energy, and again, I would challenge people to show me how you can get something of value for nothing.

A. Antonopoulos: So the energy is invested. It's invested in buying new security, decentralization and immutability. Now let's talk about what we're not talking about here, which is the Nirvana fallacy - comparing this to something perfect. If this world was a world in which all energy was produced from renewable sources, it was used to do societally useful things and none of it was wasted, then perhaps we might raise up Bitcoin and say "Really, is the value of this particular thing commensurate to the energy we're using?" But none of the journalists who wrote about that or the scientists who did the analysis, did even a cursory examination of what energy is used for in the world today.

A. Antonopoulos: Let me give you just three examples. Bitcoin's energy use is one hundredth of the energy used in mining gold... Gold which, by the way, is an integral part of the monetary system that Bitcoin is directly trying to replace. And the energy used in mining gold is not the only cost of mining gold. In fact, the environmental cost of that, from sulfuric acid going into rivers, to denuding hills, to destroying mountains, to filling rubble to the spills, to all of the other things that happen with mining gold... It's much, much bigger than just the energy.

Stefan Tilkov: And in all fairness, isn't gold also used for other purposes than just backing money? Is it even used anymore for being the basis of money? Isn't it also used in industrial cases, for producing certain things, maybe even parts of the machinery that powers the Bitcoin hashing power?

A. Antonopoulos: Only a tiny fraction of that, and that fraction alone would not justify anywhere near the amount of energy that's being expanded for it. In fact, the vast majority of gold is held in reserve as assets by millions and perhaps even billions of people around the world. It's used for jewelry, it's used as a store of value, and that is a very expensive way of doing a store of value, and yet, that's a hundred times more used. That's one. The other one is to think about things like Christmas lights. The entire use of Bitcoin in a year pales in comparison to the one week of electricity used just in the United States, just to light up Christmas lights for a specific period of time in the year. The impact of that on the environment, on species because of light pollution, the enormous use of energy (not from renewable sources) and the sheer pointlessness of that all - and I'm going to get a lot of hatemail for that, because I clearly did not understand the reason for the season... But that is disgusting, and we don't talk about that.

A. Antonopoulos: And then finally, alongside that, the Christmas lights, we need to think about something more practical. Every charging device that has a step-down transformer that converts 110 volts or 220 volts household power to 5, 9 or 12 volts, does so by essentially converting 80% of that to heat, and it sits plugged into your wall. The actual estimated power that consumes is two orders of magnitude greater than Bitcoin for devices that are even already charged, standby, on idle, and this is a worldwide phenomenon that is an enormous drain of energy. And to add a little cherry on top, the world's largest polluters, the world's largest energy spenders - militaries. And the only purpose they have for spending all that energy and polluting the environment is to kill people.

A. Antonopoulos: Let's add all of that into the discussion. We haven't even touched how much money is spent on energy to support the current banking system, which is likely to be obsoleted by Bitcoin. Spare me the righteous indignation of the environmental impact and waste of energy on this cryptocurrency. It is completely hypocritical, it is unscientific. And the best part is that all of this analysis goes "If it takes X kilowatts to do one transaction, if we took it to world scale, how much energy would that cost?", even though the energy is completely unrelated to the number of transactions. Well, here's the equivalent scientific experiment for you - next time you meet a pregnant lady, you say to her "If your belly is this big at three months, then in five years it will be as big as this entire room." She'll probably slap you, but that's the exact scientific value of extrapolating something on a variable that is not dependent.

Stefan Tilkov: Okay, I think we'll leave it at that; that's actually perfectly fine with me.

A. Antonopoulos: Can you tell that I'm a bit annoyed by all of that?

Stefan Tilkov: I'm sort of enjoying it, to be honest...

A. Antonopoulos: Yes... I mean, really, at some point you just have to say "Okay, cut it out." This is just not scientific, it's not honest, and it's just sensationalist drivel, and I'm tired of hearing people uncritically reporting it.

Stefan Tilkov: One thing that puzzled me when I was trying to get to the bottom of the discussion was that a lot of it seems to be rooted in one particular journalist/blogger...

A. Antonopoulos: The “Digiconomist”.

Stefan Tilkov: Exactly. And basically every article that I read sort of pointed to that particular source, which essentially took the value that a Bitcoin currently has and based everything on that, arguing that if a Bitcoin is worth this much, then it's worth this much in energy to spend upon it, which is kind of -- well, I can sort of understand it, but it doesn't seem related to the actual energy consumption, which probably nobody really knows. Maybe one additional question is how are you so sure about the actual amount being spent if you make a statement like "It's one one hundredth of the cost of mining gold"? Where do you derive this number from that you base this assumption/statement on?

A. Antonopoulos: At a very basic level we can estimate the lower band of energy consumption, and say that it might be worse, but it's unlikely to be twice as bad as the lower band... And the way you calculate the lower band is pretty simple; the energy requirement to do a hash is a fundamental thermodynamic law, right? You're flipping bits, bits take a certain amount of energy to flip; we know what the lower band of that is, we also know what the thermal and computational efficiency of 16 nanometer ASIC chips that are doing this, we know what their energy efficiency is. If you assume that the entire network is operating on those - which isn't correct, but as I said, lower band - then you get a certain number... We know exactly how many hashes per second are being calculated, because that's recorded in the blockchain, and so we can estimate exactly how many joules of energy it takes to do that based on the current generation of chips.

A. Antonopoulos: If you assumed that about 50% of the miners have one generation of chips behind, although mining does drive miners to optimization because if you're inefficient you lose very fast... So it's unlikely that 50% are still on the previous generation - they can't afford to be on the previous generation, but let's just take that - then at most it's about one and a half times that lower band of energy. So we can actually estimate how much energy is being used in Bitcoin; that's one of the characteristics that makes it such an easy target.

A. Antonopoulos: When I use my Visa card at a grocery store, you don't see the 600,000 Visa employees who commute to work in gasoline-burning cars, the 26-story buildings that are lit 24 hours a day with energy, the data centers that are doing fraud prevention analytics and selling my data to intelligence agencies and advertisers - all of that costs a lot of money, a lot of energy, and arguably could be considered just as wasteful... But it's a hidden cost, it's very difficult to count that externalized cost. In Bitcoin it's right there, you can open one website, look at the math and figure it out pretty quickly, and then you can attach it to a non-dependent variable, do a stupid extrapolation and write a sensationalist article.

Stefan Tilkov: Okay, fine with me. Let's finally move on.